search

nm-l2tp / NetworkManager-l2tp

L2TP and L2TP/IPsec support for NetworkManager
GNU General Public License v2.0
486 stars 83 forks source link

ArchLinux l2tp vpn #191

Closed balroggg closed 1 year ago

balroggg commented 1 year ago

Vpn connection stopped working for me today. Maybe updates broke something or just our office relocated and changed something.

NetworkManager --version 1.38.2-2 networkmanager-l2tp 1.20.4-1 strongswan 5.9.5-1

Aug 01 21:17:13 nm-l2tp-service[31357]: Check port 1701
Aug 01 21:17:13 NetworkManager[31370]: Stopping strongSwan IPsec failed: starter is not running
Aug 01 21:17:15 NetworkManager[31367]: Starting strongSwan 5.9.5 IPsec [starter]...
Aug 01 21:17:15 NetworkManager[31367]: Loading config setup
Aug 01 21:17:15 NetworkManager[31367]: Loading conn 'e86b02d4-13a8-48f3-b6f5-151dbb46b83c'
Aug 01 21:17:15 ipsec_starter[31367]: Starting strongSwan 5.9.5 IPsec [starter]...
Aug 01 21:17:15 ipsec_starter[31367]: Loading config setup
Aug 01 21:17:15 ipsec_starter[31367]: Loading conn 'e86b02d4-13a8-48f3-b6f5-151dbb46b83c'
Aug 01 21:17:15 ipsec_starter[31382]: Attempting to start charon...
Aug 01 21:17:15 charon[31383]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.5, Linux 5.18.15-arch1-1, x86_64)
Aug 01 21:17:15 charon[31383]: 00[CFG] PKCS11 module '<name>' lacks library path
Aug 01 21:17:15 charon[31383]: 00[CFG] attr-sql plugin: database URI not set
Aug 01 21:17:15 charon[31383]: 00[NET] using forecast interface wlp3s0
Aug 01 21:17:15 charon[31383]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Aug 01 21:17:15 charon[31383]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug 01 21:17:15 charon[31383]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug 01 21:17:15 charon[31383]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug 01 21:17:15 charon[31383]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug 01 21:17:15 charon[31383]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug 01 21:17:15 charon[31383]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug 01 21:17:15 charon[31383]: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Aug 01 21:17:15 charon[31383]: 00[CFG]   loaded IKE secret for %any
Aug 01 21:17:15 charon[31383]: 00[CFG] sql plugin: database URI not set
Aug 01 21:17:15 charon[31383]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Aug 01 21:17:15 charon[31383]: 00[CFG] loaded 0 RADIUS server configurations
Aug 01 21:17:15 charon[31383]: 00[CFG] HA config misses local/remote address
Aug 01 21:17:15 charon[31383]: 00[CFG] no script for ext-auth script defined, disabled
Aug 01 21:17:15 charon[31383]: 00[LIB] loaded plugins: charon ldap pkcs11 aesni aes des rc2 sha2 sha3 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ntru drbg newhope bliss curl mysql sqlite attr kernel-netlink resolve socket-default bypass-lan connmark forecast farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp radattr unity counters
Aug 01 21:17:15 charon[31383]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug 01 21:17:15 charon[31383]: 00[JOB] spawning 16 worker threads
Aug 01 21:17:15 charon[31383]: 05[IKE] installed bypass policy for 192.168.88.0/24
Aug 01 21:17:15 charon[31383]: 05[IKE] installed bypass policy for ::1/128
Aug 01 21:17:15 charon[31383]: 05[IKE] installed bypass policy for fe80::/64
Aug 01 21:17:15 ipsec_starter[31382]: charon (31383) started after 40 ms
Aug 01 21:17:15 charon[31383]: 09[CFG] received stroke: add connection 'e86b02d4-13a8-48f3-b6f5-151dbb46b83c'
Aug 01 21:17:15 charon[31383]: 09[CFG] added configuration 'e86b02d4-13a8-48f3-b6f5-151dbb46b83c'
Aug 01 21:17:16 charon[31383]: 12[CFG] rereading secrets
Aug 01 21:17:16 charon[31383]: 12[CFG] loading secrets from '/etc/ipsec.secrets'
Aug 01 21:17:16 charon[31383]: 12[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Aug 01 21:17:16 charon[31383]: 12[CFG]   loaded IKE secret for %any
Aug 01 21:17:16 charon[31383]: 14[CFG] received stroke: initiate 'e86b02d4-13a8-48f3-b6f5-151dbb46b83c'
Aug 01 21:17:16 charon[31383]: 15[IKE] initiating Main Mode IKE_SA e86b02d4-13a8-48f3-b6f5-151dbb46b83c[1] to 95.161.236.250
Aug 01 21:17:16 charon[31383]: 15[IKE] initiating Main Mode IKE_SA e86b02d4-13a8-48f3-b6f5-151dbb46b83c[1] to 95.161.236.250
Aug 01 21:17:16 charon[31383]: 15[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Aug 01 21:17:16 charon[31383]: 15[NET] sending packet: from 192.168.88.13[500] to 95.161.236.250[500] (532 bytes)
Aug 01 21:17:16 charon[31383]: 01[NET] received packet: from 95.161.236.250[500] to 192.168.88.13[500] (100 bytes)
Aug 01 21:17:16 charon[31383]: 01[ENC] parsed ID_PROT response 0 [ SA V ]
Aug 01 21:17:16 charon[31383]: 01[IKE] received NAT-T (RFC 3947) vendor ID
Aug 01 21:17:16 charon[31383]: 01[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug 01 21:17:16 charon[31383]: 01[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug 01 21:17:16 charon[31383]: 01[NET] sending packet: from 192.168.88.13[500] to 95.161.236.250[500] (244 bytes)
Aug 01 21:17:16 charon[31383]: 06[NET] received packet: from 95.161.236.250[500] to 192.168.88.13[500] (304 bytes)
Aug 01 21:17:16 charon[31383]: 06[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
Aug 01 21:17:16 charon[31383]: 06[IKE] received Cisco Unity vendor ID
Aug 01 21:17:16 charon[31383]: 06[IKE] received DPD vendor ID
Aug 01 21:17:16 charon[31383]: 06[ENC] received unknown vendor ID: ac:02:1f:30:d4:f7:fc:87:9b:85:aa:88:5a:c7:69:e1
Aug 01 21:17:16 charon[31383]: 06[IKE] received XAuth vendor ID
Aug 01 21:17:16 charon[31383]: 06[IKE] local host is behind NAT, sending keep alives
Aug 01 21:17:16 charon[31383]: 06[ENC] generating ID_PROT request 0 [ ID HASH ]
Aug 01 21:17:16 charon[31383]: 06[NET] sending packet: from 192.168.88.13[4500] to 95.161.236.250[4500] (68 bytes)
Aug 01 21:17:16 charon[31383]: 07[NET] received packet: from 95.161.236.250[4500] to 192.168.88.13[4500] (68 bytes)
Aug 01 21:17:16 charon[31383]: 07[ENC] parsed ID_PROT response 0 [ ID HASH ]
Aug 01 21:17:16 charon[31383]: 07[IKE] IKE_SA e86b02d4-13a8-48f3-b6f5-151dbb46b83c[1] established between 192.168.88.13[192.168.88.13]...95.161.236.250[95.161.236.250]
Aug 01 21:17:16 charon[31383]: 07[IKE] IKE_SA e86b02d4-13a8-48f3-b6f5-151dbb46b83c[1] established between 192.168.88.13[192.168.88.13]...95.161.236.250[95.161.236.250]
Aug 01 21:17:16 charon[31383]: 07[IKE] scheduling reauthentication in 10112s
Aug 01 21:17:16 charon[31383]: 07[IKE] maximum IKE_SA lifetime 10652s
Aug 01 21:17:16 charon[31383]: 07[ENC] generating QUICK_MODE request 1398723178 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug 01 21:17:16 charon[31383]: 07[NET] sending packet: from 192.168.88.13[4500] to 95.161.236.250[4500] (244 bytes)
Aug 01 21:17:16 charon[31383]: 08[NET] received packet: from 95.161.236.250[4500] to 192.168.88.13[4500] (204 bytes)
Aug 01 21:17:16 charon[31383]: 08[ENC] parsed QUICK_MODE response 1398723178 [ HASH SA No ID ID NAT-OA NAT-OA N((24576)) ]
Aug 01 21:17:16 charon[31383]: 08[CFG] selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Aug 01 21:17:16 charon[31383]: 08[IKE] no acceptable traffic selectors found
Aug 01 21:17:16 NetworkManager[31412]: initiating Main Mode IKE_SA e86b02d4-13a8-48f3-b6f5-151dbb46b83c[1] to 95.161.236.250
Aug 01 21:17:16 NetworkManager[31412]: generating ID_PROT request 0 [ SA V V V V V ]
Aug 01 21:17:16 NetworkManager[31412]: sending packet: from 192.168.88.13[500] to 95.161.236.250[500] (532 bytes)
Aug 01 21:17:16 NetworkManager[31412]: received packet: from 95.161.236.250[500] to 192.168.88.13[500] (100 bytes)
Aug 01 21:17:16 NetworkManager[31412]: parsed ID_PROT response 0 [ SA V ]
Aug 01 21:17:16 NetworkManager[31412]: received NAT-T (RFC 3947) vendor ID
Aug 01 21:17:16 NetworkManager[31412]: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug 01 21:17:16 NetworkManager[31412]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug 01 21:17:16 NetworkManager[31412]: sending packet: from 192.168.88.13[500] to 95.161.236.250[500] (244 bytes)
Aug 01 21:17:16 NetworkManager[31412]: received packet: from 95.161.236.250[500] to 192.168.88.13[500] (304 bytes)
Aug 01 21:17:16 NetworkManager[31412]: parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
Aug 01 21:17:16 NetworkManager[31412]: received Cisco Unity vendor ID
Aug 01 21:17:16 NetworkManager[31412]: received DPD vendor ID
Aug 01 21:17:16 NetworkManager[31412]: received unknown vendor ID: ac:02:1f:30:d4:f7:fc:87:9b:85:aa:88:5a:c7:69:e1
Aug 01 21:17:16 NetworkManager[31412]: received XAuth vendor ID
Aug 01 21:17:16 NetworkManager[31412]: local host is behind NAT, sending keep alives
Aug 01 21:17:16 NetworkManager[31412]: generating ID_PROT request 0 [ ID HASH ]
Aug 01 21:17:16 NetworkManager[31412]: sending packet: from 192.168.88.13[4500] to 95.161.236.250[4500] (68 bytes)
Aug 01 21:17:16 NetworkManager[31412]: received packet: from 95.161.236.250[4500] to 192.168.88.13[4500] (68 bytes)
Aug 01 21:17:16 NetworkManager[31412]: parsed ID_PROT response 0 [ ID HASH ]
Aug 01 21:17:16 NetworkManager[31412]: IKE_SA e86b02d4-13a8-48f3-b6f5-151dbb46b83c[1] established between 192.168.88.13[192.168.88.13]...95.161.236.250[95.161.236.250]
Aug 01 21:17:16 NetworkManager[31412]: scheduling reauthentication in 10112s
Aug 01 21:17:16 NetworkManager[31412]: maximum IKE_SA lifetime 10652s
Aug 01 21:17:16 NetworkManager[31412]: generating QUICK_MODE request 1398723178 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug 01 21:17:16 NetworkManager[31412]: sending packet: from 192.168.88.13[4500] to 95.161.236.250[4500] (244 bytes)
Aug 01 21:17:16 NetworkManager[31412]: received packet: from 95.161.236.250[4500] to 192.168.88.13[4500] (204 bytes)
Aug 01 21:17:16 NetworkManager[31412]: parsed QUICK_MODE response 1398723178 [ HASH SA No ID ID NAT-OA NAT-OA N((24576)) ]
Aug 01 21:17:16 NetworkManager[31412]: selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Aug 01 21:17:16 NetworkManager[31412]: no acceptable traffic selectors found
Aug 01 21:17:16 NetworkManager[31412]: establishing connection 'e86b02d4-13a8-48f3-b6f5-151dbb46b83c' failed
Aug 01 21:17:16 charon[31383]: 08[ENC] generating INFORMATIONAL_V1 request 2609491925 [ HASH N(NO_PROP) ]
Aug 01 21:17:16 charon[31383]: 08[NET] sending packet: from 192.168.88.13[4500] to 95.161.236.250[4500] (76 bytes)
Aug 01 21:17:16 NetworkManager[31418]: Stopping strongSwan IPsec...
Aug 01 21:17:16 charon[31383]: 00[DMN] SIGINT received, shutting down
Aug 01 21:17:16 charon[31383]: 00[IKE] deleting IKE_SA e86b02d4-13a8-48f3-b6f5-151dbb46b83c[1] between 192.168.88.13[192.168.88.13]...95.161.236.250[95.161.236.250]
Aug 01 21:17:16 charon[31383]: 00[IKE] deleting IKE_SA e86b02d4-13a8-48f3-b6f5-151dbb46b83c[1] between 192.168.88.13[192.168.88.13]...95.161.236.250[95.161.236.250]
Aug 01 21:17:16 charon[31383]: 00[IKE] sending DELETE for IKE_SA e86b02d4-13a8-48f3-b6f5-151dbb46b83c[1]
Aug 01 21:17:16 charon[31383]: 00[ENC] generating INFORMATIONAL_V1 request 422365866 [ HASH D ]
Aug 01 21:17:16 charon[31383]: 00[NET] sending packet: from 192.168.88.13[4500] to 95.161.236.250[4500] (84 bytes)
Aug 01 21:17:16 charon[31383]: 00[IKE] uninstalling bypass policy for 192.168.88.0/24
Aug 01 21:17:16 charon[31383]: 00[IKE] uninstalling bypass policy for ::1/128
Aug 01 21:17:16 charon[31383]: 00[IKE] uninstalling bypass policy for fe80::/64
Aug 01 21:17:16 ipsec_starter[31382]: child 31383 (charon) has quit (exit code 0)
Aug 01 21:17:16 ipsec_starter[31382]:
Aug 01 21:17:16 ipsec_starter[31382]: charon stopped after 200 ms
Aug 01 21:17:16 ipsec_starter[31382]: ipsec starter stopped
Aug 01 21:17:16 nm-l2tp-service[31357]: Could not establish IPsec connection.
Aug 01 21:17:16 nm-l2tp-service[31357]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
balroggg commented 1 year ago

Sorry, I fix issue by https://github.com/nm-l2tp/NetworkManager-l2tp/wiki/Known-Issues#strongswan-no-acceptable-traffic-selectors-found Thanks a lot!