Arch linux - cannot ping any ip in vpn after creating connection

xhpohanka commented 7 years ago

Hi, I have strange issue. Connection to vpn is successfuly estabilished, but I cannot ping any IP in vpn network. Can you see something interesting in logs, please? I also do not get address from dhcp, I need to set static one.

NetworkManager[451]: <info>  [1500622355.8227] audit: op="connection-activate" uuid="61718d08-6663-461d-a847-ad6becdcf94f" name="xxx" pid=3278 uid=1000 result="success"
NetworkManager[451]: <info>  [1500622355.8250] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",0]: Started the VPN service, PID 8448
NetworkManager[451]: <info>  [1500622355.8292] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",0]: Saw the service appear; activating connection
NetworkManager[451]: <info>  [1500622358.7828] keyfile: update /etc/NetworkManager/system-connections/xxx (61718d08-6663-461d-a847-ad6becdcf94f,"xxx")
NetworkManager[451]: <info>  [1500622358.7840] keyfile: update /etc/NetworkManager/system-connections/xxx (61718d08-6663-461d-a847-ad6becdcf94f,"xxx") after persisting connection
NetworkManager[451]: <info>  [1500622358.7967] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",0]: VPN connection: (ConnectInteractive) reply received
nm-l2tp-service[8448]: Check port 1701
NetworkManager[451]: Redirecting to: systemctl stop ipsec.service
systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
pluto[8090]: shutting down
whack[8470]: 002 shutting down
pluto[8090]: forgetting secrets
pluto[8090]: "v6neighbor-hole-out": deleting non-instance connection
pluto[8090]: "v6neighbor-hole-in": deleting non-instance connection
pluto[8090]: shutting down interface wlp3s0/wlp3s0 fd16:672f:afe2:0:5ee8:a4bd:19ba:b4f2:500
pluto[8090]: shutting down interface lo/lo ::1:500
pluto[8090]: shutting down interface wlp3s0/wlp3s0 fd16:672f:afe2::ef9:500
pluto[8090]: shutting down interface lo/lo 127.0.0.1:4500
pluto[8090]: shutting down interface lo/lo 127.0.0.1:500
pluto[8090]: shutting down interface wlp3s0/wlp3s0 10.88.0.117:4500
pluto[8090]: shutting down interface wlp3s0/wlp3s0 10.88.0.117:500
pluto[8090]: leak: EVENT_SHUNT_SCAN, item size: 32
pluto[8090]: leak: EVENT_SD_WATCHDOG, item size: 32
pluto[8090]: leak: EVENT_PENDING_DDNS, item size: 32
pluto[8090]: leak: EVENT_PENDING_PHASE2, item size: 32
pluto[8090]: leak: EVENT_LOG_DAILY, item size: 32
pluto[8090]: leak: kernel integ, item size: 32
pluto[8090]: leak: EVENT_REINIT_SECRET, item size: 32
pluto[8090]: leak detective found 7 leaks, total size 224
systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
NetworkManager[451]: Redirecting to: systemctl start ipsec.service
systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
ipsec[9088]: nflog ipsec capture disabled
pluto[9101]: NSS DB directory: sql:/etc/ipsec.d
pluto[9101]: Initializing NSS
pluto[9101]: Opening NSS database "sql:/etc/ipsec.d" read-only
pluto[9101]: NSS initialized
pluto[9101]: NSS crypto library initialized
pluto[9101]: FIPS HMAC integrity support [disabled]
pluto[9101]: libcap-ng support [enabled]
pluto[9101]: Linux audit support [disabled]
pluto[9101]: Starting Pluto (Libreswan Version 3.20 XFRM(netkey) KLIPS USE_FORK USE_PTHREAD_SETSCHEDPRIO NSS DNSSEC USE_SYSTEMD_WATCHDOG LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:9101
pluto[9101]: core dump dir: /var/run/pluto/
pluto[9101]: secrets file: /etc/ipsec.secrets
pluto[9101]: leak-detective enabled
pluto[9101]: NSS crypto [enabled]
pluto[9101]: XAUTH PAM support [enabled]
pluto[9101]: NAT-Traversal support  [enabled]
pluto[9101]: ENCRYPT aes_ccm_16:    IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm aes_ccm_c)
pluto[9101]: ENCRYPT aes_ccm_12:    IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm_b)
pluto[9101]: ENCRYPT aes_ccm_8:     IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  (aes_ccm_a)
pluto[9101]: ENCRYPT 3des_cbc:      IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  (3des)
pluto[9101]: ENCRYPT camellia_ctr:  IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
pluto[9101]: ENCRYPT camellia:      IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  (camellia_cbc)
pluto[9101]: ENCRYPT aes_gcm_16:    IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm aes_gcm_c)
pluto[9101]: ENCRYPT aes_gcm_12:    IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm_b)
pluto[9101]: ENCRYPT aes_gcm_8:     IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_gcm_a)
pluto[9101]: ENCRYPT aes_ctr:       IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aesctr)
pluto[9101]: ENCRYPT aes:           IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  (aes_cbc)
pluto[9101]: ENCRYPT serpent:       IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  (serpent_cbc)
pluto[9101]: ENCRYPT twofish:       IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  (twofish_cbc)
pluto[9101]: ENCRYPT twofish_ssh:   IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  (twofish_cbc_ssh)
pluto[9101]: ENCRYPT cast:          IKEv1:     ESP     IKEv2:     ESP           {*128}  (cast_cbc)
pluto[9101]: ENCRYPT null:          IKEv1:     ESP     IKEv2:     ESP           []
pluto[9101]: HASH md5:              IKEv1: IKE         IKEv2:
pluto[9101]: HASH sha:              IKEv1: IKE         IKEv2:             FIPS  (sha1)
pluto[9101]: HASH sha2_256:         IKEv1: IKE         IKEv2:             FIPS  (sha2 sha256)
pluto[9101]: HASH sha2_384:         IKEv1: IKE         IKEv2:             FIPS  (sha384)
pluto[9101]: HASH sha2_512:         IKEv1: IKE         IKEv2:             FIPS  (sha512)
pluto[9101]: PRF md5:               IKEv1: IKE         IKEv2: IKE               (hmac_md5)
pluto[9101]: PRF sha:               IKEv1: IKE         IKEv2: IKE         FIPS  (sha1 hmac_sha1)
pluto[9101]: PRF sha2_256:          IKEv1: IKE         IKEv2: IKE         FIPS  (sha2 sha256 hmac_sha2_256)
pluto[9101]: PRF sha2_384:          IKEv1: IKE         IKEv2: IKE         FIPS  (sha384 hmac_sha2_384)
pluto[9101]: PRF sha2_512:          IKEv1: IKE         IKEv2: IKE         FIPS  (sha512 hmac_sha2_512)
pluto[9101]: INTEG md5:             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        (hmac_md5 hmac_md5_96)
pluto[9101]: INTEG sha:             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha1 sha1_96 hmac_sha1 hmac_sha1_96)
pluto[9101]: INTEG sha2_512:        IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha512 hmac_sha2_512 hmac_sha2_512_256)
pluto[9101]: INTEG sha2_384:        IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha384 hmac_sha2_384 hmac_sha2_384_192)
pluto[9101]: INTEG sha2_256:        IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  (sha2 sha256 hmac_sha2_256 hmac_sha2_256_128)
pluto[9101]: INTEG aes_xcbc:        IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  (aes_xcbc_96)
pluto[9101]: INTEG aes_cmac:        IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  (aes_cmac_96)
pluto[9101]: INTEG ripemd:          IKEv1:     ESP AH  IKEv2:                   (hmac_ripemd hmac_ripemd_160_96)
pluto[9101]: DH MODP1024:           IKEv1: IKE         IKEv2: IKE               (dh2)
pluto[9101]: DH MODP1536:           IKEv1: IKE         IKEv2: IKE               (dh5)
pluto[9101]: DH MODP2048:           IKEv1: IKE         IKEv2: IKE         FIPS  (dh14)
pluto[9101]: DH MODP3072:           IKEv1: IKE         IKEv2: IKE         FIPS  (dh15)
pluto[9101]: DH MODP4096:           IKEv1: IKE         IKEv2: IKE         FIPS  (dh16)
pluto[9101]: DH MODP6144:           IKEv1: IKE         IKEv2: IKE         FIPS  (dh17)
pluto[9101]: DH MODP8192:           IKEv1: IKE         IKEv2: IKE         FIPS  (dh18)
pluto[9101]: DH DH19:               IKEv1: IKE         IKEv2: IKE         FIPS  (ecp_256)
pluto[9101]: DH DH20:               IKEv1: IKE         IKEv2: IKE         FIPS  (ecp_384)
pluto[9101]: DH DH21:               IKEv1: IKE         IKEv2: IKE         FIPS  (ecp_521)
pluto[9101]: DH DH23:               IKEv1: IKE         IKEv2: IKE         FIPS
pluto[9101]: DH DH24:               IKEv1: IKE         IKEv2: IKE         FIPS
pluto[9101]: starting up 7 crypto helpers
pluto[9101]: started thread for crypto helper 0 (master fd 11)
pluto[9101]: started thread for crypto helper 1 (master fd 13)
pluto[9101]: started thread for crypto helper 2 (master fd 15)
pluto[9101]: seccomp security for crypto helper not supported
pluto[9101]: seccomp security for crypto helper not supported
pluto[9101]: seccomp security for crypto helper not supported
pluto[9101]: seccomp security for crypto helper not supported
pluto[9101]: started thread for crypto helper 3 (master fd 17)
pluto[9101]: started thread for crypto helper 4 (master fd 19)
pluto[9101]: seccomp security for crypto helper not supported
pluto[9101]: seccomp security for crypto helper not supported
pluto[9101]: started thread for crypto helper 5 (master fd 21)
pluto[9101]: started thread for crypto helper 6 (master fd 23)
pluto[9101]: seccomp security for crypto helper not supported
pluto[9101]: Using Linux XFRM/NETKEY IPsec interface code on 4.9.37-1-lts
pluto[9101]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
pluto[9101]: watchdog: sending probes every 100 secs
systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
pluto[9101]: seccomp security not supported
pluto[9101]: listening for IKE messages
pluto[9101]: adding interface wlp3s0/wlp3s0 10.88.0.117:500
NetworkManager[451]: 002 listening for IKE messages
NetworkManager[451]: 002 adding interface wlp3s0/wlp3s0 10.88.0.117:500
NetworkManager[451]: 002 adding interface wlp3s0/wlp3s0 10.88.0.117:4500
NetworkManager[451]: 002 adding interface lo/lo 127.0.0.1:500
NetworkManager[451]: 002 adding interface lo/lo 127.0.0.1:4500
NetworkManager[451]: 002 adding interface wlp3s0/wlp3s0 fd16:672f:afe2::ef9:500
NetworkManager[451]: 002 adding interface lo/lo ::1:500
NetworkManager[451]: 002 adding interface wlp3s0/wlp3s0 fd16:672f:afe2:0:5ee8:a4bd:19ba:b4f2:500
NetworkManager[451]: 002 loading secrets from "/etc/ipsec.secrets"
NetworkManager[451]: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-61718d08-6663-461d-a847-ad6becdcf94f.secrets"
pluto[9101]: adding interface wlp3s0/wlp3s0 10.88.0.117:4500
pluto[9101]: adding interface lo/lo 127.0.0.1:500
pluto[9101]: adding interface lo/lo 127.0.0.1:4500
pluto[9101]: adding interface wlp3s0/wlp3s0 fd16:672f:afe2::ef9:500
pluto[9101]: adding interface lo/lo ::1:500
pluto[9101]: adding interface wlp3s0/wlp3s0 fd16:672f:afe2:0:5ee8:a4bd:19ba:b4f2:500
pluto[9101]: | setup callback for interface wlp3s0:500 fd 34
pluto[9101]: | setup callback for interface lo:500 fd 33
pluto[9101]: | setup callback for interface wlp3s0:500 fd 32
pluto[9101]: | setup callback for interface lo:4500 fd 31
pluto[9101]: | setup callback for interface lo:500 fd 30
pluto[9101]: | setup callback for interface wlp3s0:4500 fd 29
pluto[9101]: | setup callback for interface wlp3s0:500 fd 28
pluto[9101]: loading secrets from "/etc/ipsec.secrets"
pluto[9101]: loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-61718d08-6663-461d-a847-ad6becdcf94f.secrets"
NetworkManager[451]: debugging mode enabled
NetworkManager[451]: end of file /var/run/nm-l2tp-ipsec-61718d08-6663-461d-a847-ad6becdcf94f.conf
NetworkManager[451]: Loading conn 61718d08-6663-461d-a847-ad6becdcf94f
NetworkManager[451]: starter: left is KH_DEFAULTROUTE
NetworkManager[451]: conn: "61718d08-6663-461d-a847-ad6becdcf94f" modecfgdomain=(null)
NetworkManager[451]: conn: "61718d08-6663-461d-a847-ad6becdcf94f" modecfgbanner=(null)
NetworkManager[451]: conn: "61718d08-6663-461d-a847-ad6becdcf94f" mark-in=(null)
NetworkManager[451]: conn: "61718d08-6663-461d-a847-ad6becdcf94f" mark-out=(null)
NetworkManager[451]: conn: "61718d08-6663-461d-a847-ad6becdcf94f" vti_iface=(null)
NetworkManager[451]: opening file: /var/run/nm-l2tp-ipsec-61718d08-6663-461d-a847-ad6becdcf94f.conf
NetworkManager[451]: loading named conns: 61718d08-6663-461d-a847-ad6becdcf94f
NetworkManager[451]: seeking_src = 1, seeking_gateway = 1, has_peer = 1
NetworkManager[451]: seeking_src = 0, seeking_gateway = 1, has_dst = 1
NetworkManager[451]: dst  via 10.88.0.1 dev wlp3s0 src  table 254
NetworkManager[451]: set nexthop: 10.88.0.1
NetworkManager[451]: dst 10.88.0.0 via  dev wlp3s0 src 10.88.0.117 table 254
NetworkManager[451]: dst 10.88.0.0 via  dev wlp3s0 src 10.88.0.117 table 255 (ignored)
NetworkManager[451]: dst 10.88.0.117 via  dev wlp3s0 src 10.88.0.117 table 255 (ignored)
NetworkManager[451]: dst 10.88.0.255 via  dev wlp3s0 src 10.88.0.117 table 255 (ignored)
NetworkManager[451]: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
NetworkManager[451]: dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255 (ignored)
NetworkManager[451]: dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255 (ignored)
NetworkManager[451]: seeking_src = 1, seeking_gateway = 0, has_peer = 1
NetworkManager[451]: seeking_src = 1, seeking_gateway = 0, has_dst = 1
NetworkManager[451]: dst 10.88.0.1 via  dev wlp3s0 src 10.88.0.117 table 254
NetworkManager[451]: set addr: 10.88.0.117
NetworkManager[451]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
pluto[9101]: added connection description "61718d08-6663-461d-a847-ad6becdcf94f"
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #1: initiating Main Mode
NetworkManager[451]: 002 "61718d08-6663-461d-a847-ad6becdcf94f" #1: initiating Main Mode
NetworkManager[451]: 104 "61718d08-6663-461d-a847-ad6becdcf94f" #1: STATE_MAIN_I1: initiate
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #1: ignoring unknown Vendor ID payload [f758f22668750f03b08df6ebe1d00403]
NetworkManager[451]: 003 "61718d08-6663-461d-a847-ad6becdcf94f" #1: ignoring unknown Vendor ID payload [f758f22668750f03b08df6ebe1d00403]
NetworkManager[451]: 003 "61718d08-6663-461d-a847-ad6becdcf94f" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]
NetworkManager[451]: 003 "61718d08-6663-461d-a847-ad6becdcf94f" #1: ignoring unknown Vendor ID payload [c44fedc749f9e6ae5b04ec969cb25d69]
NetworkManager[451]: 003 "61718d08-6663-461d-a847-ad6becdcf94f" #1: ignoring unknown Vendor ID payload [f9196df86b812fb0f68026d8876dcb7b00042000]
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]
NetworkManager[451]: 002 "61718d08-6663-461d-a847-ad6becdcf94f" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
NetworkManager[451]: 106 "61718d08-6663-461d-a847-ad6becdcf94f" #1: STATE_MAIN_I2: sent MI2, expecting MR2
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #1: ignoring unknown Vendor ID payload [c44fedc749f9e6ae5b04ec969cb25d69]
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #1: ignoring unknown Vendor ID payload [f9196df86b812fb0f68026d8876dcb7b00042000]
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #1: STATE_MAIN_I2: sent MI2, expecting MR2
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #1: STATE_MAIN_I3: sent MI3, expecting MR3
NetworkManager[451]: 002 "61718d08-6663-461d-a847-ad6becdcf94f" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
NetworkManager[451]: 108 "61718d08-6663-461d-a847-ad6becdcf94f" #1: STATE_MAIN_I3: sent MI3, expecting MR3
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #1: Main mode peer ID is ID_IPV4_ADDR: 'xxx.xxx.xxx.xxx'
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
NetworkManager[451]: 002 "61718d08-6663-461d-a847-ad6becdcf94f" #1: Main mode peer ID is ID_IPV4_ADDR: 'xxx.xxx.xxx.xxx'
NetworkManager[451]: 002 "61718d08-6663-461d-a847-ad6becdcf94f" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
NetworkManager[451]: 004 "61718d08-6663-461d-a847-ad6becdcf94f" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=3des_cbc_192 integ=sha group=MODP1024}
NetworkManager[451]: 002 "61718d08-6663-461d-a847-ad6becdcf94f" #2: initiating Quick Mode PSK+ENCRYPT+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:e0237379 proposal=AES(12)_128-SHA1(2), 3DES(3)_000-SHA1(2) pfsgroup=no-pfs}
NetworkManager[451]: 117 "61718d08-6663-461d-a847-ad6becdcf94f" #2: STATE_QUICK_I1: initiate
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=3des_cbc_192 integ=sha group=MODP1024}
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #2: initiating Quick Mode PSK+ENCRYPT+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:e0237379 proposal=AES(12)_128-SHA1(2), 3DES(3)_000-SHA1(2) pfsgroup=no-pfs}
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #2: NAT-Traversal: received 2 NAT-OA. Ignored because peer is not NATed
NetworkManager[451]: 003 "61718d08-6663-461d-a847-ad6becdcf94f" #2: NAT-Traversal: received 2 NAT-OA. Ignored because peer is not NATed
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
NetworkManager[451]: 002 "61718d08-6663-461d-a847-ad6becdcf94f" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
NetworkManager[451]: 004 "61718d08-6663-461d-a847-ad6becdcf94f" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0x95d8afc4 <0xe6ced650 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=xxx.xxx.xxx.xxx:4500 DPD=passive}
pluto[9101]: "61718d08-6663-461d-a847-ad6becdcf94f" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0x95d8afc4 <0xe6ced650 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=xxx.xxx.xxx.xxx:4500 DPD=passive}
nm-l2tp-service[8448]: xl2tpd started with pid 9138
NetworkManager[451]: xl2tpd[9138]: setsockopt recvref[30]: Protocol not available
NetworkManager[451]: xl2tpd[9138]: Using l2tp kernel support.
PID:9138
NetworkManager[451]: xl2tpd[9138]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
NetworkManager[451]: xl2tpd[9138]: Forked by Scott Balmos and David Stipp, (C) 2001
NetworkManager[451]: xl2tpd[9138]: Inherited by Jeff McAdams, (C) 2002
NetworkManager[451]: xl2tpd[9138]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
NetworkManager[451]: xl2tpd[9138]: Listening on IP address 0.0.0.0, port 1701
NetworkManager[451]: xl2tpd[9138]: Connecting to host xxx.xxx.xxx.xxx, port 1701
NetworkManager[451]: <info>  [1500622361.2188] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",0]: VPN plugin: state changed: starting (3)
pluto[9101]: added connection description "v6neighbor-hole-in"
pluto[9101]: added connection description "v6neighbor-hole-out"
pluto[9101]: listening for IKE messages
pluto[9101]: | refresh. setup callback for interface wlp3s0:500 34
pluto[9101]: | setup callback for interface wlp3s0:500 fd 34
pluto[9101]: | refresh. setup callback for interface lo:500 33
pluto[9101]: | setup callback for interface lo:500 fd 33
pluto[9101]: | refresh. setup callback for interface wlp3s0:500 32
pluto[9101]: | setup callback for interface wlp3s0:500 fd 32
pluto[9101]: | refresh. setup callback for interface lo:4500 31
pluto[9101]: | setup callback for interface lo:4500 fd 31
pluto[9101]: | refresh. setup callback for interface lo:500 30
pluto[9101]: | setup callback for interface lo:500 fd 30
pluto[9101]: | refresh. setup callback for interface wlp3s0:4500 29
pluto[9101]: | setup callback for interface wlp3s0:4500 fd 29
pluto[9101]: | refresh. setup callback for interface wlp3s0:500 28
pluto[9101]: | setup callback for interface wlp3s0:500 fd 28
pluto[9101]: forgetting secrets
pluto[9101]: loading secrets from "/etc/ipsec.secrets"
pluto[9101]: loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-61718d08-6663-461d-a847-ad6becdcf94f.secrets"
NetworkManager[451]: xl2tpd[9138]: Connection established to xxx.xxx.xxx.xxx, 1701.  Local: 59448, Remote: 62237 (ref=0/0).
NetworkManager[451]: xl2tpd[9138]: Calling on tunnel 59448
NetworkManager[451]: xl2tpd[9138]: Call established with xxx.xxx.xxx.xxx, Local: 63410, Remote: 13495, Serial: 1 (ref=0/0)
NetworkManager[451]: xl2tpd[9138]: start_pppd: I'm running:
NetworkManager[451]: xl2tpd[9138]: "/usr/sbin/pppd"
NetworkManager[451]: xl2tpd[9138]: "plugin"
NetworkManager[451]: xl2tpd[9138]: "pppol2tp.so"
NetworkManager[451]: xl2tpd[9138]: "pppol2tp"
NetworkManager[451]: xl2tpd[9138]: "7"
NetworkManager[451]: xl2tpd[9138]: "passive"
NetworkManager[451]: xl2tpd[9138]: "nodetach"
NetworkManager[451]: xl2tpd[9138]: ":"
NetworkManager[451]: xl2tpd[9138]: "file"
NetworkManager[451]: xl2tpd[9138]: "/var/run/nm-l2tp-ppp-options-61718d08-6663-461d-a847-ad6becdcf94f"
pppd[9147]: Plugin pppol2tp.so loaded.
pppd[9147]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
pppd[9147]: pppd 2.4.7 started by root, uid 0
pppd[9147]: Using interface ppp0
pppd[9147]: Connect: ppp0 <-->
pppd[9147]: Overriding mtu 1500 to 1100
pppd[9147]: Overriding mru 1500 to mtu value 1100
NetworkManager[451]: <info>  [1500622362.2798] manager: (ppp0): new Generic device (/org/freedesktop/NetworkManager/Devices/11)
pppd[9147]: Overriding mtu 1400 to 1100
pppd[9147]: PAP authentication succeeded
pppd[9147]: Could not determine remote IP address: defaulting to 10.64.64.64
pppd[9147]: Cannot determine ethernet address for proxy ARP
pppd[9147]: local  IP address 192.168.180.1
pppd[9147]: remote IP address 10.64.64.64
pppd[9147]: primary   DNS address 192.168.1.9
pppd[9147]: secondary DNS address 192.168.1.11
NetworkManager[451]: <info>  [1500622372.0097] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",0]: VPN connection: (IP4 Config Get) reply received from old-style plugin
NetworkManager[451]: <info>  [1500622372.0115] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: Data: VPN Gateway: xxx.xxx.xxx.xxx
NetworkManager[451]: <info>  [1500622372.0116] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: Data: Tunnel Device: "ppp0"
NetworkManager[451]: <info>  [1500622372.0116] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: Data: IPv4 configuration:
NetworkManager[451]: <info>  [1500622372.0116] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: Data:   Internal Address: 192.168.180.1
NetworkManager[451]: <info>  [1500622372.0117] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: Data:   Internal Prefix: 32
NetworkManager[451]: <info>  [1500622372.0117] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: Data:   Internal Point-to-Point Address: 0.0.0.0
NetworkManager[451]: <info>  [1500622372.0117] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: Data:   Maximum Segment Size (MSS): 0
NetworkManager[451]: <info>  [1500622372.0118] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: Data:   Forbid Default Route: yes
NetworkManager[451]: <info>  [1500622372.0118] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: Data:   Internal DNS: 192.168.1.9
NetworkManager[451]: <info>  [1500622372.0119] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: Data:   Internal DNS: 192.168.1.11
NetworkManager[451]: <info>  [1500622372.0119] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: Data:   DNS Domain: '(none)'
NetworkManager[451]: <info>  [1500622372.0119] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: Data: No IPv6 configuration
NetworkManager[451]: <info>  [1500622372.0120] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: VPN plugin: state changed: started (4)
NetworkManager[451]: <info>  [1500622372.0142] vpn-connection[0x258a4b0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",10:(ppp0)]: VPN connection: (IP Config Get) complete
NetworkManager[451]: <info>  [1500622372.0171] dns-mgr: Writing DNS information to /usr/bin/resolvconf
dbus[437]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
systemd[1]: Starting Network Manager Script Dispatcher Service...
dbus[437]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
systemd[1]: Started Network Manager Script Dispatcher Service.
nm-dispatcher[9231]: req:1 'vpn-up' [ppp0]: new request (1 scripts)
nm-dispatcher[9231]: req:1 'vpn-up' [ppp0]: start running ordered scripts...
ntpd[484]: Listen normally on 23 ppp0 192.168.180.1:123
ntpd[484]: Listen normally on 24 ppp0 192.168.1.190:123
ntpd[484]: new interface(s) found: waking up resolver

nm-l2tp[7431] <debug> nm-l2tp-service (version 1.2.8) starting...
nm-l2tp[7431] <debug>  uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[7431] <info>  ipsec enable flag: yes
** Message: Check port 1701
connection
    id : "xxx" (s)
    uuid : "61718d08-6663-461d-a847-ad6becdcf94f" (s)
    interface-name : NULL (sd)
    type : "vpn" (s)
    permissions : ["user:honza:"] (s)
    autoconnect : FALSE (s)
    autoconnect-priority : 0 (sd)
    autoconnect-retries : -1 (sd)
    timestamp : 1500620749 (s)
    read-only : FALSE (sd)
    zone : NULL (sd)
    master : NULL (sd)
    slave-type : NULL (sd)
    autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
    secondaries : NULL (sd)
    gateway-ping-timeout : 0 (sd)
    metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
    lldp : -1 (sd)
    stable-id : NULL (sd)

ipv6
    method : "auto" (s)
    dns : [] (s)
    dns-search : [] (s)
    dns-options : NULL (sd)
    dns-priority : 0 (sd)
    addresses : ((GPtrArray*) 0xd66f00) (s)
    gateway : NULL (sd)
    routes : ((GPtrArray*) 0xd7a820) (s)
    route-metric : -1 (sd)
    ignore-auto-routes : FALSE (sd)
    ignore-auto-dns : FALSE (sd)
    dhcp-hostname : NULL (sd)
    dhcp-send-hostname : TRUE (sd)
    never-default : FALSE (sd)
    may-fail : TRUE (sd)
    dad-timeout : -1 (sd)
    dhcp-timeout : 0 (sd)
    ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
    addr-gen-mode : 1 (sd)
    token : NULL (sd)

proxy
    method : 0 (sd)
    browser-only : FALSE (sd)
    pac-url : NULL (sd)
    pac-script : NULL (sd)

vpn
    service-type : "org.freedesktop.NetworkManager.l2tp" (s)
    user-name : "honza" (s)
    persistent : FALSE (sd)
    data : ((GHashTable*) 0xd7d0c0) (s)
    secrets : ((GHashTable*) 0xd7d120) (s)
    timeout : 0 (sd)

ipv4
    method : "manual" (s)
    dns : [] (s)
    dns-search : [] (s)
    dns-options : NULL (sd)
    dns-priority : 0 (sd)
    addresses : ((GPtrArray*) 0xd7a440) (s)
    gateway : NULL (sd)
    routes : ((GPtrArray*) 0xd67040) (s)
    route-metric : -1 (sd)
    ignore-auto-routes : FALSE (sd)
    ignore-auto-dns : FALSE (sd)
    dhcp-hostname : NULL (sd)
    dhcp-send-hostname : TRUE (sd)
    never-default : TRUE (s)
    may-fail : TRUE (sd)
    dad-timeout : -1 (sd)
    dhcp-timeout : 0 (sd)
    dhcp-client-id : NULL (sd)
    dhcp-fqdn : NULL (sd)

nm-l2tp[7431] <info>  starting ipsec
Redirecting to: systemctl stop ipsec.service
Redirecting to: systemctl start ipsec.service
002 listening for IKE messages
002 adding interface wlp3s0/wlp3s0 10.88.0.117:500
002 adding interface wlp3s0/wlp3s0 10.88.0.117:4500
002 adding interface lo/lo 127.0.0.1:500
002 adding interface lo/lo 127.0.0.1:4500
002 adding interface wlp3s0/wlp3s0 fd16:672f:afe2::ef9:500
002 adding interface lo/lo ::1:500
002 adding interface wlp3s0/wlp3s0 fd16:672f:afe2:0:5ee8:a4bd:19ba:b4f2:500
002 loading secrets from "/etc/ipsec.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-61718d08-6663-461d-a847-ad6becdcf94f.secrets"
opening file: /var/run/nm-l2tp-ipsec-61718d08-6663-461d-a847-ad6becdcf94f.conf
debugging mode enabled
end of file /var/run/nm-l2tp-ipsec-61718d08-6663-461d-a847-ad6becdcf94f.conf
Loading conn 61718d08-6663-461d-a847-ad6becdcf94f
starter: left is KH_DEFAULTROUTE
loading named conns: 61718d08-6663-461d-a847-ad6becdcf94f
seeking_src = 1, seeking_gateway = 1, has_peer = 1
seeking_src = 0, seeking_gateway = 1, has_dst = 1
dst  via 10.88.0.1 dev wlp3s0 src  table 254
set nexthop: 10.88.0.1
dst 10.88.0.0 via  dev wlp3s0 src 10.88.0.117 table 254
dst 10.88.0.0 via  dev wlp3s0 src 10.88.0.117 table 255 (ignored)
dst 10.88.0.117 via  dev wlp3s0 src 10.88.0.117 table 255 (ignored)
dst 10.88.0.255 via  dev wlp3s0 src 10.88.0.117 table 255 (ignored)
dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255 (ignored)

seeking_src = 1, seeking_gateway = 0, has_peer = 1
seeking_src = 1, seeking_gateway = 0, has_dst = 1
dst 10.88.0.1 via  dev wlp3s0 src 10.88.0.117 table 254
set addr: 10.88.0.117

seeking_src = 0, seeking_gateway = 0, has_peer = 1
conn: "61718d08-6663-461d-a847-ad6becdcf94f" modecfgdomain=(null)
conn: "61718d08-6663-461d-a847-ad6becdcf94f" modecfgbanner=(null)
conn: "61718d08-6663-461d-a847-ad6becdcf94f" mark-in=(null)
conn: "61718d08-6663-461d-a847-ad6becdcf94f" mark-out=(null)
conn: "61718d08-6663-461d-a847-ad6becdcf94f" vti_iface=(null)
002 added connection description "61718d08-6663-461d-a847-ad6becdcf94f"
nm-l2tp[7431] <info>  Spawned ipsec auto --up script with PID 8116.
002 "61718d08-6663-461d-a847-ad6becdcf94f" #1: initiating Main Mode
104 "61718d08-6663-461d-a847-ad6becdcf94f" #1: STATE_MAIN_I1: initiate
003 "61718d08-6663-461d-a847-ad6becdcf94f" #1: ignoring unknown Vendor ID payload [f758f22668750f03b08df6ebe1d00403]
003 "61718d08-6663-461d-a847-ad6becdcf94f" #1: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]
003 "61718d08-6663-461d-a847-ad6becdcf94f" #1: ignoring unknown Vendor ID payload [c44fedc749f9e6ae5b04ec969cb25d69]
003 "61718d08-6663-461d-a847-ad6becdcf94f" #1: ignoring unknown Vendor ID payload [f9196df86b812fb0f68026d8876dcb7b00042000]
002 "61718d08-6663-461d-a847-ad6becdcf94f" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "61718d08-6663-461d-a847-ad6becdcf94f" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "61718d08-6663-461d-a847-ad6becdcf94f" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "61718d08-6663-461d-a847-ad6becdcf94f" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "61718d08-6663-461d-a847-ad6becdcf94f" #1: Main mode peer ID is ID_IPV4_ADDR: 'xxx.xxx.xxx.xxx'
002 "61718d08-6663-461d-a847-ad6becdcf94f" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "61718d08-6663-461d-a847-ad6becdcf94f" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=3des_cbc_192 integ=sha group=MODP1024}
002 "61718d08-6663-461d-a847-ad6becdcf94f" #2: initiating Quick Mode PSK+ENCRYPT+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:9476836e proposal=AES(12)_128-SHA1(2), 3DES(3)_000-SHA1(2) pfsgroup=no-pfs}
117 "61718d08-6663-461d-a847-ad6becdcf94f" #2: STATE_QUICK_I1: initiate
003 "61718d08-6663-461d-a847-ad6becdcf94f" #2: NAT-Traversal: received 2 NAT-OA. Ignored because peer is not NATed
002 "61718d08-6663-461d-a847-ad6becdcf94f" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "61718d08-6663-461d-a847-ad6becdcf94f" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0x03a5f222 <0x427a35a6 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=xxx.xxx.xxx.xxx:4500 DPD=passive}
nm-l2tp[7431] <info>  Libreswan IPsec tunnel is up.
** Message: xl2tpd started with pid 8127
xl2tpd[8127]: setsockopt recvref[30]: Protocol not available
xl2tpd[8127]: Using l2tp kernel support.
xl2tpd[8127]: xl2tpd version xl2tpd-1.3.9 started on jules-w PID:8127
xl2tpd[8127]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[8127]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[8127]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[8127]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[8127]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[8127]: get_call: allocating new tunnel for host xxx.xxx.xxx.xxx, port 1701.
xl2tpd[8127]: Connecting to host xxx.xxx.xxx.xxx, port 1701
xl2tpd[8127]: control_finish: message type is (null)(0).  Tunnel is 0, call is 0.
xl2tpd[8127]: control_finish: sending SCCRQ
xl2tpd[8127]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[8127]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[8127]: framing_caps_avp: supported peer frames: sync
xl2tpd[8127]: hostname_avp: peer reports hostname '(none)'
xl2tpd[8127]: assigned_tunnel_avp: using peer's tunnel 36061
xl2tpd[8127]: bearer_caps_avp: supported peer bearers:
xl2tpd[8127]: firmware_rev_avp: peer reports firmware version 1025 (0x0401)
xl2tpd[8127]: vendor_avp: peer reports vendor 'SafeNet Inc.'
xl2tpd[8127]: receive_window_size_avp: peer wants RWS of 16.  Will use flow control.
xl2tpd[8127]: control_finish: message type is Start-Control-Connection-Reply(2).  Tunnel is 36061, call is 0.
xl2tpd[8127]: control_finish: sending SCCCN
xl2tpd[8127]: Connection established to xxx.xxx.xxx.xxx, 1701.  Local: 37748, Remote: 36061 (ref=0/0).
xl2tpd[8127]: Calling on tunnel 37748
xl2tpd[8127]: control_finish: message type is (null)(0).  Tunnel is 36061, call is 0.
xl2tpd[8127]: control_finish: sending ICRQ
xl2tpd[8127]: message_type_avp: message type 11 (Incoming-Call-Reply)
xl2tpd[8127]: assigned_call_avp: using peer's call 50258
xl2tpd[8127]: control_finish: message type is Incoming-Call-Reply(11).  Tunnel is 36061, call is 50258.
xl2tpd[8127]: control_finish: Sending ICCN
xl2tpd[8127]: Call established with xxx.xxx.xxx.xxx, Local: 31198, Remote: 50258, Serial: 1 (ref=0/0)
xl2tpd[8127]: start_pppd: I'm running: 
xl2tpd[8127]: "/usr/sbin/pppd" 
xl2tpd[8127]: "plugin" 
xl2tpd[8127]: "pppol2tp.so" 
xl2tpd[8127]: "pppol2tp" 
xl2tpd[8127]: "7" 
xl2tpd[8127]: "passive" 
xl2tpd[8127]: "nodetach" 
xl2tpd[8127]: ":" 
xl2tpd[8127]: "debug" 
xl2tpd[8127]: "file" 
xl2tpd[8127]: "/var/run/nm-l2tp-ppp-options-61718d08-6663-461d-a847-ad6becdcf94f" 
xl2tpd[8127]: message_type_avp: message type 16 (Set-Link-Info)
xl2tpd[8127]: ignore_avp : Ignoring AVP
xl2tpd[8127]: control_finish: message type is Set-Link-Info(16).  Tunnel is 36061, call is 50258.
xl2tpd[8127]: message_type_avp: message type 6 (Hello)
xl2tpd[8127]: control_finish: message type is Hello(6).  Tunnel is 36061, call is 0.

$ ip route 
default via 10.88.0.1 dev wlp3s0 proto static metric 600 
10.88.0.0/24 dev wlp3s0 proto kernel scope link src 10.88.0.117 metric 600 
10.88.0.1 dev wlp3s0 proto static scope link metric 600 
xxx.xxx.xxx.xxx via 10.88.0.1 dev wlp3s0 proto static metric 600 
192.168.0.0/23 dev ppp0 proto kernel scope link src 192.168.1.190 metric 50 
$ ping 192.168.1.11
PING 192.168.1.11 (192.168.1.11) 56(84) bytes of data.
^C
--- 192.168.1.11 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1032ms

dkosovic commented 7 years ago

In your IPv4 settings ignore-auto-routes is set to false, but I don't see the following VPN automatic default route for dev ppp0 which directs all traffic over the VPN connection:

$ ip route
default dev ppp0  proto static  scope link  metric 50
...

If you are manually adding/removing routes outside of the VPN IPv4 settings GUI and trying to do split network VPN routing, instead of the 192.168.0.0/23 dev ppp0 route I think you need two routes xxx.xxx.xxx.xxx dev ppp0 and 192.168.0.0/23 via xxx.xxx.xxx.xxx as 192.168.0.0/23 is on the other side of the point-to-point link.

xhpohanka commented 7 years ago

I will check your suggestions, thanks. I'm not sure whether the issue is in routing, I already tried manual and automatic routing but I'll double check...

xhpohanka commented 7 years ago

I changed all routing to default but unfortunately it does not help.

This part of log seems suspicious to me:

pppd[2162]: Plugin pppol2tp.so loaded.
pppd[2162]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
pppd[2162]: pppd 2.4.7 started by root, uid 0
pppd[2162]: Using interface ppp0
pppd[2162]: Connect: ppp0 <-->
pppd[2162]: Overriding mtu 1500 to 1100
pppd[2162]: Overriding mru 1500 to mtu value 1100
NetworkManager[1150]: <info>  [1501095313.7915] manager: (ppp0): new Generic device (/org/freedesktop/NetworkManager/Devices/6)
pppd[2162]: Overriding mtu 1400 to 1100
pppd[2162]: PAP authentication succeeded
pppd[2162]: Could not determine remote IP address: defaulting to 10.64.64.64
pppd[2162]: Cannot determine ethernet address for proxy ARP
pppd[2162]: local  IP address 192.168.180.1
pppd[2162]: remote IP address 10.64.64.64
pppd[2162]: primary   DNS address 192.168.1.9
pppd[2162]: secondary DNS address 192.168.1.11
NetworkManager[1150]: <info>  [1501095316.2499] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",0]: VPN connection: (IP4 Config Get) reply received from old-style plugin
NetworkManager[1150]: <info>  [1501095316.2503] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: Data: VPN Gateway: xxx.xxx.xxx.xxx
NetworkManager[1150]: <info>  [1501095316.2504] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: Data: Tunnel Device: "ppp0"
NetworkManager[1150]: <info>  [1501095316.2504] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: Data: IPv4 configuration:
NetworkManager[1150]: <info>  [1501095316.2504] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: Data:   Internal Address: 192.168.180.1
NetworkManager[1150]: <info>  [1501095316.2504] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: Data:   Internal Prefix: 32
NetworkManager[1150]: <info>  [1501095316.2504] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: Data:   Internal Point-to-Point Address: 0.0.0.0
NetworkManager[1150]: <info>  [1501095316.2504] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: Data:   Maximum Segment Size (MSS): 0
NetworkManager[1150]: <info>  [1501095316.2505] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: Data:   Forbid Default Route: no
NetworkManager[1150]: <info>  [1501095316.2505] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: Data:   Internal DNS: 192.168.1.9
NetworkManager[1150]: <info>  [1501095316.2505] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: Data:   Internal DNS: 192.168.1.11
NetworkManager[1150]: <info>  [1501095316.2505] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: Data:   DNS Domain: '(none)'
NetworkManager[1150]: <info>  [1501095316.2505] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: Data: No IPv6 configuration
NetworkManager[1150]: <info>  [1501095316.2506] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: VPN plugin: state changed: started (4)
NetworkManager[1150]: <info>  [1501095316.2516] vpn-connection[0x24890d0,61718d08-6663-461d-a847-ad6becdcf94f,"xxx",19:(ppp0)]: VPN connection: (IP Config Get) complete
NetworkManager[1150]: <info>  [1501095316.2542] dns-mgr: Writing DNS information to /usr/bin/resolvconf
dbus[474]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
systemd[1]: Starting Network Manager Script Dispatcher Service...
dbus[474]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
systemd[1]: Started Network Manager Script Dispatcher Service.
nm-dispatcher[2388]: req:1 'vpn-up' [ppp0]: new request (1 scripts)
nm-dispatcher[2388]: req:1 'vpn-up' [ppp0]: start running ordered scripts...

pppd[2162]: local IP address 192.168.180.1 is nonsense, I don't know where it came from. I should get something from 192.168.0.0/23 from DHCP.

However pppd[2162]: primary DNS address 192.168.1.9 and pppd[2162]: secondary DNS address 192.168.1.11 are correct, so something can be retrieved from server. It's strange ...

Could the issue be in kernel settings? I have these...

net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0

net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0

dkosovic commented 7 years ago

I finally managed to get xl2tpd working on my Arch Linux VM, but had to downgrade from xl2tpd 1.3.9 to 1.3.8. The connection would drop out a few seconds after connecting with xl2tpd 1.3.9.

I issued the following and I'm still able to ping a host inside the VPN network :

sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv4.conf.all.accept_redirects=0
sudo sysctl -w net.ipv4.conf.all.accept_redirects
sudo sysctl -w net.ipv4.conf.all.accept_redirects=0
sudo sysctl -w net.ipv4.conf.default.accept_redirects=0
sudo sysctl -w net.ipv4.conf.default.send_redirects=0

frol commented 7 years ago

There was a Linux Kernel regression in 4.11.x line: https://groups.google.com/forum/#!topic/linux.kernel/LLHBfYpkzWg/discussion

Downgrade to Linux-LTS kernel helped me. Also, in my case, I also had to downgrade security restrictions since my VPN server setup seems to only support MD5 or SHA1 hash. (Here is a script which I used to scan the supported IPsec modes: https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues#querying-vpn-server-for-supported-ipsec-ikev1-ciphers)

xhpohanka commented 7 years ago

Strange, I tried to downgrade xl2tpd and kernel but nothing helped. Automatic routing, manual routing, dhcp, static addres ... no way.

What do you think about the part of log I posted last time? Why I get that wierd default addresses?

frol commented 7 years ago

@xhpohanka I have no clue, sorry. It works fine on my Arch Linux with Kernel 4.12.3 (and 4.9.40), xl2tpd 1.3.9, networkmanager 1.8.2, networkmanager-l2tp 1.2.8, libreswan 3.20, and Gnome 3.25.4.

dkosovic commented 6 years ago

Sorry I have no idea how to solve the Cannot determine ethernet address for proxy ARP error in the logs. I don't understand why it needs the MAC address as the PPP interface (which in this case is created by xl2tpd) has no MAC address. But it could explain the weird default addresses. I assume non-linux VPN clients have no issue connecting, so the issue is on the linux client side.

As no one else has answered since August last year and I'm not able to provide any advise and I don't think it is a network-manager-l2tp bug specifically, I'm almost thinking of closing this issue.

xhpohanka commented 6 years ago

Hi, I agree with you that it is not the buf of network-manager-l2tp. I still live with this on two of my computers, but it works at least a bit. I can access vpn with setting static ip...

nm-l2tp / NetworkManager-l2tp

Arch linux - cannot ping any ip in vpn after creating connection #53