Re: Link-Local Only option not available on NetworkManager

Paul Smith <phhs80@xxxxxxxxx> · Thu, 8 Nov 2018 20:32:09 +0000

On Thu, Nov 8, 2018 at 8:04 PM Rick Stevens <ricks@xxxxxxxxxxxxxx> wrote:
> >
> > I am trying to configure a VPN-L2TP network via NetworkManager. To
> > accomplish that, I need to have the option
> >
> > "Link-Local Only"
> >
> > on the IPv6 settings, but unfortunately such an option is not
> > available. Any ideas?
>
> You could (as root):
>
>         1. Run "nmcli connections show" and find the UUID of the VPN
>         connection you want to bugger.
>
>         2. Run "nmcli connection edit <UUID>" to edit the connection.
>
>         3. Enter "set ipv6.method link-local" at the "nmcli>" prompt to
>         change it to link-local.
>
>         4. Type "save" at the "nmcli>" prompt to save the updated
>         connection.
>
>         5. Type "quit" at the "nmcli>" prompt to exit the editor.
>
> That oughta do it. And no, the GUI doesn't offer this setting that I can
> find. Both IPV4 and IPV6 default to "method: auto".

Thanks, Rick, for your precious help. It worked! However, when I try
to establish the VPN, I get the problems below. I guess that is
related to Selinux. What do you think?

Paul

-----------------

Nov 08 20:26:38 xhost NetworkManager[8715]: <info>  [1541708798.0692]
audit: op="connection-activate"
uuid="8235f185-3bc9-434e-b6de-4e2bbd42d18d" name="VPN connection 1"
pid=12579 uid=1000 >
Nov 08 20:26:38 xhost NetworkManager[8715]: <info>  [1541708798.0772]
vpn-connection[0x556296d9a570,8235f185-3bc9-434e-b6de-4e2bbd42d18d,"VPN
connection 1",0]: Started the VPN service, PID >
Nov 08 20:26:38 xhost NetworkManager[8715]: <info>  [1541708798.0890]
vpn-connection[0x556296d9a570,8235f185-3bc9-434e-b6de-4e2bbd42d18d,"VPN
connection 1",0]: Saw the service appear; activ>
Nov 08 20:26:38 xhost NetworkManager[8715]: <info>  [1541708798.2128]
vpn-connection[0x556296d9a570,8235f185-3bc9-434e-b6de-4e2bbd42d18d,"VPN
connection 1",0]: VPN connection: (ConnectInter>
Nov 08 20:26:38 xhost nm-l2tp-service[12623]: Check port 1701
Nov 08 20:26:38 xhost NetworkManager[8715]: Stopping strongSwan IPsec
failed: starter is not running
Nov 08 20:26:40 xhost NetworkManager[8715]: Starting strongSwan 5.7.1
IPsec [starter]...
Nov 08 20:26:40 xhost NetworkManager[8715]: charon is already running
(/var/run/charon.pid exists) -- skipping daemon start
Nov 08 20:26:40 xhost NetworkManager[8715]: Loading config setup
Nov 08 20:26:40 xhost NetworkManager[8715]: Loading conn
'8235f185-3bc9-434e-b6de-4e2bbd42d18d'
Nov 08 20:26:40 xhost ipsec_starter[12644]: Starting strongSwan 5.7.1
IPsec [starter]...
Nov 08 20:26:40 xhost ipsec_starter[12644]: charon is already running
(/var/run/charon.pid exists) -- skipping daemon start
Nov 08 20:26:40 xhost ipsec_starter[12644]: Loading config setup
Nov 08 20:26:40 xhost ipsec_starter[12644]: Loading conn
'8235f185-3bc9-434e-b6de-4e2bbd42d18d'
Nov 08 20:26:40 xhost NetworkManager[8715]: found netkey IPsec stack
Nov 08 20:26:40 xhost ipsec_starter[12644]: found netkey IPsec stack
Nov 08 20:26:40 xhost charon[4192]: 13[CFG] rereading secrets
Nov 08 20:26:40 xhost charon[4192]: 13[CFG] loading secrets from
'/etc/strongswan/ipsec.secrets'
Nov 08 20:26:40 xhost charon[4192]: 13[CFG] loading secrets from
'/etc/strongswan/ipsec.d/nm-l2tp-ipsec-8235f185-3bc9-434e-b6de-4e2bbd42d18d.secrets'
Nov 08 20:26:40 xhost charon[4192]: 13[CFG]   loaded IKE secret for %any
Nov 08 20:26:40 xhost charon[4192]: 13[CFG] loading secrets from
'/etc/strongswan/ipsec.d/nm-l2tp-ipsec-c79095eb-1ad5-43ea-859a-8d9a71c2ddd3.secrets'
Nov 08 20:26:40 xhost charon[4192]: 13[CFG]   loaded IKE secret for %any
Nov 08 20:26:40 xhost charon[4192]: 01[CFG] received stroke: initiate
'8235f185-3bc9-434e-b6de-4e2bbd42d18d'
Nov 08 20:26:40 xhost charon[4192]: 01[CFG] no config named
'8235f185-3bc9-434e-b6de-4e2bbd42d18d'
Nov 08 20:26:40 xhost NetworkManager[8715]: no config named
'8235f185-3bc9-434e-b6de-4e2bbd42d18d'
Nov 08 20:26:40 xhost audit[12672]: AVC avc:  denied  { write } for
pid=12672 comm="stroke" path="pipe:[168313]" dev="pipefs" ino=168313
scontext=system_u:system_r:ipsec_t:s0 tcontext=syst>
Nov 08 20:26:40 xhost NetworkManager[8715]: Stopping strongSwan IPsec...
Nov 08 20:26:40 xhost audit[12674]: AVC avc:  denied  { signal } for
pid=12674 comm="strongswan" scontext=system_u:system_r:ipsec_mgmt_t:s0
tcontext=system_u:system_r:ipsec_t:s0 tclass=pro>
Nov 08 20:26:48 xhost charon[4192]: 10[IKE] sending keep alive to
122.111.25.141[4500]
Nov 08 20:26:51 xhost audit[12674]: AVC avc:  denied  { sigkill } for
pid=12674 comm="strongswan" scontext=system_u:system_r:ipsec_mgmt_t:s0
tcontext=system_u:system_r:ipsec_t:s0 tclass=pr>
Nov 08 20:26:51 xhost nm-l2tp-service[12623]:
g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 08 20:26:51 xhost NetworkManager[8715]: <info>  [1541708811.8303]
vpn-connection[0x556296d9a570,8235f185-3bc9-434e-b6de-4e2bbd42d18d,"VPN
connection 1",0]: VPN plugin: state changed: st>
Nov 08 20:26:51 xhost NetworkManager[8715]: <info>  [1541708811.8336]
vpn-connection[0x556296d9a570,8235f185-3bc9-434e-b6de-4e2bbd42d18d,"VPN
connection 1",0]: VPN service disappeared
Nov 08 20:26:51 xhost NetworkManager[8715]: <warn>  [1541708811.8348]
vpn-connection[0x556296d9a570,8235f185-3bc9-434e-b6de-4e2bbd42d18d,"VPN
connection 1",0]: VPN connection: failed to con>
Nov 08 20:27:08 xhost charon[4192]: 07[IKE] sending keep alive to
122.111.25.141[4500]
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx