confirming proper VPN operation

[dhdurgee]

I am attempting to configure a VPN connection from my linux laptop to my office system for use when on the road. My laptop is running linux mint 20.1 64 and the current release of network manager and its plugins. As I have created the VPN on the office using strongswan and have successfully used the strongswan android client on my phones and tablet I installed the strongswan plugin for network manager.

I have added a VPN connection and configured it and it claims to connect. I never see a change of icon in the tray indicating a secured connection. I also see no change in the output of several terminal commands such as "ip rule", "ip route", "ifconfig" and "route" with the vpn enabled. I do see some indications in nmcli:

Code: Select all

dhdurgee@z560:~/Downloads$ nmcli 
Durgee Enterprises, LLC VPN connection
        master wlp5s0, VPN
        inet4 10.10.10.2/32

wlp5s0: connected to Auto Free WiFi by Karma
        "Broadcom and subsidiaries BCM4313"
        wifi (wl), AC:81:12:A4:5E:43, hw, mtu 1500
        ip4 default
        inet4 192.168.1.114/24
        inet4 10.10.10.2/32
        route4 0.0.0.0/0
        route4 192.168.1.0/24
        route4 192.168.1.0/24
        route4 169.254.0.0/16
        route4 0.0.0.0/0
        inet6 fe80::562f:7604:6d84:57ca/64
        route6 fe80::/64

enp6s0: disconnected
        "Realtek RTL810xE"
        1 connection available
        ethernet (r8169), B8:70:F4:2C:6B:9F, autoconnect, hw, mtu 1500

lo: unmanaged
        "lo"
        loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536

DNS configuration:
        servers: 8.8.8.8 8.8.4.4
        interface: wlp5s0
        type: vpn

        servers: 192.168.1.1
        interface: wlp5s0

Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.

Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
dhdurgee@z560:~/Downloads$ 

Versus without the VPN enabled:

Code: Select all

dhdurgee@z560:~/Downloads$ nmcli 
wlp5s0: connected to Auto Free WiFi by Karma
        "Broadcom and subsidiaries BCM4313"
        wifi (wl), AC:81:12:A4:5E:43, hw, mtu 1500
        ip4 default
        inet4 192.168.1.114/24
        route4 0.0.0.0/0
        route4 192.168.1.0/24
        route4 169.254.0.0/16
        route4 192.168.1.0/24
        inet6 fe80::562f:7604:6d84:57ca/64
        route6 fe80::/64

enp6s0: disconnected
        "Realtek RTL810xE"
        1 connection available
        ethernet (r8169), B8:70:F4:2C:6B:9F, autoconnect, hw, mtu 1500

lo: unmanaged
        "lo"
        loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536

DNS configuration:
        servers: 192.168.1.1
        interface: wlp5s0

Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.

Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
dhdurgee@z560:~/Downloads$ 

Is this indeed indicating proper operation of the VPN?

Dave

[dhdurgee]

I have received confirmation from the strongswan mailing list that this confirms proper operation of my VPN:

Code: Select all

dhdurgee@z560:~/Downloads$ sudo ip xfrm state list
src 192.168.1.114 dst 108.31.28.59
	proto esp spi 0xcfc85b48 reqid 1 mode tunnel
	replay-window 0 flag af-unspec
	auth-trunc hmac(sha1) 0x4b048d80625a30c47558fc231af84befcab9f4e1 96
	enc cbc(aes) 0x2a2e30f7ea35339b8eeffe64321f7f446f113b8bf2d8131cfa2e54db61ded8dd
	encap type espinudp sport 42582 dport 4500 addr 0.0.0.0
	anti-replay context: seq 0x0, oseq 0x28, bitmap 0x00000000
src 108.31.28.59 dst 192.168.1.114
	proto esp spi 0xc2bb60a3 reqid 1 mode tunnel
	replay-window 32 flag af-unspec
	auth-trunc hmac(sha1) 0xb570b6149d971134fac06a51cec8701b05a68f68 96
	enc cbc(aes) 0xfdab1561b5527f6ddfbaa21b8bd9c0812449b3fda751cc837b94d1642e4bba4c
	encap type espinudp sport 4500 dport 42582 addr 0.0.0.0
	anti-replay context: seq 0x1d, oseq 0x0, bitmap 0x1fffffff

Dave