L2pt Ipsec VPN not working on fedora 34

kapila1982 commented 2 years ago

Dear All,

I;m try to connect remote server via VPN from my laptop (running on fedora 34 64 bits) however I can able to connect from windows 10 using E81.40 End Point Client.msi software

[root@fedora ike]# uname -a Linux fedora 5.15.11-100.fc34.x86_64 #1 SMP Wed Dec 22 15:44:37 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Network Manager logs

Jan 03 09:31:39 fedora pluto[31833]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0": initiating connection 'f97be7c8-8b9a-4ce5-8b37-512288c78df0' with serial $1 which received a Delete/Notify but must remain up per local policy Jan 03 09:31:40 fedora pluto[31833]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #5: STATE_MAIN_I1: retransmission; will wait 16 seconds for response Jan 03 09:31:46 fedora NetworkManager[751]: [1641182506.6677] audit: op="connection-activate" uuid="f97be7c8-8b9a-4ce5-8b37-512288c78df0" name="VPN0" pid=28934 uid=1000 result="success" Jan 03 09:31:46 fedora NetworkManager[751]: [1641182506.6756] vpn-connection[0x5648eace22b0,f97be7c8-8b9a-4ce5-8b37-512288c78df0,"VPN0",0]: Started the VPN service, PID 32098 Jan 03 09:31:46 fedora NetworkManager[751]: [1641182506.6910] vpn-connection[0x5648eace22b0,f97be7c8-8b9a-4ce5-8b37-512288c78df0,"VPN0",0]: Saw the service appear; activating connection Jan 03 09:31:46 fedora NetworkManager[751]: [1641182506.8331] vpn-connection[0x5648eace22b0,f97be7c8-8b9a-4ce5-8b37-512288c78df0,"VPN0",0]: VPN connection: (ConnectInteractive) reply received Jan 03 09:31:46 fedora nm-l2tp-service[32098]: Check port 1701 Jan 03 09:31:46 fedora NetworkManager[32111]: Redirecting to: systemctl restart ipsec.service Jan 03 09:31:46 fedora systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Jan 03 09:31:46 fedora pluto[31833]: shutting down Jan 03 09:31:46 fedora whack[32114]: 002 shutting down Jan 03 09:31:46 fedora audit[31833]: CRYPTO_IKE_SA pid=31833 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=start direction=initiator conn-name="f97be7c8-8b9a-4ce5-8b37-512288c78df0" connstate=5 ike-version=1 auth=PRESHARED_KEY cipher=none ksize=0 integ=none prf=none pfs=none raddr=222.165.143.54 exe="/usr/libexec/ipsec/pluto" hostname=? addr=192.168.8.112 terminal=? res=failed' Jan 03 09:31:46 fedora pluto[31833]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #5: deleting state (STATE_MAIN_I1) aged 22.890163s and NOT sending notification Jan 03 09:31:46 fedora pluto[31833]: forgetting secrets Jan 03 09:31:46 fedora pluto[31833]: shutting down interface wlp2s0 [2402:4000:2380:abbe:95e3:c8a5:75ec:941]:500 Jan 03 09:31:46 fedora pluto[31833]: shutting down interface lo [::1]:500 Jan 03 09:31:46 fedora pluto[31833]: shutting down interface lo 127.0.0.1:4500 Jan 03 09:31:46 fedora pluto[31833]: shutting down interface lo 127.0.0.1:500 Jan 03 09:31:46 fedora pluto[31833]: shutting down interface wlp2s0 192.168.8.112:4500 Jan 03 09:31:46 fedora pluto[31833]: shutting down interface wlp2s0 192.168.8.112:500 Jan 03 09:31:46 fedora pluto[31833]: shutting down interface virbr0 192.168.122.1:4500 Jan 03 09:31:46 fedora pluto[31833]: shutting down interface virbr0 192.168.122.1:500 Jan 03 09:31:46 fedora pluto[31833]: leak detective found no leaks Jan 03 09:31:46 fedora audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0 Jan 03 09:31:46 fedora audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0 Jan 03 09:31:46 fedora audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0 Jan 03 09:31:46 fedora audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0 Jan 03 09:31:46 fedora audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0 Jan 03 09:31:46 fedora audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0 Jan 03 09:31:47 fedora systemd[1]: ipsec.service: Deactivated successfully. Jan 03 09:31:47 fedora systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Jan 03 09:31:47 fedora audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=ipsec comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jan 03 09:31:47 fedora systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Jan 03 09:31:47 fedora kernel: AVX or AES-NI instructions are not detected. Jan 03 09:31:47 fedora kernel: AVX or AES-NI instructions are not detected. Jan 03 09:31:48 fedora ipsec[32367]: nflog ipsec capture disabled Jan 03 09:31:48 fedora pluto[32379]: /usr/libexec/ipsec/pluto: Symbol `ldns_error_str' has different size in shared object, consider re-linking Jan 03 09:31:48 fedora pluto[32379]: Initializing NSS using read-write database "sql:/var/lib/ipsec/nss" Jan 03 09:31:48 fedora pluto[32379]: FIPS Mode: NO Jan 03 09:31:48 fedora pluto[32379]: NSS crypto library initialized Jan 03 09:31:48 fedora pluto[32379]: FIPS mode disabled for pluto daemon Jan 03 09:31:48 fedora pluto[32379]: FIPS HMAC integrity support [disabled] Jan 03 09:31:48 fedora pluto[32379]: libcap-ng support [enabled] Jan 03 09:31:48 fedora pluto[32379]: Linux audit support [enabled] Jan 03 09:31:48 fedora pluto[32379]: Linux audit activated Jan 03 09:31:48 fedora pluto[32379]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO GCC_EXCEPTIONS NSS (IPsec profile) (NSS-PRF) DNSSEC SYSTEMD_WATCHDOG LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS) LDAP(non-NSS)) pid:32379 Jan 03 09:31:48 fedora pluto[32379]: core dump dir: /run/pluto Jan 03 09:31:48 fedora pluto[32379]: secrets file: /etc/ipsec.secrets Jan 03 09:31:48 fedora pluto[32379]: leak-detective enabled Jan 03 09:31:48 fedora pluto[32379]: NSS crypto [enabled] Jan 03 09:31:48 fedora pluto[32379]: XAUTH PAM support [enabled] Jan 03 09:31:48 fedora pluto[32379]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00) Jan 03 09:31:48 fedora pluto[32379]: NAT-Traversal support [enabled] Jan 03 09:31:48 fedora pluto[32379]: Encryption algorithms: Jan 03 09:31:48 fedora pluto[32379]: AES_CCM_16 {256,192,128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Jan 03 09:31:48 fedora pluto[32379]: AES_CCM_12 {256,192,128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Jan 03 09:31:48 fedora pluto[32379]: AES_CCM_8 {256,192,128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Jan 03 09:31:48 fedora pluto[32379]: 3DES_CBC [192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Jan 03 09:31:48 fedora pluto[32379]: CAMELLIA_CTR {256,192,128} IKEv1: ESP IKEv2: ESP Jan 03 09:31:48 fedora pluto[32379]: CAMELLIA_CBC {256,192,128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Jan 03 09:31:48 fedora pluto[32379]: AES_GCM_16 {256,192,128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Jan 03 09:31:48 fedora pluto[32379]: AES_GCM_12 {256,192,128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Jan 03 09:31:48 fedora pluto[32379]: AES_GCM_8 {256,192,128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Jan 03 09:31:48 fedora pluto[32379]: AES_CTR {256,192,128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Jan 03 09:31:48 fedora pluto[32379]: AES_CBC {256,192,128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Jan 03 09:31:48 fedora pluto[32379]: NULL_AUTH_AES_GMAC {256,192,128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Jan 03 09:31:48 fedora pluto[32379]: NULL [] IKEv1: ESP IKEv2: ESP Jan 03 09:31:48 fedora pluto[32379]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Jan 03 09:31:48 fedora pluto[32379]: Hash algorithms: Jan 03 09:31:48 fedora pluto[32379]: MD5 IKEv1: IKE IKEv2: NSS Jan 03 09:31:48 fedora pluto[32379]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Jan 03 09:31:48 fedora pluto[32379]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Jan 03 09:31:48 fedora pluto[32379]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Jan 03 09:31:48 fedora pluto[32379]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Jan 03 09:31:48 fedora pluto[32379]: PRF algorithms: Jan 03 09:31:48 fedora pluto[32379]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Jan 03 09:31:48 fedora pluto[32379]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Jan 03 09:31:48 fedora pluto[32379]: Integrity algorithms: Jan 03 09:31:48 fedora pluto[32379]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Jan 03 09:31:48 fedora pluto[32379]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Jan 03 09:31:48 fedora pluto[32379]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Jan 03 09:31:48 fedora pluto[32379]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Jan 03 09:31:48 