Failed to connect (Centos 7)

I tried connect to VPN but get this:

`[gefalko@localhost ~]$ sudo /usr/libexec/nm-l2tp-service --debug nm-l2tp[20335] nm-l2tp-service (version 1.2.10-1.el7) starting... nm-l2tp[20335] uses default --bus-name "org.freedesktop.NetworkManager.l2tp" nm-l2tp[20335] ipsec enable flag: yes ** Message: Check port 1701 connection id : "L2TP IPSec (PSK) - otravo" (s) uuid : "49a95a8c-275b-464b-8f62-a7639b48e966" (s) interface-name : NULL (sd) type : "vpn" (s) permissions : ["user:gefalko:"] (s) autoconnect : FALSE (s) autoconnect-priority : 0 (sd) autoconnect-retries : -1 (sd) timestamp : 0 (sd) read-only : FALSE (sd) zone : NULL (sd) master : NULL (sd) slave-type : NULL (sd) autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd) secondaries : NULL (sd) gateway-ping-timeout : 0 (sd) metered : ((NMMetered) NM_METERED_UNKNOWN) (sd) lldp : -1 (sd) stable-id : NULL (sd) auth-retries : -1 (sd)

ipv6 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray) 0x1e8f780) (s) gateway : NULL (sd) routes : ((GPtrArray) 0x1e8f6e0) (s) route-metric : -1 (sd) route-table : 0 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd) addr-gen-mode : 1 (sd) token : NULL (sd)

proxy method : 0 (sd) browser-only : FALSE (sd) pac-url : NULL (sd) pac-script : NULL (sd)

vpn service-type : "org.freedesktop.NetworkManager.l2tp" (s) user-name : "gefalko" (s) persistent : FALSE (sd) data : ((GHashTable) 0x1e764c0) (s) secrets : ((GHashTable) 0x1e76400) (s) timeout : 0 (sd)

ipv4 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray) 0x1e8f560) (s) gateway : NULL (sd) routes : ((GPtrArray) 0x1e8f600) (s) route-metric : -1 (sd) route-table : 0 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) dhcp-client-id : NULL (sd) dhcp-fqdn : NULL (sd)

nm-l2tp[20335] starting ipsec Redirecting to: systemctl stop ipsec.service warning: could not open include filename: '/etc/ipsec.d/.conf' warning: could not open include filename: '/etc/ipsec.d/.conf' warning: could not open include filename: '/etc/ipsec.d/.conf' warning: could not open include filename: '/etc/ipsec.d/.conf' Redirecting to: systemctl start ipsec.service 002 listening for IKE messages 002 adding interface virbr0/virbr0 192.168.122.1:500 002 adding interface virbr0/virbr0 192.168.122.1:4500 002 adding interface wlp2s0/wlp2s0 192.168.1.176:500 002 adding interface wlp2s0/wlp2s0 192.168.1.176:4500 002 adding interface lo/lo 127.0.0.1:500 002 adding interface lo/lo 127.0.0.1:4500 002 adding interface lo/lo ::1:500 002 loading secrets from "/etc/ipsec.secrets" 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.secrets" opening file: /var/run/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.conf debugging mode enabled end of file /var/run/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.conf Loading conn 49a95a8c-275b-464b-8f62-a7639b48e966 starter: left is KH_DEFAULTROUTE loading named conns: 49a95a8c-275b-464b-8f62-a7639b48e966 seeking_src = 1, seeking_gateway = 1, has_peer = 1 seeking_src = 0, seeking_gateway = 1, has_dst = 1 dst via 192.168.1.254 dev wlp2s0 src table 254 set nexthop: 192.168.1.254 dst 192.168.1.0 via dev wlp2s0 src 192.168.1.176 table 254 dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254 dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored) dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored) dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored) dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored) dst 192.168.1.0 via dev wlp2s0 src 192.168.1.176 table 255 (ignored) dst 192.168.1.176 via dev wlp2s0 src 192.168.1.176 table 255 (ignored) dst 192.168.1.255 via dev wlp2s0 src 192.168.1.176 table 255 (ignored) dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored) dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored) dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)

