search

nm-l2tp / NetworkManager-l2tp

L2TP and L2TP/IPsec support for NetworkManager
GNU General Public License v2.0
486 stars 84 forks source link

Unable to connect #128

Closed juanluis-lightneer closed 4 years ago

juanluis-lightneer commented 4 years ago

Hello, I am having some issues connecting to my companies router. I can connect from windows and from android phone though. We use PSK and this is the info I got to connect This is what I see in the journal

mar 20 09:09:31 Valentina NetworkManager[45540]: Stopping strongSwan IPsec...
mar 20 09:09:31 Valentina charon[45495]: 00[DMN] signal of type SIGINT received. Shutting down
mar 20 09:09:31 Valentina audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64
mar 20 09:09:31 Valentina audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64
mar 20 09:09:31 Valentina audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64
mar 20 09:09:31 Valentina audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001
mar 20 09:09:31 Valentina audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001
mar 20 09:09:31 Valentina audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001
mar 20 09:09:31 Valentina audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.1.0 src_prefixlen=24 dst=192.168.1.0 dst_prefixlen=24
mar 20 09:09:31 Valentina kernel: kauditd_printk_skb: 10 callbacks suppressed
mar 20 09:09:31 Valentina kernel: audit: type=1415 audit(1584688171.790:1094): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64
mar 20 09:09:31 Valentina kernel: audit: type=1415 audit(1584688171.790:1095): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64
mar 20 09:09:31 Valentina kernel: audit: type=1415 audit(1584688171.790:1096): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64
mar 20 09:09:31 Valentina kernel: audit: type=1415 audit(1584688171.790:1097): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001
mar 20 09:09:31 Valentina kernel: audit: type=1415 audit(1584688171.790:1098): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001
mar 20 09:09:31 Valentina kernel: audit: type=1415 audit(1584688171.790:1099): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001
mar 20 09:09:31 Valentina kernel: audit: type=1415 audit(1584688171.790:1100): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.1.0 src_prefixlen=24 dst=192.168.1.0 dst_prefixlen=24
mar 20 09:09:31 Valentina kernel: audit: type=1415 audit(1584688171.790:1101): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.1.0 src_prefixlen=24 dst=192.168.1.0 dst_prefixlen=24
mar 20 09:09:31 Valentina kernel: audit: type=1415 audit(1584688171.790:1102): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.1.0 src_prefixlen=24 dst=192.168.1.0 dst_prefixlen=24
mar 20 09:09:31 Valentina audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.1.0 src_prefixlen=24 dst=192.168.1.0 dst_prefixlen=24
mar 20 09:09:31 Valentina audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.1.0 src_prefixlen=24 dst=192.168.1.0 dst_prefixlen=24
mar 20 09:09:31 Valentina charon[45495]: 00[IKE] destroying IKE_SA in state CONNECTING without notification
mar 20 09:09:31 Valentina NetworkManager[45522]: initiating Main Mode IKE_SA de29956a-50b5-48ee-bc63-3c868f2ca579[1] to x.x.x.x
mar 20 09:09:31 Valentina NetworkManager[45522]: generating ID_PROT request 0 [ SA V V V V V ]
mar 20 09:09:31 Valentina NetworkManager[45522]: sending packet: from 192.168.1.104[500] to x.x.x.x[500] (532 bytes)
mar 20 09:09:31 Valentina NetworkManager[45522]: received packet: from x.x.x.x[500] to 192.168.1.104[500] (386 bytes)
mar 20 09:09:31 Valentina NetworkManager[45522]: parsed ID_PROT response 0 [ SA V V V V V V V V V V ]
mar 20 09:09:31 Valentina NetworkManager[45522]: received unknown vendor ID: f7:58:f2:26:68:75:0f:03:b0:8d:f6:eb:e1:d0:04:03
mar 20 09:09:31 Valentina NetworkManager[45522]: received draft-ietf-ipsec-nat-t-ike-02 vendor ID
mar 20 09:09:31 Valentina NetworkManager[45522]: received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
mar 20 09:09:31 Valentina NetworkManager[45522]: received draft-ietf-ipsec-nat-t-ike-03 vendor ID
mar 20 09:09:31 Valentina NetworkManager[45522]: received NAT-T (RFC 3947) vendor ID
mar 20 09:09:31 Valentina NetworkManager[45522]: received XAuth vendor ID
mar 20 09:09:31 Valentina NetworkManager[45522]: received DPD vendor ID
mar 20 09:09:31 Valentina NetworkManager[45522]: received unknown vendor ID: af:ca:d7:13:68:a1:f1:c9:6b:86:96:fc:77:57
mar 20 09:09:31 Valentina NetworkManager[45522]: received unknown vendor ID: f9:19:6d:f8:6b:81:2f:b0:f6:80:26:d8:87:6d:cb:7b:00:04:32:00
mar 20 09:09:31 Valentina NetworkManager[45522]: received unknown vendor ID: ac:40:f8:c4:38:99:27:c6:e8:ac:24:53:1b:b7:8b:2b:11:7f:e1:ea:1c:07:06:c7:ce:44:4e:fa:c8:78:aa:5c:6e:f1:5a:7d:fc:b3:a4:c2:b5:8e:6e:1a:14:e3:ef:23:6a:56:33:77:2c:6e:fd:98:f3:1d:36:b6:e0:14:54:cb:da:30:76:48:cf:04:31:54:d0:e1:35:e2:15:da:45:65:1b:16:ce:cc:2e:84:41:21:27:3d:85:be:3c:d1:8b:31:f7:07:a8:44:27:7f:99:ab:50:92:d6:ac:19:b1:5c:4b:ef:36:81:7d:34:14:a3:f0:3d:50:b5:06:fd:e8:6c:f8
mar 20 09:09:31 Valentina NetworkManager[45522]: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
mar 20 09:09:31 Valentina NetworkManager[45522]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
mar 20 09:09:31 Valentina NetworkManager[45522]: sending packet: from 192.168.1.104[500] to x.x.x.x[500] (244 bytes)
mar 20 09:09:31 Valentina NetworkManager[45522]: received packet: from x.x.x.x[500] to 192.168.1.104[500] (228 bytes)
mar 20 09:09:31 Valentina NetworkManager[45522]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
mar 20 09:09:31 Valentina NetworkManager[45522]: local host is behind NAT, sending keep alives
mar 20 09:09:31 Valentina NetworkManager[45522]: generating ID_PROT request 0 [ ID HASH ]
mar 20 09:09:31 Valentina NetworkManager[45522]: sending packet: from 192.168.1.104[4500] to x.x.x.x[4500] (68 bytes)
mar 20 09:09:31 Valentina NetworkManager[45522]: sending retransmit 1 of request message ID 0, seq 3
mar 20 09:09:31 Valentina NetworkManager[45522]: sending packet: from 192.168.1.104[4500] to x.x.x.x[4500] (68 bytes)
mar 20 09:09:31 Valentina NetworkManager[45522]: destroying IKE_SA in state CONNECTING without notification
mar 20 09:09:31 Valentina NetworkManager[45522]: establishing connection 'de29956a-50b5-48ee-bc63-3c868f2ca579' failed
mar 20 09:09:31 Valentina charon[45495]: 00[IKE] uninstalling bypass policy for ::1/128
mar 20 09:09:31 Valentina charon[45495]: 00[IKE] uninstalling bypass policy for 192.168.1.0/24
mar 20 09:09:31 Valentina charon[45495]: 00[IKE] uninstalling bypass policy for fe80::/64
mar 20 09:09:31 Valentina ipsec_starter[45494]: child 45495 (charon) has quit (exit code 0)
mar 20 09:09:31 Valentina ipsec_starter[45494]: 
mar 20 09:09:31 Valentina ipsec_starter[45494]: charon stopped after 200 ms
mar 20 09:09:31 Valentina ipsec_starter[45494]: ipsec starter stopped
mar 20 09:09:31 Valentina nm-l2tp-service[45466]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
mar 20 09:09:31 Valentina NetworkManager[402]:   [1584688171.8971] vpn-connection[0x5571e18342c0,de29956a-50b5-48ee-bc63-3c868f2ca579,"Lightneer",0]: VPN plugin: state changed: stopped (6)
mar 20 09:09:31 Valentina NetworkManager[402]:   [1584688171.9055] vpn-connection[0x5571e18342c0,de29956a-50b5-48ee-bc63-3c868f2ca579,"Lightneer",0]: VPN service disappeared
mar 20 09:09:31 Valentina NetworkManager[402]:   [1584688171.9108] vpn-connection[0x5571e18342c0,de29956a-50b5-48ee-bc63-3c868f2ca579,"Lightneer",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
mar 20 09:09:43 Valentina systemd[1]: systemd-hostnamed.service: Succeeded.
mar 20 09:09:43 Valentina audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
mar 20 09:09:43 Valentina kernel: audit: type=1131 audit(1584688183.396:1103): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Any ideas on what can be the problem? (is there any other log I can include?)

dkosovic commented 4 years ago

In the Windows instructions it says to modify AssumeUDPEncapsulationContextOnSendRule in the registry, so you could try the equivalent by enabling the Enforce UDP encapsulation checkbox in the IPsec settings dialog.

It is not completing the Phase 1 (main mode) for some reason, even though it accepted a proposal.

I'm not sure which linux distro or strongswan version you are using. If you are using Ubuntu, could you try the much newer network-manager-l2tp from the following PPA:

You could try switching from strongswan to libreswan and see if it makes a difference. But don't try with libreswan >= 3.30 as it won't work with the 3des-sha1-mopp1024 phase 1 proposal as it is no longer built with DH2 (modp1024) support.

juanluis-lightneer commented 4 years ago

@dkosovic Sorry for the delay, I had this notification in work mail account and just saw it. I am sorry I forgot to mention my system too, I use ArchLinux (updated as today) and strongswan 5.8.2. Following your advice I managed to get it to connect, I had to compile through Arch AUR and specify older libreswan version. After tweaking a couple of parameters in NetworkManager it worked. Thank you so much!