fedora pluto[32379]: DH algorithms: Jan 03 09:31:48 fedora pluto[32379]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Jan 03 09:31:48 fedora pluto[32379]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Jan 03 09:31:48 fedora pluto[32379]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Jan 03 09:31:48 fedora pluto[32379]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Jan 03 09:31:48 fedora pluto[32379]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Jan 03 09:31:48 fedora pluto[32379]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Jan 03 09:31:48 fedora pluto[32379]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Jan 03 09:31:48 fedora pluto[32379]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Jan 03 09:31:48 fedora pluto[32379]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Jan 03 09:31:48 fedora pluto[32379]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Jan 03 09:31:48 fedora pluto[32379]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Jan 03 09:31:48 fedora pluto[32379]: testing CAMELLIA_CBC: Jan 03 09:31:48 fedora pluto[32379]: Camellia: 16 bytes with 128-bit key Jan 03 09:31:48 fedora pluto[32379]: Camellia: 16 bytes with 128-bit key Jan 03 09:31:48 fedora pluto[32379]: Camellia: 16 bytes with 256-bit key Jan 03 09:31:48 fedora pluto[32379]: Camellia: 16 bytes with 256-bit key Jan 03 09:31:48 fedora pluto[32379]: testing AES_GCM_16: Jan 03 09:31:48 fedora pluto[32379]: empty string Jan 03 09:31:48 fedora pluto[32379]: one block Jan 03 09:31:48 fedora pluto[32379]: two blocks Jan 03 09:31:48 fedora pluto[32379]: two blocks with associated data Jan 03 09:31:48 fedora pluto[32379]: testing AES_CTR: Jan 03 09:31:48 fedora pluto[32379]: Encrypting 16 octets using AES-CTR with 128-bit key Jan 03 09:31:48 fedora pluto[32379]: Encrypting 32 octets using AES-CTR with 128-bit key Jan 03 09:31:48 fedora pluto[32379]: Encrypting 36 octets using AES-CTR with 128-bit key Jan 03 09:31:48 fedora pluto[32379]: Encrypting 16 octets using AES-CTR with 192-bit key Jan 03 09:31:48 fedora pluto[32379]: Encrypting 32 octets using AES-CTR with 192-bit key Jan 03 09:31:48 fedora pluto[32379]: Encrypting 36 octets using AES-CTR with 192-bit key Jan 03 09:31:48 fedora pluto[32379]: Encrypting 16 octets using AES-CTR with 256-bit key Jan 03 09:31:48 fedora pluto[32379]: Encrypting 32 octets using AES-CTR with 256-bit key Jan 03 09:31:48 fedora pluto[32379]: Encrypting 36 octets using AES-CTR with 256-bit key Jan 03 09:31:48 fedora audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0 Jan 03 09:31:48 fedora audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0 Jan 03 09:31:48 fedora audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0 Jan 03 09:31:48 fedora audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0 Jan 03 09:31:48 fedora audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0 Jan 03 09:31:48 fedora audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0 Jan 03 09:31:48 fedora pluto[32379]: testing AES_CBC: Jan 03 09:31:48 fedora pluto[32379]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Jan 03 09:31:48 fedora pluto[32379]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Jan 03 09:31:48 fedora pluto[32379]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Jan 03 09:31:48 fedora pluto[32379]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Jan 03 09:31:48 fedora pluto[32379]: testing AES_XCBC: Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Jan 03 09:31:48 fedora systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Jan 03 09:31:48 fedora pluto[32379]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Jan 03 09:31:48 fedora pluto[32379]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Jan 03 09:31:48 fedora pluto[32379]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Jan 03 09:31:48 fedora pluto[32379]: testing HMAC_MD5: Jan 03 09:31:48 fedora pluto[32379]: RFC 2104: MD5_HMAC test 1 Jan 03 09:31:48 fedora pluto[32379]: RFC 2104: MD5_HMAC test 2 Jan 03 09:31:48 fedora audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=ipsec comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Jan 03 09:31:48 fedora pluto[32379]: RFC 2104: MD5_HMAC test 3 Jan 03 09:31:48 fedora pluto[32379]: 4 CPU cores online Jan 03 09:31:48 fedora pluto[32379]: starting up 3 helper threads Jan 03 09:31:48 fedora pluto[32379]: started thread for helper 0 Jan 03 09:31:48 fedora pluto[32379]: started thread for helper 1 Jan 03 09:31:48 fedora pluto[32379]: started thread for helper 2 Jan 03 09:31:48 fedora pluto[32379]: using Linux xfrm kernel support code on #1 SMP Wed Dec 22 15:44:37 UTC 2021 Jan 03 09:31:48 fedora pluto[32379]: selinux support is NOT enabled. Jan 03 09:31:48 fedora pluto[32379]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs Jan 03 09:31:48 fedora pluto[32379]: watchdog: sending probes every 100 secs Jan 03 09:31:48 fedora pluto[32379]: seccomp security disabled Jan 03 09:31:48 fedora pluto[32379]: seccomp security disabled for crypto helper 3 Jan 03 09:31:48 fedora pluto[32379]: seccomp security disabled for crypto helper 2 Jan 03 09:31:48 fedora pluto[32379]: seccomp security disabled for crypto helper 1 Jan 03 09:31:48 fedora pluto[32379]: listening for IKE messages Jan 03 09:31:48 fedora pluto[32379]: Kernel supports NIC esp-hw-offload Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface virbr0 192.168.122.1:500 Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface virbr0 192.168.122.1:4500 Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface wlp2s0 192.168.8.112:500 Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface wlp2s0 192.168.8.112:4500 Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface lo 127.0.0.1:500 Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface lo 127.0.0.1:4500 Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface lo [::1]:500 Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface wlp2s0 [2402:4000:2380:abbe:95e3:c8a5:75ec:941]:500 Jan 03 09:31:48 fedora pluto[32379]: loading secrets from "/etc/ipsec.secrets" Jan 03 09:31:48 fedora pluto[32379]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets" Jan 03 09:31:48 fedora pluto[32379]: loading secrets from "/etc/ipsec.d/ipsec.secrets" Jan 03 09:31:48 fedora pluto[32379]: listening for IKE messages Jan 03 09:31:48 fedora pluto[32379]: forgetting secrets Jan 03 09:31:48 fedora pluto[32379]: loading secrets from "/etc/ipsec.secrets" Jan 03 09:31:48 fedora pluto[32379]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets" Jan 03 09:31:48 fedora pluto[32379]: loading secrets from "/etc/ipsec.d/ipsec.secrets" Jan 03 09:31:48 fedora NetworkManager[32387]: 002 listening for IKE messages Jan 03 09:31:48 fedora NetworkManager[32387]: 002 forgetting secrets Jan 03 09:31:48 fedora NetworkManager[32387]: 002 loading secrets from "/etc/ipsec.secrets" Jan 03 09:31:48 fedora NetworkManager[32387]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets" Jan 03 09:31:48 fedora NetworkManager[32387]: 002 loading secrets from "/etc/ipsec.d/ipsec.secrets" Jan 03 09:31:48 fedora NetworkManager[32391]: debugging mode enabled Jan 03 09:31:48 fedora NetworkManager[32391]: end of file /var/run/nm-l2tp-f97be7c8-8b9a-4ce5-8b37-512288c78df0/ipsec.conf Jan 03 09:31:48 fedora NetworkManager[32391]: Loading conn f97be7c8-8b9a-4ce5-8b37-512288c78df0 Jan 03 09:31:48 fedora NetworkManager[32391]: starter: left is KH_DEFAULTROUTE Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" modecfgdns= Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" modecfgdomains= Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" modecfgbanner= Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" mark= Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" mark-in= Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" mark-out= Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" vti_iface= Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" redirect-to= Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" accept-redirect-to= Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" esp=aes256-sha1,aes128-sha1,3des-sha1 Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" ike=aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-ecp_384,aes128-sha1-ecp_256,3des-sha1-modp2048 Jan 03 09:31:48 fedora NetworkManager[32391]: opening file: /var/run/nm-l2tp-f97be7c8-8b9a-4ce5-8b37-512288c78df0/ipsec.conf Jan 03 09:31:48 fedora NetworkManager[32391]: loading named conns: f97be7c8-8b9a-4ce5-8b37-512288c78df0 Jan 03 09:31:48 fedora NetworkManager[32391]: seeking_src = 1, seeking_gateway = 1, has_peer = 1 Jan 03 09:31:48 fedora NetworkManager[32391]: seeking_src = 0, seeking_gateway = 1, has_dst = 1 Jan 03 09:31:48 fedora NetworkManager[32391]: dst via 192.168.8.1 dev wlp2s0 src table 254 Jan 03 09:31:48 fedora NetworkManager[32391]: set nexthop: 192.168.8.1 Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.8.0 via dev wlp2s0 src 192.168.8.112 table 254 Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254 Jan 03 09:31:48 fedora NetworkManager[32391]: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored) Jan 03 09:31:48 fedora NetworkManager[32391]: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored) Jan 03 09:31:48 fedora NetworkManager[32391]: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored) Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.8.112 via dev wlp2s0 src 192.168.8.112 table 255 (ignored) Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.8.255 via dev wlp2s0 src 192.168.8.112 table 255 (ignored) Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored) Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored) Jan 03 09:31:48 fedora NetworkManager[32391]: seeking_src = 1, seeking_gateway = 0, has_peer = 1 Jan 03 09:31:48 fedora NetworkManager[32391]: seeking_src = 1, seeking_gateway = 0, has_dst = 1 Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.8.1 via dev wlp2s0 src 192.168.8.112 table 254 Jan 03 09:31:48 fedora NetworkManager[32391]: set addr: 192.168.8.112 Jan 03 09:31:48 fedora NetworkManager[32391]: seeking_src = 0, seeking_gateway = 0, has_peer = 1 Jan 03 09:31:48 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0": added IKEv1 connection Jan 03 09:31:48 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: initiating IKEv1 Main Mode connection Jan 03 09:31:48 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: sent Main Mode request Jan 03 09:31:48 fedora NetworkManager[32393]: 002 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: initiating IKEv1 Main Mode connection Jan 03 09:31:48 fedora NetworkManager[32393]: 102 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: sent Main Mode request Jan 03 09:31:48 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=12 Jan 03 09:31:48 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN Jan 03 09:31:48 fedora NetworkManager[32393]: 003 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=12 Jan 03 09:31:48 fedora NetworkManager[32393]: 003 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN Jan 03 09:31:49 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response Jan 03 09:31:49 fedora NetworkManager[32393]: 010 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response Jan 03 09:31:49 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response Jan 03 09:31:49 fedora NetworkManager[32393]: 010 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response Jan 03 09:31:50 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response Jan 03 09:31:50 fedora NetworkManager[32393]: 010 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response Jan 03 09:31:52 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response Jan 03 09:31:52 fedora NetworkManager[32393]: 010 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response Jan 03 09:31:56 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response Jan 03 09:31:56 fedora NetworkManager[32393]: 010 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response Jan 03 09:31:58 fedora nm-l2tp-service[32098]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed Jan 03 09:31:58 fedora NetworkManager[751]: [1641182518.6249] vpn-connection[0x5648eace22b0,f97be7c8-8b9a-4ce5-8b37-512288c78df0,"VPN0",0]: VPN plugin: state changed: stopped (6) Jan 03 09:31:58 fedora NetworkManager[751]: [1641182518.6358] vpn-connection[0x5648eace22b0,f97be7c8-8b9a-4ce5-8b37-512288c78df0,"VPN0",0]: VPN service disappeared Jan 03 09:31:58 fedora NetworkManager[751]: [1641182518.6408] vpn-connection[0x5648eace22b0,f97be7c8-8b9a-4ce5-8b37-512288c78df0,"VPN0",0]: VPN connection: failed to connect: 'Remote peer disconnected'

Anyone can help me

dkosovic commented 2 years ago

the IPsec connection is failing for main mode (aka phase 1), I suspect because the VPN server is proposing only weak algorithms that are no longer supported by libreswan, see "Compatibility with VPN servers using weak legacy IPsec IKEv1 algorithms" :

https://github.com/nm-l2tp/NetworkManager-l2tp/blob/main/README.md#ipsec-ikev1-weak-legacy-algorithms-and-backwards-compatibility

One option is to rebuild Libreswan with USE_DH2=true and NetworkManager-l2tp with the --enable-libreswan-dh2 configure switch.

A simpler option might be to use strongswan instead of libreswan :

sudo dnf install strongswan
sudo rpm -e libreswan

I'm not sure if Fedora 34 still has SElinux issues with strongswan, if it does you might have to temporarily disable SElinux.

Unrelated to your current issue, I would recommend removing the blacklist for the L2TP kernel modules, see the README.md file :

https://github.com/nm-l2tp/NetworkManager-l2tp#issue-with-blacklisting-of-l2tp-kernel-modules

kapila1982 commented 2 years ago

Getting below error while executing make commands (nm-l2pt network manager)

make[2]: Entering directory '/opt/network-manager-l2tp' CC shared/nm-utils/src_nm_l2tp_service-nm-shared-utils.o CC shared/src_nm_l2tp_service-nm-l2tp-crypto-openssl.o CC shared/src_nm_l2tp_service-nm-l2tp-crypto-nss.o CC shared/src_nm_l2tp_service-utils.o CC src/nm_l2tp_service-nm-l2tp-service.o CC src/libnm_l2tp_pppd_service_dbus_la-nm-l2tp-pppd-service-dbus.lo CCLD src/libnm-l2tp-pppd-service-dbus.la CCLD src/nm-l2tp-service CC shared/nm-utils/auth_dialog_nm_l2tp_auth_dialog-nm-shared-utils.o CC shared/auth_dialog_nm_l2tp_auth_dialog-nm-l2tp-crypto-openssl.o CC shared/nm-utils/auth_dialog_nm_l2tp_auth_dialog-nm-secret-utils.o CC auth-dialog/nm_l2tp_auth_dialog-main.o CCLD auth-dialog/nm-l2tp-auth-dialog CC shared/nm-utils/properties_libnm_vpn_plugin_l2tp_la-nm-vpn-plugin-utils.lo CC shared/properties_libnm_vpn_plugin_l2tp_la-nm-l2tp-crypto-openssl.lo CC properties/libnm_vpn_plugin_l2tp_la-nm-l2tp-editor-plugin.lo CC properties/libnm_vpn_plugin_l2tp_la-import-export.lo CCLD properties/libnm-vpn-plugin-l2tp.la CC shared/nm-utils/properties_libnm_vpn_plugin_l2tp_editor_la-nm-shared-utils.lo CC shared/properties_libnm_vpn_plugin_l2tp_editor_la-nm-l2tp-crypto-openssl.lo CC shared/properties_libnm_vpn_plugin_l2tp_editor_la-utils.lo CC properties/libnm_vpn_plugin_l2tp_editor_la-ppp-dialog.lo CC properties/libnm_vpn_plugin_l2tp_editor_la-ipsec-dialog.lo CC properties/libnm_vpn_plugin_l2tp_editor_la-nm-l2tp-editor.lo CC properties/libnm_vpn_plugin_l2tp_editor_la-auth-helpers.lo CCLD properties/libnm-vpn-plugin-l2tp-editor.la CC shared/nm-utils/src_nm_l2tp_pppd_plugin_la-nm-shared-utils.lo CC src/nm_l2tp_pppd_plugin_la-nm-l2tp-pppd-plugin.lo CCLD src/nm-l2tp-pppd-plugin.la GEN appdata/network-manager-l2tp.metainfo.xml ./po/ru.po:220:25: invalid control sequence /usr/bin/msgfmt: found 1 fatal error make[2]: [Makefile:2020: appdata/network-manager-l2tp.metainfo.xml] Error 1 make[2]: Leaving directory '/opt/network-manager-l2tp' make[1]: [Makefile:1494: all-recursive] Error 1 make[1]: Leaving directory '/opt/network-manager-l2tp' make: *** [Makefile:787: all] Error 2 [root@fedora network-manager-l2tp]#

And also, I'm just confused the PSK because I only have received the username , password and IP. I don't have any PSK. Let me know that I'm doing right thing ? or any other option I have to meet above ?

dkosovic commented 2 years ago

Are you sure it is a L2TP/IPsec VPN connection? Not having a PSK (or alternatively a Machine Certificate if using certificates) is a prerequisite for a L2TP/IPsec connection. If you are able to get a VPN connection working with the built-in Win10 L2TP client (which is a L2TP/IPsec client that needs a PSK) then you should be able to with this client also.

I’m guessing “E81.40 End Point Client.msi” is an installer for a Sophos End Point VPN client, but not sure.

I suspect you are after a IPsec VPN client instead of a L2TP client which is tunnel through IPsec. You could try NetworkManager-libreswan or NetworkManager-strongswan, maybe even the Cisco compatible NetworkManager-vpnc IPsec client.

kapila1982 commented 2 years ago

It's working with E81.40 End Point Client.msi tool from windows (I think it's auto configure CA but not sure :) ). As per bank it's IPsec.

I attached window logs trac.log trac_fwpktlog.log

dkosovic commented 2 years ago

Looks like the Checkpoint VPN serer supports either IPsec IKEv1 or IPsec IKEv2: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_SitetoSiteVPN_AdminGuide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_SitetoSiteVPN_AdminGuide/13847

Checkpoint VPN serer only supports L2TP/IPsec clients (including the built-in Win10 L2TP VPN client) if it was configured for L2TP/IPsec :

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_RemoteAccessVPN_AdminGuide/Topics-VPNRG/L2TP-Clients.htm

and for the L2TP/IPsec support, you would need the PSK as mentioned in this post :

https://community.checkpoint.com/t5/Remote-Access-VPN/L2TP-over-IPSec-Linux-VPN/td-p/48860

dkosovic commented 2 years ago

You could try NetworkManager-libreswan (for IPsec IKEv1 or IPsec IKEv2 support) or NetworkManager-strongswan (for IPsec IKEv2 support). Neither needs a PSK and they are pure IPsec, unlike this VPN client which uses L2TP.

nm-l2tp / NetworkManager-l2tp

L2pt Ipsec VPN not working on fedora 34 #174