Public bug reported:
As per #1578193, the NetworkManager package has been broken until
recently fixed in version 1.4.0
Installed the PPA packages from Ryan Harper. This seems to restore NM
support. Hooray!
However, the code enforces a PSK length of 20 or greater when using PSK
+ XAuth. It's not even clear if the code supports IKEv1 via the GUI.
The only other package in the central repo with support for IKEv1 now
that OpenSwan (or LibreSwan?) has been replaced is ShrewSoft VPN client
(ike and ike-qtgui) - which does not integrate with NetworkManager
(instead, it overwrites /etc/resolv.conf and actively interferes with
it).
As I understand it, the StrongSwan team have a policy of "encouraging"
proper, secure VPN configuration, and that weak PSKs are not something
they consider /de rigeur/. Both the GUI and backend plugin for
NetworkManager enforce a minimum PSK length of 20 characters.
Now, I'm all for encouraging secure config. But I'm also all for things
being useful. My network administrators have set a PSK with a length
lower than this arbitrarily chosen limit. Requests to have the length of
it raised will no doubt meet with opposition, principally because it
will have to be redistributed to every user. Yes, using PSK with a lot
of users is also dumb, I agree.
BUT :
* Since the retirement of OpenSwan / LibreSwan from Ubuntu there's no
NetworkManager support for IKEv1 / PSK / XAuth
* Now it's fixed(? - not sure if it supports IKEv1 - I know charon does, but
dunno about the NM plugin).. I still can't use it to connect to my work VPN
* I don't perceive it as the place of a VPN client to dictate what the proper
configuration of a VPN server should be (via the means of getting users to
pester their network admin)
I therefore consider this arbitrary limit a bug.
Relevant revisions imposing this limit in Git are
2b63883dba7ff015ee6a013cf5583ac464509e2c
9e74a0952e27e3ac0055b0831919aaddfef1e1b5
I therefore submit for consideration the notion that these limits should
be patched out.
** Affects: network-manager-strongswan (Ubuntu)
Importance: Undecided
Status: New
** Tags: ikev1 psk
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1625828
Title:
Enforced PSK length >= 20
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-strongswan/+bug/1625828/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
