After solving a printer issue by buying a new one I am now struggling with a networking problem. My company offers access to remote folders via a l2tp vpn connection. Everything works with Windows 10 with the credentials provided. The connection needs IPSec.
Packages installed:
$ sudo zypper search -i | grep l2tp
i+ | NetworkManager-l2tp | NetworkManager VPN support for L2TP and L2TP/IPsec | Paket
i+ | openSUSE-2017-1312 | Feature update adding NetworkManager-l2tp | Patch
i+ | plasma-nm5-l2tp | L2TP support for plasma-nm5 | Paket
i | xl2tpd | Layer 2 Tunnelling Protocol Daemon (RFC 2661) | Paket
$ sudo zypper search -i | grep swan
i+ | strongswan | OpenSource IPsec-based VPN Solution | Paket
i | strongswan-ipsec | OpenSource IPsec-based VPN Solution | Paket
i | strongswan-libs0 | OpenSource IPsec-based VPN Solution | Paket
I checked for phase 1 and 2 algorithms as advised here by using ike-scan and was using the entries in the IPSec options windows in NetworkManager:
"phase 1" algorithm: 3des-md5-modp1024,3des-sha1-modp1024,aes128-sha1-modp768,aes128-sha1-modp1024
"phase 2" algorithm: aes128-sha1,3des-md5
No luck. Here is the systemd log (some data replaced by “xxx” due to privacy concerns):
16.03.18 10:38 NetworkManager <info> Starting VPN service 'l2tp'...
16.03.18 10:38 NetworkManager <info> VPN service 'l2tp' started (org.freedesktop.NetworkManager.l2tp), PID 9679
16.03.18 10:38 NetworkManager <info> VPN service 'l2tp' appeared; activating connections
16.03.18 10:38 kdeinit5 plasma-nm: virtual NMVariantMapMap SecretAgent::GetSecrets(const NMVariantMapMap&, const QDBusObjectPath&, const QString&, const QStringList&, uint)
16.03.18 10:38 kdeinit5 plasma-nm: Path: "/org/freedesktop/NetworkManager/Settings/2"
16.03.18 10:38 kdeinit5 plasma-nm: Setting name: "vpn"
16.03.18 10:38 kdeinit5 plasma-nm: Hints: ()
16.03.18 10:38 kdeinit5 plasma-nm: Flags: 4
16.03.18 10:38 NetworkManager ** Message: ipsec enable flag: yes
16.03.18 10:38 kdeinit5 plasma-nm: Unhandled VPN connection state change: 3
16.03.18 10:38 NetworkManager ** Message: Check port 1701
16.03.18 10:38 NetworkManager ** Message: starting ipsec
16.03.18 10:38 NetworkManager Stopping strongSwan IPsec failed: starter is not running
16.03.18 10:38 ipsec_starter Starting strongSwan 5.2.2 IPsec [starter]...
16.03.18 10:38 ipsec_starter Loading config setup
16.03.18 10:38 ipsec_starter Loading conn 'fa453bf5-xxxx-48f9-a5b2-xxxxxxxxxxxxx'
16.03.18 10:38 NetworkManager Starting strongSwan 5.2.2 IPsec [starter]...
16.03.18 10:38 NetworkManager Loading config setup
16.03.18 10:38 NetworkManager Loading conn 'fa453bf5-xxxx-48f9-a5b2-xxxxxxxxxxxxx'
16.03.18 10:38 ipsec_starter found netkey IPsec stack
16.03.18 10:38 ipsec_starter Attempting to start charon...
16.03.18 10:38 NetworkManager found netkey IPsec stack
16.03.18 10:38 charon 00[DMN] Starting IKE charon daemon (strongSwan 5.2.2, Linux 4.4.114-42-default, x86_64)
16.03.18 10:38 charon 00[LIB] openssl FIPS mode(0) - disabled
16.03.18 10:38 charon 00[CFG] HA config misses local/remote address
16.03.18 10:38 charon 00[LIB] plugin 'ha': failed to load - ha_plugin_create returned NULL
16.03.18 10:38 charon 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
16.03.18 10:38 charon 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
16.03.18 10:38 charon 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
16.03.18 10:38 charon 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
16.03.18 10:38 charon 00[CFG] loading crls from '/etc/ipsec.d/crls'
16.03.18 10:38 charon 00[CFG] loading secrets from '/etc/ipsec.secrets'
16.03.18 10:38 charon 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-856af385-43e3-462f-b013-xxxxxxxxxxxxx.secrets'
16.03.18 10:38 charon 00[CFG] loaded IKE secret for %any
16.03.18 10:38 charon 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-fa453bf5-xxxx-48f9-a5b2-xxxxxxxxxxxxx.secrets'
16.03.18 10:38 charon 00[CFG] loaded IKE secret for %any
16.03.18 10:38 charon 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
16.03.18 10:38 charon 00[CFG] loaded 0 RADIUS server configurations
16.03.18 10:38 charon 00[TNC] TNC recommendation policy is 'default'
16.03.18 10:38 charon 00[TNC] loading IMVs from '/etc/tnc_config'
16.03.18 10:38 charon 00[TNC] opening configuration file '/etc/tnc_config' failed: No such file or directory
16.03.18 10:38 charon 00[CFG] missing PDP server name, PDP disabled
16.03.18 10:38 charon 00[TNC] loading IMCs from '/etc/tnc_config'
16.03.18 10:38 charon 00[TNC] opening configuration file '/etc/tnc_config' failed: No such file or directory
16.03.18 10:38 charon 00[CFG] coupling file path unspecified
16.03.18 10:38 charon 00[LIB] loaded plugins: charon ldap pkcs11 aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm curl soup attr kernel-netlink resolve socket-default farp stroke smp updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp certexpire led duplicheck radattr addrblock unity
16.03.18 10:38 charon 00[LIB] unable to load 16 plugin features (13 due to unmet dependencies)
16.03.18 10:38 charon 00[LIB] dropped capabilities, running as uid 0, gid 0
16.03.18 10:38 charon 00[JOB] spawning 16 worker threads
16.03.18 10:38 ipsec_starter charon (9708) started after 60 ms
16.03.18 10:38 charon 08[CFG] received stroke: add connection 'fa453bf5-xxxx-48f9-a5b2-xxxxxxxxxxxxx'
16.03.18 10:38 charon 08[CFG] left nor right host is our side, assuming left=local
16.03.18 10:38 charon 08[CFG] added configuration 'fa453bf5-xxxx-48f9-a5b2-xxxxxxxxxxxxx'
16.03.18 10:38 charon 11[CFG] rereading secrets
16.03.18 10:38 charon 11[CFG] loading secrets from '/etc/ipsec.secrets'
16.03.18 10:38 charon 11[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-856af385-43e3-462f-b013-xxxxxxxxxxxxx.secrets'
16.03.18 10:38 charon 11[CFG] loaded IKE secret for %any
16.03.18 10:38 charon 11[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-fa453bf5-xxxx-48f9-a5b2-xxxxxxxxxxxxx.secrets'
16.03.18 10:38 charon 11[CFG] loaded IKE secret for %any
16.03.18 10:38 NetworkManager ** Message: Spawned ipsec up script with PID 9734.
16.03.18 10:38 charon 12[CFG] received stroke: initiate 'fa453bf5-xxxx-48f9-a5b2-xxxxxxxxxxxxx'
16.03.18 10:38 charon 14[IKE] initiating Main Mode IKE_SA fa453bf5-xxxx-48f9-a5b2-xxxxxxxxxxxxx[1] to 12.32.xxx.xxx
16.03.18 10:38 charon 14[IKE] initiating Main Mode IKE_SA fa453bf5-xxxx-48f9-a5b2-xxxxxxxxxxxxx[1] to 12.32.xxx.xxx
16.03.18 10:38 charon 14[ENC] generating ID_PROT request 0 SA V V V V ]
16.03.18 10:38 charon 14[NET] sending packet: from 192.168.0.108[500] to 12.32.xxx.xxx[500] (316 bytes)
16.03.18 10:38 charon 07[NET] received packet: from 12.32.xxx.xxx[500] to 192.168.0.108[500] (80 bytes)
16.03.18 10:38 charon 07[ENC] parsed ID_PROT response 0 SA ]
16.03.18 10:38 charon 07[ENC] generating ID_PROT request 0 KE No ]
16.03.18 10:38 charon 07[NET] sending packet: from 192.168.0.108[500] to 12.32.xxx.xxx[500] (196 bytes)
16.03.18 10:38 charon 15[NET] received packet: from 12.32.xxx.xxx[500] to 192.168.0.108[500] (91 bytes)
16.03.18 10:38 charon 15[ENC] parsed INFORMATIONAL_V1 request 3146227473 N(AUTH_FAILED) ]
16.03.18 10:38 charon 15[IKE] received AUTHENTICATION_FAILED error notify
16.03.18 10:38 NetworkManager initiating Main Mode IKE_SA fa453bf5-xxxx-48f9-a5b2-xxxxxxxxxxxxx[1] to 12.32.xxx.xxx
16.03.18 10:38 NetworkManager generating ID_PROT request 0 SA V V V V ]
16.03.18 10:38 NetworkManager sending packet: from 192.168.0.108[500] to 12.32.xxx.xxx[500] (316 bytes)
16.03.18 10:38 NetworkManager received packet: from 12.32.xxx.xxx[500] to 192.168.0.108[500] (80 bytes)
16.03.18 10:38 NetworkManager parsed ID_PROT response 0 SA ]
16.03.18 10:38 NetworkManager generating ID_PROT request 0 KE No ]
16.03.18 10:38 NetworkManager sending packet: from 192.168.0.108[500] to 12.32.xxx.xxx[500] (196 bytes)
16.03.18 10:38 NetworkManager received packet: from 12.32.xxx.xxx[500] to 192.168.0.108[500] (91 bytes)
16.03.18 10:38 NetworkManager parsed INFORMATIONAL_V1 request 3146227473 N(AUTH_FAILED) ]
16.03.18 10:38 NetworkManager received AUTHENTICATION_FAILED error notify
16.03.18 10:38 NetworkManager establishing connection 'fa453bf5-xxxx-48f9-a5b2-xxxxxxxxxxxxx' failed
16.03.18 10:38 NetworkManager Stopping strongSwan IPsec...
16.03.18 10:38 charon 00[DMN] signal of type SIGINT received. Shutting down
16.03.18 10:38 ipsec_starter child 9708 (charon) has quit (exit code 0)
16.03.18 10:38 ipsec_starter
16.03.18 10:38 ipsec_starter charon stopped after 200 ms
16.03.18 10:38 ipsec_starter plugin 'kernel-netlink': loaded successfully
16.03.18 10:38 ipsec_starter known interfaces and IP addresses:
16.03.18 10:38 ipsec_starter lo
16.03.18 10:38 ipsec_starter 127.0.0.1
16.03.18 10:38 ipsec_starter ::1
16.03.18 10:38 ipsec_starter eth0
16.03.18 10:38 ipsec_starter 192.168.0.108
16.03.18 10:38 ipsec_starter xxxx:8071:818e:1d00:xxxx:f4ff:xxxx:c7e4
16.03.18 10:38 ipsec_starter fe80::be5f:xxxx:fe75:xxxx
16.03.18 10:38 ipsec_starter flushing all SAD entries
16.03.18 10:38 ipsec_starter flushing all policies from SPD
16.03.18 10:38 ipsec_starter ipsec starter stopped
16.03.18 10:38 NetworkManager <info> VPN connection 'company' (Connect) reply received.
16.03.18 10:38 NetworkManager <warn> VPN connection 'company' failed to connect: 'Method invoked for Connect returned FALSE but did not set error'.
16.03.18 10:38 NetworkManager <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
16.03.18 10:38 NetworkManager ** (nm-l2tp-service:9679): WARNING **: Could not establish IPsec tunnel.
Yes, the credentials entered in NetworkManager are triple checked.
Any ideas?