dkosovic
commented
7 years ago What network-manager-l2tp does is temporarily rename /etc/ipsec.secrets to /etc/ipsec.secrets.{PID}, create a new temporary /etc/ipsec.secrets, read it and then mv /etc/ipsec.secrets.{PID} /etc/ipsec.secrets.
Seems like some sort of file permission issue, but I can't see why as it should be running as the root user.
New version is going to add the following line to the /etc/ipsec.secrets file if it doesn't already exist:
include /etc/ipsec.d/*.secretsand then create a /etc/ipsec.d/ipsec-UUID.secrets file which will only be deleted when the connection is stopped. That way when VPN server requests rekeying, the file will still be there. Where the UUID would be 04d79a55-4861-4738-a04c-1e465bd96e9d for the above connection you pasted the details for.
I'm still working on the new version, but might have something ready this week, it might fix your issue.
mkbrv
Not an issue, but perhaps I am configuring something wrong. I did try various configurations in the last 5 hours. Any chances you can tell what is going on?
File /etc/ipsec.secrets updated with: : PSK "SHARED_KEY"
Enable IPSec tunnel to L2TP host. Checked Gateway has an IP, not domain NT Domain is empty. VPN Documentation: https://documentation.meraki.com/MX-Z/Client_VPN/Client_VPN_OS_Configuration#Windows_7
Description: Ubuntu 16.04.2 LTS Release: 16.04 Codename: xenial
connection id : "VPN connection 1" (s) uuid : "04d79a55-4861-4738-a04c-1e465bd96e9d" (s) interface-name : NULL (sd) type : "vpn" (s) permissions : ["user:miki:"] (s) autoconnect : FALSE (s) autoconnect-priority : 0 (sd) timestamp : 0 (sd) read-only : FALSE (sd) zone : NULL (sd) master : NULL (sd) slave-type : NULL (sd) autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd) secondaries : [] (s) gateway-ping-timeout : 0 (sd) metered : ((NMMetered) NM_METERED_UNKNOWN) (sd) lldp : -1 (sd)
ipv6 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray) 0x1f86200) (s) gateway : NULL (sd) routes : ((GPtrArray) 0x1f86220) (s) route-metric : -1 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_DISABLED) (s) addr-gen-mode : 1 (sd)
ipv4 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray) 0x1f862a0) (s) gateway : NULL (sd) routes : ((GPtrArray) 0x1f862c0) (s) route-metric : -1 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) dhcp-client-id : NULL (sd) dhcp-fqdn : NULL (sd)
vpn service-type : "org.freedesktop.NetworkManager.l2tp" (s) user-name : "miki" (s) persistent : FALSE (sd) data : ((GHashTable) 0x1f826a0) (s) secrets : ((GHashTable) 0x1f82700) (s) timeout : 0 (sd)
nm-l2tp[19498] starting ipsec
Stopping strongSwan IPsec...
Starting strongSwan 5.3.5 IPsec [starter]...
Loading config setup
Loading conn 'nm-ipsec-l2tp-19498'
found netkey IPsec stack
nm-l2tp[19498] Could not load new IPsec secret.
nm-l2tp[19498] Could not restore saved /etc/ipsec.secrets from /etc/ipsec.secrets.19498.
(nm-l2tp-service:19498): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed