Monthly Archives: August 2017

StrongSwan Client with Ubuntu 16.04 LTS

So, I’m a regular user of public WLAN hotspots, those of Deutsche Telekom among others. Being the paranoid digital self-defense person I am, I’ve been using a VPN service for quite some time now. I recently noticed that my PPTP client setup stopped working at hotspot locations run by Deutsche Telekom that I regularly use, when it still worked from home or some other hotspots I use. I embarked on a journey to teach my Ubuntu laptop some more VPN protocols. OpenVPN worked like a charm with just installing the obvious packages for network-manager. StrongSwan, however, didn’t cooperate quite as easily, due to Ubuntu 16.04 having packages in its repository which are known to not work with the version of network-manager also in that version.

OK, use the source, Luke …

But rather than compile from source tarball and clutter my system with stuff, I found the repositories for zesty have the versions I need. So, I decided to backport that:

  1. Edit /etc/apt/sources.list
    1. uncomment all deb-src lines and insert one line: deb-src http://de.archive.ubuntu.com/ubuntu/ zesty main restricted universe multiverse
  2. apt-get update
  3. apt-get install build-essential
  4. mkdir strongswan
  5. cd strongswan
  6. apt-get build-dep strongswan
  7. apt-get source strongswan
  8. export DEB_BUILD_OPTIONS=nocheck
  9. dpkg-buildpackage -us -uc
  10. dpkg -i strongswan-nm_5.5.1-1ubuntu3_amd64.deb libstrongswan_5.5.1-1ubuntu3_amd64.deb strongswan-libcharon_5.5.1-1ubuntu3_amd64.deb
  11. cd ..
  12. mkdir nm-strongswan
  13. apt-get build-dep network-manager-strongswan
  14. apt-get source network-manager-strongswan
  15. dpkg-buildpackage -us -uc
  16. dpkg -i network-manager-strongswan_1.4.1-1_amd64.deb

Then configure as per wiki page.

Now, I only need to find out how to trust the VPN provider’s certificate when their IKEv2 configuration howtos all seem to rely on turning certificate verification off.

Advertisements
Tagged , , , ,