The 'l2tp' plugin only supports a single active connection

nm-l2tp / NetworkManager-l2tp

L2TP and L2TP/IPsec support for NetworkManager

GNU General Public License v2.0

486 stars 83 forks source link

The 'l2tp' plugin only supports a single active connection #138

Closed ShyLionTjmn closed 4 years ago

ShyLionTjmn commented 4 years ago

version 1.2.16

anything i can do to make it work with multiple connections at once?

dkosovic commented 4 years ago

It's a lowest common denominator issue with strongswan and libreswan.

With strongswan , a restart and load of the the config file is done with the following:

/usr/sbin/ipsec restart --conf /var/run/nm-l2tp-UUID/ipsec.conf --debug

With libreswan, it is like so:

/usr/sbin/ipsec restart 
/usr/sbin/ipsec auto --config /var/run/nm-l2tp-UUID/ipsec.conf --verbose --add UUID

With strongswan there is no way to load a connection config files after it is restarted, so no way to load multiple connection config files. libreswan doesn't have the issue.

ShyLionTjmn commented 4 years ago

Uh.. both of connections i try do not use ipsec at all

Apr 20 14:13:37 lion-msi NetworkManager[1218]: [1587374017.7547] audit: op="connection-activate" uuid="cbf69af2-4764-4d09-a9b8-314a4bb4cef5" name="second name" pid=2611 uid=1000 result="fail" reason="The 'l2tp' plugin only supports a single active connection."

appears in syslog.conf when i click it after connected to first one.

dkosovic commented 4 years ago

Although it could be implemented with libreswan, but I never did because it is not possible with strongswan, I forgot about xl2tpd

NetworkManager-l2tp starts a local instance of xl2tpd with the config file as one of the arguments. /usr/sbin/xl2tpd-control could be used to provide the config files, but earlier versions suffer from buffer overrun segmentation faults, so I never looked into it.

ShyLionTjmn commented 4 years ago

So, you can't launch two xl2tpd's?

dkosovic commented 4 years ago

See "Issue with not stopping system xl2tpd service" which describes potential problems of having more than one instance of xl2tpd running :

https://github.com/nm-l2tp/NetworkManager-l2tp#issue-with-not-stopping-system-xl2tpd-service

ShyLionTjmn commented 4 years ago

Okay, but, suppose my Cisco router is okay with ephemeral source port, how do i enable multiple connections support? it there some config file for nm-l2tp plugin?

dkosovic commented 4 years ago

You would need to modify the source code.

dkosovic commented 4 years ago

You could use the system xl2tpd and /usr/sbin/xl2tpd-control with the generated xl2tpd.conf and ppp-options files

dkosovic commented 4 years ago

Actually with xl2tpd-control, you can't directly use an unmodified ppp-options file as it uses a NetworkManager-l2tp plugin for the authentication.

ShyLionTjmn commented 4 years ago

You would need to modify the source code.

ouch... that's too much for me :) well, thanks for help, anyway!