I'm not a networking guy.
I'm trying to connect to my Employer's VPN using my CentOS box running Gnome.
I used the GUI Network configuration panel.
I entered in the Gateway IP address (verified with a ping that it is reachable)
I entered my username
I left the user password blank
I entered the pre-shared key (and verified it numerous times)
Under advanced, for both Phase 1 and Phase 2, I entered:
aes256-sha1;modp1024
Nothing works. It tries for a while to connect and then seems to time out.
Now I am sort of out of ideas. Here is the output of a bunch of different commands that I have collected from the internet, but they are all a bit out of my level of understanding.
Here are the contents of my /etc/NetworkManager/system-connections/Employer file (Employer is what I named my VPN profile)
Code: Select all
[connection]
id=Employer
uuid=<some redacted text>
type=vpn
autoconnect=false
permissions=user:me:;
[vpn]
esp=aes256-sha1;modp1024
ike=aes256-sha1;modp1024
leftxauthusername=me
pskinputmodes=save
pskvalue-flags=0
right=NN.NN.NN.N
xauthpassword-flags=2
xauthpasswordinputmodes=ask
service-type=org.freedesktop.NetworkManager.libreswan
[vpn-secrets]
pskvalue=<Pre Shared Key Redacted>
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
Code: Select all
Sep 15 23:33:33 localhost NetworkManager[1026]: <info> [1505543613.6702] audit: op="connection-activate" uuid="<redacted>" name="Employer" pid=2957 uid=1000 result="success"
Sep 15 23:33:33 localhost NetworkManager[1026]: <info> [1505543613.6764] vpn-connection[0x5617adb9f2d0,<redacted>,"Employer",0]: Started the VPN service, PID 13658
Sep 15 23:33:33 localhost NetworkManager[1026]: <info> [1505543613.6851] vpn-connection[0x5617adb9f2d0,c<redacted>,"Employer",0]: Saw the service appear; activating connection
Sep 15 23:33:33 localhost NetworkManager[1026]: <info> [1505543613.8241] keyfile: update /etc/NetworkManager/system-connections/Employer (<redacted>,"Employer")
Sep 15 23:33:41 localhost NetworkManager[1026]: <info> [1505543621.1352] keyfile: update /etc/NetworkManager/system-connections/Employer (<redacted>,"Employer")
Sep 15 23:33:41 localhost NetworkManager[1026]: <info> [1505543621.1370] keyfile: update /etc/NetworkManager/system-connections/Employer (<redacted>,"Employer") after persisting connection
Sep 15 23:33:41 localhost NetworkManager[1026]: <info> [1505543621.1624] vpn-connection[0x5617adb9f2d0,c<redacted>,"Employer",0]: VPN plugin: state changed: starting (3)
Sep 15 23:33:41 localhost NetworkManager[1026]: <info> [1505543621.1625] vpn-connection[0x5617adb9f2d0,<redacted>,"Employer",0]: VPN connection: (ConnectInteractive) reply received
Sep 15 23:33:41 localhost NetworkManager: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Sep 15 23:33:41 localhost kernel: AVX instructions are not detected.
Sep 15 23:33:41 localhost kernel: AVX instructions are not detected.
Sep 15 23:33:41 localhost kernel: AVX instructions are not detected.
Sep 15 23:33:41 localhost kernel: AVX instructions are not detected.
Sep 15 23:33:41 localhost kernel: AVX instructions are not detected.
Sep 15 23:33:41 localhost kernel: AVX or AES-NI instructions are not detected.
Sep 15 23:33:41 localhost kernel: AVX or AES-NI instructions are not detected.
Sep 15 23:33:41 localhost NetworkManager: 002 listening for IKE messages
Sep 15 23:33:41 localhost NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Sep 15 23:33:41 localhost NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Sep 15 23:33:41 localhost NetworkManager: 002 adding interface enp6s0/enp6s0 192.168.2.2:500
Sep 15 23:33:41 localhost NetworkManager: 002 adding interface enp6s0/enp6s0 192.168.2.2:4500
Sep 15 23:33:41 localhost NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Sep 15 23:33:41 localhost NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Sep 15 23:33:41 localhost NetworkManager: 002 adding interface lo/lo ::1:500
Sep 15 23:33:41 localhost NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Sep 15 23:33:41 localhost NetworkManager: 002 loading secrets from "/etc/ipsec.d/ipsec-<redacted>.secrets"
Sep 15 23:34:41 localhost NetworkManager[1026]: <warn> [1505543681.3968] vpn-connection[0x5617adb9f2d0,<redacted>,"Employer",0]: VPN connection: connect timeout exceeded.
Sep 15 23:34:41 localhost journal: Connect timer expired, disconnecting.
Sep 15 23:34:41 localhost NetworkManager: 002 shutting down
Sep 15 23:34:41 localhost NetworkManager[1026]: <warn> [1505543681.4052] vpn-connection[0x5617adb9f2d0,<redacted>,"Employer",0]: VPN plugin: failed: connect-failed (1)
Sep 15 23:34:41 localhost NetworkManager[1026]: <info> [1505543681.4052] vpn-connection[0x5617adb9f2d0,<redacted>,"Employer",0]: VPN plugin: state changed: stopping (5)
Sep 15 23:34:41 localhost NetworkManager[1026]: <info> [1505543681.4052] vpn-connection[0x5617adb9f2d0,<redacted>,"Employer",0]: VPN plugin: state changed: stopped (6)
Here are the results of me running ike-scan:
Code: Select all
ike-scan NN.NN.NN.N
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
NN.NN.NN.N Main Mode Handshake returned HDR=(CKY-R=<redacted>) SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) VID=<redacted>
Ending ike-scan 1.9: 1 hosts scanned in 0.037 seconds (26.81 hosts/sec). 1 returned handshake; 0 returned notify
And here are the settings that I got from our IT guy (he basically just set up the SonicWall in its default state and doesn't fully understand it, so he isn't really able to help me out):
Code: Select all
Phase 1:
DH Group: Group 2
Encryption: aes-256
Authentication: SHA1
Phase 2 is:
Protocol: ESP
Encryption: aes-256
authentication: sha1
I am able to connect from my Mac (which never actually asks me for anything other than the IP address, PSK, and password - but it connect without an issue).
I know I just vomited a bunch of info into my post, but I am really stuck and I appreciate any help, even if it just a clue that moves me on to the next step in solving this. Thanks!