VPN L2TP connection error (bad protocol: leftprotoport=udp)

Hi,

since last Friday (6th Feb.) my previously rock steady VPN L2TP stopped working. I tripple checked shared keys and passwords, everything seems to be in order. I’ve spent yesterday evening troublegoogling but couldn’t find any solution. Here is what happens.

Staring the VPN from by ‘nmcli conn up <MYVPN>’ just gives me:

Error: Connection activation failed: Unknown reason
Hint: use 'journalctl -xe NM_CONNECTION=f9243dd0-195d-4443-be0b-a1f4e350af48 + NM_DEVICE=em1' to get more details.

Debug from NetworkManager ‘sudo /usr/lib/nm-l2tp-service --debug’ while it tries to connect:

nm-l2tp[2944] <debug> nm-l2tp-service (version 1.8.0-2.1) starting...
nm-l2tp[2944] <debug>  uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[2944] <info>  ipsec enable flag: yes
** Message: 09:03:08.564: Check port 1701
connection
        id : <MYVPN>
        permissions : ]
        type : 'vpn'
        uuid : 'f9243dd0-195d-4443-be0b-a1f4e350af48'

ipv6
        address-data : ]
        dns : ]
        dns-search : ]
        method : 'auto'
        route-data : ]

ipv4
        address-data : ]
        dns : ]
        dns-search : ]
        method : 'auto'
        route-data : ]

proxy

vpn
        data : {'gateway': 'XXXXXX', 'ipsec-enabled': 'yes', 'ipsec-esp': '3des-sha1', 'ipsec-ike': '3des-sha1-modp1024', 'ipsec-psk': 'XXXXXX', 'mru': '1400', 'mtu': '1400', 'password-flags': '0', 'refuse-chap': 'yes', 'refuse-eap': 'yes', 'refuse-pap': 'yes', 'require-mppe': 'yes', 'user': 'XXXXXX'}
        secrets : {'password': 'XXXXXX'}
        service-type : 'org.freedesktop.NetworkManager.l2tp'

nm-l2tp[2944] <info>  starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.8.2 IPsec [starter]...
Loading config setup
Loading conn 'f9243dd0-195d-4443-be0b-a1f4e350af48'
# bad protocol: leftprotoport=udp
  bad argument value in conn 'f9243dd0-195d-4443-be0b-a1f4e350af48'
# bad protocol: rightprotoport=udp
  bad argument value in conn 'f9243dd0-195d-4443-be0b-a1f4e350af48'
# ignored conn 'f9243dd0-195d-4443-be0b-a1f4e350af48' due to 2 parsing errors
### 2 parsing errors (0 fatal) ###
nm-l2tp[2944] <info>  Spawned ipsec up script with PID 3267.
no config named 'f9243dd0-195d-4443-be0b-a1f4e350af48'
Stopping strongSwan IPsec...
nm-l2tp[2944] <warn>  Could not establish IPsec tunnel.

(nm-l2tp-service:2944): GLib-GIO-CRITICAL **: 09:03:12.026: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed


Does anyone run into the same errors? Does anyone know what is causing these parsing errors?

The internet suggests to adjust the /etc/ipsec.conf file, but on my TUMBLEWEED system this does not contain any configurations.

Best,
yonne

Most likely result of moving some configuration files from /etc to /usr/etc. You need to adjust /etc/nsswitch.conf to access them again. See https://forums.opensuse.org/showthread.php/539038-mount-command-not-working?p=2926659#post2926659

Splendid! adjusting /etc/nsswitch.conf did the trick. I’m now connected to the VPN. As suggested in your link, I replaced /etc/nsswitch.conf with /etc/nsswitch.conf.rpmnew and it worked!

Thanks arvidjaar!