New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkgs.networkmanager_strongswan does not work with NetworkManager #29873
Comments
I don't have a strongswan connection to test, but can you try something like this?
If that works, maybe you can add it to this file and make a PR? https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/networking/network-manager/strongswan.nix |
That did not help, but I am amazed how easy it is to add custom build arguments. However, I realized that Apparently my build of
Edit: |
Yes, it looks like the This command seems to do the right thing:
This is untested, but the revised config would be like:
Does that work for you? |
That must be close to correct, as the above command seems to work. However the config snippet throws the following error:
I tried alternating a bit with the brackets but did not make it work. Must be some little syntax issue? |
Updated the commit above and added brackets around:
But still untested |
Still not working:
where line 31 happens to be the line containing |
@wucke13 @globin I don't know how to explain it but I can get rid of the infinite recursion by getting rid of
|
Maybe it is, because it replaces Back to the topic: That configuration does work in terms of being able to build the system, but not in terms of being able to connect to the VPN. The
is still not doing what it should. |
@wucke13 it may be that strongswan just needs to be added to buildInputs:
If that doesn't work, you will probably have to talk to someone who uses it - cc @teto, are you still having trouble using strongswan with network manager? |
@wucke13 it may be worth talking to @basvandijk who authored this PR too: #27958 |
@eqyiel the error keeps the same:
For some reason, the Edit: As I can tell from the build output, the configure options are correct:
So, either the configure options are not used on the |
hum for me it seems to be a different problem (aka 'Could not save existing /etc/ipsec.secrets file.'); strongswan starts fine
|
It looks like it's working but Nix (or the configure script) is replacing
I haven't tried this bit, but it should look something like this:
|
The error persists. Maybe someone who understands more about the nix build process might debug where the problems root is located. Rebuilding and rebooting into the new generation should be sufficient test a new config, right?
|
The thing is, the build is fine, but at some point during the system activation the path to strongswan is removed (see the changed
|
Is there an easy way of changing it back? Even if it gets a bit hackish, I would prefer a working VPN-Connection over a clean solution. |
@wucke13 you could try overriding that file explicitly with
|
This gives me an error:
I tried to put
|
It looks like that won't work because of this issue: #17237 (comment) In particular, the line here: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/networkmanager.nix#L256kk Which looks like a bug anyway, because |
Since you can't override the module, you could try adding the overridden package to
I still can't test this but it seems like it might do the right thing:
|
Well, this did indeed solve the actual problem. The cool thing is, that However, there comes the next issue:
I am kind of helpless with this one, as it did never appear back when I used to compile |
There's this bug report: https://bugzilla.opensuse.org/show_bug.cgi?id=1035555
Maybe you could try to create that file (like |
That might do the trick, however
Fails due to
It looks like |
Another way might be to override these lines in the strongswan derivation so that you can have the file elsewhere: https://github.com/strongswan/strongswan/blob/master/src/charon-nm/Makefile.am#L26-L27 |
Upon further inspection, there's an attribute |
This does not work. In particular, this seems to change exactly nothing? After putting the above snippet in my config file, the following is the situation: |
@wucke13 I get that file in the output if I replace the contents of
Then
You can probably achieve the same thing if you move
Would you be interested in putting together a PR if this fixes it for you? |
It does work!!!
Yes I would be interested in making a PR, but I think I am not experienced enough to do it on my own without a big chance of something going wrong, because of that my suggestion would be that someone else might do the PR. Anyway, have great thanks for fixing this up! |
I'm glad it's working for you and hope that you feel more confident contributing in the future! |
What do you think about: master...LumiGuide:networkmanager-strongswan ? |
I've had my share of problems with strongswan too (#30147) |
@basvandijk that looks pretty good: master...LumiGuide:networkmanager-strongswan#diff-036410e9211b4336186fc613f7200b12R4541 is |
@teto you may be right, I noticed that networkmanager_strongswan is already referred to in the networkmanager module so it would probably be better to just do this by default. |
@basvandijk would you consider sending that patch upstream? |
@eqyiel sure. I'll probably have time for this coming weekend. |
Added the boolean option: networking.networkmanager.enableStrongSwan which enables the networkmanager_strongswan plugin and adds strongswanNM to the dbus packages. This was contributed by @wucke13, @eqyiel and @globin. Fixes: NixOS#29873
Issue description
Connecting to a VPN via strongswan/NetworkManager does not work.
charon-nm
is missing. If I remember this right, there is a flag (--enable-nm
) for the configure script of strongswan build, which causes strongswan to also build thecharon-nm
. If this flag is not set,charon-nm
will not be built. Further information on the needed compile flags for NetworkManager support can be found here. I think these should be added to the build of thepkgs.networkmanager_strongswan
, as it only makes sense to have the special NetworkManager related build flags enabled for a dedicated networkmanager_strongswan package.Steps to reproduce
Install NetworkManager with networkmanager_strongswan package. Add a valid strongswan VPN connection. Try to connect.
Technical details
Relevant nix expression:
Error:
The text was updated successfully, but these errors were encountered: