LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 12-22-2012, 11:33 PM   #1
BashTin
Member
 
Registered: May 2003
Location: West Midlands, United Kingdom.
Distribution: Slackware 13.37
Posts: 247

Rep: Reputation: 32
network manager and ipsec and the Great Firewall of China.


Hi, Happy Christmas! So here I am trying to get through the Great Firewall of China. Have been using very successfully openvpn for many years but now they have upped the anti and it is pretty well locked down now so thought I would give ipsec a go. Trouble is I know nothing about i.p sec but did a bit of reading but could not really figure out what was needed given the general Linux instructions (for Ubuntu) by my current vpn provider. So thought I would try to get it up and running via the network manager first.

So in network connections I set

Gateway: (server i.p here)
ca file: leave blank
username: username
password: password

Then after hitting return/save/whatever I get a dialog popup declaring.......

"The name org.freedesktop.NetworkManager was not provided with any .service files"

What is this about and how do I go about fixing it? Any help much appreciated.

BashTin.

PS. This is on fresh install of Slack14

Last edited by BashTin; 12-22-2012 at 11:35 PM.
 
Old 12-23-2012, 05:40 PM   #2
unclejed613
Member
 
Registered: Mar 2009
Posts: 316

Rep: Reputation: 25
i could recommend you use TOR, which is very successful at making it out of the Great Firewall on a consistent basis. since there are 4 redundant methods of the distribution of bridge addresses (bridges are entry points into the TOR network), the operators of the Great firewall can never get a listing of ALL of the bridges, so they can't block all of them. the following site may be blocked in china, but you may find another way to get there... https://www.torproject.org/ or maybe somebody in china has been able to mirror the site.

i looked on freedesktop.org to see if there was a help file for the network app, and there doesn't seem to be anything listed, either under NetworkManager, VPN, ipsec or anything else... but i did find this link if it's any help https://help.ubuntu.com/community/NetworkManager

btw... this is the slackware forum... ubuntu is down a bit lower on the distribution forums list, but i figured i'd try to help you out anyway
 
Old 12-23-2012, 06:13 PM   #3
Darth Vader
Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 553

Rep: Reputation: 103Reputation: 103
Well, well, well...

While Slackware 14 ship both NetworkManager and OpenVPN, ironically, it doesn't include the bridge between these two: NetworkManager-openvpn.

Always I asked myself: WHY?
 
Old 12-23-2012, 11:04 PM   #4
BashTin
Member
 
Registered: May 2003
Location: West Midlands, United Kingdom.
Distribution: Slackware 13.37
Posts: 247

Original Poster
Rep: Reputation: 32
Hi all, thanks for the ideas.

I have tried TOR and in fact it is still on my system. However it is blocked in China. I can't remember if I tried relays or not although I suspect I must have done but regardless it is too slow for everyday general usage. The only way I could get TOR to work was through the VPN! (which is how I know it is too slow).

I am in fact using Slack 14, I did mention this in a 'p.s' right at the end :-)

Darth Vader. I agree. It is a strange omission but I had already installed NetworkManager-openvpn via sbopkg.

So I still have the problem. Anyone??

Thanks, BashTin.
 
Old 12-23-2012, 11:59 PM   #5
jtsn
Member
 
Registered: Sep 2011
Location: Europe
Distribution: Slackware
Posts: 690

Rep: Reputation: 276Reputation: 276Reputation: 276
Quote:
Originally Posted by BashTin View Post
"The name org.freedesktop.NetworkManager was not provided with any .service files"

What is this about
It's complaining about systemd .service files are missing, which are useless anyway, because Slackware has no systemd. So I think, upstream broke something.
 
Old 12-24-2012, 01:13 AM   #6
hotchili
Member
 
Registered: Sep 2009
Location: Germany
Distribution: slackware64-current
Posts: 69

Rep: Reputation: 16
Hey, sadly I don't know nothing about ipsec, but have
found this, maybe it helps you: http://5lackware.blogspot.de/2009/06...slackware.html

Can ssh traffic pass trough the gfw? If so you could rent a small vps somewhere and
then build a local socks 5 proxy over ssh I use that to unblock youtube videos lol.

ssh -N -D8080 server.somewhere.tld <- after that it listens on 127.0.0.1 port 8080
 
Old 12-24-2012, 03:46 AM   #7
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,112

Rep: Reputation: Disabled
Quote:
Originally Posted by Darth Vader View Post
Well, well, well...

While Slackware 14 ship both NetworkManager and OpenVPN, ironically, it doesn't include the bridge between these two: NetworkManager-openvpn.

Always I asked myself: WHY?
Because it was not critical to have that in Slackware. NetworkManager itself was more critical so it got added to Slackware 14. NetworkManager-OpenVPN can be added by yourself easily using slackbuilds.org as you indicated.

Eric
 
Old 12-24-2012, 04:39 AM   #8
BashTin
Member
 
Registered: May 2003
Location: West Midlands, United Kingdom.
Distribution: Slackware 13.37
Posts: 247

Original Poster
Rep: Reputation: 32
Thanks for the comments so far. Ok, maybe I can try a different tack. So I am sure all the ipsec stuff works behind the scenes (openvpn does as I used it up until very recently), I just need to configure it. If I can add the required info to the config files (username, pw, server/i.p) then I maybe can take it from there. Any of you gurus know which file/s I should be editing?

hotchili, blogspot is blocked in China....... need ipsec to read it, lol.

BashTin

Last edited by BashTin; 12-24-2012 at 04:58 AM.
 
Old 12-24-2012, 07:58 AM   #9
lolnameless
LQ Newbie
 
Registered: Jan 2012
Location: Hong Kong
Distribution: Slackware
Posts: 18

Rep: Reputation: Disabled
Quote:
Originally Posted by BashTin View Post
Hi all, thanks for the ideas.

I have tried TOR and in fact it is still on my system. However it is blocked in China. I can't remember if I tried relays or not although I suspect I must have done but regardless it is too slow for everyday general usage. The only way I could get TOR to work was through the VPN! (which is how I know it is too slow).

I am in fact using Slack 14, I did mention this in a 'p.s' right at the end :-)

Darth Vader. I agree. It is a strange omission but I had already installed NetworkManager-openvpn via sbopkg.

So I still have the problem. Anyone??

Thanks, BashTin.
>However it is blocked in China.
It shouldn't be possible. Public relay(visible relay) should be blocked by the CCP.
That is why you should try find bridge relay. You may try send an email to eff(it is what those eff staffs said in CCC),they may give you some IPs.

>The only way I could get TOR to work was through the VPN! (which is how I know it is too slow).
Maybe you should. Because all anonymity network cant hide the fact that you are participating the network. However, tor does put harder effort to make it "low-profile" among all kind of connections.
Also,you may not have to use Tor all the time. My speculation is that there is seemingly no one would go as far as monitoring your plain VPN connection outside China,then monitor your connection to the VPN and beat you up(as far as you don't do something stupid,of course),just make sure it is encrypted.

>which is how I know it is too slow
Depend on usage,if bandwidth isn't a problem,then the slowness is really just caused by speed of light.To make it faster you may consider making participants denser on the earth.(i.e. You can contribute to the network by joining it)

Last edited by lolnameless; 12-24-2012 at 08:01 AM.
 
Old 12-25-2012, 09:21 PM   #10
unclejed613
Member
 
Registered: Mar 2009
Posts: 316

Rep: Reputation: 25
sorry about that... i didn't notice you had a slack system... i wasn't paying attention i guess...

the tor network has several redundant ways of getting bridge addresses, and each method has different bridge addresses listed so a blocking operation can never get a complete list. if you get any good bridge addresses, you should be able to get a connection that's a bit faster than what you remember. if you don't remember adding a bridge address to your tor config, you probably haven't done it, as it consists of an IP address and a long hexadecimal string about 40 characters long(which is the public key fingerprint of the bridge). i would remember if i had to manually enter one. you can specify several bridge addresses, and if any of them are too slow, tor will ignore them. obviously, the most often blocked bridge addresses will be the ones tor downloads automatically, one other method used is to email for a list. there are two other methods are a bit different, and make it impossible for anyone blocking bridges to get all of them. the more people running bridge relays, the better. i can tell you that my bridge consistently serves connections to China as well as several other countries that censor their internet, and my bridge has been somewhat consistently online for several months. it took a few days after starting the bridge before it started getting used, and it's still in use, so the method for distributing my bridge address must be fairly reliable, even in China. you can leave a private message for me on this forum and i can give you my bridge address if you like. i can even send you the web addresses in China where the tor website is mirrored.

Last edited by unclejed613; 12-25-2012 at 09:25 PM.
 
Old 12-27-2012, 07:08 AM   #11
BashTin
Member
 
Registered: May 2003
Location: West Midlands, United Kingdom.
Distribution: Slackware 13.37
Posts: 247

Original Poster
Rep: Reputation: 32
well thanks so far guys. A little more forward. Discovered what I actually needed was vpnc ('c' standing for Cisco). But even though I got it all installed and configured I could not get it to authenticate. So gave Cisco's vpnclient a go. Had to apply a couple of patches to get it to compile and...... yes you guessed, could not get that to connect either. Anyway will have to leave it for the mo and come back to it latter.

BashTin.
 
Old 03-11-2013, 03:00 AM   #12
BashTin
Member
 
Registered: May 2003
Location: West Midlands, United Kingdom.
Distribution: Slackware 13.37
Posts: 247

Original Poster
Rep: Reputation: 32
Right, going to mark this as 'solved' as I have finally got a connection to witopia using IPSec and I post the neccessary steps for anyone who maybe be intersted.

First off Network Manager in Slackware 14 appears broken or at least from my experience. (I did a fresh install on two different machines with the same outcome).
With network-scripts-14.00-noarch-3, openconnect-3.20-i486-1, networkmanagement-0.9.0-i486-1 and network-manager-applet-0.9.4.1-i4862 installed in network manager, under 'wired connection' tab, the 'add', edit and delete buttons are greyed out. Wicd network manager has no such issues.

Secondly with the addition of vpnc-0.5.3-i486-1 the vpn tab becomes visible. However whenever I try to add a vpn connection of any type I get the message back 'The name org.freedesktop.NetworkManager was not provided with any .service files'. I have read that communication between the manager and the underlying tools is done via dbus so I guess something is not right here. As this was installed via sbopkg I would have thought any links/whatever should have been setup at the config stage.

Thirdly the wireless tab is greyed out. Wicd network manager has no such issues.

Onto getting IPSec working on Slackware 14.

I found Witopia staff, although willing, were somewhat lacking in the neccessary technical skills required so had to figure it out by myself. With some digging around and trial and error I found the majic client was vpnc. This is easily installed via sbopkg. Then you need to create a connection profile, /etc/vpnc/yourprofilename.conf. It shoud end up looking like

Code:
# nat traversal mode (this is critical. If it is not included you will not connect)
NAT Traversal Mode natt
# I.P or host name of witopia server you are connecting too
# i.p is better as the pesky Great Firewall likes to play games with DNS
IPSec gateway num.num.num.num
# group name
IPSec ID witopia
# Group password
IPSec secret witopia
# Your username
# There are two formats for usernames and they are NOT interchangeable. Please see the “details” under your active services via the portal to see your correct username.
# Format 1: username@witopia (notice that there is no .net at the end)
# Format 2: W\your@email.com (the W \ must be present) 
Xauth username my-user-name
# Your password in plain text
Xauth password my-password
Then, assuming you have a network connection up, just issue 'vpnc [name of your conf file]' and you should connect. (I do get an 'Enter Hostname' dialoug pop up, just click cancel)

Wifi rtl8192ce module woes.
The saga continues. The second machine I was trying this all out on is a Toshiba Satellite C805 with Realtek 8192C/8188C 802.11n PCI wireless chip.
After around 5 or 10 minutes the connection would go down and although the connection was still up as far as iwconfig and ifconfig was concerned there was no way to re-establish an internet connection other that reboot.

Dmesg would show errors about 'reset failed', 'wlan0 link not ready' and similar (did not keep a copy).

To cut a long story short this is a well known bug and the simple fix is to download the latest driver from Realteks website. Make, make install and all is well.

http://www.realtek.com.tw/DOWNLOADS/...oads=true#2722
https://bugs.launchpad.net/ubuntu/+s...ux/+bug/902557

You could back up your old driver first if you like (/lib/modules/(your kernel version)/kernel/drivers/net/wireless/rtlwifi/rtl8192ce/rtl8192ce.ko)

Well that's it. Hope it is useful to someone. Happy Hacking.

One last thing. If you have not already worked it out, I like the wicd network manager. Small, simple and works!

Last edited by BashTin; 03-11-2013 at 03:53 AM. Reason: missed something
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] What is my firewall blocking? (maybe ipsec-tools and/or nfsv4 related?) Artemus Linux - Networking 1 07-08-2012 07:57 AM
Bypass the great firewall michalng Debian 6 03-08-2011 06:33 PM
[SOLVED] How do I switch the network manager from YAST back to the default network manager? skykooler Suse/Novell 7 03-09-2010 06:28 PM
LXer: CCID Consulting: China's Linux Market Grew by 29.2% and Desktop Has Great Poten LXer Syndicated Linux News 0 11-06-2007 11:40 AM
Logging into a firewall - IPSEC user benjithegreat98 Linux - Software 1 01-29-2004 11:06 PM


All times are GMT -5. The time now is 06:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration