Unable to connect L2TP IPSec VPN from ubuntu 16.04

16.04 network-manager vpn ipsec
24,136

I found the solution in developer's repository.

https://github.com/nm-l2tp/network-manager-l2tp/issues/38#issuecomment-303052751

Version 1.2.6 no longer overrides the default IPsec ciphers and I suspect your VPN server is using a legacy cipher newer strongSwan versions consider to be broken.

See the user specified IPsec cipher suites section in the README.md file on how to supplement the strongSwan default ciphers with your own :

https://github.com/nm-l2tp/network-manager-l2tp#user-specified-ipsec-ikev1-cipher-suites

I would recommend installing the ike-scan package to check what ciphers your VPN server is advertising it supports, e.g. :

$ sudo systemctl stop strongswan  
$ sudo ike-scan 123.54.76.9  
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
123.54.76.9   Main Mode Handshake returned HDR=(CKY-R=5735eb949670e5dd) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
Ending ike-scan 1.9: 1 hosts scanned in 0.263 seconds (3.80 hosts/sec).  1 returned handshake; 0 returned notify

So with this example where a broken 3DES cipher is advertised, in the advanced section of the IPsec dialog box for version 1.2.6, add the following:

  • Phase1 Algorithms : 3des-sha1-modp1024

  • Phase2 Algorithms : 3des-sha1

After all steps try you L2TP connnection, it must be established.

Share:
24,136

Related videos on Youtube

Pratip Ghosh
Author by

Pratip Ghosh

Updated on September 18, 2022

Comments

  • Pratip Ghosh
    Pratip Ghosh almost 2 years

    I am trying to connect L2TP IPSec VPN connection from my Ubuntu 16.04 laptop. Every time I am facing same error since the same credentials working properly to connect VPNs server from any windows system.

    Can anyone guide me to resolve this issue?

    Syslog:

    Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.2586] audit: op="connection-activate" uuid="83adbec9-817f-4faf-9839-42eb41897c10" name="VPN connection 1" pid=2254 uid=1000 result="success"
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.2664] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: Started the VPN service, PID 5561
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.2808] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: Saw the service appear; activating connection
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.4059] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN connection: (ConnectInteractive) reply received
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: ** Message: Check port 1701
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  ipsec enable flag: yes
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: ** Message: Check port 1701
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  starting ipsec
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: Stopping strongSwan IPsec...
Apr 13 12:55:18 pratip-vostro-2520 charon: 00[DMN] signal of type SIGINT received. Shutting down
Apr 13 12:55:18 pratip-vostro-2520 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (2/0)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (3/0)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (4/0)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: destroying IKE_SA in state CONNECTING without notification
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Starting strongSwan 5.3.5 IPsec [starter]...
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Loading config setup
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Loading conn 'nm-ipsec-l2tp-5561'
Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: found netkey IPsec stack
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-72-generic, x86_64)
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG]   loaded IKE secret for %any
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Apr 13 12:55:20 pratip-vostro-2520 charon: 00[JOB] spawning 16 worker threads
Apr 13 12:55:20 pratip-vostro-2520 charon: 08[CFG] received stroke: add connection 'nm-ipsec-l2tp-5561'
Apr 13 12:55:20 pratip-vostro-2520 charon: 08[CFG] added configuration 'nm-ipsec-l2tp-5561'
Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG] rereading secrets
Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG]   loaded IKE secret for %any
Apr 13 12:55:21 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  Spawned ipsec up script with PID 5634.
Apr 13 12:55:21 pratip-vostro-2520 charon: 11[CFG] received stroke: initiate 'nm-ipsec-l2tp-5561'
Apr 13 12:55:21 pratip-vostro-2520 charon: 13[IKE] initiating Main Mode IKE_SA nm-ipsec-l2tp-5561[1] to 76.194.82.189
Apr 13 12:55:21 pratip-vostro-2520 charon: 13[ENC] generating ID_PROT request 0 [ SA V V V V ]
Apr 13 12:55:21 pratip-vostro-2520 charon: 13[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:25 pratip-vostro-2520 charon: 07[IKE] sending retransmit 1 of request message ID 0, seq 1
Apr 13 12:55:25 pratip-vostro-2520 charon: 07[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <warn>  Timeout trying to establish IPsec connection
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  Terminating ipsec script with PID 5634.
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <warn>  Could not establish IPsec tunnel.
Apr 13 12:55:31 pratip-vostro-2520 charon: 14[CFG] rereading secrets
Apr 13 12:55:31 pratip-vostro-2520 charon: 14[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: (nm-l2tp-service:5561): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068331.6006] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN plugin: state changed: stopped (6)
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068331.6023] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN plugin: state change reason: unknown (0)
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068331.6067] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN service disappeared
Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <warn>  [1492068331.6102] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Apr 13 12:55:32 pratip-vostro-2520 charon: 05[IKE] sending retransmit 2 of request message ID 0, seq 1
Apr 13 12:55:32 pratip-vostro-2520 charon: 05[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)
  • Vinod
    Vinod about 7 years
    Thanks. It worked by adding Phase1 and Phase 2 Algorithms !!
  • David Vereb
    David Vereb over 4 years
    As per a comment further down in that link I also had to disable xl2tpd with sudo systemctl stop xl2tpd (github.com/nm-l2tp/NetworkManager-l2tp/issues/…)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

VPN L2TP/IPSec client on Ubuntu 16.04 VPN service failed to start
Unable to create VPN connection in Ubuntu 16.04?
How do I import a saved VPN configuration in 16.04?
No more AnyConnect compatible vpn transport in Ubuntu 16.04?
OpenConnect VPN not in Network Manager in 16.04
Where to add the Pre-Shared Key for the Server Authentication with Network Manager for L2TP/IPSEC?
L2TP / IPSec failing to connect (Ubuntu 19.10)
How to stablish a Fortinet-VPN connection on Ubuntu 16.04 (as client)?
VPN has not worked since upgrading to 12.04
ssh: connect to host [ip] port 22: No route to host