So, I’m a regular user of public WLAN hotspots, those of Deutsche Telekom among others. Being the paranoid digital self-defense person I am, I’ve been using a VPN service for quite some time now. I recently noticed that my PPTP client setup stopped working at hotspot locations run by Deutsche Telekom that I regularly use, when it still worked from home or some other hotspots I use. I embarked on a journey to teach my Ubuntu laptop some more VPN protocols. OpenVPN worked like a charm with just installing the obvious packages for network-manager. StrongSwan, however, didn’t cooperate quite as easily, due to Ubuntu 16.04 having packages in its repository which are known to not work with the version of network-manager also in that version.
OK, use the source, Luke …
But rather than compile from source tarball and clutter my system with stuff, I found the repositories for zesty have the versions I need. So, I decided to backport that:
- Edit /etc/apt/sources.list
- uncomment all deb-src lines and insert one line: deb-src http://de.archive.ubuntu.com/ubuntu/ zesty main restricted universe multiverse
- apt-get update
- apt-get install build-essential
- mkdir strongswan
- cd strongswan
- apt-get build-dep strongswan
- apt-get source strongswan
- export DEB_BUILD_OPTIONS=nocheck
- dpkg-buildpackage -us -uc
- dpkg -i strongswan-nm_5.5.1-1ubuntu3_amd64.deb libstrongswan_5.5.1-1ubuntu3_amd64.deb strongswan-libcharon_5.5.1-1ubuntu3_amd64.deb
- cd ..
- mkdir nm-strongswan
- apt-get build-dep network-manager-strongswan
- apt-get source network-manager-strongswan
- dpkg-buildpackage -us -uc
- dpkg -i network-manager-strongswan_1.4.1-1_amd64.deb
Then configure as per wiki page.
Now, I only need to find out how to trust the VPN provider’s certificate when their IKEv2 configuration howtos all seem to rely on turning certificate verification off.
On the Crest of the Wave 