search

nm-l2tp / NetworkManager-l2tp

L2TP and L2TP/IPsec support for NetworkManager
GNU General Public License v2.0
493 stars 83 forks source link

VPN activation getting error Connection Failed: Activation of network connection failed #11

Closed msroest closed 8 years ago

msroest commented 8 years ago

I've got the nm plugin built now and configured my VPN (which has been tested from windows and iPhone). I've grabbed the debug from the service (included below cleaned up) but there's nothing that stands out to me.

\ Message: nm-l2tp-service (version 1.0.2) starting... connection id : "VPN" (s) uuid : "fe038c9e-0403-48a8-bb94-7f79c883aa7e" (s) interface-name : NULL (sd) type : "vpn" (s) permissions : user:msroest: (s) autoconnect : FALSE (s) timestamp : 0 (sd) read-only : FALSE (sd) zone : NULL (sd) master : NULL (sd) slave-type : NULL (sd) secondaries : (sd) gateway-ping-timeout : 0 (sd)

vpn service-type : "org.freedesktop.NetworkManager.l2tp" (s) user-name : "msroest" (s) data : gateway=my.vpn.server,ipsec-psk=presharedkeygoeshere,user=username,password-flags=3,ipsec-enabled=yes (s) secrets : password=password123 (s)

ipv6 method : "auto" (s) dhcp-hostname : NULL (sd) dns : (s) dns-search : (sd) addresses : (s) routes : (s) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) ip6-privacy : -1 (sd)

ipv4 method : "auto" (s) dns : (s) dns-search : (sd) addresses : (s) address-labels : (sd) routes : (s) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-client-id : NULL (sd) dhcp-send-hostname : TRUE (sd) dhcp-hostname : NULL (sd) never-default : FALSE (sd) may-fail : TRUE (sd)

\ Message: ipsec enable flag: yes

dkosovic commented 8 years ago

I would need to see the rest of the debug output from nm-l2tp-service in particular the output for strongswan IPsec and xl2tpd. 

sudo killall -TERM nm-l2tp-service
sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
msroest commented 8 years ago

That output is from the nm-l2tp-service --debug. That's all the output that I get.

dkosovic commented 8 years ago

Have a look at the output of sudo journalctl -b or similar, as strongswan isn't outputting anything, I suspect something is preventing strongswan's ipsec command from being started, e.g. AppArmor.

After doing a make install, sometimes restarting the NetworkManager helps:

sudo systemctl restart NetworkManager.service

Also check the ipsec command is starting okay:

sudo ipsec restart
sudo ipsec status

Although that won't confirm if there are any AppArmor issues when restarted under the NetworkManager.

msroest commented 8 years ago

Perfect that got me what I needed it's working now. thanks @dkosovic apparmor was blocking ipsec from running