IPSEC Client-To-Server = ?

English Network/Internet
1

Client IPSEC:
Leap42.3 , XFCE.
From the Yast install NetworkManager-openswan
After this:
Edit Connections | Add | Choose a connection Type | IPSEC based VPN | Create and configure.
in the field of “Gateway” I wrote such IP address: 1.1.1.1 ( example )
In the console i wrote:
tcpdump -nnl -i eth0 src or dst 1.1.1.1
And after this “Vpn Connections” and Launch new IPSEC VPN connection…

Problem: connection isn’t established and tcpdump hasn’t registered any pakets by 1.1.1.1 !!!

May be need add some other rpms ??

This is about ipsec rpms at this time:


> rpm -qa | grep -i openswan
NetworkManager-openswan-1.0.6-4.2.x86_64
NetworkManager-openswan-lang-1.0.6-4.2.noarch
NetworkManager-openswan-gnome-1.0.6-4.2.x86_64

> sudo journalctl -u NetworkManager -f

Jul 28 12:48:23 linux-d6rw.suse NetworkManager[1054]: <info>  Starting VPN service 'openswan'...
Jul 28 12:48:23 linux-d6rw.suse NetworkManager[1054]: <info>  VPN service 'openswan' started (org.freedesktop.NetworkManager.openswan), PID 3646
Jul 28 12:48:23 linux-d6rw.suse NetworkManager[1054]: <info>  VPN service 'openswan' appeared; activating connections
Jul 28 12:48:23 linux-d6rw.suse NetworkManager[1054]: <info>  VPN connection 'IPSEC' (ConnectInteractive) reply received.
Jul 28 12:48:23 linux-d6rw.suse NetworkManager[1054]: <warn>  VPN connection 'IPSEC' failed to connect interactively: 'Could not find ipsec binary'.
Jul 28 12:48:23 linux-d6rw.suse NetworkManager[1054]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.

Serg

2

Did you open VPN ports in your firewall (on Server)?

TSU

3

Yes.
IPSEC Client is my openSUSELeap42.3 ( openswan) with XFCE
IPSEC Server - Cisco

In my Leap42.3 ( vpn client) at this time:


# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  

# iptables -t mangle -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination     

# journalctl -u NetworkManager -f
Jul 29 10:25:28 linux-d6rw.suse NetworkManager[1047]: <info>  Starting VPN service 'openswan'...
Jul 29 10:25:28 linux-d6rw.suse NetworkManager[1047]: <info>  VPN service 'openswan' started (org.freedesktop.NetworkManager.openswan), PID 3434
Jul 29 10:25:28 linux-d6rw.suse NetworkManager[1047]: <info>  VPN service 'openswan' appeared; activating connections
Jul 29 10:25:28 linux-d6rw.suse NetworkManager[1047]: <info>  VPN plugin state changed: init (1)
Jul 29 10:25:28 linux-d6rw.suse NetworkManager[1047]: <info>  VPN connection 'IPSEC' (ConnectInteractive) reply received.
Jul 29 10:25:28 linux-d6rw.suse NetworkManager[1047]: <warn>  **VPN connection 'IPSEC' failed to connect interactively: 'Could not find ipsec binary'**.
Jul 29 10:25:28 linux-d6rw.suse NetworkManager[1047]: <warn>  error disconnecting VPN: Could not process the request because no VPN connection was active.

Serg

4

First,
If you qualify for a Cisco VPN Anywhere client, you might consider that

For the path you’re on now, have you installed openswan components?
Pls post the results of the following

zypper se -i openswan

TSU

5 
# zypper se -i openswan
Loading repository data...
Reading installed packages...

S  | Name                          | Summary                                       | Type   
---+-------------------------------+-----------------------------------------------+--------
i+ | NetworkManager-openswan       | NetworkManager VPN support for OpenConnect    | package
i+ | NetworkManager-openswan-gnome | NetworkManager VPN support for OpenConnect    | package
i+ | NetworkManager-openswan-lang  | Languages for package NetworkManager-openswan | package
/CODE]
6

I`m have not registration cisco ID for Download Cisco vpn client

Serg

7

IMO before doing anything more, you need to ask Cisco whether an openswan client can be used as a VPN endpoint.

Doing a Google search “openswan cisco vpn” I only get old hits (most recent is a site to site configuration dated Jan 2015). Because about then Cisco changed its VPN client architecture, nothing up to that time is likely relevant today.

Also, Googling “cisco vpn network manager” returns only one hit, and the ArchWiki (generally a very good source of info about just about anything) says that Cisco openconnect is required.

https://wiki.archlinux.org/index.php/OpenConnect

So, it looks like unless you can obtain a license you’re SOL.

TSU