Closed jakob-bebop closed 2 years ago
I tried to reproduce the issue with network-manager-1.36.2-1 on Debian Sid and NetworkManager-1.36.0-2.el9 on CentOS Stream 9, but I'm not able to reproduce the issue.
I suspect Arch Linux's networkmanager-1.36 package introduced some routing issue, as version 1.36 changed the way routing is handled.
But as there appears to be some xl2tpd error messages and as NetworkManager-l2tp 1.20.0 supports kl2tpd from Katalix's go-l2tp project, you could try kl2tpd as an alternative. It will fallback to xl2tpd if kl2tpd is not installed. To install kl2tpd (assuming the go package is installed), issue:
go get github.com/katalix/go-l2tp/...
sudo mkdir /usr/local/sbin
sudo cp go/bin/kl2tpd /usr/local/sbin
Katalix are the authors of the L2TP kernel modules that xl2tpd also uses.
Forgot to mention, it is probably better to use journalctl to see the log output as it is missing the significant pppd, nm-l2tp pppd plug-in and NetworkManager logs in regards to this issue, e.g. :
journalctl --no-hostname _SYSTEMD_UNIT=NetworkManager.service + SYSLOG_IDENTIFIER=pppd
if using go-l2tp's kl2tpd, it is recommended to issue the following :
journalctl --no-hostname _SYSTEMD_UNIT=NetworkManager.service + _COMM=kl2tpd + SYSLOG_IDENTIFIER=pppd
Thanks for the suggestions.
I tried kl2tpd but I wasn't able to start the connection with either networkmanager version.
Upstream issue:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/946
Yeah, that upstream L2TP not working with NetworkManager 1.36 issue has the missing pppd logs. It seems to be a routing issue and traffic isn't going over ppp0.
Upstream has released NetworkManager 1.37, hopefully that might fix the issue for you.
I've added responses to that upstream bug report :
I managed to reproduce the issue if the "Use this connection only for resources on its network" IPv4 setting is enabled. It appears to be a routing issue.
I ended up setting up a VM with Arch Linux. As mentioned in the upstream bug report, the Arch Linux networkmanager 1.36 issue is due to a bug with the Arch Linux strongswan package as I wasn't able to reproduce the issue when I switched to the AUR libreswan package nor when I used Fedora 36 and strongswan. Fedora 36 has disabled a number of strongswan features that are too broken to enable, while the Arch Linux strongswan package still has them enabled.
That routing issue I mentioned was for network-manager 1.36.2 on Debian Sid, so may or may not be applicable to Arch Linux, but 1.36.4 definitely doesn't have the routing issue.
I can confirm the following modifications to the Arch Linux strongswan PKGBUILD file fixes the Arch linux strongswan issue with networkmanager 1.36.4 and networkmanager-l2tp :
--- PKGBUILD.orig 2022-02-19 23:00:00 +1000
+++ PKGBUILD 2022-03-30 20:00:00 +1000
@@ -87,8 +87,6 @@
--enable-mysql \
--enable-ldap \
--enable-cmd \
- --enable-forecast \
- --enable-connmark \
--enable-aesni \
--enable-eap-ttls \
--enable-radattr \
@@ -103,12 +101,10 @@
--enable-newhope \
--enable-ntru \
--enable-mgf1 \
- --enable-sha3 \
--enable-bliss \
--enable-dnscert \
--enable-nm \
--enable-agent \
- --enable-bypass-lan \
--enable-ruby-gems \
--enable-python-eggs
make
But not sure which one(s) in particular fixes the issue.
I'll close this issue as it seems to be more a strongswan issue.
I've been using the same vpn settings for years, on Arch linux. Since Arch released networkmanager-1.36, it stopped working. I eventually figured out that I could get it working by downgrading networkmanager to 1.34.
Before downgrading, the connection seemed ok for a few seconds, but would then fail. The output with --debug enabled, was