Results 1 to 5 of 5

Thread: L2TP VPNs with NetworkManager and strongswan failing to connect, with no meaningful logs

  1. #1

    Default L2TP VPNs with NetworkManager and strongswan failing to connect, with no meaningful logs

    1. Installed L2TP packages: NetworkManager-l2tp, plasma-nm5-l2tp, xl2tpd
    2. Installed strongswan packages: NetworkManager-strongswan, plasma-nm5-strongswan, strongswan, and its libraries for IPSEC, libs0-, and nm-
    3. I have an L2TP VPN config setup in the Network Manager GUI: pre-shared key, with username and password


    Relevant journalctl -xe NM_CONNECTION=... + NM_DEVICE=... logs:

    Code:
    Started the VPN service, PID 3288
        Saw the service appear; activating connection
        VPN connection: (ConnectInteractive) reply received
        VPN plugin: state changed: starting (3)
        VPN plugin: failed: connect-failed (1)
        VPN plugin: failed: connect-failed (1)
        VPN plugin: state changed: stopping (5)
        VPN plugin: state changed: stopped (6)
        VPN service disappeared
    Relevant journalctl --no-hostname _SYSTEMD_UNIT=NetworkManager.service + SYSLOG_IDENTIFIER=pppd logs:

    Code:
    NetworkManager[1281]: <info>  [1634854280.8774] vpn-connection[0x5637e7ca60f0,d67a0914-7f17-442b-bf27-ec41aa364b81,"<VPN name>",0]: VPN plugin: state changed: starting (3)
        charon[4477]: 14[NET] received packet: from <VPN gateway>[4500] to 192.168.20.2[4500] (204 bytes)
        charon[4477]: 14[IKE] received retransmit of response with ID 1015903007, but next request already sent
        NetworkManager[4510]: xl2tpd[4510]: death_handler: Fatal signal 15 received
        NetworkManager[4510]: xl2tpd[4510]: Connection 0 closed to <VPN gateway>, port 1701 (Server closing)
        NetworkManager[1281]: <warn>  [1634854294.8915] vpn-connection[0x5637e7ca60f0,d67a0914-7f17-442b-bf27-ec41aa364b81,"<VPN name>",0]: VPN plugin: failed: connect-failed (1)
        NetworkManager[1281]: <warn>  [1634854294.8916] vpn-connection[0x5637e7ca60f0,d67a0914-7f17-442b-bf27-ec41aa364b81,"<VPN name>",0]: VPN plugin: failed: connect-failed (1)
        NetworkManager[1281]: <info>  [1634854294.8916] vpn-connection[0x5637e7ca60f0,d67a0914-7f17-442b-bf27-ec41aa364b81,"<VPN name>",0]: VPN plugin: state changed: stopping (5)
        NetworkManager[4567]: Stopping strongSwan IPsec...
        charon[4477]: 00[DMN] SIGINT received, shutting down
        charon[4477]: 00[IKE] deleting IKE_SA d67a0914-7f17-442b-bf27-ec41aa364b81[1] between 192.168.20.2[192.168.20.2]...<VPN gateway>[<VPN gateway>]
        charon[4477]: 00[IKE] deleting IKE_SA d67a0914-7f17-442b-bf27-ec41aa364b81[1] between 192.168.20.2[192.168.20.2]...<VPN gateway>[<VPN gateway>]
        charon[4477]: 00[IKE] sending DELETE for IKE_SA d67a0914-7f17-442b-bf27-ec41aa364b81[1]
        charon[4477]: 00[ENC] generating INFORMATIONAL_V1 request 2475207184 [ HASH D ]
        charon[4477]: 00[NET] sending packet: from 192.168.20.2[4500] to <VPN gateway>[4500] (84 bytes)
        ipsec_starter[4476]: child 4477 (charon) has quit (exit code 0)
        ipsec_starter[4476]:
        ipsec_starter[4476]: charon stopped after 200 ms
        ipsec_starter[4476]: ipsec starter stopped
        nm-l2tp-service[4457]: ipsec shut down
        NetworkManager[1281]: <info>  [1634854294.9995] vpn-connection[0x5637e7ca60f0,d67a0914-7f17-442b-bf27-ec41aa364b81,"<VPN name>",0]: VPN plugin: state changed: stopped (6)
        NetworkManager[1281]: <info>  [1634854295.0010] vpn-connection[0x5637e7ca60f0,d67a0914-7f17-442b-bf27-ec41aa364b81,"<VPN name>",0]: VPN service disappeared
    strongSwan service is running, # systemctl status strongswan active and running. xl2tpd is not running, $ systemctl status xl2tpd inactive.

    There's only one /etc/nsswitch.conf, no duplicate from rpmnew.

    The actual output from # nmcli con up id VPN is simply Error: Connection activation failed: Unknown reason.

    I have edited /etc/NetworkManager/system-connections/VPN.nmconnection to include password-flags=0 and [vpn-secrets] with a plain text password.

    In the VPN config on Network Manager, I have it set to store password for all users.

    What else can I try?

  2. #2
    Join Date
    Oct 2014
    Location
    Rotterdam
    Posts
    700

    Default Re: L2TP VPNs with NetworkManager and strongswan failing to connect, with no meaningful logs

    I would try setting up the connection from the console, see https://github.com/hwdsl2/setup-ipse...ients.md#linux
    That way you are likely getting more useful logging.

    I did do the same my VPN connection and only when that worked I did make Network Manager work.

  3. #3

    Default Re: L2TP VPNs with NetworkManager and strongswan failing to connect, with no meaningful logs

    From command line the VPN works but I am unable to set up split tunneling, something which would otherwise be simple through network manager. Is there a strongswan option to do so? It's also interesting that the instructions seem to use the old ipsec command instead of swanctl. Specifying a right subnet of 0.0.0.0/0 does not work. The VPN does allow me to enable split tunnelling.

  4. #4

    Default Re: L2TP VPNs with NetworkManager and strongswan failing to connect, with no meaningful logs

    Edit: Solved now. Got it correctly working with the setup in this Github doc, and changed my routing table to allow tunnelling. Had to change my netconfig update policy to "" so it would stop overriding my DNS.

  5. #5
    Join Date
    Oct 2014
    Location
    Rotterdam
    Posts
    700

    Default Re: L2TP VPNs with NetworkManager and strongswan failing to connect, with no meaningful logs

    Good things are solved using the command line, next step could be to get it working via the Network Manager, changing yout routing table is possible using Network Manager, it might be that you need nmcli for that.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •