L2TP / IPSec failing to connect (Ubuntu 19.10)

network-manager vpn 19.10 ipsec
6,209

I think the following is the issue:

002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-147f9a0d-9b02-4cc9-8942-b4e5b4061110.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-6a6bdfbd-3ad5-4b01-82cd-a32cd48d067f.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-88936113-b02d-48b7-a98e-04758a426172.secrets"

I would delete those nm-l2tp-ipsec-*.secrets files as they didn't get cleaned up most likely due to ungraceful shutdown of the corresponding VPN connections. I'm guessing you are not using a Gateway ID which qualifies the PSK in those nm-l2tp-ipsec-*.secrets files, so strongswan is probably picking the wrong PSK found in the last nm-l2tp-ipsec-*.secrets file.

Another alternative is to upgrade from network-manager-l2tp 1.2.10 to version 1.2.16 from the PPA on the following page. The new version no longer uses different nm-l2tp-ipsec-*.secrets files for different VPN connections and the new package deletes any stray nm-l2tp-ipsec-*.secrets files from earlier versions :

With version 1.2.16 you could also remove the Phase 1 & 2 algorithms as it now uses a merge of Windows 10 and macOS/iOS/iPadOS L2TP/IPsec clients' IKEv1 proposals for its default (instead of the strongswan default set of proposals). The weakest proposals that were not common to both Win10 and iOS were dropped, but all of the strongest ones were kept.

Share:
6,209
PMV
Author by

PMV

Updated on September 18, 2022

Comments

  • PMV
    PMV almost 2 years

    On ubuntu 18.04 LTE VPN connection works properly, but on 19.10 I got:

    hidden@hidden:~$ tail -f /var/log/syslog
hidden NetworkManager[862]: <info>  [1574066091.0450] audit: op="connection-activate" uuid="88936113-b02d-48b7-a98e-04758a426172" name="hidden" pid=1761 uid=1000 result="success"
hidden NetworkManager[862]: <info>  [1574066091.0486] vpn-connection[0x564b018846f0,88936113-b02d-48b7-a98e-04758a426172,"hidden",0]: Saw the service appear; activating connection
hidden NetworkManager[862]: <info>  [1574066091.1669] vpn-connection[0x564b018846f0,88936113-b02d-48b7-a98e-04758a426172,"hidden",0]: VPN connection: (ConnectInteractive) reply received
hidden systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
hidden whack[10939]: 002 shutting down
hidden ipsec[10942]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden libipsecconf[10944]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden systemd[1]: ipsec.service: Succeeded.
hidden systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
hidden systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
hidden addconn[10948]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden libipsecconf[10948]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden _stackmanager[10950]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden libipsecconf[10960]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden _stackmanager[10950]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden libipsecconf[10968]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden ipsec[11252]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden libipsecconf[11254]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden ipsec[11252]: nflog ipsec capture disabled
hidden systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
hidden libipsecconf[11273]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden CRON[11287]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
hidden NetworkManager[862]: <info>  [1574066101.9098] vpn-connection[0x564b018846f0,88936113-b02d-48b7-a98e-04758a426172,"hidden",0]: VPN plugin: state changed: stopped (6)
hidden xdg-desktop-por[1696]: Failed to get application states: GDBus.Error:org.freedesktop.portal.Error.Failed: Could not get window list: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: App introspection not allowed

    hidden@hidden:~$ sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
[sudo] password for hidden: 
nm-l2tp[10839] <debug> nm-l2tp-service (version 1.2.10) starting...
nm-l2tp[10839] <debug>  uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[10839] <info>  ipsec enable flag: yes
** Message: 11:34:51.169: Check port 1701
** Message: 11:34:51.169: Can't bind to port 1701
nm-l2tp[10839] <warn>  L2TP port 1701 is busy, using ephemeral.
proxy

ipv6
    address-data : []
    dns : []
    dns-search : []
    method : 'auto'
    route-data : []

connection
    autoconnect : false
    id : 'hidden'
    permissions : ['user:hidden:']
    type : 'vpn'
    uuid : '88936113-b02d-48b7-a98e-04758a426172'

vpn
    data : {'gateway': 'x.xxx.xxx.xx', 'ipsec-enabled': 'yes', 'ipsec-esp': '3des-sha1', 'ipsec-ike': '3des-sha1;modp1024', 'ipsec-psk': '************', 'password-flags': '1', 'user': 'hidden'}
    secrets : {'password': '************'}
    service-type : 'org.freedesktop.NetworkManager.l2tp'
    user-name : 'hidden'

ipv4
    address-data : []
    dns : []
    dns-search : []
    method : 'auto'
    route-data : []

nm-l2tp[10839] <info>  starting ipsec
Redirecting to: systemctl restart ipsec.service
002 listening for IKE messages
002 Kernel supports NIC esp-hw-offload
002 adding interface wlp2s0/wlp2s0 (esp-hw-offload=no) xxx.xxx.x.xx:500
002 adding interface wlp2s0/wlp2s0 xxx.xxx.x.xx:4500
002 Kernel supports NIC esp-hw-offload
002 adding interface lo/lo (esp-hw-offload=no) 127.0.0.1:500
002 adding interface lo/lo 127.0.0.1:4500
002 Kernel supports NIC esp-hw-offload
002 adding interface lo/lo (esp-hw-offload=no) ::1:500
002 loading secrets from "/etc/ipsec.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-147f9a0d-9b02-4cc9-8942-b4e5b4061110.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-6a6bdfbd-3ad5-4b01-82cd-a32cd48d067f.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-88936113-b02d-48b7-a98e-04758a426172.secrets"
opening file: /run/nm-l2tp-ipsec-88936113-b02d-48b7-a98e-04758a426172.conf
debugging mode enabled
end of file /run/nm-l2tp-ipsec-88936113-b02d-48b7-a98e-04758a426172.conf
Loading conn 88936113-b02d-48b7-a98e-04758a426172
starter: left is KH_DEFAULTROUTE
loading named conns: 88936113-b02d-48b7-a98e-04758a426172
seeking_src = 1, seeking_gateway = 1, has_peer = 1
seeking_src = 0, seeking_gateway = 1, has_dst = 1
dst  via xxx.xxx.x.x dev wlp2s0 src  table 254
set nexthop: xxx.xxx.x.x
dst xxx.xxx.x.x via  dev wlp2s0 src  table 254
dst xxx.xxx.x.x via  dev wlp2s0 src xxx.xxx.x.xx table 254
dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255 (ignored)
dst xxx.xxx.x.x via  dev wlp2s0 src xxx.xxx.x.xx table 255 (ignored)
dst xxx.xxx.x.xx via  dev wlp2s0 src xxx.xxx.x.xx table 255 (ignored)
dst xxx.xxx.x.xxx via  dev wlp2s0 src xxx.xxx.x.xx table 255 (ignored)

seeking_src = 1, seeking_gateway = 0, has_peer = 1
seeking_src = 1, seeking_gateway = 0, has_dst = 1
dst xxx.xxx.x.x via  dev wlp2s0 src xxx.xxx.x.xx table 254
set addr: xxx.xxx.x.xx

seeking_src = 0, seeking_gateway = 0, has_peer = 1
conn: "88936113-b02d-48b7-a98e-04758a426172" modecfgdns=<unset>
conn: "88936113-b02d-48b7-a98e-04758a426172" modecfgdomains=<unset>
conn: "88936113-b02d-48b7-a98e-04758a426172" modecfgbanner=<unset>
conn: "88936113-b02d-48b7-a98e-04758a426172" mark=<unset>
conn: "88936113-b02d-48b7-a98e-04758a426172" mark-in=<unset>
conn: "88936113-b02d-48b7-a98e-04758a426172" mark-out=<unset>
conn: "88936113-b02d-48b7-a98e-04758a426172" vti_iface=<unset>
conn: "88936113-b02d-48b7-a98e-04758a426172" redirect-to=<unset>
conn: "88936113-b02d-48b7-a98e-04758a426172" accept-redirect-to=<unset>
conn: "88936113-b02d-48b7-a98e-04758a426172" esp=3des-sha1
conn: "88936113-b02d-48b7-a98e-04758a426172" ike=3des-sha1;modp1024
002 added connection description "88936113-b02d-48b7-a98e-04758a426172"
nm-l2tp[10839] <info>  Spawned ipsec auto --up script with PID 11280.
002 "88936113-b02d-48b7-a98e-04758a426172" #1: initiating v2 parent SA
133 "88936113-b02d-48b7-a98e-04758a426172" #1: initiate
002 "88936113-b02d-48b7-a98e-04758a426172": constructed local IKE proposals for 88936113-b02d-48b7-a98e-04758a426172 (IKE SA initiator selecting KE): 1:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024
133 "88936113-b02d-48b7-a98e-04758a426172" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
010 "88936113-b02d-48b7-a98e-04758a426172" #1: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response
010 "88936113-b02d-48b7-a98e-04758a426172" #1: STATE_PARENT_I1: retransmission; will wait 1 seconds for response
010 "88936113-b02d-48b7-a98e-04758a426172" #1: STATE_PARENT_I1: retransmission; will wait 2 seconds for response
010 "88936113-b02d-48b7-a98e-04758a426172" #1: STATE_PARENT_I1: retransmission; will wait 4 seconds for response
010 "88936113-b02d-48b7-a98e-04758a426172" #1: STATE_PARENT_I1: retransmission; will wait 8 seconds for response
nm-l2tp[10839] <warn>  Timeout trying to establish IPsec connection
nm-l2tp[10839] <info>  Terminating ipsec script with PID 11280.
nm-l2tp[10839] <warn>  Could not establish IPsec tunnel.

(nm-l2tp-service:10839): GLib-GIO-CRITICAL **: 11:35:01.908: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
010 "88936113-b02d-48b7-a98e-04758a426172" #1: STATE_PARENT_I1: retransmission; will wait 16 seconds for response
010 "88936113-b02d-48b7-a98e-04758a426172" #1: STATE_PARENT_I1: retransmission; will wait 32 seconds for response
031 "88936113-b02d-48b7-a98e-04758a426172" #1: STATE_PARENT_I1: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our first IKEv2 message
000 "88936113-b02d-48b7-a98e-04758a426172" #1: starting keying attempt 2 of an unlimited number, but releasing whack

    Help to fix the problem.

    p.s. after upgrading to network-manager-l2tp:1.2.16-1. New logs:

    hidden@hidden:~$  tail -f /var/log/syslog
hidden xdg-desktop-por[1688]: Failed to get application states: GDBus.Error:org.freedesktop.portal.Error.Failed: Could not get window list: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: App introspection not allowed
hidden gnome-software[3460]: enabled plugins: desktop-categories, fwupd, os-release, packagekit, packagekit-local, packagekit-offline, packagekit-proxy, packagekit-refine-repos, packagekit-refresh, packagekit-upgrade, packagekit-url-to-app, shell-extensions, ubuntuone, appstream, desktop-menu-path, hardcoded-blacklist, hardcoded-featured, hardcoded-popular, modalias, odrs, packagekit-refine, rewrite-resource, steam, packagekit-history, provenance, snap, systemd-updates, generic-updates, provenance-license, icons, key-colors, key-colors-metadata
hidden gnome-software[3460]: disabled plugins: dpkg, dummy, repos, epiphany
hidden dbus-daemon[872]: [system] Activating via systemd: service name='org.freedesktop.fwupd' unit='fwupd.service' requested by ':1.609' (uid=1000 pid=3460 comm="/usr/bin/gnome-software --gapplication-service " label="unconfined")
hidden systemd[1]: Starting Firmware update daemon...
hidden fwupd[3486]: 19:03:15:0057 FuPluginUefi         kernel efivars support missing: /sys/firmware/efi/efivars
hidden dbus-daemon[872]: [system] Activating via systemd: service name='org.freedesktop.bolt' unit='bolt.service' requested by ':1.613' (uid=0 pid=3486 comm="/usr/lib/fwupd/fwupd " label="unconfined")
hidden systemd[1]: Starting Thunderbolt system service...
hidden boltd[3499]: bolt 0.8 starting up.
hidden boltd[3499]: store: located at: /var/lib/boltd
hidden boltd[3499]: config: loading user config
hidden boltd[3499]: bouncer: initializing polkit
hidden boltd[3499]: udev: initializing udev
hidden boltd[3499]: store: loading domains
hidden boltd[3499]: store: loading devices
hidden boltd[3499]: power: state located at: /run/boltd/power
hidden boltd[3499]: power: force power support: no
hidden boltd[3499]: udev: enumerating devices
hidden dbus-daemon[872]: [system] Successfully activated service 'org.freedesktop.bolt'
hidden systemd[1]: Started Thunderbolt system service.
hidden dbus-daemon[872]: [system] Successfully activated service 'org.freedesktop.fwupd'
hidden systemd[1]: Started Firmware update daemon.
hidden systemd-resolved[837]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
hidden systemd-resolved[837]: message repeated 5 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
hidden gnome-shell[1751]: [AppIndicatorSupport-DEBUG] Registering StatusNotifierItem :1.105/org/ayatana/NotificationItem/software_update_available
hidden gnome-shell[1751]: [AppIndicatorSupport-FATAL] unable to update overlay icon
hidden gnome-shell[1751]: [AppIndicatorSupport-FATAL] unable to update overlay icon
hidden PackageKit: refresh-cache transaction /3129_eaecacde from uid 1000 finished with success after 12792ms
hidden sudo: pam_ecryptfs: pam_sm_authenticate: /home/hidden is already mounted
hidden gnome-software[3460]: g_path_get_basename: assertion 'file_name != NULL' failed
hidden gnome-software[3460]: g_regex_match_full: assertion 'string != NULL' failed
hidden gnome-software[3460]: g_path_get_basename: assertion 'file_name != NULL' failed
hidden gnome-software[3460]: g_regex_match_full: assertion 'string != NULL' failed
hidden gnome-software[3460]: not GsPlugin error g-io-error-quark:35: Invalid string value converting to GVariant
hidden gnome-software[3460]: not handling error failed for action refine: Invalid string value converting to GVariant
hidden PackageKit: resolve transaction /3130_bddeccae from uid 1000 finished with success after 1842ms
hidden PackageKit: resolve transaction /3131_eedbdbed from uid 1000 finished with success after 364ms
hidden PackageKit: search-file transaction /3132_aececcba from uid 1000 finished with success after 1402ms
hidden PackageKit: search-file transaction /3133_bddabebe from uid 1000 finished with success after 473ms
hidden PackageKit: search-file transaction /3134_ecaacead from uid 1000 finished with success after 441ms
hidden PackageKit: search-file transaction /3135_bdedbdac from uid 1000 finished with success after 419ms
hidden PackageKit: search-file transaction /3136_aeecdcae from uid 1000 finished with success after 440ms
hidden PackageKit: search-file transaction /3137_eabbbcba from uid 1000 finished with success after 449ms
hidden PackageKit: search-file transaction /3138_bbbdddca from uid 1000 finished with success after 464ms
hidden NetworkManager[873]: <info>  [1574535815.0927] audit: op="connection-activate" uuid="147f9a0d-9b02-4cc9-8942-b4e5b4061110" name="center 2m main office" pid=1751 uid=1000 result="success"
hidden NetworkManager[873]: <info>  [1574535815.0965] vpn-connection[0x562220a064e0,147f9a0d-9b02-4cc9-8942-b4e5b4061110,"center 2m main office",0]: Saw the service appear; activating connection
hidden NetworkManager[873]: <info>  [1574535815.1410] vpn-connection[0x562220a064e0,147f9a0d-9b02-4cc9-8942-b4e5b4061110,"center 2m main office",0]: VPN connection: (ConnectInteractive) reply received
hidden systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
hidden whack[4248]: 002 shutting down
hidden PackageKit: search-file transaction /3139_bdeeeabd from uid 1000 finished with success after 463ms
hidden ipsec[4251]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden libipsecconf[4253]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden systemd[1]: ipsec.service: Succeeded.
hidden systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
hidden systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
hidden addconn[4257]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden libipsecconf[4257]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden _stackmanager[4261]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden libipsecconf[4271]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden _stackmanager[4261]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden libipsecconf[4280]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden ipsec[4563]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden libipsecconf[4565]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden ipsec[4563]: nflog ipsec capture disabled
hidden systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
hidden libipsecconf[4584]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
hidden PackageKit: search-file transaction /3140_cdbdbeab from uid 1000 finished with success after 441ms
hidden NetworkManager[873]: <info>  [1574535815.8584] vpn-connection[0x562220a064e0,147f9a0d-9b02-4cc9-8942-b4e5b4061110,"center 2m main office",0]: VPN plugin: state changed: starting (3)
hidden PackageKit: search-file transaction /3141_cbccdeba from uid 1000 finished with success after 464ms
hidden PackageKit: search-file transaction /3142_eebdcacd from uid 1000 finished with success after 438ms
hidden pppd[4639]: Plugin pppol2tp.so loaded.
hidden pppd[4639]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
hidden pppd[4639]: nm-l2tp[4198] <info>  [helper-4639] initializing
hidden pppd[4639]: pppd 2.4.7 started by hidden, uid 0
hidden pppd[4639]: nm-l2tp[4198] <info>  [helper-4639] phasechange: status 3 / phase 'serial connection'
hidden pppd[4639]: using channel 2
hidden pppd[4639]: Using interface ppp0
hidden pppd[4639]: Connect: ppp0 <--> 
hidden pppd[4639]: nm-l2tp[4198] <info>  [helper-4639] phasechange: status 5 / phase 'establish'
hidden pppd[4639]: Overriding mtu 1500 to 1400
hidden pppd[4639]: PPPoL2TP options: debugmask 0
hidden pppd[4639]: Overriding mru 1500 to mtu value 1400
