github nm-l2tp/NetworkManager-l2tp 1.2.12
version 1.2.12 release
on GitHub

latest releases: 1.20.16, 1.20.14, 1.20.12...
5 years ago

Compatible with NetworkManager 1.2.0 and later.

  • Update translations by merging from various sources.
  • Added Legacy Proposal button.
    Clicking Legacy Proposals button populates Phase 1 and 2 Algorithm text entry boxes with proposals offered by Windows Server 2019:
    • AES256, SHA-1, ECP384 and AES128, SHA-1, ECP256 strong proposals.
      strongSwan recommends not using SHA-1 in its security recommendations documentation.
    • 3DES, SHA-1, MODP1024 broken proposal.
      Legacy Windows 2000 Server era proposal still commonly offered, especially with consumer routers
  • Added following IPsec configuration options:
    • Phase1 Lifetime - ikelifetime.
    • Phase2 Lifetime - salifetime (libreswan) / lifetime (strongswan).
    • Use IP compression - compress.
    • Disable PFS - pfs (libreswan).
  • renamed Gateway ID to Remote ID and provided GUI tooltip.
    Remote ID is more commonly used than Gateway ID, e.g. NetworkManager-libreswan and macOS/iOS IPsec IKEv2 clients use Remote ID . User confusion should hopefully be reduced.
  • removed restrictions that only IP addresses are allowed for Remote ID.
  • Generated config file changes, following config files :
    • /var/run/nm-l2tp-xl2tpd-UUID.conf
    • /var/run/nm-l2tp-xl2tpd-control-UUID
    • /var/run/nm-l2tp-xl2tpd-UUID.pid
    • /var/run/nm-l2tp-ppp-options-UUID
      are now:
    • /var/run/nm-l2tp-UUID/xl2tpd.conf
    • /var/run/nm-l2tp-UUID/xl2tpd-control
    • /var/run/nm-l2tp-UUID/xl2tpd-.pid
    • /var/run/nm-l2tp-UUID/ppp-options
  • Use same IP secrets file for all L2TP connections,
    /etc/ipsec.d/ipsec.nm-l2tp.secrets is now used instead of /etc/ipsec.d/nm-l2tp-ipsec-UUID.secrets, where UUID was the UUID of the VPN connection.
  • Force ikev2=never for Libreswan
    ikev2=permit was the implicit default setting, which tries to detect a "bid down" attack from IKEv2 to IKEv1 and can have an impact on the default proposals.
  • Add nm-l2tp-service- prefix back to pppd ipparam argument. The ipparam argument is used by a condition in the Debian resolvconf's /etc/ppp/ip-up.d/000resolvconf script.
  • PSK is now Base64 encoded, allows PSK to contain double quotation mark (").
  • Fix build without GTK/Gnome.
  • Legacy KDE Plasma-nm user certificate support.
  • libnm-glib compatibility (NetworkManager < 1.0) is disabled by default. It can be enabled by passing --with-libnm-glib to configure script. Nobody should need it by now. Users that still use this are encouraged to let us know before the libnm-glib support is removed for good.
  • The auth helper in external UI mode can now be run without a display server. Future nmcli version will utilize this for handling the secrets without a graphical desktop.
Check out latest releases or
releases around nm-l2tp/NetworkManager-l2tp 1.2.12

Don't miss a new NetworkManager-l2tp release

NewReleases is sending notifications on new releases.

Get notifications