Clearly, affected users might be much better off to use their own tests or setups that they can re-use for this. The following just tries to come up with something a third party could re-use to test this.
0. prep a VPN server/client setup with IKEv2
I used [1] to first get a server and client setup in two VMs.
A wrapper to get this done via uvtool is attached as test-strongswan-bug-1772705.tgz
Call it like:
$ ./test.sh bionic
Once the above is up and working continue
1. Install test system
Those above are (in my case) using server images, but for Network Manager we need a Desktop.
- Download a Bionic Desktop ISO and install it into e.g. using virt-manager
- In addition to the default make the guest part of the network that the strongswan server is in
2. Make sure you have installed strongswan-nm
$ apt install strongswan-nm
3. Setup a strongswan connection, e.g. follow [2] to do so.
The actual check, when you connect to that VPN via NM the DNS servers that will be added are total garbage. Check this via e.g.:
$ nmcli dev show | grep DNS
Clearly, affected users might be much better off to use their own tests or setups that they can re-use for this. The following just tries to come up with something a third party could re-use to test this.
0. prep a VPN server/client setup with IKEv2
I used [1] to first get a server and client setup in two VMs.
A wrapper to get this done via uvtool is attached as test-strongswan-bug-1772705.tgz
Call it like:
$ ./test.sh bionic
Once the above is up and working continue
1. Install test system
Those above are (in my case) using server images, but for Network Manager we need a Desktop.
- Download a Bionic Desktop ISO and install it into e.g. using virt-manager
- In addition to the default make the guest part of the network that the strongswan server is in
2. Make sure you have installed strongswan-nm
$ apt install strongswan-nm
3. Setup a strongswan connection, e.g. follow [2] to do so.
The actual check, when you connect to that VPN via NM the DNS servers that will be added are total garbage. Check this via e.g.:
$ nmcli dev show | grep DNS
[1]: https:/ /code.launchpad .net/~ubuntu- security/ qa-regression- testing/ +git/qa- regression- testing /wiki.strongswa n.org/projects/ strongswan/ wiki/NetworkMan ager
[2]: https:/