hidden pppd[4639]: sent [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <magic 0x59575e93>]
hidden systemd-udevd[4264]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
hidden NetworkManager[873]: <info>  [1574535816.8802] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/6)
hidden pppd[4639]: rcvd [LCP ConfRej id=0x1 <asyncmap 0x0>]
hidden pppd[4639]: sent [LCP ConfReq id=0x2 <mru 1400> <magic 0x59575e93>]
hidden pppd[4639]: rcvd [LCP ConfAck id=0x2 <mru 1400> <magic 0x59575e93>]
hidden pppd[4639]: rcvd [LCP ConfReq id=0x1 <mru 1376> <auth chap MS-v2> <magic 0x4b7d3524>]
hidden pppd[4639]: sent [LCP ConfAck id=0x1 <mru 1376> <auth chap MS-v2> <magic 0x4b7d3524>]
hidden pppd[4639]: PPPoL2TP options: debugmask 0
hidden pppd[4639]: nm-l2tp[4198] <info>  [helper-4639] phasechange: status 6 / phase 'authenticate'
hidden pppd[4639]: rcvd [CHAP Challenge id=0x59 <fcd548a7fa533fed9f33e24612ed30a0>, name = ""]
hidden pppd[4639]: nm-l2tp[4198] <info>  [helper-4639] passwd-hook: requesting credentials...
hidden pppd[4639]: nm-l2tp[4198] <info>  [helper-4639] passwd-hook: got credentials from NetworkManager-l2tp
hidden pppd[4639]: added response cache entry 0
hidden pppd[4639]: sent [CHAP Response id=0x59 <7a3e0b0bd07fec4c3799652ebef1220300000000000000005c897ac951604c4552b230b21a63b04c6712c8c5f454f4e800>, name = "mpashkin"]
hidden pppd[4639]: rcvd [CHAP Failure id=0x59 "E=691 R=0"]
hidden pppd[4639]: MS-CHAP authentication failed: E=691 Authentication failure
hidden pppd[4639]: CHAP authentication failed
hidden pppd[4639]: nm-l2tp[4198] <info>  [helper-4639] phasechange: status 10 / phase 'terminate'
hidden pppd[4639]: nm-l2tp[4198] <info>  [helper-4639] phasechange: status 5 / phase 'establish'
hidden pppd[4639]: Overriding mtu 1500 to 1400
hidden pppd[4639]: PPPoL2TP options: debugmask 0
hidden pppd[4639]: Overriding mru 1500 to mtu value 1400
hidden pppd[4639]: sent [LCP TermReq id=0x3 "Failed to authenticate ourselves to peer"]
hidden pppd[4639]: rcvd [LCP TermReq id=0x2]
hidden pppd[4639]: sent [LCP TermAck id=0x2]
hidden pppd[4639]: rcvd [LCP TermAck id=0x3]
hidden pppd[4639]: nm-l2tp[4198] <info>  [helper-4639] phasechange: status 11 / phase 'disconnect'
hidden pppd[4639]: Connection terminated.
hidden NetworkManager[873]: <warn>  [1574535817.0972] vpn-connection[0x562220a064e0,147f9a0d-9b02-4cc9-8942-b4e5b4061110,"center 2m main office",0]: VPN plugin: failed: connect-failed (1)
hidden NetworkManager[873]: <info>  [1574535817.0972] vpn-connection[0x562220a064e0,147f9a0d-9b02-4cc9-8942-b4e5b4061110,"center 2m main office",0]: VPN plugin: state changed: stopping (5)
hidden gnome-shell[1751]: Removing a network device that was not added
hidden NetworkManager[873]: <info>  [1574535817.1129] vpn-connection[0x562220a064e0,147f9a0d-9b02-4cc9-8942-b4e5b4061110,"center 2m main office",0]: VPN plugin: state changed: stopped (6)
hidden NetworkManager[873]: <warn>  [1574535817.1208] vpn-connection[0x562220a064e0,147f9a0d-9b02-4cc9-8942-b4e5b4061110,"center 2m main office",0]: VPN plugin: failed: connect-failed (1)
hidden PackageKit: search-file transaction /3143_acddcbda from uid 1000 finished with success after 436ms
hidden pppd[4639]: nm-l2tp[4198] <info>  [helper-4639] phasechange: status 1 / phase 'dead'
hidden pppd[4639]: nm-l2tp[4198] <info>  [helper-4639] exit: cleaning up
hidden pppd[4639]: Exit.
hidden PackageKit: search-file transaction /3144_beeddebe from uid 1000 finished with success after 457ms
hidden PackageKit: search-file transaction /3145_deeddeec from uid 1000 finished with success after 422ms
hidden PackageKit: search-file transaction /3146_cceaccda from uid 1000 finished with success after 450ms
hidden gnome-software[3460]: Failed to find one package for libinput-gestures.desktop, /usr/share/applications/libinput-gestures.desktop, [0]
hidden PackageKit: get-details transaction /3147_cdcacddd from uid 1000 finished with success after 386ms
hidden gnome-software[3460]: Failed to load snap icon: local snap has no icon
hidden gnome-software[3460]: message repeated 4 times: [ Failed to load snap icon: local snap has no icon]
hidden systemd-resolved[837]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.

    hidden@hidden:~$ sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
nm-l2tp[4198] <debug> nm-l2tp-service (version 1.2.16) starting...
nm-l2tp[4198] <debug>  uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[4198] <info>  ipsec enable flag: yes
** Message: 22:03:35.143: Check port 1701
** Message: 22:03:35.143: Can't bind to port 1701
nm-l2tp[4198] <warn>  L2TP port 1701 is busy, using ephemeral.
ipv6
    address-data : []
    dns : []
    dns-search : []
    method : 'auto'
    route-data : []

ipv4
    address-data : []
    dns : []
    dns-search : []
    method : 'auto'
    route-data : []

connection
    autoconnect : false
    id : 'hidden'
    permissions : ['user:hidden:']
    timestamp : 1563201201
    type : 'vpn'
    uuid : '147f9a0d-9b02-4cc9-8942-b4e5b4061110'

proxy

vpn
    data : {'gateway': 'xx.xx.xx.xx', 'ipsec-enabled': 'yes', 'ipsec-esp': '3des-sha1', 'ipsec-ike': '3des-sha1;modp1024', 'ipsec-psk': '******', 'password-flags': '1', 'user': 'hidden'}
    secrets : {'password': '******'}
    service-type : 'org.freedesktop.NetworkManager.l2tp'
    user-name : 'hidden'

nm-l2tp[4198] <info>  starting ipsec
Redirecting to: systemctl restart ipsec.service
002 listening for IKE messages
002 forgetting secrets
002 loading secrets from "/etc/ipsec.secrets"
002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
opening file: /run/nm-l2tp-147f9a0d-9b02-4cc9-8942-b4e5b4061110/ipsec.conf
debugging mode enabled
end of file /run/nm-l2tp-147f9a0d-9b02-4cc9-8942-b4e5b4061110/ipsec.conf
Loading conn 147f9a0d-9b02-4cc9-8942-b4e5b4061110
starter: left is KH_DEFAULTROUTE
loading named conns: 147f9a0d-9b02-4cc9-8942-b4e5b4061110
seeking_src = 1, seeking_gateway = 1, has_peer = 1
seeking_src = 0, seeking_gateway = 1, has_dst = 1
dst  via xx.xx.xx.xx dev wlp2s0 src  table 254
set nexthop: xx.xx.xx.xx
dst xx.xx.xx.xx via  dev wlp2s0 src  table 254
dst xx.xx.xx.xx via  dev wlp2s0 src xx.xx.xx.xx table 254
dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255 (ignored)
dst xx.xx.xx.xx via  dev wlp2s0 src xx.xx.xx.xx table 255 (ignored)
dst xx.xx.xx.xx via  dev wlp2s0 src xx.xx.xx.xx table 255 (ignored)
dst xx.xx.xx.xx via  dev wlp2s0 src xx.xx.xx.xx table 255 (ignored)

