Closed dosentmatter closed 6 years ago
Someone else has reported the exact same issue, i.e. :
104 "9b117491-9a67-46a7-ac91-a8ada37408fd" #1: STATE_MAIN_I1: initiate
010 "9b117491-9a67-46a7-ac91-a8ada37408fd" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
...
Which seems to indicate the first payload from the VPN server is not being recieved. I'm guessing a firewall is blocking it.
Is ike-scan
or the ike-scan.sh
script on the following page able to query the VPN server ?
If ike-scan
isn't able to query the VPN server, it would be highly likely it is a firewall issue and not a libreswan issue.
Unrelated to your current issue, but though I would mention it. I was never able to establish a connection with the xl2tpd-1.3.6 package that ships with Jessie, but had no issues with xl2tpd-1.3.8 from jessie-backports :
I'll have to get back to you on this one. The machine having problems isn't actually mine, and I couldn't get in contact with the owner today. Thanks for the suggestions.
I was able to get it to work using a Debian Jessie VM. ike-scan worked for me but I had to use xl2tpd-1.3.8 from jessie-backports. I was getting a different debug log than the owner's log above. My final config for the VM was network-manager-l2tp-1.0.8 + libreswan-3.16-1 + xl2tpd-1.3.8.
I'll see if this config works for the owner, when we get the chance to speak.
So we were able to get it to work. He said his ike-scan wasn't able to reach the VPN server the other day but works today. He didn't have to install xl2tpd-1.3.8 like I did for my Debian Jessie VM. He is using libreswan.
I'm not sure what caused his problem but it could be because of his spotty internet since he lives in a rural area. Thanks for the tips on debugging! I'm gonna close this issue now.
The vpn server I am connecting to uses legacy ciphers: phase 1: 3des-sha1-modp1024 phase 2: 3des-sha1
I am on Debian Jessie.
Here is what I used to build and install. I am using libreswan because I got it working on Linux Mint using libreswan https://github.com/nm-l2tp/network-manager-l2tp/issues/62. I tried strongswan with the above ciphers but I get the same timeout. The GUI is available but I can't connect.
I get this message in syslog: VPN connection 'VPN NAME' failed to connect: 'Method invoked for Connect returned FALSE but did not set error'.
Here is the debug log: