Comment 19 for bug 1457078

Revision history for this message
Adrian Wilkins (adrian-wilkins) wrote :

This has frustrated me for a month or so... I can get onto my work VPN via the ShrewSoft client (ike and ike-qtgui) but it's not integrated with NetworkManager (and overwrites /etc/resolv.conf, interfering with it).

You have to resort to manual configuration of the dnsmasq instance created by NetworkManager in order to get it to play nice with managed connections - turn off the DNS settings in the ShrewSoft client and add them manually to dnsmasq to stop it overwriting /etc/resolv.conf

The manual config above may also work, but likewise, won't play nice with other NetworkManager connections.

The NM plugin for StrongSwan has been updated to support PSK but I don't know if this means it supports IKEv1... it imposes a 20 character minimum, and of course, my network admin has configured a PSK shorter than this, so I can't test it.

I agree with the sentiments expressed above that removing support for an exceedingly common (if not best-practice) VPN configuration does not create the best impression of Ubuntu. RedHat has retained support via the NetworkManager-libreswan plugin as described in the page below.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html

Sadly, Debian still has libreswan in the "experimental" section.