seeking_src = 1, seeking_gateway = 0, has_peer = 1
seeking_src = 1, seeking_gateway = 0, has_dst = 1
dst xx.xx.xx.xx via  dev wlp2s0 src xx.xx.xx.xx table 254
set addr: xx.xx.xx.xx

seeking_src = 0, seeking_gateway = 0, has_peer = 1
conn: "147f9a0d-9b02-4cc9-8942-b4e5b4061110" modecfgdns=<unset>
conn: "147f9a0d-9b02-4cc9-8942-b4e5b4061110" modecfgdomains=<unset>
conn: "147f9a0d-9b02-4cc9-8942-b4e5b4061110" modecfgbanner=<unset>
conn: "147f9a0d-9b02-4cc9-8942-b4e5b4061110" mark=<unset>
conn: "147f9a0d-9b02-4cc9-8942-b4e5b4061110" mark-in=<unset>
conn: "147f9a0d-9b02-4cc9-8942-b4e5b4061110" mark-out=<unset>
conn: "147f9a0d-9b02-4cc9-8942-b4e5b4061110" vti_iface=<unset>
conn: "147f9a0d-9b02-4cc9-8942-b4e5b4061110" redirect-to=<unset>
conn: "147f9a0d-9b02-4cc9-8942-b4e5b4061110" accept-redirect-to=<unset>
conn: "147f9a0d-9b02-4cc9-8942-b4e5b4061110" esp=3des-sha1
conn: "147f9a0d-9b02-4cc9-8942-b4e5b4061110" ike=3des-sha1;modp1024
002 added connection description "147f9a0d-9b02-4cc9-8942-b4e5b4061110"
nm-l2tp[4198] <info>  Spawned ipsec auto --up script with PID 4591.
002 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #1: initiating Main Mode
104 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #1: STATE_MAIN_I1: initiate
003 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #1: ignoring unknown Vendor ID payload [f758f22668750f03b08df6ebe1d00300]
106 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #1: Peer ID is ID_IPV4_ADDR: 'xx.xx.xx.xx'
004 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP1024}
002 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:9eb98aa5 proposal=3DES_CBC-HMAC_SHA1_96 pfsgroup=MODP1024}
117 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #2: STATE_QUICK_I1: initiate
003 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #2: ignoring informational payload IPSEC_RESPONDER_LIFETIME, msgid=9eb98aa5, length=28
003 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #2: NAT-Traversal: received 2 NAT-OA. Ignored because peer is not NATed
004 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0x453de9b3 <0x30c93373 xfrm=3DES_CBC-HMAC_SHA1_96 NATOA=none NATD=xx.xx.xx.xx:4500 DPD=passive}
nm-l2tp[4198] <info>  Libreswan IPsec tunnel is up.
** Message: 22:03:35.857: xl2tpd started with pid 4607
xl2tpd[4607]: Not looking for kernel SAref support.
xl2tpd[4607]: Using l2tp kernel support.
xl2tpd[4607]: xl2tpd version xl2tpd-1.3.12 started on hidden PID:4607
xl2tpd[4607]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[4607]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[4607]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[4607]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[4607]: Listening on IP address 0.0.0.0, port 43162
xl2tpd[4607]: get_call: allocating new tunnel for host xx.xx.xx.xx, port 1701.
xl2tpd[4607]: Connecting to host xx.xx.xx.xx, port 1701
xl2tpd[4607]: control_finish: message type is (null)(0).  Tunnel is 0, call is 0.
xl2tpd[4607]: control_finish: sending SCCRQ
xl2tpd[4607]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[4607]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[4607]: framing_caps_avp: supported peer frames: sync
xl2tpd[4607]: hostname_avp: peer reports hostname 'N/A'
xl2tpd[4607]: assigned_tunnel_avp: using peer's tunnel 58851
xl2tpd[4607]: control_finish: message type is Start-Control-Connection-Reply(2).  Tunnel is 58851, call is 0.
xl2tpd[4607]: control_finish: sending SCCCN
xl2tpd[4607]: Connection established to xx.xx.xx.xx, 1701.  Local: 51260, Remote: 58851 (ref=0/0).
xl2tpd[4607]: Calling on tunnel 51260
xl2tpd[4607]: control_finish: message type is (null)(0).  Tunnel is 58851, call is 0.
xl2tpd[4607]: control_finish: sending ICRQ
xl2tpd[4607]: message_type_avp: message type 11 (Incoming-Call-Reply)
xl2tpd[4607]: assigned_call_avp: using peer's call 1
xl2tpd[4607]: control_finish: message type is Incoming-Call-Reply(11).  Tunnel is 58851, call is 1.
xl2tpd[4607]: control_finish: Sending ICCN
xl2tpd[4607]: Call established with xx.xx.xx.xx, Local: 3428, Remote: 1, Serial: 1 (ref=0/0)
xl2tpd[4607]: start_pppd: I'm running: 
xl2tpd[4607]: "/usr/sbin/pppd" 
xl2tpd[4607]: "plugin" 
xl2tpd[4607]: "pppol2tp.so" 
xl2tpd[4607]: "pppol2tp" 
xl2tpd[4607]: "7" 
xl2tpd[4607]: "passive" 
xl2tpd[4607]: "nodetach" 
xl2tpd[4607]: ":" 
xl2tpd[4607]: "debug" 
xl2tpd[4607]: "file" 
xl2tpd[4607]: "/run/nm-l2tp-147f9a0d-9b02-4cc9-8942-b4e5b4061110/ppp-options" 
xl2tpd[4607]: message_type_avp: message type 14 (Call-Disconnect-Notify)
xl2tpd[4607]: result_code_avp: peer closing for reason 2 (General error--Error Code indicates the problem), error = 0 ()
xl2tpd[4607]: assigned_call_avp: using peer's call 1
xl2tpd[4607]: control_finish: message type is Call-Disconnect-Notify(14).  Tunnel is 58851, call is 1.
xl2tpd[4607]: control_finish: Connection closed to xx.xx.xx.xx, serial 1 ()
xl2tpd[4607]: Terminating pppd: sending TERM signal to pid 4639
nm-l2tp[4198] <info>  Terminated xl2tpd daemon with PID 4607.
xl2tpd[4607]: death_handler: Fatal signal 15 received
xl2tpd[4607]: Connection 58851 closed to xx.xx.xx.xx, port 1701 (Server closing)
002 "147f9a0d-9b02-4cc9-8942-b4e5b4061110": terminating SAs using this connection
002 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #2: deleting state (STATE_QUICK_I2) aged 1.364s and sending notification
005 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #2: ESP traffic information: in=435B out=721B
002 "147f9a0d-9b02-4cc9-8942-b4e5b4061110" #1: deleting state (STATE_MAIN_I4) aged 1.493s and sending notification
  • PMV
    PMV over 4 years
    1. deleting *.secrets didn't help
  • PMV
    PMV over 4 years
    2. upgrading to 1.12.16 didn't work too
  • PMV
    PMV over 4 years
    Added logs after upgrading to network-manager-l2tp:1.12.16-1 to the main message
  • Douglas Kosovic
    Douglas Kosovic over 4 years
    Error 691 authentication failure means the VPN server rejected the user credentials, make sure you are using the correct username and password. In the PPP options, you could also try diabling all of the authentication options, other than MS CHAP v2.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Unable to connect L2TP IPSec VPN from ubuntu 16.04
VPN L2TP/IPSec client on Ubuntu 16.04 VPN service failed to start
Where to add the Pre-Shared Key for the Server Authentication with Network Manager for L2TP/IPSEC?
VPN has not worked since upgrading to 12.04
ssh: connect to host [ip] port 22: No route to host
/dev/ppp can't be opened
OpenVPN setup with PIA - Connects but no internet
How to auto(re)connect to openvpn connection?
How to connect to two VPNs at the same time?
how do I connect to a VPN with ipsec?