IKEv2 CLI interace on Linux

[Alphalynxjet]

The readme file for IKEv2 should be updated with the possibility to connect using CLI on a UBUNTU VPS. Here are the steps.

Step #1 Install Network manager and strongswan plugin

sudo apt update
sudo apt-get install network-manager network-manager-strongswan

Step #2 Edit the globally managed devices file and change unmanaged devices to none

nano /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf

Edit the file so it is like this

[keyfile]
unmanaged-devices=none

Step #3 Restart the network manager service

sudo systemctl restart NetworkManager

Step #4 Check if the devices are managed

nmcli d

Step #6 Import the .p12 certificate

openssl pkcs12 -in CERTNAMEHERE.p12 -cacerts -nokeys -out ca.cer
openssl pkcs12 -in CERTNAMEHERE.p12 -clcerts -nokeys -out client.cer
openssl pkcs12 -in CERTNAMEHERE.p12 -nocerts -nodes  -out client.key
rm CERTNAMEHERE.p12

sudo chown root:root ca.cer client.cer client.key
sudo chmod 600 ca.cer client.cer client.key

Step #7 Create a VPN connection in NetworkManager and enable it.

sudo nmcli c add type vpn ifname -- vpn-type strongswan connection.id VPN connection.autoconnect no vpn.data 'address = **YOURSERVERADDRESSHERE**, certificate = /root/ca.cer, encap = no, esp = aes128gcm16, ipcomp = no, method = key, proposal = yes, usercert = /root/client.cer, userkey = /root/client.key, virtual = yes'

nmcli c up 'Wired connection 1'
nmcli c up VPN
nmcli c

Step #8 check your public IP if everything works

curl -4 ifconfig.co

[hwdsl2]

@Alphalynxjet Hello! Thanks for sharing your findings with us. IKEv2 command line instructions were mentioned a few times in recent Issues by different users. I plan to test and compile them into the documentation when I have time.

[laphere]

need help！I have a problem to create a connection：
Apr 08 11:22:05 iz2ze0txryr0013ecpwzf7z NetworkManager[19727]: [1712546525.7184] agent-manager: req[0x561f4df82f20, :1.10486/nmcli-connect/0]: agent registered
Apr 08 11:22:05 iz2ze0txryr0013ecpwzf7z NetworkManager[19727]: [1712546525.7193] audit: op="connection-activate" uuid="366835e3-0a15-4317-835b-68a5a01d18d0" name="VPN" pid=19854 uid=0 result="success"
Apr 08 11:22:05 iz2ze0txryr0013ecpwzf7z NetworkManager[19727]: [1712546525.7347] vpn-connection[0x561f4dff2350,366835e3-0a15-4317-835b-68a5a01d18d0,"VPN",0]: Started the VPN service, PID 19860
Apr 08 11:22:05 iz2ze0txryr0013ecpwzf7z charon-nm[19860]: 00[DMN] Starting charon NetworkManager backend (strongSwan 5.7.2)
Apr 08 11:22:05 iz2ze0txryr0013ecpwzf7z charon-nm[19860]: 00[LIB] openssl FIPS mode(2) - enabled
Apr 08 11:22:05 iz2ze0txryr0013ecpwzf7z charon-nm[19860]: Failed to initialize a plugin instance: Connection ":1.10487" is not allowed to own the service "org.freedesktop.NetworkManager.strongswan" due to security policies in the configuration file
Apr 08 11:22:05 iz2ze0txryr0013ecpwzf7z charon-nm[19860]: 00[CFG] DBUS binding failed
Apr 08 11:22:05 iz2ze0txryr0013ecpwzf7z charon-nm[19860]: 00[LIB] feature CUSTOM:NetworkManager backend in critical plugin 'nm-backend' failed to load
Apr 08 11:22:05 iz2ze0txryr0013ecpwzf7z charon-nm[19860]: 00[LIB] failed to load 1 critical plugin feature
Apr 08 11:22:05 iz2ze0txryr0013ecpwzf7z charon-nm[19860]: 00[DMN] initialization failed - aborting charon-nm