Closed mkbrv closed 7 years ago
What network-manager-l2tp does is temporarily rename /etc/ipsec.secrets
to /etc/ipsec.secrets.{PID}
, create a new temporary /etc/ipsec.secrets
, read it and then mv /etc/ipsec.secrets.{PID} /etc/ipsec.secrets
.
Seems like some sort of file permission issue, but I can't see why as it should be running as the root user.
New version is going to add the following line to the /etc/ipsec.secrets
file if it doesn't already exist:
include /etc/ipsec.d/*.secrets
and then create a /etc/ipsec.d/ipsec-UUID.secrets
file which will only be deleted when the connection is stopped. That way when VPN server requests rekeying, the file will still be there. Where the UUID would be 04d79a55-4861-4738-a04c-1e465bd96e9d for the above connection you pasted the details for.
I'm still working on the new version, but might have something ready this week, it might fix your issue.
Hopefully https://github.com/nm-l2tp/network-manager-l2tp/commit/06078ec3127ec4a13fae82f782d6864d1182e0b9 commit fixes this issue.
How is the ipsec.secrets supposed to look like? Can you please give me a sample?
With the new NetworkManager-l2tp-1.2.6 (and the code in the master branch), it will append the following line to /etc/ipsec.secrets
at run-time if the line is missing:
include /etc/ipsec.d/*.secrets
The generated ipsec secrets file that will exisit for the liftime of the connection is:
where UUID is the NetworkManager UUID for the VPN connection.
If you don't provide the Gateway ID in the IPsec dialog box, the generated IPsec secrets file will contain the following :
: PSK "my-pre-shared-key"
If you do provide a Gateway ID (which is most likely the IP or NAT'ed address of the VPN server) and lets say for this example it is 123.654.78.09. For strongSwan the file will look like:
123.654.78.09 : PSK "my-pre-shared-key"
and for Libreswan will look like:
%any 123.654.78.09 : PSK "my-pre-shared-key"
I'll close this issue, if you have issues still reply with an email and I'll reopen this issue.
Not an issue, but perhaps I am configuring something wrong. I did try various configurations in the last 5 hours. Any chances you can tell what is going on?
File /etc/ipsec.secrets updated with: : PSK "SHARED_KEY"
Enable IPSec tunnel to L2TP host. Checked Gateway has an IP, not domain NT Domain is empty. VPN Documentation: https://documentation.meraki.com/MX-Z/Client_VPN/Client_VPN_OS_Configuration#Windows_7
Description: Ubuntu 16.04.2 LTS Release: 16.04 Codename: xenial
connection id : "VPN connection 1" (s) uuid : "04d79a55-4861-4738-a04c-1e465bd96e9d" (s) interface-name : NULL (sd) type : "vpn" (s) permissions : ["user:miki:"] (s) autoconnect : FALSE (s) autoconnect-priority : 0 (sd) timestamp : 0 (sd) read-only : FALSE (sd) zone : NULL (sd) master : NULL (sd) slave-type : NULL (sd) autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd) secondaries : [] (s) gateway-ping-timeout : 0 (sd) metered : ((NMMetered) NM_METERED_UNKNOWN) (sd) lldp : -1 (sd)
ipv6 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray) 0x1f86200) (s) gateway : NULL (sd) routes : ((GPtrArray) 0x1f86220) (s) route-metric : -1 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_DISABLED) (s) addr-gen-mode : 1 (sd)
ipv4 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray) 0x1f862a0) (s) gateway : NULL (sd) routes : ((GPtrArray) 0x1f862c0) (s) route-metric : -1 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) dhcp-client-id : NULL (sd) dhcp-fqdn : NULL (sd)
vpn service-type : "org.freedesktop.NetworkManager.l2tp" (s) user-name : "miki" (s) persistent : FALSE (sd) data : ((GHashTable) 0x1f826a0) (s) secrets : ((GHashTable) 0x1f82700) (s) timeout : 0 (sd)
nm-l2tp[19498] starting ipsec
Stopping strongSwan IPsec...
Starting strongSwan 5.3.5 IPsec [starter]...
Loading config setup
Loading conn 'nm-ipsec-l2tp-19498'
found netkey IPsec stack
nm-l2tp[19498] Could not load new IPsec secret.
nm-l2tp[19498] Could not restore saved /etc/ipsec.secrets from /etc/ipsec.secrets.19498.
(nm-l2tp-service:19498): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed