command line linux networkmanager ikev2 vpn configuration

[neothematrix]

hello!
I had the need to configure the vpn client on a linux server with no gui, so I couldn't use the Network Manager gui to setup the VPN.
I figured out that it's possible to setup the VPN using just the command line, with the following instruction using a redhat/centos based distro:

first of all, follow the instruction to setup a ikev2 vpn client on linux, then, instead of following the GUI instruction, issue the following command:

sudo nmcli c add type vpn ifname -- vpn-type strongswan connection.id <insert connection name> connection.autoconnect no vpn.data 'address = <insert vpn server address>, certificate = <full path to the extracted ikev2vpnca.cer>, encap = no, esp = aes128gcm16, ipcomp = no, method = key, proposal = yes, usercert = <full path to the extracted vpnclient.cer>, userkey = <full path to the extracted vpnclient.key>, virtual = yes'

you can then start the vpn connection with:

sudo nmcli c up <connection name>

maybe these instructions could be added to the howto, but they might need some testing with other linux clients.

I hope you find this useful!

[hwdsl2]

@neothematrix Thanks for sharing your findings with us!

[dd-ping]

hello! I had the need to configure the vpn client on a linux server with no gui, so I couldn't use the Network Manager gui to setup the VPN. I figured out that it's possible to setup the VPN using just the command line, with the following instruction using a redhat/centos based distro:

first of all, follow the instruction to setup a ikev2 vpn client on linux, then, instead of following the GUI instruction, issue the following command:

sudo nmcli c add type vpn ifname -- vpn-type strongswan connection.id <insert connection name> connection.autoconnect no vpn.data 'address = <insert vpn server address>, certificate = <full path to the extracted ikev2vpnca.cer>, encap = no, esp = aes128gcm16, ipcomp = no, method = key, proposal = yes, usercert = <full path to the extracted vpnclient.cer>, userkey = <full path to the extracted vpnclient.key>, virtual = yes'

you can then start the vpn connection with:

sudo nmcli c up <connection name>

maybe these instructions could be added to the howto, but they might need some testing with other linux clients.

I hope you find this useful!

hello! My system is arrch64_ubuntu16.04 , and there was an error when I used nmcli c up , could you help me analyze it

root@HelperA133:/Certificate# nmcli c add type vpn ifname kktest vpn-type strongswan \
> connection.autoconnect no vpn.data 'address =xxxxxx, \
> certificate = /Certificate/TESTTBOX_ca.cer, \
> encap = no, esp = aes128gcm16, ipcomp = no, \
>  method = key, proposal = yes, \
> usercert = /Certificate/TESTTBOX_cl.cer, \
> userkey =/Certificate/TESTTBOX.key, virtual = yes'
Connection 'vpn-kktest' (9b2d28b0-e612-4c45-9e9f-2ca82faa1902) successfully added.
root@HelperA133:/Certificate# 
root@HelperA133:/Certificate# 
root@HelperA133:/Certificate# nmcli c up id vpn-kktest
Error: Connection activation failed: Could not find source connection.

[tinoest]

hello! I had the need to configure the vpn client on a linux server with no gui, so I couldn't use the Network Manager gui to setup the VPN. I figured out that it's possible to setup the VPN using just the command line, with the following instruction using a redhat/centos based distro:
first of all, follow the instruction to setup a ikev2 vpn client on linux, then, instead of following the GUI instruction, issue the following command:
sudo nmcli c add type vpn ifname -- vpn-type strongswan connection.id <insert connection name> connection.autoconnect no vpn.data 'address = <insert vpn server address>, certificate = <full path to the extracted ikev2vpnca.cer>, encap = no, esp = aes128gcm16, ipcomp = no, method = key, proposal = yes, usercert = <full path to the extracted vpnclient.cer>, userkey = <full path to the extracted vpnclient.key>, virtual = yes'
you can then start the vpn connection with:
sudo nmcli c up <connection name>
maybe these instructions could be added to the howto, but they might need some testing with other linux clients.
I hope you find this useful!

hello! My system is arrch64_ubuntu16.04 , and there was an error when I used nmcli c up , could you help me analyze it

root@HelperA133:/Certificate# nmcli c add type vpn ifname kktest vpn-type strongswan \
> connection.autoconnect no vpn.data 'address =xxxxxx, \
> certificate = /Certificate/TESTTBOX_ca.cer, \
> encap = no, esp = aes128gcm16, ipcomp = no, \
>  method = key, proposal = yes, \
> usercert = /Certificate/TESTTBOX_cl.cer, \
> userkey =/Certificate/TESTTBOX.key, virtual = yes'
Connection 'vpn-kktest' (9b2d28b0-e612-4c45-9e9f-2ca82faa1902) successfully added.
root@HelperA133:/Certificate# 
root@HelperA133:/Certificate# 
root@HelperA133:/Certificate# nmcli c up id vpn-kktest
Error: Connection activation failed: Could not find source connection.

I think you are missing the connection.id parameter just after vpn-type strongswan

Also check that nmcli is managing your default connection, otherwise it won't know what connection to tie the VPN session to.