erfantkerfan
commented
2 years ago @dkosovic a lot of people need this fast because they use l2tp VPN for work and data center connections
Closed erfantkerfan closed 2 years ago
erfantkerfan
commented
2 years ago @dkosovic a lot of people need this fast because they use l2tp VPN for work and data center connections
dkosovic
commented
2 years ago Ubuntu 22.04 LTS (Jammy Jellyfish) comes with network-manager-l2tp-1.20.0-1build2 :
Is there a problem with it?
dkosovic
commented
2 years ago Or are you talking about the following PPA repository which has newer versions of network-manager-l2tp than the version that shipped with the official Ubuntu repositories ?
There is no real point in adding to the PPA the latest network-manager-l2tp 1.20.2 released last week as all it provides extra is support for gtk4 based gnome-control-center. I think Ubuntu 22.04 gnome-control-center is still gtk3 and won't be gtk4 until Ubuntu 22.10.
dkosovic
commented
2 years ago Or are you saying you have the same problem as in issue# 167 where it worked for the user with Ubuntu 18.04, but not 20.04, now you are claiming you have the same problem with Ubuntu 22.04?
erfantkerfan
commented
2 years ago I was using the ppa https://launchpad.net/~nm-l2tp/+archive/ubuntu/network-manager-l2tp for ubuntu 20.04 since it was not shipped with it but after upgrading to 22.04 I found out that my connection is not working with error
Apr 23 12:37:27 NetworkManager[4991]: xl2tpd[4991]: Can not find tunnel 105 (refhim=0)
Apr 23 12:37:27 NetworkManager[4991]: xl2tpd[4991]: network_thread: unable to find call or tunnel to handle packet. call = 39697, tunnel = 105 Dumping.
Apr 23 12:37:28 NetworkManager[4991]: xl2tpd[4991]: Can not find tunnel 105 (refhim=0)
Apr 23 12:37:28 NetworkManager[4991]: xl2tpd[4991]: network_thread: unable to find call or tunnel to handle packet. call = 39697, tunnel = 105 Dumping.
Apr 23 12:37:28 NetworkManager[4991]: xl2tpd[4991]: Can not find tunnel 12 (refhim=0)
Apr 23 12:37:28 NetworkManager[4991]: xl2tpd[4991]: network_thread: unable to find call or tunnel to handle packet. call = 39697, tunnel = 12 Dumping.
Apr 23 12:37:29 NetworkManager[4991]: xl2tpd[4991]: Can not find tunnel 105 (refhim=0)
Apr 23 12:37:29 NetworkManager[4991]: xl2tpd[4991]: network_thread: unable to find call or tunnel to handle packet. call = 39697, tunnel = 105 Dumping.
Apr 23 12:37:30 NetworkManager[4991]: xl2tpd[4991]: Can not find tunnel 12 (refhim=0)
Apr 23 12:37:30 NetworkManager[4991]: xl2tpd[4991]: network_thread: unable to find call or tunnel to handle packet. call = 39697, tunnel = 12 Dumping.so I tried to enable my ppa with jammy but I found it's not available ... so here I'm stuck with no access to my servers ... @dkosovic
dkosovic
commented
2 years ago The log output is showing the symptoms, but not the cause, could you attach all of the output of the following (or at least from the start of VPN connection) , but sanitize it if required :
journalctl -b --no-hostname _SYSTEMD_UNIT=NetworkManager.service + SYSLOG_IDENTIFIER=pppdIf it ends up being an issue with xl2tpd, network-manager-l2tp 1.20.0 also supports kl2tpd which isn't difficult to install:
sudo apt install golang
go get github.com/katalix/go-l2tp/...
sudo mkdir /usr/local/sbin
sudo cp go/bin/kl2tpd /usr/local/sbinI don't have Ubuntu 22.04 installed, so will probably install it.
All versions of Ubuntu that came after 16.04 shipped with a version of network-manager-l2tp in their official repositories. But I would often recommend the PPA as it had newer versions that provided more features or in some cases bug fixes.
erfantkerfan
commented
2 years ago here is the result
Apr 23 13:05:41 NetworkManager[643]: <info> [1650702941.4931] vpn[0x557cce8dc620,ad53e511-8958-454f-99b4-dbcc55af2950,"l2tp vandar1"]: starting l2tp
Apr 23 13:05:41 NetworkManager[643]: <info> [1650702941.4934] audit: op="connection-activate" uuid="ad53e511-8958-454f-99b4-dbcc55af2950" name="l2tp vandar1" pid=1578 uid=1000 result="success"
Apr 23 13:05:41 nm-l2tp-service[10494]: Check port 1701
Apr 23 13:05:41 nm-l2tp-service[10494]: Can't bind to port 1701
Apr 23 13:05:41 NetworkManager[10509]: Stopping strongSwan IPsec failed: starter is not running
Apr 23 13:05:43 NetworkManager[10506]: Starting strongSwan 5.9.5 IPsec [starter]...
Apr 23 13:05:43 NetworkManager[10506]: Loading config setup
Apr 23 13:05:43 NetworkManager[10506]: Loading conn 'ad53e511-8958-454f-99b4-dbcc55af2950'
Apr 23 13:05:43 ipsec_starter[10506]: Starting strongSwan 5.9.5 IPsec [starter]...
Apr 23 13:05:43 ipsec_starter[10506]: Loading config setup
Apr 23 13:05:43 ipsec_starter[10506]: Loading conn 'ad53e511-8958-454f-99b4-dbcc55af2950'
Apr 23 13:05:43 ipsec_starter[10517]: Attempting to start charon...
Apr 23 13:05:43 charon[10518]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.5, Linux 5.15.0-25-generic, x86_64)
Apr 23 13:05:43 charon[10518]: 00[LIB] providers loaded by OpenSSL: legacy default
Apr 23 13:05:43 charon[10518]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Apr 23 13:05:43 charon[10518]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Apr 23 13:05:43 charon[10518]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Apr 23 13:05:43 charon[10518]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Apr 23 13:05:43 charon[10518]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Apr 23 13:05:43 charon[10518]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 23 13:05:43 charon[10518]: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Apr 23 13:05:43 charon[10518]: 00[CFG] loaded IKE secret for %any
Apr 23 13:05:43 charon[10518]: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Apr 23 13:05:43 charon[10518]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Apr 23 13:05:43 charon[10518]: 00[JOB] spawning 16 worker threads
Apr 23 13:05:43 ipsec_starter[10517]: charon (10518) started after 20 ms
Apr 23 13:05:43 charon[10518]: 05[CFG] received stroke: add connection 'ad53e511-8958-454f-99b4-dbcc55af2950'
Apr 23 13:05:43 charon[10518]: 05[CFG] added configuration 'ad53e511-8958-454f-99b4-dbcc55af2950'
Apr 23 13:05:44 charon[10518]: 07[CFG] rereading secrets
Apr 23 13:05:44 charon[10518]: 07[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 23 13:05:44 charon[10518]: 07[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Apr 23 13:05:44 charon[10518]: 07[CFG] loaded IKE secret for %any
Apr 23 13:05:44 charon[10518]: 09[CFG] received stroke: initiate 'ad53e511-8958-454f-99b4-dbcc55af2950'
Apr 23 13:05:44 charon[10518]: 11[IKE] initiating Main Mode IKE_SA ad53e511-8958-454f-99b4-dbcc55af2950[1] to X.X.X.X
Apr 23 13:05:44 charon[10518]: 11[IKE] initiating Main Mode IKE_SA ad53e511-8958-454f-99b4-dbcc55af2950[1] to X.X.X.X
Apr 23 13:05:44 charon[10518]: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Apr 23 13:05:44 charon[10518]: 11[NET] sending packet: from 192.168.50.102[500] to X.X.X.X[500] (180 bytes)
Apr 23 13:05:44 charon[10518]: 12[NET] received packet: from X.X.X.X[500] to 192.168.50.102[500] (160 bytes)
Apr 23 13:05:44 charon[10518]: 12[ENC] parsed ID_PROT response 0 [ SA V V V V ]
Apr 23 13:05:44 charon[10518]: 12[IKE] received NAT-T (RFC 3947) vendor ID
Apr 23 13:05:44 charon[10518]: 12[IKE] received XAuth vendor ID
Apr 23 13:05:44 charon[10518]: 12[IKE] received DPD vendor ID
Apr 23 13:05:44 charon[10518]: 12[IKE] received FRAGMENTATION vendor ID
Apr 23 13:05:44 charon[10518]: 12[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Apr 23 13:05:44 charon[10518]: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 23 13:05:44 charon[10518]: 12[NET] sending packet: from 192.168.50.102[500] to X.X.X.X[500] (372 bytes)
Apr 23 13:05:44 charon[10518]: 13[NET] received packet: from X.X.X.X[500] to 192.168.50.102[500] (364 bytes)
Apr 23 13:05:44 charon[10518]: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 23 13:05:44 charon[10518]: 13[IKE] local host is behind NAT, sending keep alives
Apr 23 13:05:44 charon[10518]: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
Apr 23 13:05:44 charon[10518]: 13[NET] sending packet: from 192.168.50.102[4500] to X.X.X.X[4500] (76 bytes)
Apr 23 13:05:44 charon[10518]: 14[NET] received packet: from X.X.X.X[4500] to 192.168.50.102[4500] (76 bytes)
Apr 23 13:05:44 charon[10518]: 14[ENC] parsed ID_PROT response 0 [ ID HASH ]
Apr 23 13:05:44 charon[10518]: 14[IKE] IKE_SA ad53e511-8958-454f-99b4-dbcc55af2950[1] established between 192.168.50.102[192.168.50.102]...X.X.X.X[X.X.X.X]
Apr 23 13:05:44 charon[10518]: 14[IKE] IKE_SA ad53e511-8958-454f-99b4-dbcc55af2950[1] established between 192.168.50.102[192.168.50.102]...X.X.X.X[X.X.X.X]
Apr 23 13:05:44 charon[10518]: 14[IKE] scheduling reauthentication in 10080s
Apr 23 13:05:44 charon[10518]: 14[IKE] maximum IKE_SA lifetime 10620s
Apr 23 13:05:44 charon[10518]: 14[ENC] generating QUICK_MODE request 282922733 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
Apr 23 13:05:44 charon[10518]: 14[NET] sending packet: from 192.168.50.102[4500] to X.X.X.X[4500] (460 bytes)
Apr 23 13:05:45 charon[10518]: 15[NET] received packet: from X.X.X.X[4500] to 192.168.50.102[4500] (76 bytes)
Apr 23 13:05:45 charon[10518]: 15[ENC] parsed INFORMATIONAL_V1 request 4285384490 [ HASH N(NO_PROP) ]
Apr 23 13:05:45 charon[10518]: 15[IKE] received NO_PROPOSAL_CHOSEN error notify
Apr 23 13:05:45 NetworkManager[10547]: initiating Main Mode IKE_SA ad53e511-8958-454f-99b4-dbcc55af2950[1] to X.X.X.X
Apr 23 13:05:45 NetworkManager[10547]: generating ID_PROT request 0 [ SA V V V V V ]
Apr 23 13:05:45 NetworkManager[10547]: sending packet: from 192.168.50.102[500] to X.X.X.X[500] (180 bytes)
Apr 23 13:05:45 NetworkManager[10547]: received packet: from X.X.X.X[500] to 192.168.50.102[500] (160 bytes)
Apr 23 13:05:45 NetworkManager[10547]: parsed ID_PROT response 0 [ SA V V V V ]
Apr 23 13:05:45 NetworkManager[10547]: received NAT-T (RFC 3947) vendor ID
Apr 23 13:05:45 NetworkManager[10547]: received XAuth vendor ID
Apr 23 13:05:45 NetworkManager[10547]: received DPD vendor ID
Apr 23 13:05:45 NetworkManager[10547]: received FRAGMENTATION vendor ID
Apr 23 13:05:45 NetworkManager[10547]: selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Apr 23 13:05:45 NetworkManager[10547]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 23 13:05:45 NetworkManager[10547]: sending packet: from 192.168.50.102[500] to X.X.X.X[500] (372 bytes)
Apr 23 13:05:45 NetworkManager[10547]: received packet: from X.X.X.X[500] to 192.168.50.102[500] (364 bytes)
Apr 23 13:05:45 NetworkManager[10547]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 23 13:05:45 NetworkManager[10547]: local host is behind NAT, sending keep alives
Apr 23 13:05:45 NetworkManager[10547]: generating ID_PROT request 0 [ ID HASH ]
Apr 23 13:05:45 NetworkManager[10547]: sending packet: from 192.168.50.102[4500] to X.X.X.X[4500] (76 bytes)
Apr 23 13:05:45 NetworkManager[10547]: received packet: from X.X.X.X[4500] to 192.168.50.102[4500] (76 bytes)
Apr 23 13:05:45 NetworkManager[10547]: parsed ID_PROT response 0 [ ID HASH ]
Apr 23 13:05:45 NetworkManager[10547]: IKE_SA ad53e511-8958-454f-99b4-dbcc55af2950[1] established between 192.168.50.102[192.168.50.102]...X.X.X.X[X.X.X.X]
Apr 23 13:05:45 NetworkManager[10547]: scheduling reauthentication in 10080s
Apr 23 13:05:45 NetworkManager[10547]: maximum IKE_SA lifetime 10620s
Apr 23 13:05:45 NetworkManager[10547]: generating QUICK_MODE request 282922733 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
Apr 23 13:05:45 NetworkManager[10547]: sending packet: from 192.168.50.102[4500] to X.X.X.X[4500] (460 bytes)
Apr 23 13:05:45 NetworkManager[10547]: received packet: from X.X.X.X[4500] to 192.168.50.102[4500] (76 bytes)
Apr 23 13:05:45 NetworkManager[10547]: parsed INFORMATIONAL_V1 request 4285384490 [ HASH N(NO_PROP) ]
Apr 23 13:05:45 NetworkManager[10547]: received NO_PROPOSAL_CHOSEN error notify
Apr 23 13:05:45 NetworkManager[10547]: establishing connection 'ad53e511-8958-454f-99b4-dbcc55af2950' failed
Apr 23 13:05:45 nm-l2tp-service[10494]: xl2tpd started with pid 10553
Apr 23 13:05:45 NetworkManager[10553]: xl2tpd[10553]: Not looking for kernel SAref support.
Apr 23 13:05:45 NetworkManager[10553]: xl2tpd[10553]: Using l2tp kernel support.
Apr 23 13:05:45 NetworkManager[10553]: xl2tpd[10553]: xl2tpd version xl2tpd-1.3.16 started on erfan-gholizade PID:10553
Apr 23 13:05:45 NetworkManager[10553]: xl2tpd[10553]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Apr 23 13:05:45 NetworkManager[10553]: xl2tpd[10553]: Forked by Scott Balmos and David Stipp, (C) 2001
Apr 23 13:05:45 NetworkManager[10553]: xl2tpd[10553]: Inherited by Jeff McAdams, (C) 2002
Apr 23 13:05:45 NetworkManager[10553]: xl2tpd[10553]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Apr 23 13:05:45 NetworkManager[10553]: xl2tpd[10553]: Listening on IP address 0.0.0.0, port 42126
Apr 23 13:05:45 NetworkManager[10553]: xl2tpd[10553]: Connecting to host X.X.X.X, port 1701
Apr 23 13:05:45 NetworkManager[10553]: xl2tpd[10553]: Can not find tunnel 105 (refhim=0)
Apr 23 13:05:45 NetworkManager[10553]: xl2tpd[10553]: network_thread: unable to find call or tunnel to handle packet. call = 23189, tunnel = 105 Dumping.
Apr 23 13:05:46 NetworkManager[10553]: xl2tpd[10553]: Can not find tunnel 105 (refhim=0)
Apr 23 13:05:46 NetworkManager[10553]: xl2tpd[10553]: network_thread: unable to find call or tunnel to handle packet. call = 23189, tunnel = 105 Dumping.
Apr 23 13:05:46 NetworkManager[10553]: xl2tpd[10553]: Can not find tunnel 12 (refhim=0)
Apr 23 13:05:46 NetworkManager[10553]: xl2tpd[10553]: network_thread: unable to find call or tunnel to handle packet. call = 23189, tunnel = 12 Dumping.
Apr 23 13:05:47 NetworkManager[10553]: xl2tpd[10553]: Can not find tunnel 105 (refhim=0)
Apr 23 13:05:47 NetworkManager[10553]: xl2tpd[10553]: network_thread: unable to find call or tunnel to handle packet. call = 23189, tunnel = 105 Dumping.
Apr 23 13:05:48 NetworkManager[10553]: xl2tpd[10553]: Can not find tunnel 12 (refhim=0)
Apr 23 13:05:48 NetworkManager[10553]: xl2tpd[10553]: network_thread: unable to find call or tunnel to handle packet. call = 23189, tunnel = 12 Dumping.
Apr 23 13:05:49 NetworkManager[10553]: xl2tpd[10553]: Can not find tunnel 105 (refhim=0)
Apr 23 13:05:49 NetworkManager[10553]: xl2tpd[10553]: network_thread: unable to find call or tunnel to handle packet. call = 23189, tunnel = 105 Dumping.
Apr 23 13:05:52 NetworkManager[10553]: xl2tpd[10553]: Can not find tunnel 12 (refhim=0)
Apr 23 13:05:52 NetworkManager[10553]: xl2tpd[10553]: network_thread: unable to find call or tunnel to handle packet. call = 23189, tunnel = 12 Dumping.
Apr 23 13:05:53 NetworkManager[10553]: xl2tpd[10553]: Can not find tunnel 105 (refhim=0)
Apr 23 13:05:53 NetworkManager[10553]: xl2tpd[10553]: network_thread: unable to find call or tunnel to handle packet. call = 23189, tunnel = 105 Dumping.
Apr 23 13:05:59 NetworkManager[10553]: xl2tpd[10553]: death_handler: Fatal signal 15 received
Apr 23 13:05:59 NetworkManager[10553]: xl2tpd[10553]: Connection 0 closed to X.X.X.X, port 1701 (Server closing)
Apr 23 13:05:59 NetworkManager[643]: <warn> [1650702959.1090] vpn[0x557cce8dc620,ad53e511-8958-454f-99b4-dbcc55af2950,"l2tp vandar1"]: dbus: failure: connect-failed (1)
Apr 23 13:05:59 NetworkManager[643]: <warn> [1650702959.1091] vpn[0x557cce8dc620,ad53e511-8958-454f-99b4-dbcc55af2950,"l2tp vandar1"]: dbus: failure: connect-failed (1)
Apr 23 13:05:59 NetworkManager[10555]: Stopping strongSwan IPsec...
Apr 23 13:05:59 charon[10518]: 00[DMN] SIGINT received, shutting down
Apr 23 13:05:59 charon[10518]: 00[IKE] deleting IKE_SA ad53e511-8958-454f-99b4-dbcc55af2950[1] between 192.168.50.102[192.168.50.102]...X.X.X.X[X.X.X.X]
Apr 23 13:05:59 charon[10518]: 00[IKE] deleting IKE_SA ad53e511-8958-454f-99b4-dbcc55af2950[1] between 192.168.50.102[192.168.50.102]...X.X.X.X[X.X.X.X]
Apr 23 13:05:59 charon[10518]: 00[IKE] sending DELETE for IKE_SA ad53e511-8958-454f-99b4-dbcc55af2950[1]
Apr 23 13:05:59 charon[10518]: 00[ENC] generating INFORMATIONAL_V1 request 2667321968 [ HASH D ]
Apr 23 13:05:59 charon[10518]: 00[NET] sending packet: from 192.168.50.102[4500] to X.X.X.X[4500] (92 bytes)
Apr 23 13:05:59 ipsec_starter[10517]: child 10518 (charon) has quit (exit code 0)
Apr 23 13:05:59 ipsec_starter[10517]:
Apr 23 13:05:59 ipsec_starter[10517]: charon stopped after 200 ms
Apr 23 13:05:59 ipsec_starter[10517]: ipsec starter stopped
Apr 23 13:05:59 nm-l2tp-service[10494]: ipsec shut down
only replaced IP with X.X.X.X @dkosovic
dkosovic
commented
2 years ago This is the issue:
charon[10518]: 14[ENC] generating QUICK_MODE request 282922733 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
charon[10518]: 14[NET] sending packet: from 192.168.50.102[4500] to X.X.X.X[4500] (460 bytes)
charon[10518]: 15[NET] received packet: from X.X.X.X[4500] to 192.168.50.102[4500] (76 bytes)
charon[10518]: 15[ENC] parsed INFORMATIONAL_V1 request 4285384490 [ HASH N(NO_PROP) ]
charon[10518]: 15[IKE] received NO_PROPOSAL_CHOSEN error notifyIPsec main mode (phase 1) succeeds, then quick mode (phase 2) fails with the above NO_PROPOSAL_CHOSEN error.
As the IPsec connection failed, xl2tpd tries to establish a direct L2TP connection and fails ...
I have the following in the code to check for false positive successful connection from strongswan, but looks like it wasn't enough to detect the IPsec connection wasn't successful :
Try unselecting the phase 1 and 2 algorithm checkboxes if they are enabled in the IPsec settings.
You could try switching from strongswan to libreswan and see if you have more luck:
sudo apt install libreswanNormally Windows 10 uses aes128-sha1,3des-sha1,des-sha1 for its phase 1 quick mode proposals or aes128-sha1,3des-sha1 for its max strength proposals. If you are still using strongswan, you could try explicitly setting phase 2 algorithms to aes128-sha1,3des-sha1! (note the exclamation mark at the end is required by strongswan to override existing proposals). If it still doesn't work, try just 3des-sha1!.
But the logs on the VPN server will probably give some clues as to why it is rejecting the Quick Mode proposals from the Ubuntu 22.04 version of strongswan.
dkosovic
commented
2 years ago I've just finished upgrading to Ubuntu 22.04 and have reproduced the xl2tpd issue, although my strongswan quick mode (phase 2) IPsec connection was successful.
erfantkerfan
commented
2 years ago I use aes128-sha1-modp2048! for both phase1 and phase2
@dkosovic
erfantkerfan
commented
2 years ago libreswan did not work.
also, I use a PSK if that makes any difference
dkosovic
commented
2 years ago aes128-sha1-modp2048! is invalid for phase 2 and might be the reason it is failing, it should be aes128-sha1!, i.e. no modp2048.
Switching from xl2tpd to kl2tpd fixed the Ubuntu 22.04 issue in https://github.com/nm-l2tp/NetworkManager-l2tp/issues/183
He was using libreswan (pluto) instead of strongswan (charon) and quick mode was successful for him. Note that libreswan doesn't use the exclamation syntax for phase 1 & 2.
You can switch back to strongswan by re0installing it and it will automatically remove libreswan.
erfantkerfan
commented
2 years ago aes128-sha1-modp2048! is invalid for phase 2 and might be the reason it is failing, it should be aes128-sha1!, i.e. no modp2048.
okay but my config was working before the upgrade
Switching from xl2tpd to kl2tpd fixed the Ubuntu 22.04 issue in https://github.com/nm-l2tp/NetworkManager-l2tp/issues/183
I was not able to install it, unfortunately.
dkosovic
commented
2 years ago Looks like go get github.com/katalix/go-l2tp/... no longer works with newer versions of the Go language, so you have to use go install instead, e.g.:
sudo apt install golang-go
go install "github.com/katalix/go-l2tp/...@latest"
sudo mkdir /usr/local/sbin
sudo cp go/bin/kl2tpd /usr/local/sbinI can confirm kl2tpd works for me, but xl2tpd doesn't with Ubuntu 22.04.
I would think the IPsec connections weren't being established for you either in Ubuntu 20.04 and it would have been failing at the quick mode (phase 2) step. I believe the VPN server you are connecting to is misconfigured to accept L2TP directly instead of only accepting L2TP encapsulated in IPsec, i.e. L2TP port 1701 is open to the outside world on the VPN server. I would seriously recommend locking the VPN server down to not allow L2TP without IPsec as it is pretty easy on the client side to accidentally not enable IPsec with L2TP clients on multiple platforms.
I'm not sure why strongswan didn't complain about aes128-sha1-modp2048 being a syntax error for phase 2, but at least I now know how to reproduce the bug and would put something in place in the code to prevent preceding further to the L2TP connection.
NetworkManager-l2tp 1.2.16 and later uses a combination of Windows 10 and iOS phase 1 & 2 algorithms for the proposals, with the stronger proposals listed first, so I would normally not recommend putting anything in for the phase 1 & 2 proposals.
dkosovic
commented
2 years ago The broken Ubuntu 22.04 xl2tpd package was first reported back on 2021-11-22 :
Hopefully Ubuntu will release a new xl2tpd soon now that Ubuntu 22.04 has been released.
dkosovic
commented
2 years ago Unfortunately with the VPN server I'm using, I'm not able to reproduce the issue with the bogus aes128-sha1-modp2048! phase 2, so I don't know what to check for with the false positive successful IPsec connection in your case.
As previously mentioned, I have the following in the code to check for false positive successful connections with strongswan which has worked for the ones I encountered:
erfantkerfan
commented
2 years ago thanks for your time and knowledge, I migrated to Fedora for now
about the aes128-sha1-modp2048! I'm not too worried because I suspect that my access provider at data-center uses very old hardware or misconfigured routers...
But it would be the best if you could close the issue when a fix has been released for people with the same problem as me
andrezimmermann
commented
2 years ago The broken Ubuntu 22.04 xl2tpd package was first reported back on 2021-11-22 :
* https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1951832 * https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1968336 * [Upgrading 1.3.12 to 1.3.16 breaks VPN connection xelerance/xl2tpd#230](https://github.com/xelerance/xl2tpd/issues/230)Hopefully Ubuntu will release a new xl2tpd soon now that Ubuntu 22.04 has been released.
I've confirmed that replacing xl2tpd with go-l2tp fixed the connection issues I was having :smiley:
On another topic, just for my own curiosity's sake I've also tried to build & install xl2tpd 1.3.17 but for some reason it still picks up the old version? :thinking:
user@desktop:~$ xl2tpd --version
xl2tpd version: xl2tpd-1.3.17but when running I'd see the the
abr 25 20:52:12 NetworkManager[26504]: xl2tpd[26504]: xl2tpd version xl2tpd-1.3.16 started on desktop PID:26504Is there any extra set of steps I needed to take to use the updated xl2tpd binaries or my understanding that it uses the system xl2tpd is incorrect?
In any case, thanks for clarifying and supporting go-l2tp :rocket:
dkosovic
commented
2 years ago I suspect you built and installed xl2tpd to /usr/local/bin/xl2tpd. You can confirm by using the type command, e.g. :
type xl2tpd
Have a look at the nm_find_l2tpd() function source code at the order and locations of where it looks to find xl2tpd :
Is does not use the PATH env variable to find xl2tpd.
andrezimmermann
commented
2 years ago Thank you for taking the time to reply.
user@desktop:~$ type xl2tpd
xl2tpd is hashed (/usr/local/sbin/xl2tpd)From the utils.c
So that explains it, I have something at /sbin/xl2tpd which have higher priority :sweat_smile:
user@desktop:~$ /sbin/xl2tpd --version
xl2tpd version: xl2tpd-1.3.16Thanks!
erfantkerfan
commented
2 years ago I also confirm that my problem is fixed using kl2tp (go-lang)
dkosovic
commented
2 years ago As this issue is getting too long for people to read through, I've created a new issue regarding Ubuntu 22.04 and will close this one.
avillamarin-plenty
commented
2 years ago @andrezimmermann @erfantkerfan or @dkosovic I'm facing the same issue, I installed go-l2tp and actually also removed xl2tp just to be certain....but now when I try to connect I see this:
Apr 28 17:24:11 internetmosquito-PE72-7RD NetworkManager[863]: <info> [1651159451.2354] audit: op="connection-update" uuid="d46a57e1-6f19-49af-86a6-714d5a58be85" name="*****" pid=9878 uid=1000 result="success" Apr 28 17:24:17 internetmosquito-PE72-7RD NetworkManager[863]: <info> [1651159457.4394] audit: op="connection-activate" uuid="d46a57e1-6f19-49af-86a6-714d5a58be85" name="******" pid=9878 uid=1000 result="fail" reason="The VPN service 'org.freedesktop.NetworkManager.l2tp' was not installed."
