dkosovic
commented
4 months ago That behavior is a consequence of commit https://github.com/nm-l2tp/NetworkManager-l2tp/commit/fdf5d98e86c5f0a97f9649fa3e23b3c001a93340 in version 1.20.12 which doesn't disable the Compression Control Protocol (CCP) when MPPE is enabled (as MPPE protocol negotiation happens within CPP)
MPPE protocol negotiation had been broken since 2013 with commit https://github.com/nm-l2tp/NetworkManager-l2tp/commit/5fe98f70344e842faa28014be7ba259c2db7ae8b which disabled CCP :
When MPPE is successfully negotiated, the following should appear in the logs (or similar for MPPE 40 or 64-bit) :
MPPE 128-bit stateless compression enabled
MPPE encryption is very weak and is typically only used with L2TP VPN connections, not L2TP/IPsec which use much stronger IPsec encryption.
lprobsth
yutkat
On manjaro I'm using L2TP/IPsec for connecting to a SoftEther VPN server. Until a month ago everything worked as intended. After a recent update the connection stopped working with the error "MPPE required but peer negotiation failed".
I looked into recent updates and tested some downgrades.
This is the combination that did not work: NetworkManager: 1.46.0 NetworkManager-l2tp: 1.20.12 PPP: 2.5.0
This is the combination that works: NetworkManager: 1.46.0 NetworkManager-l2tp: 1.20.10 PPP: 2.5.0
It seems that the update of the l2tp plugin broke the functionality. I looked into the changes between the versions but couldn't find the reason without further knowledge.
Do you need more details (configuration files, logs)?