Site to Site IPSec VPN with strongSwan and OpenStack VPNaaS (IPsec)

# install
sudo apt-get install -y strongswan
 
# Left (Ubuntu client, behind NAT)
Ubuntu Client IP: 212.8.9.10
Ubuntu net: 192.168.178.0/24
 
# Right (OpenStack VPNaaS)
VPN_SERVICE_ID=$(openstack vpn service list -c ID -f value)
VPN_SERVICE_IP=$(openstack vpn service show ${VPN_SERVICE_ID} -c external_v4_ip -f value)
echo ${VPN_SERVICE_IP}
 
OpenStack VPN IP: 217.50.60.70
OpenStack Net: 10.0.1.0/24

echo ${VPN_SERVICE_IP} : PSK "${PSK}" | sudo tee -a /etc/ipsec.d/ipsec.openstack_vpnaas.secrets

cat <<EOF> /etc/ipsec.conf
config setup
 
conn vpn1
 keyexchange=ikev1
 left=%defaultroute
 leftid=212.8.9.10
 leftsubnet=192.168.178.0/24
 leftauth=psk
 leftfirewall=yes
 authby=psk
 auto=start
 ike=aes256-sha512-modp1024
 esp=aes256-sha512
 right=${VPN_SERVICE_IP}
 rightsubnet=10.0.1.0/24
 rightauth=psk
 ikelifetime=3600s
 keylife=3600s
 type=tunnel
EOF

sudo ipsec status
sudo ipsec statusall
sudo ipsec restart
 
sudo ipsec up vpn1
sudo ipsec down vpn1
 
sudo ipsec listalgs

openstack vpn ipsec site connection list
openstack vpn endpoint group list
openstack vpn service list
openstack vpn ipsec policy list
openstack vpn ike policy list

openstack vpn ipsec site connection delete conn1
openstack vpn endpoint group delete ep-subnet
openstack vpn endpoint group delete ep-cidr
openstack vpn service delete vpn1
openstack vpn ipsec policy delete ipsec-aes256-sha512
openstack vpn ike policy delete ike-aes256-sha512

# sudo apt install network-manager-strongswan
 
sudo apt-get install network-manager-l2tp-gnome
sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
journalctl -f -u NetworkManager.service
 
# fixme:
... NetworkManager[459580]: parsed INFORMATIONAL_V1 request 2368110922 [ HASH N(AUTH_FAILED) ]
... NetworkManager[459580]: received AUTHENTICATION_FAILED error notify