Notes: IPsec VPN on Centos with NetworkManager
Thu 30 May 2019 #technical #networking #centos #notesDISCLAIMER: this is not meant to be coherent post. Sorry. Just notes for future reference.
Given that not everybody uses OpenVPN, from time to time there is a need for other configuration for making the connection. First of all, NetworkManager implements and supports quite a lot of configurations:
- NetworkManager-fortisslvpn (releases) Fortinet SSLVPN compatible
- NetworkManager-libreswan (releases) IPsec IKEv1 VPN, Cisco compatible
- NetworkManager-pptp (releases) PPTP, Microsoft compatible
- NetworkManager-openconnect (releases) Cisco AnyConnect, Juniper
- NetworkManager-openvpn (releases) OpenVPN
- NetworkManager-vpnc (releases) IPsec VPN, Cisco compatible
taken from the NetworkManager VPN page. For IPsec alone there are 2 officially supported implementations (and there are 3rd party plugins that can be used as well).
When using IPsec with the following configuration parameters:
Gateway
Username
User password
Pre-shared key (Group secret)
Local Id (Group Name)
There is a high chance that using installed by default libreswan will be sufficient. But there is also the chance that you need to change the IKE DH Group or adjust Perfect Forward Secrecy to use the same DH Group. In that case:
sudo yum install -y NetworkManager-vpnc-gnome
After that the process is "clickable" from the NetworkManager GUI application.
- Add VPN > "Cisco Compatible VPN (vpnc)"
Then fill-in the blanks with the correct connection parameters.