Closed kapila1982 closed 2 years ago
the IPsec connection is failing for main mode (aka phase 1), I suspect because the VPN server is proposing only weak algorithms that are no longer supported by libreswan, see "Compatibility with VPN servers using weak legacy IPsec IKEv1 algorithms" :
One option is to rebuild Libreswan with USE_DH2=true
and NetworkManager-l2tp with the --enable-libreswan-dh2
configure switch.
A simpler option might be to use strongswan instead of libreswan :
sudo dnf install strongswan
sudo rpm -e libreswan
I'm not sure if Fedora 34 still has SElinux issues with strongswan, if it does you might have to temporarily disable SElinux.
Unrelated to your current issue, I would recommend removing the blacklist for the L2TP kernel modules, see the README.md file :
Getting below error while executing make commands (nm-l2pt network manager)
make[2]: Entering directory '/opt/network-manager-l2tp' CC shared/nm-utils/src_nm_l2tp_service-nm-shared-utils.o CC shared/src_nm_l2tp_service-nm-l2tp-crypto-openssl.o CC shared/src_nm_l2tp_service-nm-l2tp-crypto-nss.o CC shared/src_nm_l2tp_service-utils.o CC src/nm_l2tp_service-nm-l2tp-service.o CC src/libnm_l2tp_pppd_service_dbus_la-nm-l2tp-pppd-service-dbus.lo CCLD src/libnm-l2tp-pppd-service-dbus.la CCLD src/nm-l2tp-service CC shared/nm-utils/auth_dialog_nm_l2tp_auth_dialog-nm-shared-utils.o CC shared/auth_dialog_nm_l2tp_auth_dialog-nm-l2tp-crypto-openssl.o CC shared/nm-utils/auth_dialog_nm_l2tp_auth_dialog-nm-secret-utils.o CC auth-dialog/nm_l2tp_auth_dialog-main.o CCLD auth-dialog/nm-l2tp-auth-dialog CC shared/nm-utils/properties_libnm_vpn_plugin_l2tp_la-nm-vpn-plugin-utils.lo CC shared/properties_libnm_vpn_plugin_l2tp_la-nm-l2tp-crypto-openssl.lo CC properties/libnm_vpn_plugin_l2tp_la-nm-l2tp-editor-plugin.lo CC properties/libnm_vpn_plugin_l2tp_la-import-export.lo CCLD properties/libnm-vpn-plugin-l2tp.la CC shared/nm-utils/properties_libnm_vpn_plugin_l2tp_editor_la-nm-shared-utils.lo CC shared/properties_libnm_vpn_plugin_l2tp_editor_la-nm-l2tp-crypto-openssl.lo CC shared/properties_libnm_vpn_plugin_l2tp_editor_la-utils.lo CC properties/libnm_vpn_plugin_l2tp_editor_la-ppp-dialog.lo CC properties/libnm_vpn_plugin_l2tp_editor_la-ipsec-dialog.lo CC properties/libnm_vpn_plugin_l2tp_editor_la-nm-l2tp-editor.lo CC properties/libnm_vpn_plugin_l2tp_editor_la-auth-helpers.lo CCLD properties/libnm-vpn-plugin-l2tp-editor.la CC shared/nm-utils/src_nm_l2tp_pppd_plugin_la-nm-shared-utils.lo CC src/nm_l2tp_pppd_plugin_la-nm-l2tp-pppd-plugin.lo CCLD src/nm-l2tp-pppd-plugin.la GEN appdata/network-manager-l2tp.metainfo.xml ./po/ru.po:220:25: invalid control sequence /usr/bin/msgfmt: found 1 fatal error make[2]: [Makefile:2020: appdata/network-manager-l2tp.metainfo.xml] Error 1 make[2]: Leaving directory '/opt/network-manager-l2tp' make[1]: [Makefile:1494: all-recursive] Error 1 make[1]: Leaving directory '/opt/network-manager-l2tp' make: *** [Makefile:787: all] Error 2 [root@fedora network-manager-l2tp]#
And also, I'm just confused the PSK because I only have received the username , password and IP. I don't have any PSK. Let me know that I'm doing right thing ? or any other option I have to meet above ?
Are you sure it is a L2TP/IPsec VPN connection? Not having a PSK (or alternatively a Machine Certificate if using certificates) is a prerequisite for a L2TP/IPsec connection. If you are able to get a VPN connection working with the built-in Win10 L2TP client (which is a L2TP/IPsec client that needs a PSK) then you should be able to with this client also.
I’m guessing “E81.40 End Point Client.msi” is an installer for a Sophos End Point VPN client, but not sure.
I suspect you are after a IPsec VPN client instead of a L2TP client which is tunnel through IPsec. You could try NetworkManager-libreswan or NetworkManager-strongswan, maybe even the Cisco compatible NetworkManager-vpnc IPsec client.
It's working with E81.40 End Point Client.msi tool from windows (I think it's auto configure CA but not sure :) ). As per bank it's IPsec.
I attached window logs trac.log trac_fwpktlog.log
Looks like the Checkpoint VPN serer supports either IPsec IKEv1 or IPsec IKEv2: https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_SitetoSiteVPN_AdminGuide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_SitetoSiteVPN_AdminGuide/13847
Checkpoint VPN serer only supports L2TP/IPsec clients (including the built-in Win10 L2TP VPN client) if it was configured for L2TP/IPsec :
and for the L2TP/IPsec support, you would need the PSK as mentioned in this post :
You could try NetworkManager-libreswan (for IPsec IKEv1 or IPsec IKEv2 support) or NetworkManager-strongswan (for IPsec IKEv2 support). Neither needs a PSK and they are pure IPsec, unlike this VPN client which uses L2TP.
Dear All,
I;m try to connect remote server via VPN from my laptop (running on fedora 34 64 bits) however I can able to connect from windows 10 using E81.40 End Point Client.msi software
[root@fedora ike]# uname -a Linux fedora 5.15.11-100.fc34.x86_64 #1 SMP Wed Dec 22 15:44:37 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Network Manager logs
Jan 03 09:31:39 fedora pluto[31833]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0": initiating connection 'f97be7c8-8b9a-4ce5-8b37-512288c78df0' with serial $1 which received a Delete/Notify but must remain up per local policy Jan 03 09:31:40 fedora pluto[31833]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #5: STATE_MAIN_I1: retransmission; will wait 16 seconds for response Jan 03 09:31:46 fedora NetworkManager[751]: [1641182506.6677] audit: op="connection-activate" uuid="f97be7c8-8b9a-4ce5-8b37-512288c78df0" name="VPN0" pid=28934 uid=1000 result="success"
Jan 03 09:31:46 fedora NetworkManager[751]: [1641182506.6756] vpn-connection[0x5648eace22b0,f97be7c8-8b9a-4ce5-8b37-512288c78df0,"VPN0",0]: Started the VPN service, PID 32098
Jan 03 09:31:46 fedora NetworkManager[751]: [1641182506.6910] vpn-connection[0x5648eace22b0,f97be7c8-8b9a-4ce5-8b37-512288c78df0,"VPN0",0]: Saw the service appear; activating connection
Jan 03 09:31:46 fedora NetworkManager[751]: [1641182506.8331] vpn-connection[0x5648eace22b0,f97be7c8-8b9a-4ce5-8b37-512288c78df0,"VPN0",0]: VPN connection: (ConnectInteractive) reply received
Jan 03 09:31:46 fedora nm-l2tp-service[32098]: Check port 1701
Jan 03 09:31:46 fedora NetworkManager[32111]: Redirecting to: systemctl restart ipsec.service
Jan 03 09:31:46 fedora systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Jan 03 09:31:46 fedora pluto[31833]: shutting down
Jan 03 09:31:46 fedora whack[32114]: 002 shutting down
Jan 03 09:31:46 fedora audit[31833]: CRYPTO_IKE_SA pid=31833 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='op=start direction=initiator conn-name="f97be7c8-8b9a-4ce5-8b37-512288c78df0" connstate=5 ike-version=1 auth=PRESHARED_KEY cipher=none ksize=0 integ=none prf=none pfs=none raddr=222.165.143.54 exe="/usr/libexec/ipsec/pluto" hostname=? addr=192.168.8.112 terminal=? res=failed'
Jan 03 09:31:46 fedora pluto[31833]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #5: deleting state (STATE_MAIN_I1) aged 22.890163s and NOT sending notification
Jan 03 09:31:46 fedora pluto[31833]: forgetting secrets
Jan 03 09:31:46 fedora pluto[31833]: shutting down interface wlp2s0 [2402:4000:2380:abbe:95e3:c8a5:75ec:941]:500
Jan 03 09:31:46 fedora pluto[31833]: shutting down interface lo [::1]:500
Jan 03 09:31:46 fedora pluto[31833]: shutting down interface lo 127.0.0.1:4500
Jan 03 09:31:46 fedora pluto[31833]: shutting down interface lo 127.0.0.1:500
Jan 03 09:31:46 fedora pluto[31833]: shutting down interface wlp2s0 192.168.8.112:4500
Jan 03 09:31:46 fedora pluto[31833]: shutting down interface wlp2s0 192.168.8.112:500
Jan 03 09:31:46 fedora pluto[31833]: shutting down interface virbr0 192.168.122.1:4500
Jan 03 09:31:46 fedora pluto[31833]: shutting down interface virbr0 192.168.122.1:500
Jan 03 09:31:46 fedora pluto[31833]: leak detective found no leaks
Jan 03 09:31:46 fedora audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Jan 03 09:31:46 fedora audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Jan 03 09:31:46 fedora audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Jan 03 09:31:46 fedora audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Jan 03 09:31:46 fedora audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Jan 03 09:31:46 fedora audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Jan 03 09:31:47 fedora systemd[1]: ipsec.service: Deactivated successfully.
Jan 03 09:31:47 fedora systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Jan 03 09:31:47 fedora audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=ipsec comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jan 03 09:31:47 fedora systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Jan 03 09:31:47 fedora kernel: AVX or AES-NI instructions are not detected.
Jan 03 09:31:47 fedora kernel: AVX or AES-NI instructions are not detected.
Jan 03 09:31:48 fedora ipsec[32367]: nflog ipsec capture disabled
Jan 03 09:31:48 fedora pluto[32379]: /usr/libexec/ipsec/pluto: Symbol `ldns_error_str' has different size in shared object, consider re-linking
Jan 03 09:31:48 fedora pluto[32379]: Initializing NSS using read-write database "sql:/var/lib/ipsec/nss"
Jan 03 09:31:48 fedora pluto[32379]: FIPS Mode: NO
Jan 03 09:31:48 fedora pluto[32379]: NSS crypto library initialized
Jan 03 09:31:48 fedora pluto[32379]: FIPS mode disabled for pluto daemon
Jan 03 09:31:48 fedora pluto[32379]: FIPS HMAC integrity support [disabled]
Jan 03 09:31:48 fedora pluto[32379]: libcap-ng support [enabled]
Jan 03 09:31:48 fedora pluto[32379]: Linux audit support [enabled]
Jan 03 09:31:48 fedora pluto[32379]: Linux audit activated
Jan 03 09:31:48 fedora pluto[32379]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO GCC_EXCEPTIONS NSS (IPsec profile) (NSS-PRF) DNSSEC SYSTEMD_WATCHDOG LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS) LDAP(non-NSS)) pid:32379
Jan 03 09:31:48 fedora pluto[32379]: core dump dir: /run/pluto
Jan 03 09:31:48 fedora pluto[32379]: secrets file: /etc/ipsec.secrets
Jan 03 09:31:48 fedora pluto[32379]: leak-detective enabled
Jan 03 09:31:48 fedora pluto[32379]: NSS crypto [enabled]
Jan 03 09:31:48 fedora pluto[32379]: XAUTH PAM support [enabled]
Jan 03 09:31:48 fedora pluto[32379]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00)
Jan 03 09:31:48 fedora pluto[32379]: NAT-Traversal support [enabled]
Jan 03 09:31:48 fedora pluto[32379]: Encryption algorithms:
Jan 03 09:31:48 fedora pluto[32379]: AES_CCM_16 {256,192,128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c
Jan 03 09:31:48 fedora pluto[32379]: AES_CCM_12 {256,192,128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b
Jan 03 09:31:48 fedora pluto[32379]: AES_CCM_8 {256,192,128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a
Jan 03 09:31:48 fedora pluto[32379]: 3DES_CBC [192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des
Jan 03 09:31:48 fedora pluto[32379]: CAMELLIA_CTR {256,192,128} IKEv1: ESP IKEv2: ESP
Jan 03 09:31:48 fedora pluto[32379]: CAMELLIA_CBC {256,192,128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia
Jan 03 09:31:48 fedora pluto[32379]: AES_GCM_16 {256,192,128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c
Jan 03 09:31:48 fedora pluto[32379]: AES_GCM_12 {256,192,128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b
Jan 03 09:31:48 fedora pluto[32379]: AES_GCM_8 {256,192,128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a
Jan 03 09:31:48 fedora pluto[32379]: AES_CTR {256,192,128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr
Jan 03 09:31:48 fedora pluto[32379]: AES_CBC {256,192,128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes
Jan 03 09:31:48 fedora pluto[32379]: NULL_AUTH_AES_GMAC {256,192,128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac
Jan 03 09:31:48 fedora pluto[32379]: NULL [] IKEv1: ESP IKEv2: ESP
Jan 03 09:31:48 fedora pluto[32379]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305
Jan 03 09:31:48 fedora pluto[32379]: Hash algorithms:
Jan 03 09:31:48 fedora pluto[32379]: MD5 IKEv1: IKE IKEv2: NSS
Jan 03 09:31:48 fedora pluto[32379]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha
Jan 03 09:31:48 fedora pluto[32379]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256
Jan 03 09:31:48 fedora pluto[32379]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384
Jan 03 09:31:48 fedora pluto[32379]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512
Jan 03 09:31:48 fedora pluto[32379]: PRF algorithms:
Jan 03 09:31:48 fedora pluto[32379]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5
Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1
Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256
Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384
Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512
Jan 03 09:31:48 fedora pluto[32379]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc
Jan 03 09:31:48 fedora pluto[32379]: Integrity algorithms:
Jan 03 09:31:48 fedora pluto[32379]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5
Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1
Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512
Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384
Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Jan 03 09:31:48 fedora pluto[32379]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Jan 03 09:31:48 fedora pluto[32379]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Jan 03 09:31:48 fedora pluto[32379]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Jan 03 09:31:48 fedora pluto[32379]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
Jan 03 09:31:48 fedora pluto[32379]: DH algorithms:
Jan 03 09:31:48 fedora pluto[32379]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0
Jan 03 09:31:48 fedora pluto[32379]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5
Jan 03 09:31:48 fedora pluto[32379]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14
Jan 03 09:31:48 fedora pluto[32379]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15
Jan 03 09:31:48 fedora pluto[32379]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16
Jan 03 09:31:48 fedora pluto[32379]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17
Jan 03 09:31:48 fedora pluto[32379]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18
Jan 03 09:31:48 fedora pluto[32379]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256
Jan 03 09:31:48 fedora pluto[32379]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384
Jan 03 09:31:48 fedora pluto[32379]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521
Jan 03 09:31:48 fedora pluto[32379]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519
Jan 03 09:31:48 fedora pluto[32379]: testing CAMELLIA_CBC:
Jan 03 09:31:48 fedora pluto[32379]: Camellia: 16 bytes with 128-bit key
Jan 03 09:31:48 fedora pluto[32379]: Camellia: 16 bytes with 128-bit key
Jan 03 09:31:48 fedora pluto[32379]: Camellia: 16 bytes with 256-bit key
Jan 03 09:31:48 fedora pluto[32379]: Camellia: 16 bytes with 256-bit key
Jan 03 09:31:48 fedora pluto[32379]: testing AES_GCM_16:
Jan 03 09:31:48 fedora pluto[32379]: empty string
Jan 03 09:31:48 fedora pluto[32379]: one block
Jan 03 09:31:48 fedora pluto[32379]: two blocks
Jan 03 09:31:48 fedora pluto[32379]: two blocks with associated data
Jan 03 09:31:48 fedora pluto[32379]: testing AES_CTR:
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 16 octets using AES-CTR with 128-bit key
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 32 octets using AES-CTR with 128-bit key
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 36 octets using AES-CTR with 128-bit key
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 16 octets using AES-CTR with 192-bit key
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 32 octets using AES-CTR with 192-bit key
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 36 octets using AES-CTR with 192-bit key
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 16 octets using AES-CTR with 256-bit key
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 32 octets using AES-CTR with 256-bit key
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 36 octets using AES-CTR with 256-bit key
Jan 03 09:31:48 fedora audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Jan 03 09:31:48 fedora audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Jan 03 09:31:48 fedora audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Jan 03 09:31:48 fedora audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Jan 03 09:31:48 fedora audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Jan 03 09:31:48 fedora audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 subj=kernel res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Jan 03 09:31:48 fedora pluto[32379]: testing AES_CBC:
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Jan 03 09:31:48 fedora pluto[32379]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Jan 03 09:31:48 fedora pluto[32379]: testing AES_XCBC:
Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Jan 03 09:31:48 fedora systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Jan 03 09:31:48 fedora pluto[32379]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Jan 03 09:31:48 fedora pluto[32379]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Jan 03 09:31:48 fedora pluto[32379]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Jan 03 09:31:48 fedora pluto[32379]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Jan 03 09:31:48 fedora pluto[32379]: testing HMAC_MD5:
Jan 03 09:31:48 fedora pluto[32379]: RFC 2104: MD5_HMAC test 1
Jan 03 09:31:48 fedora pluto[32379]: RFC 2104: MD5_HMAC test 2
Jan 03 09:31:48 fedora audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=kernel msg='unit=ipsec comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jan 03 09:31:48 fedora pluto[32379]: RFC 2104: MD5_HMAC test 3
Jan 03 09:31:48 fedora pluto[32379]: 4 CPU cores online
Jan 03 09:31:48 fedora pluto[32379]: starting up 3 helper threads
Jan 03 09:31:48 fedora pluto[32379]: started thread for helper 0
Jan 03 09:31:48 fedora pluto[32379]: started thread for helper 1
Jan 03 09:31:48 fedora pluto[32379]: started thread for helper 2
Jan 03 09:31:48 fedora pluto[32379]: using Linux xfrm kernel support code on #1 SMP Wed Dec 22 15:44:37 UTC 2021
Jan 03 09:31:48 fedora pluto[32379]: selinux support is NOT enabled.
Jan 03 09:31:48 fedora pluto[32379]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Jan 03 09:31:48 fedora pluto[32379]: watchdog: sending probes every 100 secs
Jan 03 09:31:48 fedora pluto[32379]: seccomp security disabled
Jan 03 09:31:48 fedora pluto[32379]: seccomp security disabled for crypto helper 3
Jan 03 09:31:48 fedora pluto[32379]: seccomp security disabled for crypto helper 2
Jan 03 09:31:48 fedora pluto[32379]: seccomp security disabled for crypto helper 1
Jan 03 09:31:48 fedora pluto[32379]: listening for IKE messages
Jan 03 09:31:48 fedora pluto[32379]: Kernel supports NIC esp-hw-offload
Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface virbr0 192.168.122.1:500
Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface virbr0 192.168.122.1:4500
Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface wlp2s0 192.168.8.112:500
Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface wlp2s0 192.168.8.112:4500
Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface lo 127.0.0.1:500
Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface lo 127.0.0.1:4500
Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface lo [::1]:500
Jan 03 09:31:48 fedora pluto[32379]: adding UDP interface wlp2s0 [2402:4000:2380:abbe:95e3:c8a5:75ec:941]:500
Jan 03 09:31:48 fedora pluto[32379]: loading secrets from "/etc/ipsec.secrets"
Jan 03 09:31:48 fedora pluto[32379]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Jan 03 09:31:48 fedora pluto[32379]: loading secrets from "/etc/ipsec.d/ipsec.secrets"
Jan 03 09:31:48 fedora pluto[32379]: listening for IKE messages
Jan 03 09:31:48 fedora pluto[32379]: forgetting secrets
Jan 03 09:31:48 fedora pluto[32379]: loading secrets from "/etc/ipsec.secrets"
Jan 03 09:31:48 fedora pluto[32379]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Jan 03 09:31:48 fedora pluto[32379]: loading secrets from "/etc/ipsec.d/ipsec.secrets"
Jan 03 09:31:48 fedora NetworkManager[32387]: 002 listening for IKE messages
Jan 03 09:31:48 fedora NetworkManager[32387]: 002 forgetting secrets
Jan 03 09:31:48 fedora NetworkManager[32387]: 002 loading secrets from "/etc/ipsec.secrets"
Jan 03 09:31:48 fedora NetworkManager[32387]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Jan 03 09:31:48 fedora NetworkManager[32387]: 002 loading secrets from "/etc/ipsec.d/ipsec.secrets"
Jan 03 09:31:48 fedora NetworkManager[32391]: debugging mode enabled
Jan 03 09:31:48 fedora NetworkManager[32391]: end of file /var/run/nm-l2tp-f97be7c8-8b9a-4ce5-8b37-512288c78df0/ipsec.conf
Jan 03 09:31:48 fedora NetworkManager[32391]: Loading conn f97be7c8-8b9a-4ce5-8b37-512288c78df0
Jan 03 09:31:48 fedora NetworkManager[32391]: starter: left is KH_DEFAULTROUTE
Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" modecfgdns=
Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" modecfgdomains=
Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" modecfgbanner=
Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" mark=
Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" mark-in=
Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" mark-out=
Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" vti_iface=
Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" redirect-to=
Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" accept-redirect-to=
Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" esp=aes256-sha1,aes128-sha1,3des-sha1
Jan 03 09:31:48 fedora NetworkManager[32391]: conn: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" ike=aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-ecp_384,aes128-sha1-ecp_256,3des-sha1-modp2048
Jan 03 09:31:48 fedora NetworkManager[32391]: opening file: /var/run/nm-l2tp-f97be7c8-8b9a-4ce5-8b37-512288c78df0/ipsec.conf
Jan 03 09:31:48 fedora NetworkManager[32391]: loading named conns: f97be7c8-8b9a-4ce5-8b37-512288c78df0
Jan 03 09:31:48 fedora NetworkManager[32391]: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Jan 03 09:31:48 fedora NetworkManager[32391]: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Jan 03 09:31:48 fedora NetworkManager[32391]: dst via 192.168.8.1 dev wlp2s0 src table 254
Jan 03 09:31:48 fedora NetworkManager[32391]: set nexthop: 192.168.8.1
Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.8.0 via dev wlp2s0 src 192.168.8.112 table 254
Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
Jan 03 09:31:48 fedora NetworkManager[32391]: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Jan 03 09:31:48 fedora NetworkManager[32391]: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Jan 03 09:31:48 fedora NetworkManager[32391]: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.8.112 via dev wlp2s0 src 192.168.8.112 table 255 (ignored)
Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.8.255 via dev wlp2s0 src 192.168.8.112 table 255 (ignored)
Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Jan 03 09:31:48 fedora NetworkManager[32391]: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Jan 03 09:31:48 fedora NetworkManager[32391]: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Jan 03 09:31:48 fedora NetworkManager[32391]: dst 192.168.8.1 via dev wlp2s0 src 192.168.8.112 table 254
Jan 03 09:31:48 fedora NetworkManager[32391]: set addr: 192.168.8.112
Jan 03 09:31:48 fedora NetworkManager[32391]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Jan 03 09:31:48 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0": added IKEv1 connection
Jan 03 09:31:48 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: initiating IKEv1 Main Mode connection
Jan 03 09:31:48 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: sent Main Mode request
Jan 03 09:31:48 fedora NetworkManager[32393]: 002 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: initiating IKEv1 Main Mode connection
Jan 03 09:31:48 fedora NetworkManager[32393]: 102 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: sent Main Mode request
Jan 03 09:31:48 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=12
Jan 03 09:31:48 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Jan 03 09:31:48 fedora NetworkManager[32393]: 003 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=12
Jan 03 09:31:48 fedora NetworkManager[32393]: 003 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Jan 03 09:31:49 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Jan 03 09:31:49 fedora NetworkManager[32393]: 010 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Jan 03 09:31:49 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Jan 03 09:31:49 fedora NetworkManager[32393]: 010 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Jan 03 09:31:50 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Jan 03 09:31:50 fedora NetworkManager[32393]: 010 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Jan 03 09:31:52 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Jan 03 09:31:52 fedora NetworkManager[32393]: 010 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Jan 03 09:31:56 fedora pluto[32379]: "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Jan 03 09:31:56 fedora NetworkManager[32393]: 010 "f97be7c8-8b9a-4ce5-8b37-512288c78df0" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Jan 03 09:31:58 fedora nm-l2tp-service[32098]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Jan 03 09:31:58 fedora NetworkManager[751]: [1641182518.6249] vpn-connection[0x5648eace22b0,f97be7c8-8b9a-4ce5-8b37-512288c78df0,"VPN0",0]: VPN plugin: state changed: stopped (6)
Jan 03 09:31:58 fedora NetworkManager[751]: [1641182518.6358] vpn-connection[0x5648eace22b0,f97be7c8-8b9a-4ce5-8b37-512288c78df0,"VPN0",0]: VPN service disappeared
Jan 03 09:31:58 fedora NetworkManager[751]: [1641182518.6408] vpn-connection[0x5648eace22b0,f97be7c8-8b9a-4ce5-8b37-512288c78df0,"VPN0",0]: VPN connection: failed to connect: 'Remote peer disconnected'
Anyone can help me