Closed liujqian closed 2 years ago
dkosovic
commented
2 years ago Looking at the cannot initiate connection with narrowing=no which is mentioned on the following page and seems to be related to port 1701:
Could you try stopping the system xl2tpd to make port 1701 free, see :
Then try connecting again.
dkosovic
commented
2 years ago I suspect it is the following line in the code is causing this issue:
But stopping the system xl2tpd and not enabling the "Use L2TP ephemeral source port" should be a workaround for the time being if libreswan is used.
liujqian
commented
2 years ago @dkosovic Thank you for replying, I have already shut stopped the system xl2tpd as described in the repo's readme and I still cannot connect. "Use L2TP ephemeral source port" is not ticked. Is there any other workaround that you can think of? Thank you for replying.
liujqian
commented
2 years ago @dkosovic I tried again and got the following logs:
Apr 23 18:23:12 NetworkManager[900]:
I think it is very similar to the problem reported at https://github.com/nm-l2tp/NetworkManager-l2tp/issues/182#issuecomment-1107435016. Can you please double check on that? Thank you so much!
dkosovic
commented
2 years ago I've just finished upgrading to Ubuntu 22.04 and have reproduced the xl2tpd issue.
The main difference with the other issue is that the strongswan quick mode (phase 2) failed for the IPsec connection. In your case and mine, quick mode was successful, but the xl2tpd connection failed in the same way.
liujqian
commented
2 years ago @dkosovic Thanks again for your help and replies. I see that you mentioned kl2tpd in the other issue. If the issue is about xl2tpd, would installing kl2tpd be a work around?
dkosovic
commented
2 years ago maybe
liujqian
commented
2 years ago @dkosovic The connection is working again after I downloaded kl2tpd as you instructed in https://github.com/nm-l2tp/NetworkManager-l2tp/issues/182#issuecomment-1107433256. Thank you so much for the help! I am closing this issue for now. If the xl2tpd problem is later fixed, can you please make a mention to me so I am aware? Thank you for your work.
dkosovic
commented
2 years ago Will do, thanks for letting me know it works with kl2tpd (which is from the authors of the L2TP Linux kernel modules that xl2tpd also uses).
dkosovic
commented
2 years ago The broken Ubuntu 22.04 xl2tpd package was first reported back on 2021-11-22 :
Hopefully Ubuntu will release a new xl2tpd soon now that Ubuntu 22.04 has been released. Probably best to keep an eye out on the above Ubuntu report for latest news.
erik78se
commented
2 years ago I have no issues connecting with the current Ubuntu 22.04.
Just make sure to select only PPP options -> "MSCHAP + MSCHAP2". No other authentication methods should be there.
uname -a Linux frozen 5.15.0-40-generic #43-Ubuntu SMP Wed Jun 15 12:54:21 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
I upgraded to Ubuntun 22.04 from 20.04. I can confirm that the VPN configuration can work on ubuntu 20.04 but is no longer working. The log printed out by entering
journalctl -b --no-hostname _SYSTEMD_UNIT=NetworkManager.service + SYSLOG_IDENTIFIER=pppdis given below. Any debugging tips would be helpful.Apr 23 17:30:22 NetworkManager[900]: [1650706222.9405] vpn[0x55cba0acc330,006bb3fe-9e05-40d7-bb27-d5f6beb5a20b,"Sudoprivacy"]: starting l2tp
Apr 23 17:30:22 NetworkManager[900]: [1650706222.9421] audit: op="connection-activate" uuid="006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" name="Sudoprivacy" pid=178448 uid=1000 result="success"
Apr 23 17:30:23 NetworkManager[181791]: Redirecting to: systemctl restart ipsec.service
Apr 23 17:30:23 NetworkManager[182096]: 002 listening for IKE messages
Apr 23 17:30:23 NetworkManager[182096]: 002 Kernel supports NIC esp-hw-offload
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface br-ad244f876f3d/br-ad244f876f3d (esp-hw-offload not supported by kernel) 172.22.0.1:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface br-ad244f876f3d/br-ad244f876f3d 172.22.0.1:4500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface docker0/docker0 (esp-hw-offload not supported by kernel) 172.17.0.1:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface docker0/docker0 172.17.0.1:4500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface br-700f2b9a7fe0/br-700f2b9a7fe0 (esp-hw-offload not supported by kernel) 172.18.0.1:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface br-700f2b9a7fe0/br-700f2b9a7fe0 172.18.0.1:4500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface br-b1ed58e17608/br-b1ed58e17608 (esp-hw-offload not supported by kernel) 172.19.0.1:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface br-b1ed58e17608/br-b1ed58e17608 172.19.0.1:4500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface wlp2s0/wlp2s0 (esp-hw-offload not supported by kernel) 172.20.10.3:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface wlp2s0/wlp2s0 172.20.10.3:4500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface lo/lo 127.0.0.1:4500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface lo/lo (esp-hw-offload not supported by kernel) [::1]:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface wlp2s0/wlp2s0 (esp-hw-offload not supported by kernel) [2408:8409:18a1:32ff:8647:bd64:4256:9e9]:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface wlp2s0/wlp2s0 (esp-hw-offload not supported by kernel) [2408:8409:18a1:32ff:f082:d53c:a5dd:1fa1]:500
Apr 23 17:30:23 NetworkManager[182096]: 002 loading secrets from "/etc/ipsec.secrets"
Apr 23 17:30:23 NetworkManager[182096]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 23 17:30:23 NetworkManager[182102]: debugging mode enabled
Apr 23 17:30:23 NetworkManager[182102]: end of file /run/nm-l2tp-006bb3fe-9e05-40d7-bb27-d5f6beb5a20b/ipsec.conf
Apr 23 17:30:23 NetworkManager[182102]: Loading conn 006bb3fe-9e05-40d7-bb27-d5f6beb5a20b
Apr 23 17:30:23 NetworkManager[182102]: starter: left is KH_DEFAULTROUTE
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" modecfgdns=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" modecfgdomains=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" modecfgbanner=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" mark=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" mark-in=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" mark-out=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" vti_iface=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" redirect-to=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" accept-redirect-to=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" esp=aes256-sha1,aes128-sha1,3des-sha1
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" ike=aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-ecp_384,aes128-sha1-ecp_256,3des-sha1-modp2048
Apr 23 17:30:23 NetworkManager[182102]: opening file: /run/nm-l2tp-006bb3fe-9e05-40d7-bb27-d5f6beb5a20b/ipsec.conf
Apr 23 17:30:23 NetworkManager[182102]: loading named conns: 006bb3fe-9e05-40d7-bb27-d5f6beb5a20b
Apr 23 17:30:23 NetworkManager[182102]: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Apr 23 17:30:23 NetworkManager[182102]: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Apr 23 17:30:23 NetworkManager[182102]: dst via 172.20.10.1 dev wlp2s0 src table 254
Apr 23 17:30:23 NetworkManager[182102]: set nexthop: 172.20.10.1
Apr 23 17:30:23 NetworkManager[182102]: dst 169.254.0.0 via dev wlp2s0 src table 254
Apr 23 17:30:23 NetworkManager[182102]: dst 172.17.0.0 via dev docker0 src 172.17.0.1 table 254
Apr 23 17:30:23 NetworkManager[182102]: dst 172.18.0.0 via dev br-700f2b9a7fe0 src 172.18.0.1 table 254
Apr 23 17:30:23 NetworkManager[182102]: dst 172.19.0.0 via dev br-b1ed58e17608 src 172.19.0.1 table 254
Apr 23 17:30:23 NetworkManager[182102]: dst 172.20.10.0 via dev wlp2s0 src 172.20.10.3 table 254
Apr 23 17:30:23 NetworkManager[182102]: dst 172.22.0.0 via dev br-ad244f876f3d src 172.22.0.1 table 254
Apr 23 17:30:23 NetworkManager[182102]: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.17.0.1 via dev docker0 src 172.17.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.17.255.255 via dev docker0 src 172.17.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.18.0.1 via dev br-700f2b9a7fe0 src 172.18.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.18.255.255 via dev br-700f2b9a7fe0 src 172.18.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.19.0.1 via dev br-b1ed58e17608 src 172.19.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.19.255.255 via dev br-b1ed58e17608 src 172.19.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.20.10.3 via dev wlp2s0 src 172.20.10.3 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.20.10.15 via dev wlp2s0 src 172.20.10.3 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.22.0.1 via dev br-ad244f876f3d src 172.22.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.22.255.255 via dev br-ad244f876f3d src 172.22.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Apr 23 17:30:23 NetworkManager[182102]: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Apr 23 17:30:23 NetworkManager[182102]: dst 172.20.10.1 via dev wlp2s0 src 172.20.10.3 table 254
Apr 23 17:30:23 NetworkManager[182102]: set addr: 172.20.10.3
Apr 23 17:30:23 NetworkManager[182102]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Apr 23 17:30:23 NetworkManager[182104]: 031 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b": cannot initiate connection with narrowing=no and (kind=CK_TEMPLATE)
Apr 23 17:30:23 NetworkManager[182104]: 036 failed to initiate 006bb3fe-9e05-40d7-bb27-d5f6beb5a20b
Apr 23 17:30:24 nm-l2tp-service[181778]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed