irishgordo · June 1, 2021 23:12
diff --git a/L2TP IPsec VPN with NetworkManager in Arch b/L2TP IPsec VPN with NetworkManager in Arch
 Recently I had an adventure configuring NetworkManager's CLI and minimal UI, through the app: "nmtui".

 Pre-reqs I leveraged:
 - A Pacman Wrapper, I used "yay" x-ref: https://wiki.archlinux.org/index.php/AUR_helpers#Pacman_wrappers
 - "networkmanager-l2tp", x-ref: https://aur.archlinux.org/packages/networkmanager-l2tp/
    - I acquired by ```yay -S networkmanager-l2tp```

 The order of actions I took:

 1.  Creating a the vpn as a system based connection:
 ```sudo nmcli connection add type vpn ifname YOUR_VPN_NAME vpn-type l2tp```
 2.  Modifying the created connection to leverage asking for the password, instead of relying on secrets:
 ```
 [gordo@smallchonk ~]$ sudo su
 [sudo] password for gordo:
 [root@smallchonk ~]$ nvim /etc/NetworkManager/system-connections/vpn-YOUR_VPN_NAME.nmconnection


 [connection]
 id=vpn-YOUR_VPN_NAME
 uuid=80565962-f018-423b-ae73-16ea036bb0b3
 type=vpn
 interface-name=YOUR_VPN_NAME
 permissions=

 [vpn]
 gateway=XXX.YY.AA.BB
 ipsec-psk=PSK
 password-flags=2
 user=YOUR_USER
 service-type=org.freedesktop.NetworkManager.l2tp

 [ipv4]
 dns-search=
 method=auto

 [ipv6]
 addr-gen-mode=stable-privacy
 dns-search=
 method=auto

 [proxy]

 ```
 ^ of course for that chunk replacing it with the name of the desired vpn, user, ipsec-psk desired - and I'm leveraging "password-flags=2" (x-ref: https://developer.gnome.org/NetworkManager/stable/nm-settings.html#secrets-flags) to prompt for the password everytime a connection is desired.
 ^ and you could use "vi", "nano" or any other text editor you desired
 3.  Now let's tell our NetworkManager service to restart: ```systemctl restart NetworkManager```
 4.  Then try to connect to your freshly crafted L2TP IPSec VPN Connection, you road-warrior you, ```nmcli c up vpn-YOUR_VPN_NAME --ask```
 5.  If everything goes well, it won't prompt you to look into journalctl stuff, but if it does, see below, otherwise you can check the status via: ```[gordo@smallchonk ~]$ nmcli connection show --active``` - check the active ones - or just like check the ip you expect to have given that you're now hooked in like: ```[gordo@smallchonk ~]$ curl ifconfig.me```

 Troubleshooting issues, if journalctl -xe reveals something like "ppp_generic" issues post trying the above:
 1. Check to see if you have the ppp_generic daemon? 
 ```
 [gordo@smallchonk ~]$ which pppd
 /usr/bin/pppd
 ```
 2. Check ```sudo nvim /etc/modprobe.d/modules.conf``` ...if it doesn't exist, it's probably solid to build it... if it does exist audit it and look for "alias char-major-108 ppp_generic" existing in the file... if it isn't there, 
 due to the fact I was running into ppp_generic kernel module issues - x-ref: https://wiki.archlinux.org/index.php/Ppp#pppd_cannot_load_kernel_module_ppp_generic
 3. Reboot the device and try again ^

 It was a little wonky getting up and running with it but hopefully this might help anyone that ends up stuck on a few things like I was.
	Recently I had an adventure configuring NetworkManager's CLI and minimal UI, through the app: "nmtui".

	Pre-reqs I leveraged:
	- A Pacman Wrapper, I used "yay" x-ref: https://wiki.archlinux.org/index.php/AUR_helpers#Pacman_wrappers
	- "networkmanager-l2tp", x-ref: https://aur.archlinux.org/packages/networkmanager-l2tp/
	- I acquired by ```yay -S networkmanager-l2tp```

	The order of actions I took:

	1. Creating a the vpn as a system based connection:
	```sudo nmcli connection add type vpn ifname YOUR_VPN_NAME vpn-type l2tp```
	2. Modifying the created connection to leverage asking for the password, instead of relying on secrets:
	```
	[gordo@smallchonk ~]$ sudo su
	[sudo] password for gordo:
	[root@smallchonk ~]$ nvim /etc/NetworkManager/system-connections/vpn-YOUR_VPN_NAME.nmconnection


	[connection]
	id=vpn-YOUR_VPN_NAME
	uuid=80565962-f018-423b-ae73-16ea036bb0b3
	type=vpn
	interface-name=YOUR_VPN_NAME
	permissions=

	[vpn]
	gateway=XXX.YY.AA.BB
	ipsec-psk=PSK
	password-flags=2
	user=YOUR_USER
	service-type=org.freedesktop.NetworkManager.l2tp

	[ipv4]
	dns-search=
	method=auto

	[ipv6]
	addr-gen-mode=stable-privacy
	dns-search=
	method=auto

	[proxy]

	```
	^ of course for that chunk replacing it with the name of the desired vpn, user, ipsec-psk desired - and I'm leveraging "password-flags=2" (x-ref: https://developer.gnome.org/NetworkManager/stable/nm-settings.html#secrets-flags) to prompt for the password everytime a connection is desired.
	^ and you could use "vi", "nano" or any other text editor you desired
	3. Now let's tell our NetworkManager service to restart: ```systemctl restart NetworkManager```
	4. Then try to connect to your freshly crafted L2TP IPSec VPN Connection, you road-warrior you, ```nmcli c up vpn-YOUR_VPN_NAME --ask```
	5. If everything goes well, it won't prompt you to look into journalctl stuff, but if it does, see below, otherwise you can check the status via: ```[gordo@smallchonk ~]$ nmcli connection show --active``` - check the active ones - or just like check the ip you expect to have given that you're now hooked in like: ```[gordo@smallchonk ~]$ curl ifconfig.me```

	Troubleshooting issues, if journalctl -xe reveals something like "ppp_generic" issues post trying the above:
	1. Check to see if you have the ppp_generic daemon?
	```
	[gordo@smallchonk ~]$ which pppd
	/usr/bin/pppd
	```
	2. Check ```sudo nvim /etc/modprobe.d/modules.conf``` ...if it doesn't exist, it's probably solid to build it... if it does exist audit it and look for "alias char-major-108 ppp_generic" existing in the file... if it isn't there,
	due to the fact I was running into ppp_generic kernel module issues - x-ref: https://wiki.archlinux.org/index.php/Ppp#pppd_cannot_load_kernel_module_ppp_generic
	3. Reboot the device and try again ^

	It was a little wonky getting up and running with it but hopefully this might help anyone that ends up stuck on a few things like I was.