Connect to Strongswan VPN - NetworkManager

Cyber_Raven · October 28, 2025, 9:46pm

I’m trying to connect to my Uni’s VPN using an imperative NetworkManager Connection. I’ve set the Connection up using the KDE Plasma GUI, but my device is refusing to connect.

My relevant configuration is below:

networkmanager = {
        enable = true;
        connectionConfig.mdns = 2;
        wifi = {
          powersave = false;
          backend = "wpa_supplicant";
        };
        plugins = with pkgs; [
            networkmanager_strongswan
            networkmanager-fortisslvpn
            networkmanager-l2tp
            networkmanager-openvpn
        ];
      };
     services = {
      xl2tpd.enable = true;
      strongswan.enable = true;
      strongswan.secrets = [
        "ipsec.d/ipsec.nm-l2tp.secrets"
      ];
      libreswan = {
          enable = true;
      };
    };
    environment.etc."strongswan.conf" = {
        text = '''';
    };
    services.dbus = {
        packages = [ pkgs.networkmanager pkgs.strongswanNM ];
        enable = true;
    };
    ...

When I try to connect, my connection fails quickly with the following error in journalctl

Oct 28 21:36:58 UnknownDevice NetworkManager[79151]: <warn>  [1761687418.3181] vpn[0x55d781cfc220,928820cd-86a4-4ef1-a7ec-331363242c3c,"VPN"]: dbus: failure: connect-failed (1)
Oct 28 21:36:58 UnknownDevice NetworkManager[79151]: <warn>  [1761687418.3181] vpn[0x55d781cfc220,928820cd-86a4-4ef1-a7ec-331363242c3c,"VPN"]: dbus: failure: connect-failed (1)
Oct 28 21:36:58 UnknownDevice NetworkManager[79151]: <warn>  [1761687418.3182] vpn[0x55d781cfc220,928820cd-86a4-4ef1-a7ec-331363242c3c,"VPN"]: dbus: failure: login-failed (0)

Looking at the more detailed journalctl, it seems that my IKE_AUTH response is AUTH_FAILED.

I need this VPN to be able to remote into University servers to be able to run my dissertation builds, how can I get it working?

mort · October 29, 2025, 6:12am

You have both StrongSwan and LibreSwan enabled, if you want to use StrongSwan remove:

      libreswan = {
          enable = true;
      };

Check if your pre-shared key is set correctly. Is it maybe a sonic wall VPN? In that case you also have an option of running their NetExtender client.

Cyber_Raven · October 30, 2025, 12:35am

I’ve tried both with and without libreswan enabled and get the same error. I’m not familiar enough with VPNs to know much about it. All I really know is the following from the setup guide:

it uses IPsec with ISAKMP
the VPN does NOT support PPTP (the Point-to-Point Tunnelling Protocol) nor IPsec/L2TP (IPsec with the Layer 2 Tunneling Protocol)
IKEv2 with RSA and EAP is recommended, with IKEv1 with RSA and Xauth also supported

Does this help? What would I need to change in my configuration to be able to connect?