Output of journalctl
abr 28 17:24:11 NetworkManager[863]: <info> [1651159451.2354] audit: op="connection-update" uuid="d46a57e1-6f19-49af-86a6-714d5a58be85" name="PLenty" pid=9878 uid=1000 result="success" abr 28 17:24:17 NetworkManager[863]: <info> [1651159457.4394] audit: op="connection-activate" uuid="d46a57e1-6f19-49af-86a6-714d5a58be85" name="PLenty" pid=9878 uid=1000 result="fail" reason="The VPN service '>
Is there any extra step to make this work? Thanks!
dkosovic
commented
2 years ago The missing D-Bus org.freedesktop.NetworkManager.l2tp service that it's complaining about not being installed is provided by the network-manager-l2tp package, do you have it installed? The /usr/share/dbus-1/system.d/nm-l2tp-service.conf is the config file for that service.
I'm guessing you are using KDE, for other desktop environments make sure network-manager-l2tp and network-manager-l2tp-gnome are installed.
If it still can't find that service, probably a time for a reboot and NetworkManager should find it.
avillamarin-plenty
commented
2 years ago Hello @dkosovic
Nope, this is Ubuntu with standard gnome...and yes you're right, I had network-manager-l2tp not installed but I installed it and based on this https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1951832/comments/24 I donwgraded xl2tpd to 1.3.12 but still no luck...
internetmosquito@internetmosquito-PE72-7RD ~ sudo dpkg -l | grep xl2tp
[sudo] password for internetmosquito:
ii xl2tpd 1.3.12-1.1 amd64 layer 2 tunneling protocol implementation
internetmosquito@internetmosquito-PE72-7RD ~ sudo dpkg -l | grep network-manager
ii network-manager 1.36.4-2ubuntu1 amd64 network management framework (daemon and userspace tools)
ii network-manager-config-connectivity-ubuntu 1.36.4-2ubuntu1 all NetworkManager configuration to enable connectivity checking
ii network-manager-gnome 1.24.0-1ubuntu3 amd64 network management framework (GNOME frontend)
ii network-manager-l2tp 1.20.0-1build2 amd64 network management framework (L2TP plugin core)
ii network-manager-l2tp-gnome 1.20.0-1build2 amd64 network management framework (L2TP plugin GNOME GUI)
ii network-manager-openvpn 1.8.18-1 amd64 network management framework (OpenVPN plugin core)
ii network-manager-openvpn-gnome 1.8.18-1 amd64 network management framework (OpenVPN plugin GNOME GUI)
ii network-manager-pptp 1.2.10-1 amd64 network management framework (PPTP plugin core)
ii network-manager-pptp-gnome 1.2.10-1 amd64 network management framework (PPTP plugin GNOME GUI)While trying to connect to VPN...
Apr 29 00:43:08 internetmosquito-PE72-7RD NetworkManager[893]: <info> [1651185788.9944] vpn[0x55b778ffc250,d46a57e1-6f19-49af-86a6-714d5a58be85,"PLenty"]: starting l2tp
Apr 29 00:43:08 internetmosquito-PE72-7RD NetworkManager[893]: <info> [1651185788.9949] audit: op="connection-activate" uuid="d46a57e1-6f19-49af-86a6-714d5a58be85" name="PLenty" pid=2455 uid=1000 result="success"
Apr 29 00:43:09 internetmosquito-PE72-7RD nm-l2tp-service[19512]: Check port 1701
Apr 29 00:43:09 internetmosquito-PE72-7RD nm-l2tp-service[19512]: Can't bind to port 1701
Apr 29 00:43:09 internetmosquito-PE72-7RD NetworkManager[19538]: Stopping strongSwan IPsec...
Apr 29 00:43:09 internetmosquito-PE72-7RD charon: 00[DMN] SIGINT received, shutting down
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.5, Linux 5.15.0-27-generic, x86_64)
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[LIB] providers loaded by OpenSSL: legacy default
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[CFG] expanding file expression '/etc/ipsec.d/ipsec.nm-l2tp.secrets' failed
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[JOB] spawning 16 worker threads
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 06[KNL] 172.17.0.1 appeared on docker0
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 08[KNL] interface docker0 activated
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1663]: 00[DMN] SIGINT received, shutting down
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1638]: charon stopped after 200 ms
Apr 29 00:43:09 internetmosquito-PE72-7RD ipsec[1638]: ipsec starter stopped
Apr 29 00:43:09 internetmosquito-PE72-7RD systemd[1]: strongswan-starter.service: Deactivated successfully.
Apr 29 00:43:11 internetmosquito-PE72-7RD NetworkManager[19535]: Starting strongSwan 5.9.5 IPsec [starter]...
Apr 29 00:43:11 internetmosquito-PE72-7RD NetworkManager[19535]: Loading config setup
Apr 29 00:43:11 internetmosquito-PE72-7RD NetworkManager[19535]: Loading conn 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.5, Linux 5.15.0-27-generic, x86_64)
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[LIB] providers loaded by OpenSSL: legacy default
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[CFG] loaded IKE secret for %any
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 00[JOB] spawning 16 worker threads
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 06[CFG] received stroke: add connection 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 29 00:43:11 internetmosquito-PE72-7RD charon: 06[CFG] added configuration 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 07[CFG] rereading secrets
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 07[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 07[CFG] loaded IKE secret for %any
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 09[CFG] received stroke: initiate 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 11[IKE] initiating Main Mode IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] to 69.145.191.34
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 11[NET] sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (236 bytes)
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 12[NET] received packet: from 69.145.191.34[500] to 192.168.1.141[500] (156 bytes)
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 12[ENC] parsed ID_PROT response 0 [ SA V V V V ]
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 12[IKE] received XAuth vendor ID
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 12[IKE] received DPD vendor ID
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 12[IKE] received FRAGMENTATION vendor ID
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 12[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 12[NET] sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (244 bytes)
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 13[NET] received packet: from 69.145.191.34[500] to 192.168.1.141[500] (244 bytes)
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 13[IKE] local host is behind NAT, sending keep alives
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 13[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (68 bytes)
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 14[NET] received packet: from 69.145.191.34[500] to 192.168.1.141[500] (68 bytes)
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 14[ENC] invalid HASH_V1 payload length, decryption failed?
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 14[ENC] could not decrypt payloads
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 14[IKE] message parsing failed
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 14[IKE] ignore malformed INFORMATIONAL request
Apr 29 00:43:12 internetmosquito-PE72-7RD charon: 14[IKE] INFORMATIONAL_V1 request with message ID 1079282836 processing failed
Apr 29 00:43:16 internetmosquito-PE72-7RD charon: 05[IKE] sending retransmit 1 of request message ID 0, seq 3
Apr 29 00:43:16 internetmosquito-PE72-7RD charon: 05[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (68 bytes)
Apr 29 00:43:16 internetmosquito-PE72-7RD charon: 06[NET] received packet: from 69.145.191.34[500] to 192.168.1.141[500] (68 bytes)
Apr 29 00:43:16 internetmosquito-PE72-7RD charon: 06[ENC] invalid HASH_V1 payload length, decryption failed?
Apr 29 00:43:16 internetmosquito-PE72-7RD charon: 06[ENC] could not decrypt payloads
Apr 29 00:43:16 internetmosquito-PE72-7RD charon: 06[IKE] message parsing failed
Apr 29 00:43:16 internetmosquito-PE72-7RD charon: 06[IKE] ignore malformed INFORMATIONAL request
Apr 29 00:43:16 internetmosquito-PE72-7RD charon: 06[IKE] INFORMATIONAL_V1 request with message ID 940255680 processing failed
Apr 29 00:43:19 internetmosquito-PE72-7RD NetworkManager[893]: <warn> [1651185799.0977] vpn[0x55b778ffc250,d46a57e1-6f19-49af-86a6-714d5a58be85,"PLenty"]: failed to connect: 'Timeout was reached'
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19592]: Stopping strongSwan IPsec...
Apr 29 00:43:22 internetmosquito-PE72-7RD charon: 00[DMN] SIGINT received, shutting down
Apr 29 00:43:22 internetmosquito-PE72-7RD charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: initiating Main Mode IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] to 69.145.191.34
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: generating ID_PROT request 0 [ SA V V V V V ]
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (236 bytes)
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: received packet: from 69.145.191.34[500] to 192.168.1.141[500] (156 bytes)
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: parsed ID_PROT response 0 [ SA V V V V ]
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: received XAuth vendor ID
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: received DPD vendor ID
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: received FRAGMENTATION vendor ID
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: received NAT-T (RFC 3947) vendor ID
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (244 bytes)
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: received packet: from 69.145.191.34[500] to 192.168.1.141[500] (244 bytes)
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: local host is behind NAT, sending keep alives
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: generating ID_PROT request 0 [ ID HASH ]
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (68 bytes)
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: received packet: from 69.145.191.34[500] to 192.168.1.141[500] (68 bytes)
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: invalid HASH_V1 payload length, decryption failed?
