Gnome shell vpn app broken

After successfully configuring an L2TP/IPSec VPN service on our Mikrotik router I was easily able to get all the Android 5.1 phones in the house to connect to it. Ditto for the Windows 7 and Windows 10 laptops. My own Linux laptop? Not so much, thanks to more “looks good, even if it doesn’t really work” engineering.

It is becoming increasingly hard to recommend Linux to anyone other than hardcore sysadmins and developers lately. Gone are the days when you could claim a superior ability to automatically configure for a wide variety of hardware, or greater choice in options. The transparency of open source has always been its best feature, and Linux always made the most of it in appealing to both DIY types and privacy advocates.

But in an ever more mobile world certain things just need to work. Like VPN. When it comes to remote networking trying to fake it won’t fool people for very long.

NetworkManager, the dominant networking service on modern Linux machines, boasts a plethora of plugins that are supposed to handle pretty much every standards based VPN implementation available.

Except L2TP/IPSec.

Oh, there is a plugin and set of associated packages that are supposed to provide this capability. It even has nice, pretty, fill-in-the-blanks forms for configuration right in the NetworkManager gui.

But it doesn’t work. In fact it is badly broken. So broken that one of the latest comments in Red Hat Bugzilla on the bug report that was originally opened in 2012 (and prematurely closed in 2013 before being re-opened because it wasn’t actually resolved) says:

Why does this exist in fedora if it’s completely broken and no one is willing to maintain it?

Incredibly frustrating to spend time debugging vpn configuration only to find out the problem is a 4 year old unmaintained package

I couldn’t have said it better myself.

To continue using a Linux desktop in my daily, increasingly mobile, life, I need the basic tools to stay connected to work and home. Telling me to “just go out and get OpenVPN” isn’t a real answer because: (a) most people don’t have the ability to prescribe their own VPN solution; and (b) not all OpenVPN solutions are created equal. My own experience with OpenVPN on a home router running pfSense was much less successful than getting standards based L2TP/IPSec on the Mikrotik (OpenVPN wouldn’t work with any of our Android phones).

There are some, infinitely more knowledegable about this sort of stuff than me, who would say, “Why even try? Just use a Windows machine on the road.” After all, you can always host a Linux guest on Windows using VirtualBox. Of course that’s not practical when your personal laptop is actually an old 2GB RAM Chromebook.

Yeah, so I’m really feeling so good about how Gnome Shell and NetworkManager are simplifying and making mobile networking so user friendly. Not.

Oh, did I mention it works fine on both Android and Windows?

This entry was posted in Security, System Administration, Systems Analysis on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).