Monday, July 22, 2019

Meraki L2TP VPN Connection In Slackware64-current Plasma 5 - KDE 5

I needed a Meraki VPN connection for Slackware64-current as listed here: https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Linux

I took the idea from http://stuffjasondoes.com/2018/08/16/configuring-meraki-client-vpn-on-linux-mint-19-network-manager/

You can find more information here: https://wiki.gnome.org/Projects/NetworkManager/VPN

1) Download NetworkManager-l2tp 1.2.12 from https://github.com/nm-l2tp/NetworkManager-l2tp/releases

2) Repackage NetworkManager-l2tp using the following, modified SlackBuild:

#!/bin/sh

# Slackware build script for NetworkManager-l2tp

# Copyright 2010-2017 Robby Workman, Tuscaloosa, Alabama, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

PRGNAM=NetworkManager-l2tp
VERSION=${VERSION:-1.2.12}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}

if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) ARCH=i586 ;;
arm*) ARCH=arm ;;
*) ARCH=$( uname -m ) ;;
esac
fi

CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}

if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
SLKCFLAGS="-O2 -fPIC"
LIBDIRSUFFIX="64"
else
SLKCFLAGS="-O2"
LIBDIRSUFFIX=""
fi

set -e

rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $PRGNAM-$VERSION
tar xvf $CWD/$PRGNAM-$VERSION.tar.xz
cd $PRGNAM-$VERSION
chown -R root:root .
find -L . \
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \; -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;

CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure \
--prefix=/usr \
--libdir=/usr/lib${LIBDIRSUFFIX} \
--sysconfdir=/etc \
--localstatedir=/var \
--mandir=/usr/man \
--docdir=/usr/doc/$PRGNAM-$VERSION \
--without-libnm-glib \
--build=$ARCH-slackware-linux

make
make install DESTDIR=$PKG

# Create the chroot directory
mkdir -p $PKG/var/lib/l2tp/chroot

find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true

mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION

mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc

cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}

3) Download, repackage and install xl2tpd 1.3.14 using the SlackBuild from ponce's repository: http://cgit.ponce.cc/slackbuilds/tree/network/xl2tpd

4) Download, repackage and install strongswan 5.8.0 using the SlackBuild from ponce's repository: http://cgit.ponce.cc/slackbuilds/tree/network/strongswan

5) Create the VPN connection using NetworkManager, as a "Layer 2 Tunneling Protocol (L2TP)" connection:

Give the connection a name under "Connection name:" on the top section
Under the "VPN (l2tp)" tab, enter the "Gateway:", "User name:", "Password:" and "NT Domain:"
Under the "VPN (l2tp)" tab, click on "IPsec Settings...", check "Enable IPsec tunnel to L2TP host", enter your secret under "Pre-shared Key:", enter 3des-sha1-modp1024 under "Phase1 algorithms:" and 3des-sha1 under "Phase2 algorithms:", click on "OK"
Under the "VPN (l2tp)" tab, click on "PPP Settings...", check only "PAP" under "Allow following authentication methods" and uncheck all other methods, uncheck "Use MPPE Encryption", check "Allow BSD compression", "Allow Deflate compression", "Allow TCP header compression", "Use protocol field compression negotiation", and "Use Address/Control compression". Leave "Send PPP echo packets" unchecked. Under "Other Settings", change "MRU:" and "MTU:" to 1400, click on "OK"
Under the "IPv4" tab, enter your Active Directory domain or domains under "Search Domains:". Click on "Routes...". Click on "+ Add" and enter the proper "Address", "Netmask", "Gateway" and "Metric". Click on "+ Add" and follow the same instructions until you add all proper routes (Hint: Routes can be found by running route in a terminal session). Click on "OK"
Click on "Apply" and then on "OK"

6) Test your newly created L2TP connection

Regards,

F. Bobbio C.

No comments:

Post a Comment