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: could not decrypt payloads
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: message parsing failed
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: ignore malformed INFORMATIONAL request
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: INFORMATIONAL_V1 request with message ID 1079282836 processing failed
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: sending retransmit 1 of request message ID 0, seq 3
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (68 bytes)
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: received packet: from 69.145.191.34[500] to 192.168.1.141[500] (68 bytes)
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: invalid HASH_V1 payload length, decryption failed?
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: could not decrypt payloads
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: message parsing failed
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: ignore malformed INFORMATIONAL request
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: INFORMATIONAL_V1 request with message ID 940255680 processing failed
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: destroying IKE_SA in state CONNECTING without notification
Apr 29 00:43:22 internetmosquito-PE72-7RD NetworkManager[19586]: establishing connection 'd46a57e1-6f19-49af-86a6-714d5a58be85' failed
Apr 29 00:43:22 internetmosquito-PE72-7RD nm-l2tp-service[19512]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failedI'm tempted to install 20.04 again...or switch to Fedora or Manjaro to be honest, this is taking so much time
dkosovic
commented
2 years ago @avillamarin-plenty
The issue you are having is with strongswan, not xl2tpd. Something very weird is happening with the Main Mode (phase 1), if you have Remote ID filled in in the IPsec configuration, delete it, if you have something in the phase 1 & 2 algorithms text boxes, uncheck the corresponding checkbox. See if it works?
You could also try stopping the system xl2tpd to make port 1701 free, see the following in the README.md file on how :
disable the system xl2tpd if stopping it makes the VPN connection work.
If Manjaro is like Arch Linux, I wouldn't recommend using it at the moment for L2TP/IPsec. The Arch Linux strongswan package doesn't work with NetworkManager >= 1.36, but there is an update coming out soon. You can't edit L2TP connections at the moment with Gtk4 based gnome-control-center (only with Gtk3 based nm-connection-editor), it'll be fixed once they update the network-manager-l2tp package from version 1.20.0 to 1.20.2 that includes Gtk4 support.
Fedora 35 is okay, Fedora 36 beta has some issues, but should be okay once it is released.
I make the network-manager-l2tp packages for Debian Sid which make their way automatically to Ubuntu, I usually don't test Ubuntu. The broken xl2tpd issue is Ubuntu 22.04 only as they enabled LTO for linking, Debian and the other Linux distros haven't for their xl2tpd packages.
Many of the issues with the current Linux distros is due to a major overhaul of code with NetworkManager 1.36 now breaking stuff.
avillamarin-plenty
commented
2 years ago @dkosovic
So this is my current config when it comes to IPsec
I noticed xl2tpd was running so I manually stopped it, tried again, no luck...
Apr 29 18:44:07 internetmosquito-PE72-7RD NetworkManager[893]: <info> [1651250647.3592] audit: op="connection-activate" uuid="d46a57e1-6f19-49af-86a6-714d5a58be85" name="PLenty" pid=41192 uid=1000 result="success"
Apr 29 18:44:07 internetmosquito-PE72-7RD nm-l2tp-service[41941]: Check port 1701
Apr 29 18:44:07 internetmosquito-PE72-7RD NetworkManager[41957]: Stopping strongSwan IPsec failed: starter is not running
Apr 29 18:44:09 internetmosquito-PE72-7RD NetworkManager[41954]: Starting strongSwan 5.9.5 IPsec [starter]...
Apr 29 18:44:09 internetmosquito-PE72-7RD NetworkManager[41954]: Loading config setup
Apr 29 18:44:09 internetmosquito-PE72-7RD NetworkManager[41954]: Loading conn 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.5, Linux 5.15.0-27-generic, x86_64)
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[LIB] providers loaded by OpenSSL: legacy default
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[CFG] loaded IKE secret for %any
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 00[JOB] spawning 16 worker threads
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 06[CFG] received stroke: add connection 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 29 18:44:09 internetmosquito-PE72-7RD charon: 06[CFG] added configuration 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 08[CFG] rereading secrets
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 08[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 08[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 08[CFG] loaded IKE secret for %any
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 09[CFG] received stroke: initiate 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 11[IKE] initiating Main Mode IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] to 69.145.191.34
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 11[NET] sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (532 bytes)
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 12[NET] received packet: from 69.145.191.34[500] to 192.168.1.141[500] (156 bytes)
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 12[ENC] parsed ID_PROT response 0 [ SA V V V V ]
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 12[IKE] received XAuth vendor ID
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 12[IKE] received DPD vendor ID
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 12[IKE] received FRAGMENTATION vendor ID
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 12[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 12[NET] sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (244 bytes)
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 13[NET] received packet: from 69.145.191.34[500] to 192.168.1.141[500] (244 bytes)
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 13[IKE] local host is behind NAT, sending keep alives
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 13[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (68 bytes)
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 14[NET] received packet: from 69.145.191.34[500] to 192.168.1.141[500] (68 bytes)
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 14[ENC] invalid HASH_V1 payload length, decryption failed?
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 14[ENC] could not decrypt payloads
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 14[IKE] message parsing failed
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 14[IKE] ignore malformed INFORMATIONAL request
Apr 29 18:44:10 internetmosquito-PE72-7RD charon: 14[IKE] INFORMATIONAL_V1 request with message ID 2887281607 processing failed
Apr 29 18:44:14 internetmosquito-PE72-7RD charon: 05[IKE] sending retransmit 1 of request message ID 0, seq 3
Apr 29 18:44:14 internetmosquito-PE72-7RD charon: 05[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (68 bytes)
Apr 29 18:44:14 internetmosquito-PE72-7RD charon: 06[NET] received packet: from 69.145.191.34[500] to 192.168.1.141[500] (68 bytes)
Apr 29 18:44:14 internetmosquito-PE72-7RD charon: 06[ENC] invalid HASH_V1 payload length, decryption failed?
Apr 29 18:44:14 internetmosquito-PE72-7RD charon: 06[ENC] could not decrypt payloads
Apr 29 18:44:14 internetmosquito-PE72-7RD charon: 06[IKE] message parsing failed
Apr 29 18:44:14 internetmosquito-PE72-7RD charon: 06[IKE] ignore malformed INFORMATIONAL request
Apr 29 18:44:14 internetmosquito-PE72-7RD charon: 06[IKE] INFORMATIONAL_V1 request with message ID 2996508890 processing failed
Apr 29 18:44:17 internetmosquito-PE72-7RD NetworkManager[893]: <warn> [1651250657.4340] vpn[0x55b778ffc750,d46a57e1-6f19-49af-86a6-714d5a58be85,"PLenty"]: failed to connect: 'Timeout was reached'
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[42007]: Stopping strongSwan IPsec...
Apr 29 18:44:20 internetmosquito-PE72-7RD charon: 00[DMN] SIGINT received, shutting down
Apr 29 18:44:20 internetmosquito-PE72-7RD charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: initiating Main Mode IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] to 69.145.191.34
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: generating ID_PROT request 0 [ SA V V V V V ]
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (532 bytes)
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: received packet: from 69.145.191.34[500] to 192.168.1.141[500] (156 bytes)
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: parsed ID_PROT response 0 [ SA V V V V ]
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: received XAuth vendor ID
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: received DPD vendor ID
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: received FRAGMENTATION vendor ID
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: received NAT-T (RFC 3947) vendor ID
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (244 bytes)
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: received packet: from 69.145.191.34[500] to 192.168.1.141[500] (244 bytes)
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: local host is behind NAT, sending keep alives
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: generating ID_PROT request 0 [ ID HASH ]
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (68 bytes)
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: received packet: from 69.145.191.34[500] to 192.168.1.141[500] (68 bytes)
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: invalid HASH_V1 payload length, decryption failed?
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: could not decrypt payloads
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: message parsing failed
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: ignore malformed INFORMATIONAL request
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: INFORMATIONAL_V1 request with message ID 2887281607 processing failed
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: sending retransmit 1 of request message ID 0, seq 3
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (68 bytes)
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: received packet: from 69.145.191.34[500] to 192.168.1.141[500] (68 bytes)
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: invalid HASH_V1 payload length, decryption failed?
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: could not decrypt payloads
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: message parsing failed
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: ignore malformed INFORMATIONAL request
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: INFORMATIONAL_V1 request with message ID 2996508890 processing failed
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: destroying IKE_SA in state CONNECTING without notification
Apr 29 18:44:20 internetmosquito-PE72-7RD NetworkManager[41995]: establishing connection 'd46a57e1-6f19-49af-86a6-714d5a58be85' failed
Apr 29 18:44:20 internetmosquito-PE72-7RD nm-l2tp-service[41941]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failedGonna try to change manager to don't use default port...what about using libreswan instead?
Actually I realized that your comment was actually if system xl2tpd was listening on port 1701, but that was not the case on the attempt above
sudo ss -unlp | grep 1701Nothing is listening in that port.
dkosovic
commented
2 years ago The invalid HASH_V1 payload length, decryption failed? error is most likely the result of a PSK mismatch, e.g. :
Double check the PSK is correct.
You won't be able to switch to libreswan because of the following :
selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024Your VPN server accepted the weakest phase 1 proposal that is too weak for libreswan, it is no longer built with DH2 (modp_1024) support by default.
avillamarin-plenty
commented
2 years ago @dkosovic I think you might be right...I changed the key, but still not able to connect...
Apr 30 01:18:41 internetmosquito-PE72-7RD NetworkManager[893]: <info> [1651274321.3294] vpn[0x55b778ffc9d0,d46a57e1-6f19-49af-86a6-714d5a58be85,"PLenty"]: starting l2tp
Apr 30 01:18:41 internetmosquito-PE72-7RD NetworkManager[893]: <info> [1651274321.3298] audit: op="connection-activate" uuid="d46a57e1-6f19-49af-86a6-714d5a58be85" name="PLenty" pid=2455 uid=1000 result="success"
Apr 30 01:18:41 internetmosquito-PE72-7RD nm-l2tp-service[61630]: Check port 1701
Apr 30 01:18:41 internetmosquito-PE72-7RD NetworkManager[61646]: Stopping strongSwan IPsec failed: starter is not running
Apr 30 01:18:43 internetmosquito-PE72-7RD NetworkManager[61643]: Starting strongSwan 5.9.5 IPsec [starter]...
Apr 30 01:18:43 internetmosquito-PE72-7RD NetworkManager[61643]: Loading config setup
Apr 30 01:18:43 internetmosquito-PE72-7RD NetworkManager[61643]: Loading conn 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.5, Linux 5.15.0-27-generic, x86_64)
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[LIB] providers loaded by OpenSSL: legacy default
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[CFG] loaded IKE secret for %any
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 00[JOB] spawning 16 worker threads
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 05[CFG] received stroke: add connection 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 30 01:18:43 internetmosquito-PE72-7RD charon: 05[CFG] added configuration 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 07[CFG] rereading secrets
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 07[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 07[CFG] loaded IKE secret for %any
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 10[CFG] received stroke: initiate 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 12[IKE] initiating Main Mode IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] to 69.145.191.34
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 12[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 12[NET] sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (236 bytes)
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 11[NET] received packet: from 69.145.191.34[500] to 192.168.1.141[500] (156 bytes)
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 11[ENC] parsed ID_PROT response 0 [ SA V V V V ]
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 11[IKE] received XAuth vendor ID
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 11[IKE] received DPD vendor ID
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 11[IKE] received FRAGMENTATION vendor ID
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 11[IKE] received NAT-T (RFC 3947) vendor ID
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 11[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 11[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 11[NET] sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (244 bytes)
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 13[NET] received packet: from 69.145.191.34[500] to 192.168.1.141[500] (244 bytes)
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 13[IKE] local host is behind NAT, sending keep alives
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 13[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (68 bytes)
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 14[NET] received packet: from 69.145.191.34[4500] to 192.168.1.141[4500] (68 bytes)
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 14[ENC] parsed ID_PROT response 0 [ ID HASH ]
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 14[IKE] IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] established between 192.168.1.141[192.168.1.141]...69.145.191.34[69.145.191.34]
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 14[IKE] scheduling reauthentication in 9877s
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 14[IKE] maximum IKE_SA lifetime 10417s
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 14[ENC] generating QUICK_MODE request 1450984228 [ HASH SA No ID ID NAT-OA NAT-OA ]
Apr 30 01:18:44 internetmosquito-PE72-7RD charon: 14[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (244 bytes)
Apr 30 01:18:45 internetmosquito-PE72-7RD charon: 15[NET] received packet: from 69.145.191.34[4500] to 192.168.1.141[4500] (188 bytes)
Apr 30 01:18:45 internetmosquito-PE72-7RD charon: 15[ENC] parsed QUICK_MODE response 1450984228 [ HASH SA No ID ID NAT-OA NAT-OA ]
Apr 30 01:18:45 internetmosquito-PE72-7RD charon: 15[CFG] selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Apr 30 01:18:45 internetmosquito-PE72-7RD charon: 15[IKE] CHILD_SA d46a57e1-6f19-49af-86a6-714d5a58be85{1} established with SPIs ce2d42db_i c784db2c_o and TS 192.168.1.141/32[udp/l2f] === 69.145.191.34/32[udp/l2f]
Apr 30 01:18:45 internetmosquito-PE72-7RD charon: 15[ENC] generating QUICK_MODE request 1450984228 [ HASH ]
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: initiating Main Mode IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] to 69.145.191.34
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: generating ID_PROT request 0 [ SA V V V V V ]
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (236 bytes)
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: received packet: from 69.145.191.34[500] to 192.168.1.141[500] (156 bytes)
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: parsed ID_PROT response 0 [ SA V V V V ]
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: received XAuth vendor ID
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: received DPD vendor ID
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: received FRAGMENTATION vendor ID
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: received NAT-T (RFC 3947) vendor ID
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (244 bytes)
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: received packet: from 69.145.191.34[500] to 192.168.1.141[500] (244 bytes)
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: local host is behind NAT, sending keep alives
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: generating ID_PROT request 0 [ ID HASH ]
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (68 bytes)
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: received packet: from 69.145.191.34[4500] to 192.168.1.141[4500] (68 bytes)
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: parsed ID_PROT response 0 [ ID HASH ]
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] established between 192.168.1.141[192.168.1.141]...69.145.191.34[69.145.191.34]
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: scheduling reauthentication in 9877s
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: maximum IKE_SA lifetime 10417s
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: generating QUICK_MODE request 1450984228 [ HASH SA No ID ID NAT-OA NAT-OA ]
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (244 bytes)
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: received packet: from 69.145.191.34[4500] to 192.168.1.141[4500] (188 bytes)
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: parsed QUICK_MODE response 1450984228 [ HASH SA No ID ID NAT-OA NAT-OA ]
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: CHILD_SA d46a57e1-6f19-49af-86a6-714d5a58be85{1} established with SPIs ce2d42db_i c784db2c_o and TS 192.168.1.141/32[udp/l2f] === 69.145.191.34/32[udp/l2f]
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61692]: connection 'd46a57e1-6f19-49af-86a6-714d5a58be85' established successfully
Apr 30 01:18:45 internetmosquito-PE72-7RD charon: 15[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (60 bytes)
Apr 30 01:18:45 internetmosquito-PE72-7RD nm-l2tp-service[61630]: kl2tpd started with pid 61698
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=info tunnel_name=t1 session_name=s1 message="new dynamic session" session_id=12828 peer_session_id=0 pseudowire=7
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=info tunnel_name=t1 message="new dynamic tunnel" version=2 encap=UDP local=0.0.0.0:1701 peer=69.145.191.34:1701 tunnel_id=6402 peer_tunnel_id=0
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 message="fsm event" event=open
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=send message_type=avpMsgTypeSccrq
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=send message_type=avpMsgTypeSccrq ns=0 nr=0 isRetransmit=false
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message="socket recv" length=148
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=recv message_type=avpMsgTypeSccrp
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message="send complete" message_type=avpMsgTypeSccrq error=null
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 message="fsm event" event=newsession
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 message="fsm event" event=sccrp
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=send message_type=avpMsgTypeScccn
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=send message_type=avpMsgTypeScccn ns=1 nr=1 isRetransmit=false
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message="socket recv" length=12
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message="send complete" message_type=avpMsgTypeScccn error=null
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=info tunnel_name=t1 message="control plane established"
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=info tunnel_name=t1 message="data plane established"
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 session_name=s1 message="fsm event" event=tunnelopen
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=send message_type=avpMsgTypeIcrq
Apr 30 01:18:45 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=send message_type=avpMsgTypeIcrq ns=2 nr=1 isRetransmit=false
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message="socket recv" length=28
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=recv message_type=avpMsgTypeIcrp
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 message="fsm event" event=sessionmsg
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message="send complete" message_type=avpMsgTypeIcrq error=null
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 session_name=s1 message="fsm event" event=icrp
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=send message_type=avpMsgTypeIccn
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=send message_type=avpMsgTypeIccn ns=3 nr=2 isRetransmit=false
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message="socket recv" length=34
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=error tunnel_name=t1 function=transport message="frame receive failed" error="malformed header: length 6402 exceeds buffer bounds of 30"
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message="socket recv" length=12
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message="send complete" message_type=avpMsgTypeIccn error=null
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=info tunnel_name=t1 session_name=s1 message="control plane established"
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=info tunnel_name=t1 session_name=s1 message="data plane established"
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[61698]: level=info message="session up" tunnel_name=t1 session_name=s1 tunnel_id=6402 session_id=12828 peer_tunnel_id=58089 peer_session_id=6545
Apr 30 01:18:46 internetmosquito-PE72-7RD pppd[61707]: Plugin pppol2tp.so loaded.
Apr 30 01:18:46 internetmosquito-PE72-7RD pppd[61707]: Plugin /usr/lib/pppd/2.4.9/nm-l2tp-pppd-plugin.so loaded.
Apr 30 01:18:46 internetmosquito-PE72-7RD pppd[61707]: pppd 2.4.9 started by root, uid 0
Apr 30 01:18:46 internetmosquito-PE72-7RD pppd[61707]: Using interface ppp0
Apr 30 01:18:46 internetmosquito-PE72-7RD pppd[61707]: Connect: ppp0 <-->
Apr 30 01:18:46 internetmosquito-PE72-7RD pppd[61707]: Overriding mtu 1500 to 1400
Apr 30 01:18:46 internetmosquito-PE72-7RD pppd[61707]: Overriding mru 1500 to mtu value 1400
Apr 30 01:18:46 internetmosquito-PE72-7RD NetworkManager[893]: <info> [1651274326.6254] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/9)
Apr 30 01:18:46 internetmosquito-PE72-7RD systemd-udevd[61711]: Using default interface naming scheme 'v249'.
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message="socket recv" length=36
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=recv message_type=avpMsgTypeSli
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=error tunnel_name=t1 message="bad control message" message_type=avpMsgTypeSli error="no specification for v2 message avpMsgTypeSli"
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 message="fsm event" event=close
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=send message_type=avpMsgTypeStopccn
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=send message_type=avpMsgTypeStopccn ns=4 nr=3 isRetransmit=false
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message="socket recv" length=36
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message=recv message_type=avpMsgTypeCdn
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 function=transport message="send complete" message_type=avpMsgTypeStopccn error=null
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=info message="session down" result= tunnel_name=t1 session_name=s1 tunnel_id=6402 session_id=12828 peer_tunnel_id=58089 peer_session_id=6545
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=info message="killing pseudowire"
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=info tunnel_name=t1 session_name=s1 message=close
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=error tunnel_name=t1 function=transport message="socket read failed" error="use of closed file"
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=error tunnel_name=t1 function=transport message="transport down" error="transport shut down by user"
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=info tunnel_name=t1 message=close
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=error tunnel_name=t1 message="unhandled v2 control message" message_type=avpMsgTypeSli
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=debug tunnel_name=t1 message="fsm event" event=close
Apr 30 01:18:49 internetmosquito-PE72-7RD NetworkManager[61698]: level=error tunnel_name=t1 message="failed to handle fsm event" error="no transition defined for event close in state dead"
Apr 30 01:18:49 internetmosquito-PE72-7RD pppd[61707]: Terminating on signal 2
Apr 30 01:18:49 internetmosquito-PE72-7RD pppd[61707]: Overriding mtu 1500 to 1400
Apr 30 01:18:49 internetmosquito-PE72-7RD pppd[61707]: Overriding mru 1500 to mtu value 1400
Apr 30 01:18:55 internetmosquito-PE72-7RD pppd[61707]: Connection terminated.
Apr 30 01:18:55 internetmosquito-PE72-7RD charon: 10[KNL] interface ppp0 deleted
Apr 30 01:18:55 internetmosquito-PE72-7RD NetworkManager[61698]: level=info message="received signal, shutting down"
Apr 30 01:18:55 internetmosquito-PE72-7RD NetworkManager[893]: <warn> [1651274335.5931] vpn[0x55b778ffc9d0,d46a57e1-6f19-49af-86a6-714d5a58be85,"PLenty"]: dbus: failure: connect-failed (1)
Apr 30 01:18:55 internetmosquito-PE72-7RD gnome-shell[2455]: Removing a network device that was not added
Apr 30 01:18:55 internetmosquito-PE72-7RD NetworkManager[61751]: Stopping strongSwan IPsec...
Apr 30 01:18:55 internetmosquito-PE72-7RD charon: 00[DMN] SIGINT received, shutting down
Apr 30 01:18:55 internetmosquito-PE72-7RD charon: 00[IKE] closing CHILD_SA d46a57e1-6f19-49af-86a6-714d5a58be85{1} with SPIs ce2d42db_i (569 bytes) c784db2c_o (552 bytes) and TS 192.168.1.141/32[udp/l2f] === 69.145.191.34/32[udp/l2f]
Apr 30 01:18:55 internetmosquito-PE72-7RD charon: 00[IKE] sending DELETE for ESP CHILD_SA with SPI ce2d42db
Apr 30 01:18:55 internetmosquito-PE72-7RD charon: 00[ENC] generating INFORMATIONAL_V1 request 313271311 [ HASH D ]
Apr 30 01:18:55 internetmosquito-PE72-7RD charon: 00[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (76 bytes)
Apr 30 01:18:55 internetmosquito-PE72-7RD charon: 00[IKE] deleting IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] between 192.168.1.141[192.168.1.141]...69.145.191.34[69.145.191.34]
Apr 30 01:18:55 internetmosquito-PE72-7RD charon: 00[IKE] sending DELETE for IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1]
Apr 30 01:18:55 internetmosquito-PE72-7RD charon: 00[ENC] generating INFORMATIONAL_V1 request 3637829787 [ HASH D ]
Apr 30 01:18:55 internetmosquito-PE72-7RD charon: 00[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (84 bytes)
Apr 30 01:18:55 internetmosquito-PE72-7RD pppd[61707]: Modem hangup
Apr 30 01:18:55 internetmosquito-PE72-7RD pppd[61707]: Exit.
Apr 30 01:18:55 internetmosquito-PE72-7RD NetworkManager[61698]: level=error message="pppd exited with an error code" error="exit status 16" error_message="the link was terminated by the modem hanging up"
Apr 30 01:18:55 internetmosquito-PE72-7RD NetworkManager[61698]: level=info message="graceful shutdown complete"
Apr 30 01:18:55 internetmosquito-PE72-7RD NetworkManager[61698]: level=info message="pseudowire terminated"
Apr 30 01:18:55 internetmosquito-PE72-7RD nm-l2tp-service[61630]: ipsec shut down
Apr 30 01:19:02 internetmosquito-PE72-7RD kernel: [54979.384852] audit: type=1326 audit(1651274342.120:278): auid=1000 uid=1000 gid=1000 ses=4 subj=? pid=4142 comm="slack" exe="/snap/slack/61/usr/lib/slack/slack" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7fb3bc2a43b7 code=0x50000
Might this be related with the fact that kl2tpd is being used instead of xl2tpd?
Apr 30 01:18:45 internetmosquito-PE72-7RD nm-l2tp-service[61630]: kl2tpd started with pid 61698I think no specification for v2 message avpMsgTypeSli is something wrong with the credentials, but odd that we don't see any of the pppd errors indicating authentication issues.
Double check the username/password is correct. If the connection works with Win10, you can uncheck all of the authentication types in the PPP options except for MSCHAPv2.
If you want to revert back to xl2tpd, sudo rm /usr/local/sbin/kl2tpd
avillamarin-plenty
commented
2 years ago Okay, so I deleted kl2tpd and confirmed credentials....now I get this
Apr 30 02:24:30 internetmosquito-PE72-7RD NetworkManager[893]: <info> [1651278270.7510] vpn[0x55b778ffc250,d46a57e1-6f19-49af-86a6-714d5a58be85,"Plenty"]: starting l2tp
Apr 30 02:24:30 internetmosquito-PE72-7RD NetworkManager[893]: <info> [1651278270.7513] audit: op="connection-activate" uuid="d46a57e1-6f19-49af-86a6-714d5a58be85" name="Plenty" pid=2455 uid=1000 result="success"
Apr 30 02:24:30 internetmosquito-PE72-7RD nm-l2tp-service[68220]: Check port 1701
Apr 30 02:24:30 internetmosquito-PE72-7RD NetworkManager[68236]: Stopping strongSwan IPsec failed: starter is not running
Apr 30 02:24:32 internetmosquito-PE72-7RD NetworkManager[68233]: Starting strongSwan 5.9.5 IPsec [starter]...
Apr 30 02:24:32 internetmosquito-PE72-7RD NetworkManager[68233]: Loading config setup
Apr 30 02:24:32 internetmosquito-PE72-7RD NetworkManager[68233]: Loading conn 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.5, Linux 5.15.0-27-generic, x86_64)
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[LIB] providers loaded by OpenSSL: legacy default
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[CFG] loaded IKE secret for %any
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 00[JOB] spawning 16 worker threads
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 05[CFG] received stroke: add connection 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 30 02:24:32 internetmosquito-PE72-7RD charon: 05[CFG] added configuration 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 30 02:24:33 internetmosquito-PE72-7RD charon: 07[CFG] rereading secrets
Apr 30 02:24:33 internetmosquito-PE72-7RD charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
Apr 30 02:24:33 internetmosquito-PE72-7RD charon: 07[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Apr 30 02:24:33 internetmosquito-PE72-7RD charon: 07[CFG] loaded IKE secret for %any
Apr 30 02:24:33 internetmosquito-PE72-7RD charon: 10[CFG] received stroke: initiate 'd46a57e1-6f19-49af-86a6-714d5a58be85'
Apr 30 02:24:33 internetmosquito-PE72-7RD charon: 11[IKE] initiating Main Mode IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] to 69.145.191.34
Apr 30 02:24:33 internetmosquito-PE72-7RD charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Apr 30 02:24:33 internetmosquito-PE72-7RD charon: 11[NET] sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (236 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 12[NET] received packet: from 69.145.191.34[500] to 192.168.1.141[500] (156 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 12[ENC] parsed ID_PROT response 0 [ SA V V V V ]
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 12[IKE] received XAuth vendor ID
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 12[IKE] received DPD vendor ID
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 12[IKE] received FRAGMENTATION vendor ID
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 12[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 12[NET] sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (244 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 13[NET] received packet: from 69.145.191.34[500] to 192.168.1.141[500] (244 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 13[IKE] local host is behind NAT, sending keep alives
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 13[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (68 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 14[NET] received packet: from 69.145.191.34[4500] to 192.168.1.141[4500] (68 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 14[ENC] parsed ID_PROT response 0 [ ID HASH ]
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 14[IKE] IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] established between 192.168.1.141[192.168.1.141]...69.145.191.34[69.145.191.34]
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 14[IKE] scheduling reauthentication in 9889s
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 14[IKE] maximum IKE_SA lifetime 10429s
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 14[ENC] generating QUICK_MODE request 2939151499 [ HASH SA No ID ID NAT-OA NAT-OA ]
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 14[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (244 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 15[NET] received packet: from 69.145.191.34[4500] to 192.168.1.141[4500] (188 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 15[ENC] parsed QUICK_MODE response 2939151499 [ HASH SA No ID ID NAT-OA NAT-OA ]
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 15[CFG] selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 15[IKE] CHILD_SA d46a57e1-6f19-49af-86a6-714d5a58be85{1} established with SPIs ce531dca_i c6316612_o and TS 192.168.1.141/32[udp/l2f] === 69.145.191.34/32[udp/l2f]
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: initiating Main Mode IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] to 69.145.191.34
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: generating ID_PROT request 0 [ SA V V V V V ]
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (236 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: received packet: from 69.145.191.34[500] to 192.168.1.141[500] (156 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: parsed ID_PROT response 0 [ SA V V V V ]
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: received XAuth vendor ID
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: received DPD vendor ID
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: received FRAGMENTATION vendor ID
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: received NAT-T (RFC 3947) vendor ID
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: sending packet: from 192.168.1.141[500] to 69.145.191.34[500] (244 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: received packet: from 69.145.191.34[500] to 192.168.1.141[500] (244 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: local host is behind NAT, sending keep alives
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: generating ID_PROT request 0 [ ID HASH ]
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (68 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: received packet: from 69.145.191.34[4500] to 192.168.1.141[4500] (68 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: parsed ID_PROT response 0 [ ID HASH ]
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] established between 192.168.1.141[192.168.1.141]...69.145.191.34[69.145.191.34]
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: scheduling reauthentication in 9889s
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: maximum IKE_SA lifetime 10429s
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: generating QUICK_MODE request 2939151499 [ HASH SA No ID ID NAT-OA NAT-OA ]
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (244 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: received packet: from 69.145.191.34[4500] to 192.168.1.141[4500] (188 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: parsed QUICK_MODE response 2939151499 [ HASH SA No ID ID NAT-OA NAT-OA ]
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: CHILD_SA d46a57e1-6f19-49af-86a6-714d5a58be85{1} established with SPIs ce531dca_i c6316612_o and TS 192.168.1.141/32[udp/l2f] === 69.145.191.34/32[udp/l2f]
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68278]: connection 'd46a57e1-6f19-49af-86a6-714d5a58be85' established successfully
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 15[ENC] generating QUICK_MODE request 2939151499 [ HASH ]
Apr 30 02:24:34 internetmosquito-PE72-7RD charon: 15[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (60 bytes)
Apr 30 02:24:34 internetmosquito-PE72-7RD nm-l2tp-service[68220]: xl2tpd started with pid 68284
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Not looking for kernel SAref support.
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Using l2tp kernel support.
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: xl2tpd version xl2tpd-1.3.16 started on internetmosquito-PE72-7RD PID:68284
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Forked by Scott Balmos and David Stipp, (C) 2001
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Inherited by Jeff McAdams, (C) 2002
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Listening on IP address 0.0.0.0, port 1701
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Connecting to host 69.145.191.34, port 1701
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Can not find tunnel 148 (refhim=0)
Apr 30 02:24:34 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: network_thread: unable to find call or tunnel to handle packet. call = 61585, tunnel = 148 Dumping.
Apr 30 02:24:35 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Can not find tunnel 12 (refhim=0)
Apr 30 02:24:35 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: network_thread: unable to find call or tunnel to handle packet. call = 61585, tunnel = 12 Dumping.
Apr 30 02:24:37 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Can not find tunnel 148 (refhim=0)
Apr 30 02:24:37 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: network_thread: unable to find call or tunnel to handle packet. call = 61585, tunnel = 148 Dumping.
Apr 30 02:24:38 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Can not find tunnel 148 (refhim=0)
Apr 30 02:24:38 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: network_thread: unable to find call or tunnel to handle packet. call = 61585, tunnel = 148 Dumping.
Apr 30 02:24:39 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Can not find tunnel 148 (refhim=0)
Apr 30 02:24:39 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: network_thread: unable to find call or tunnel to handle packet. call = 61585, tunnel = 148 Dumping.
Apr 30 02:24:40 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Can not find tunnel 148 (refhim=0)
Apr 30 02:24:40 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: network_thread: unable to find call or tunnel to handle packet. call = 61585, tunnel = 148 Dumping.
Apr 30 02:24:42 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Can not find tunnel 148 (refhim=0)
Apr 30 02:24:42 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: network_thread: unable to find call or tunnel to handle packet. call = 61585, tunnel = 148 Dumping.
Apr 30 02:24:48 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: death_handler: Fatal signal 15 received
Apr 30 02:24:48 internetmosquito-PE72-7RD NetworkManager[68284]: xl2tpd[68284]: Connection 0 closed to 69.145.191.34, port 1701 (Server closing)
Apr 30 02:24:48 internetmosquito-PE72-7RD NetworkManager[893]: <warn> [1651278288.6771] vpn[0x55b778ffc250,d46a57e1-6f19-49af-86a6-714d5a58be85,"Plenty"]: dbus: failure: connect-failed (1)
Apr 30 02:24:48 internetmosquito-PE72-7RD NetworkManager[893]: <warn> [1651278288.6772] vpn[0x55b778ffc250,d46a57e1-6f19-49af-86a6-714d5a58be85,"Plenty"]: dbus: failure: connect-failed (1)
Apr 30 02:24:48 internetmosquito-PE72-7RD NetworkManager[68295]: Stopping strongSwan IPsec...
Apr 30 02:24:48 internetmosquito-PE72-7RD charon: 00[DMN] SIGINT received, shutting down
Apr 30 02:24:48 internetmosquito-PE72-7RD charon: 00[IKE] closing CHILD_SA d46a57e1-6f19-49af-86a6-714d5a58be85{1} with SPIs ce531dca_i (956 bytes) c6316612_o (580 bytes) and TS 192.168.1.141/32[udp/l2f] === 69.145.191.34/32[udp/l2f]
Apr 30 02:24:48 internetmosquito-PE72-7RD charon: 00[IKE] sending DELETE for ESP CHILD_SA with SPI ce531dca
Apr 30 02:24:48 internetmosquito-PE72-7RD charon: 00[ENC] generating INFORMATIONAL_V1 request 1154684576 [ HASH D ]
Apr 30 02:24:48 internetmosquito-PE72-7RD charon: 00[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (76 bytes)
Apr 30 02:24:48 internetmosquito-PE72-7RD charon: 00[IKE] deleting IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1] between 192.168.1.141[192.168.1.141]...69.145.191.34[69.145.191.34]
Apr 30 02:24:48 internetmosquito-PE72-7RD charon: 00[IKE] sending DELETE for IKE_SA d46a57e1-6f19-49af-86a6-714d5a58be85[1]
Apr 30 02:24:48 internetmosquito-PE72-7RD charon: 00[ENC] generating INFORMATIONAL_V1 request 1955244909 [ HASH D ]
Apr 30 02:24:48 internetmosquito-PE72-7RD charon: 00[NET] sending packet: from 192.168.1.141[4500] to 69.145.191.34[4500] (84 bytes)
Apr 30 02:24:48 internetmosquito-PE72-7RD nm-l2tp-service[68220]: ipsec shut down
Wondering why xl2tpd will not find a proper tunnel?
dkosovic
commented
2 years ago xlt2pd that ships with Ubuntu 22.04 is broken because it was built with LTO linker flags and they will be releasing a new package that isn't built with that LTO flag, As you originally posted a link on installing an older xl2tpd from a previous Ubuntu repository, that's what I assumed you installed, it wasn't built with LTO and should work, the person that said it didn't was probably getting a different error.
If you use an older xl2tpd from Ubuntu 21.10 or the one that will be in Ubuntu updates soon, you won't get the Can not find tunnel error.
In the kltpd case, I'm pretty sure it is a PPP authentication issues, the VPN server sent a hangup instead of the authentication error code, it is probably misconfigured and has enabled all of the authentication methods, but hasn't configured the corresponding backends except for maybe MSCHAPv2. that's why I suggested to disable the other authentication methods.
avillamarin-plenty
commented
2 years ago @dkosovic I figured it out thanks to your last comment...when I was uninstalling xl2tpd to install an older version both network-manager-t2lp and network-manager-gnome were being removed too, thus, when REINSTALLING them, newest version of xl2tpd was installed alongside, causing the issue as you descibed (not being able to find a tunnerl).
So basically I just installed the older version on top of the existing more recent one and I'm able to connect.
Thank you so much for your support! You rock!
There ia no release for ubuntu 22.04 at the moment.