Closed srnikolic86 closed 4 years ago
/etc/ipsec.conf
isn't used, the following are the generated files for the connection:
/var/run/nm-l2tp-9c89399c-1107-4c1c-84fd-87d2d295f0e9/xl2tpd.conf
/var/run/nm-l2tp-9c89399c-1107-4c1c-84fd-87d2d295f0e9/xl2tpd-control
/var/run/nm-l2tp-9c89399c-1107-4c1c-84fd-87d2d295f0e9/xl2tpd.pid
/var/run/nm-l2tp-9c89399c-1107-4c1c-84fd-87d2d295f0e9/ppp-options
/var/run/nm-l2tp-9c89399c-1107-4c1c-84fd-87d2d295f0e9/ipsec.conf
/etc/ipsec.d/ipsec.nm-l2tp.secrets
first make sure nm-l2tp-service isn't running :
sudo killall -TERM nm-l2tp-service
Ensure /var/run/nm-l2tp-9c89399c-1107-4c1c-84fd-87d2d295f0e9/ipsec.conf
exists, if it doesn't use nm-l2tp-service --debug
, see debugging section of README.md file for the full path :
You could use strongswan on the command-line with the generated ipsec config file for further debugging. The below ipsec commands are identical to what this VPN client uses ( except it doesn't use the sleep 2 command, but a for loop to determine when it is ready).
sudo ipsec restart --conf /var/run/nm-l2tp-ipsec-9c89399c-1107-4c1c-84fd-87d2d295f0e9.conf --debug
sleep 2
sudo ipsec up 9c89399c-1107-4c1c-84fd-87d2d295f0e9
sudo ipsec status
Do you still get the no config named '9c89399c-1107-4c1c-84fd-87d2d295f0e9'
error using the command-line?
Thank you for your fast response.
Only these three files get created:
/var/run/nm-l2tp-9c89399c-1107-4c1c-84fd-87d2d295f0e9/ipsec.conf
/var/run/nm-l2tp-9c89399c-1107-4c1c-84fd-87d2d295f0e9/ppp-options
/var/run/nm-l2tp-9c89399c-1107-4c1c-84fd-87d2d295f0e9/xl2tpd.conf
Running commands like you said outputs this. It just tries to send a package without any success in the end. There is no "no config" error when using the comand-line. (I have replaced real public ip addres with 'hostip'.)
~$ sudo killall -TERM nm-l2tp-service
nm-l2tp-service: no process found
~$ sudo ipsec restart --conf /var/run/nm-l2tp-9c89399c-1107-4c1c-84fd-87d2d295f0e9/ipsec.conf --debug
Stopping strongSwan IPsec...
Starting strongSwan 5.6.2 IPsec [starter]...
Loading config setup
Loading conn '9c89399c-1107-4c1c-84fd-87d2d295f0e9'
found netkey IPsec stack
~$ sudo ipsec up 9c89399c-1107-4c1c-84fd-87d2d295f0e9
initiating IKE_SA 9c89399c-1107-4c1c-84fd-87d2d295f0e9[1] to hostip
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 192.168.10.43[500] to hostip[500] (1116 bytes)
retransmit 1 of request with message ID 0
sending packet: from 192.168.10.43[500] to hostip[500] (1116 bytes)
retransmit 2 of request with message ID 0
sending packet: from 192.168.10.43[500] to hostip[500] (1116 bytes)
retransmit 3 of request with message ID 0
sending packet: from 192.168.10.43[500] to hostip[500] (1116 bytes)
retransmit 4 of request with message ID 0
sending packet: from 192.168.10.43[500] to hostip[500] (1116 bytes)
retransmit 5 of request with message ID 0
sending packet: from 192.168.10.43[500] to hostip[500] (1116 bytes)
That's right about only those 3 files getting created (along with /etc/ipsec.d/ipsec.nm-l2tp.secrets
), the other two files get created once xl2tpd is started.
So looks like there are two issues:
for
loop which waits for strongswan to become ready is most likely exiting too early because strongswan's ipsec rereadsecrets
is giving a false positive that it is ready (after the ipsec restart
) :
Strongswan has given false positives in the past and I had to add workaround code, but I haven't seen it happening there.
I'm not sure which linux distro you are using, if you are using Ubuntu or a derivative, i would recommend using the newer network-manager-l2tp packages from the following PPA:
For backwards compatibility with most L2TP/IPsec VPN servers out there, network-manager-l2tp 1.2.16 no longer uses the strongSwan or libreswan default set of allowed algorithms, instead algorithms that are a merge of Windows 10 and iOS L2TP/IPsec clients' IKEv1 proposals are used instead for the network-manager-l2tp defaults. The weakest proposals that were not common to both Win10 and iOS were dropped, but all of the strongest ones were kept.
You could try switching from strongswan to libreswan, if you are using Ubuntu, the following should do it:
sudo apt install libreswan
closing due to lack of activity and assume it was solved.
Hello,
I have set up everything in Gnome Network Manager and when trying to connect I get
no config named '9c89399c-1107-4c1c-84fd-87d2d295f0e9'
in my /etc/var/syslog.
Here is my whole log:
I have tried creating 9c89399c-1107-4c1c-84fd-87d2d295f0e9 config in /etc/ipsec.conf, but I still get the same error.
Are you familiar with this issue and do you know how to resolve it?