seeking_src = 1, seeking_gateway = 0, has_peer = 1 seeking_src = 1, seeking_gateway = 0, has_dst = 1 dst 192.168.1.254 via dev wlp2s0 src 192.168.1.176 table 254 set addr: 192.168.1.176

seeking_src = 0, seeking_gateway = 0, has_peer = 1 conn: "49a95a8c-275b-464b-8f62-a7639b48e966" labeled_ipsec=0 conn: "49a95a8c-275b-464b-8f62-a7639b48e966" modecfgdns=(null) conn: "49a95a8c-275b-464b-8f62-a7639b48e966" modecfgdomains=(null) conn: "49a95a8c-275b-464b-8f62-a7639b48e966" modecfgbanner=(null) conn: "49a95a8c-275b-464b-8f62-a7639b48e966" mark=(null) conn: "49a95a8c-275b-464b-8f62-a7639b48e966" mark-in=(null) conn: "49a95a8c-275b-464b-8f62-a7639b48e966" mark-out=(null) conn: "49a95a8c-275b-464b-8f62-a7639b48e966" vti_iface=(null) 002 added connection description "49a95a8c-275b-464b-8f62-a7639b48e966" nm-l2tp[20335] Spawned ipsec auto --up script with PID 21334. 002 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: initiating Main Mode 104 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: initiate 010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response 010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response 010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response 010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response 010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response nm-l2tp[20335] Timeout trying to establish IPsec connection nm-l2tp[20335] Terminating ipsec script with PID 21334. nm-l2tp[20335] Could not establish IPsec tunnel.

(nm-l2tp-service:20335): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed 010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 16 seconds for response `

There is something weird happening with the debug output, NetworkManager isn't iterating through the NetworkManager-L2TP VPN settings and only showing data : ((GHashTable*) 0x1e764c0) (s) instead of the name/value pairs.

Anyway, looks like the VPN server isn't responding, possibly because it doesn't like the phase 1 and 2 proposals the client is offering.

Could you obtain the ike-scan.sh script from the following page:

https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues#querying-vpn-server-for-its-ikev1-algorithm-proposals

and then try the following but replace 123.54.76.9 with the VPN server you are using :

sudo yum install ike-scan
sudo ipsec stop
chmod a+rx ./ike-scan.sh
sudo ./ike-scan.sh 123.54.76.9 | grep SA=

I copy paste code to ./ike-scan.sh by instructions from link.
Than run sudo ipsec stop command.
(I think is not necessary, but) Replace ip to 123.54.76.9. https://ibb.co/cGQ25J

output:

[gefalko@localhost ~]$ sudo ipsec stop Redirecting to: systemctl stop ipsec.service warning: could not open include filename: '/etc/ipsec.d/*.conf' warning: could not open include filename: '/etc/ipsec.d/*.conf'

Run chmod a+rx ./ike-scan.sh,

output: no output;

Run sudo ./ike-scan.sh 123.54.76.9 | grep SA=,

output:

[gefalko@localhost ~]$ sudo ./ike-scan.sh 123.54.76.9 | grep SA= ./ike-scan.sh: line 16: ike-scan: command not found

Becouse ike-scan not found i tried install it by https://github.com/royhills/ike-scan#building-and-installing

note: ./configure without ssl suport

[gefalko@localhost ~]$ sudo ./ike-scan.sh 123.54.76.9 | grep SA=
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)

Sorry I didn't realise CentOS / EPEL7 didn't include the ike-scan package, but it is great that you built it.

Looks like CentOS 7.5 has upgraded libreswan package to version 3.23 and you are now impacted by the weak legacy algorithms issue :

https://github.com/nm-l2tp/network-manager-l2tp#issue-with-vpn-servers-only-proposing-ipsec-ikev1-weak-legacy-algorithms

[The output of the ./ike-scan.sh script has the same output repeated 7 times which doesn't look right as they should be unique. But if all of proposals advertised by the VPN server contain SHA1(i.e. the output of the ./ike-scan.sh script), then they are consider weak by libreswan-3.23.]

The best fix is to re-configure the VPN server and add proposals that use SHA2, but if you aren't able to do that, in the IPsec Options dialog box advanced options, add the following:

Phase1 Algorithms : aes256-sha1;modp2048
Phase2 Algorithms : aes256-sha1

I made a guess what the phase 2 algorithms should be as they are often based on the phase 1, but some VPN administrators decide to use completely different algorithms from phase 1.

I change: https://ibb.co/ewRbHy
run sudo /usr/libexec/nm-l2tp-service --debug
Tried connect to vpn throw GUI https://ibb.co/mS3Z4d

Command 2 output after connect click :

[gefalko@localhost]$ sudo /usr/libexec/nm-l2tp-service --debug
[sudo] password for gefalko: 
nm-l2tp[31649] <debug> nm-l2tp-service (version 1.2.10-1.el7) starting...
nm-l2tp[31649] <debug>  uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[31649] <info>  ipsec enable flag: yes
** Message: Check port 1701
connection
    id : "L2TP IPSec (PSK) - otravo" (s)
    uuid : "49a95a8c-275b-464b-8f62-a7639b48e966" (s)
    interface-name : NULL (sd)
    type : "vpn" (s)
    permissions : ["user:gefalko:"] (s)
    autoconnect : FALSE (s)
    autoconnect-priority : 0 (sd)
    autoconnect-retries : -1 (sd)
    timestamp : 0 (sd)
    read-only : FALSE (sd)
    zone : NULL (sd)
    master : NULL (sd)
    slave-type : NULL (sd)
    autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
    secondaries : NULL (sd)
    gateway-ping-timeout : 0 (sd)
    metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
    lldp : -1 (sd)
    stable-id : NULL (sd)
    auth-retries : -1 (sd)

ipv6
    method : "auto" (s)
    dns : [] (s)
    dns-search : [] (s)
    dns-options : NULL (sd)
    dns-priority : 0 (sd)
    addresses : ((GPtrArray*) 0x80d7a0) (s)
    gateway : NULL (sd)
    routes : ((GPtrArray*) 0x80d800) (s)
    route-metric : -1 (sd)
    route-table : 0 (sd)
    ignore-auto-routes : FALSE (sd)
    ignore-auto-dns : FALSE (sd)
    dhcp-hostname : NULL (sd)
    dhcp-send-hostname : TRUE (sd)
    never-default : FALSE (sd)
    may-fail : TRUE (sd)
    dad-timeout : -1 (sd)
    dhcp-timeout : 0 (sd)
    ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
    addr-gen-mode : 1 (sd)
    token : NULL (sd)

proxy
    method : 0 (sd)
    browser-only : FALSE (sd)
    pac-url : NULL (sd)
    pac-script : NULL (sd)

vpn
    service-type : "org.freedesktop.NetworkManager.l2tp" (s)
    user-name : "gefalko" (s)
    persistent : FALSE (sd)
    data : ((GHashTable*) 0x7f4760) (s)
    secrets : ((GHashTable*) 0x7f44c0) (s)
    timeout : 0 (sd)

ipv4
    method : "auto" (s)
    dns : [] (s)
    dns-search : [] (s)
    dns-options : NULL (sd)
    dns-priority : 0 (sd)
    addresses : ((GPtrArray*) 0x80d660) (s)
    gateway : NULL (sd)
    routes : ((GPtrArray*) 0x80d6c0) (s)
    route-metric : -1 (sd)
    route-table : 0 (sd)
    ignore-auto-routes : FALSE (sd)
    ignore-auto-dns : FALSE (sd)
    dhcp-hostname : NULL (sd)
    dhcp-send-hostname : TRUE (sd)
    never-default : FALSE (sd)
    may-fail : TRUE (sd)
    dad-timeout : -1 (sd)
    dhcp-timeout : 0 (sd)
    dhcp-client-id : NULL (sd)
    dhcp-fqdn : NULL (sd)

nm-l2tp[31649] <info>  starting ipsec
Redirecting to: systemctl stop ipsec.service
warning: could not open include filename: '/etc/ipsec.d/*.conf'
warning: could not open include filename: '/etc/ipsec.d/*.conf'
warning: could not open include filename: '/etc/ipsec.d/*.conf'
warning: could not open include filename: '/etc/ipsec.d/*.conf'
Redirecting to: systemctl start ipsec.service
002 listening for IKE messages
002 adding interface virbr0/virbr0 192.168.122.1:500
002 adding interface virbr0/virbr0 192.168.122.1:4500
002 adding interface wlp2s0/wlp2s0 192.168.1.176:500
002 adding interface wlp2s0/wlp2s0 192.168.1.176:4500
002 adding interface lo/lo 127.0.0.1:500
002 adding interface lo/lo 127.0.0.1:4500
002 adding interface lo/lo ::1:500
002 loading secrets from "/etc/ipsec.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.secrets"
opening file: /var/run/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.conf
debugging mode enabled
end of file /var/run/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.conf
Loading conn 49a95a8c-275b-464b-8f62-a7639b48e966
starter: left is KH_DEFAULTROUTE
loading named conns: 49a95a8c-275b-464b-8f62-a7639b48e966
seeking_src = 1, seeking_gateway = 1, has_peer = 1
seeking_src = 0, seeking_gateway = 1, has_dst = 1
dst  via 192.168.1.254 dev wlp2s0 src  table 254
set nexthop: 192.168.1.254
dst 192.168.1.0 via  dev wlp2s0 src 192.168.1.176 table 254
dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 254
dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255 (ignored)
dst 192.168.1.0 via  dev wlp2s0 src 192.168.1.176 table 255 (ignored)
dst 192.168.1.176 via  dev wlp2s0 src 192.168.1.176 table 255 (ignored)
dst 192.168.1.255 via  dev wlp2s0 src 192.168.1.176 table 255 (ignored)
dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 255 (ignored)
dst 192.168.122.1 via  dev virbr0 src 192.168.122.1 table 255 (ignored)
dst 192.168.122.255 via  dev virbr0 src 192.168.122.1 table 255 (ignored)

seeking_src = 1, seeking_gateway = 0, has_peer = 1
seeking_src = 1, seeking_gateway = 0, has_dst = 1
dst 192.168.1.254 via  dev wlp2s0 src 192.168.1.176 table 254
set addr: 192.168.1.176

seeking_src = 0, seeking_gateway = 0, has_peer = 1
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" labeled_ipsec=0
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" modecfgdns=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" modecfgdomains=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" modecfgbanner=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" mark=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" mark-in=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" mark-out=(null)
conn: "49a95a8c-275b-464b-8f62-a7639b48e966" vti_iface=(null)
002 added connection description "49a95a8c-275b-464b-8f62-a7639b48e966"
nm-l2tp[31649] <info>  Spawned ipsec auto --up script with PID 2194.
002 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: initiating Main Mode
104 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: initiate
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
nm-l2tp[31649] <warn>  Timeout trying to establish IPsec connection
nm-l2tp[31649] <info>  Terminating ipsec script with PID 2194.
nm-l2tp[31649] <warn>  Could not establish IPsec tunnel.

(nm-l2tp-service:31649): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 16 seconds for response
010 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: retransmission; will wait 32 seconds for response
031 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: STATE_MAIN_I1: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our first IKEv1 message
000 "49a95a8c-275b-464b-8f62-a7639b48e966" #1: starting keying attempt 2 of an unlimited number, but releasing whack

I'm not sure what could be wrong with libreswan as it is not giving useful errors, so could you try strongswan instead, it might give better hints.

To use strongswan, issue:

sudo rpm -e --nodeps libreswan
sudo yum install strongswan

You'll then need to change the phase 1 slightly for strongswan (by replacing ; with a -) :

Phase1 Algorithms : aes256-sha1-modp2048

Forgot to mention if libreswan and strongswan are both installed at the same time, then NetworkManager-l2tp will use libreswan. That's why libreswan needed to be removed with sudo rpm -e --nodeps libreswan for NetworkManager-l2tp to use strongswan.

I did sudo rpm -e --nodeps libreswan
yum install strongswan output:

...
Is this ok [y/d/N]: y
Downloading packages:
strongswan-5.6.1-2.el7.x86_64.rpm                                                                                                                                                                                      | 1.3 MB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
** Found 2 pre-existing rpmdb problem(s), 'yum check' output follows:
NetworkManager-l2tp-1.2.10-1.el7.x86_64 has missing requires of libreswan
NetworkManager-libreswan-1.2.4-2.el7.x86_64 has missing requires of /usr/sbin/ipsec
  Installing : strongswan-5.6.1-2.el7.x86_64                                                                                                                                                                                              1/1 
  Verifying  : strongswan-5.6.1-2.el7.x86_64                                                                                                                                                                                              1/1 

Installed:
  strongswan.x86_64 0:5.6.1-2.el7                                                                                                                                                                                                             

Complete!

Change Phase1 Algortiyhm https://ibb.co/nHZ8fJ
sudo /usr/libexec/nm-l2tp-service --debug
Tried connect to vpn throw GUI https://ibb.co/mS3Z4d

command 4 output:

[gefalko@localhost gaia]$ sudo /usr/libexec/nm-l2tp-service --debug
[sudo] password for gefalko: 
nm-l2tp[9919] <debug> nm-l2tp-service (version 1.2.10-1.el7) starting...
nm-l2tp[9919] <debug>  uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[9919] <info>  ipsec enable flag: yes
** Message: Check port 1701
connection
    id : "L2TP IPSec (PSK) - otravo" (s)
    uuid : "49a95a8c-275b-464b-8f62-a7639b48e966" (s)
    interface-name : NULL (sd)
    type : "vpn" (s)
    permissions : ["user:gefalko:"] (s)
    autoconnect : FALSE (s)
    autoconnect-priority : 0 (sd)
    autoconnect-retries : -1 (sd)
    timestamp : 0 (sd)
    read-only : FALSE (sd)
    zone : NULL (sd)
    master : NULL (sd)
    slave-type : NULL (sd)
    autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
    secondaries : NULL (sd)
    gateway-ping-timeout : 0 (sd)
    metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
    lldp : -1 (sd)
    stable-id : NULL (sd)
    auth-retries : -1 (sd)

ipv6
    method : "auto" (s)
    dns : [] (s)
    dns-search : [] (s)
    dns-options : NULL (sd)
    dns-priority : 0 (sd)
    addresses : ((GPtrArray*) 0x1975400) (s)
    gateway : NULL (sd)
    routes : ((GPtrArray*) 0x1975340) (s)
    route-metric : -1 (sd)
    route-table : 0 (sd)
    ignore-auto-routes : FALSE (sd)
    ignore-auto-dns : FALSE (sd)
    dhcp-hostname : NULL (sd)
    dhcp-send-hostname : TRUE (sd)
    never-default : FALSE (sd)
    may-fail : TRUE (sd)
    dad-timeout : -1 (sd)
    dhcp-timeout : 0 (sd)
    ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
    addr-gen-mode : 1 (sd)
    token : NULL (sd)

proxy
    method : 0 (sd)
    browser-only : FALSE (sd)
    pac-url : NULL (sd)
    pac-script : NULL (sd)

vpn
    service-type : "org.freedesktop.NetworkManager.l2tp" (s)
    user-name : "gefalko" (s)
    persistent : FALSE (sd)
    data : ((GHashTable*) 0x7f68e8004de0) (s)
    secrets : ((GHashTable*) 0x7f68e8004cc0) (s)
    timeout : 0 (sd)

ipv4
    method : "auto" (s)
    dns : [] (s)
    dns-search : [] (s)
    dns-options : NULL (sd)
    dns-priority : 0 (sd)
    addresses : ((GPtrArray*) 0x19751a0) (s)
    gateway : NULL (sd)
    routes : ((GPtrArray*) 0x1975120) (s)
    route-metric : -1 (sd)
    route-table : 0 (sd)
    ignore-auto-routes : FALSE (sd)
    ignore-auto-dns : FALSE (sd)
    dhcp-hostname : NULL (sd)
    dhcp-send-hostname : TRUE (sd)
    never-default : FALSE (sd)
    may-fail : TRUE (sd)
    dad-timeout : -1 (sd)
    dhcp-timeout : 0 (sd)
    dhcp-client-id : NULL (sd)
    dhcp-fqdn : NULL (sd)

nm-l2tp[9919] <info>  starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.6.1 IPsec [starter]...
Loading config setup
Loading conn '49a95a8c-275b-464b-8f62-a7639b48e966'
found netkey IPsec stack
nm-l2tp[9919] <info>  Spawned ipsec up script with PID 10620.
no config named '49a95a8c-275b-464b-8f62-a7639b48e966'
Stopping strongSwan IPsec...
nm-l2tp[9919] <warn>  Could not establish IPsec tunnel.

(nm-l2tp-service:9919): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed

Result of:

➜  ~ sudo ./ike-scan.sh 123.54.76.9 | grep SA=
[sudo] password for gefalko: 
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)
    SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=14:modp2048 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080)

I've setup a CentOS VPN to try and reproduce the issue, but ran into a few issues.

SELinux was preventing strongswan from running properly :

Jun 14 21:34:26 localhost.localdomain python[2895]: SELinux is preventing /usr/libexec/strongswan/starter from getattr access on the file /run/nm-l2tp-ipsec-c359dcd6-d0abb-4ed6-becd-a0ba393ed5fb.con

I then tried to disable SELinux by editing /etc/selinux/config, but SELinux is still running after a reboot.

Sorry i'm still sorting things out, so might not have any suggestions for you till tomorrow.

Maybe useful info about my machine:

~ cat /etc/*elease
CentOS Linux release 7.5.1804 (Core) 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.5.1804 (Core) 
CentOS Linux release 7.5.1804 (Core) 
➜  ~ uname -r
3.10.0-862.3.2.el7.x86_64

Sorry for the delay in responding, I've been away. There is something wrong with CentOS 7.5's strongswan, I'm not able to establish a connection even with SELinux disabled.

Could you delete the Phase 1 and 2 Algorithms and downgrade to an older version of libreswan. To downgrade to an older version of libreswan, you can do :

sudo killall -TERM nm-l2tp-service
wget http://vault.centos.org/7.3.1611/os/x86_64/Packages/libreswan-3.15-8.el7.x86_64.rpm
sudo rpm -Uvh --oldpackage libreswan-3.15-8.el7.x86_64.rpm

Then try the connection again.

No problem :)

After downgraded something new appears, but not connected successful.

Logs of sudo /usr/libexec/nm-l2tp-service --debug:

➜  ~ sudo /usr/libexec/nm-l2tp-service --debug
nm-l2tp[24067] <debug> nm-l2tp-service (version 1.2.10-1.el7) starting...
nm-l2tp[24067] <debug>  uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[24067] <info>  ipsec enable flag: yes
** Message: Check port 1701
connection
    id : "VPN 2" (s)
    uuid : "e56bc02e-ffe4-481c-848d-a62ed688f1e7" (s)
    interface-name : NULL (sd)
    type : "vpn" (s)
    permissions : ["user:gefalko:"] (s)
    autoconnect : FALSE (s)
    autoconnect-priority : 0 (sd)
    autoconnect-retries : -1 (sd)
    timestamp : 0 (sd)
    read-only : FALSE (sd)
    zone : NULL (sd)
    master : NULL (sd)
    slave-type : NULL (sd)
    autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
    secondaries : NULL (sd)
    gateway-ping-timeout : 0 (sd)
    metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
    lldp : -1 (sd)
    stable-id : NULL (sd)
    auth-retries : -1 (sd)

ipv6
    method : "auto" (s)
    dns : [] (s)
    dns-search : [] (s)
    dns-options : NULL (sd)
    dns-priority : 0 (sd)
    addresses : ((GPtrArray*) 0x86c660) (s)
    gateway : NULL (sd)
    routes : ((GPtrArray*) 0x86c680) (s)
    route-metric : -1 (sd)
    route-table : 0 (sd)
    ignore-auto-routes : FALSE (sd)
    ignore-auto-dns : FALSE (sd)
    dhcp-hostname : NULL (sd)
    dhcp-send-hostname : TRUE (sd)
    never-default : FALSE (sd)
    may-fail : TRUE (sd)
    dad-timeout : -1 (sd)
    dhcp-timeout : 0 (sd)
    ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
    addr-gen-mode : 1 (sd)
    token : NULL (sd)

proxy
    method : 0 (sd)
    browser-only : FALSE (sd)
    pac-url : NULL (sd)
    pac-script : NULL (sd)

vpn
    service-type : "org.freedesktop.NetworkManager.l2tp" (s)
    user-name : "gefalko" (s)
    persistent : FALSE (sd)
    data : ((GHashTable*) 0x7f40f8004800) (s)
    secrets : ((GHashTable*) 0x8532a0) (s)
    timeout : 0 (sd)

ipv4
    method : "auto" (s)
    dns : [] (s)
    dns-search : [] (s)
    dns-options : NULL (sd)
    dns-priority : 0 (sd)
    addresses : ((GPtrArray*) 0x86c480) (s)
    gateway : NULL (sd)
    routes : ((GPtrArray*) 0x86c460) (s)
    route-metric : -1 (sd)
    route-table : 0 (sd)
    ignore-auto-routes : FALSE (sd)
    ignore-auto-dns : FALSE (sd)
    dhcp-hostname : NULL (sd)
    dhcp-send-hostname : TRUE (sd)
    never-default : FALSE (sd)
    may-fail : TRUE (sd)
    dad-timeout : -1 (sd)
    dhcp-timeout : 0 (sd)
    dhcp-client-id : NULL (sd)
    dhcp-fqdn : NULL (sd)

nm-l2tp[24067] <info>  starting ipsec
Redirecting to: systemctl stop ipsec.service
Redirecting to: systemctl start ipsec.service
002 listening for IKE messages
002 adding interface virbr0/virbr0 192.168.122.1:500
002 adding interface virbr0/virbr0 192.168.122.1:4500
002 adding interface wlp2s0/wlp2s0 192.168.1.226:500
002 adding interface wlp2s0/wlp2s0 192.168.1.226:4500
002 adding interface lo/lo 127.0.0.1:500
002 adding interface lo/lo 127.0.0.1:4500
002 adding interface lo/lo ::1:500
002 loading secrets from "/etc/ipsec.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-0e23a094-047a-4f3d-9386-f56de1ff84a2.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e56bc02e-ffe4-481c-848d-a62ed688f1e7.secrets"
opening file: /var/run/nm-l2tp-ipsec-e56bc02e-ffe4-481c-848d-a62ed688f1e7.conf
debugging mode enabled
end of file /var/run/nm-l2tp-ipsec-e56bc02e-ffe4-481c-848d-a62ed688f1e7.conf
Loading conn e56bc02e-ffe4-481c-848d-a62ed688f1e7
starter: left is KH_DEFAULTROUTE
loading named conns: e56bc02e-ffe4-481c-848d-a62ed688f1e7
seeking_src = 0, seeking_gateway = 1, has_dst = 1
dst  via 192.168.1.254 dev wlp2s0 src  table 254 (ignored)
set nexthop: 192.168.1.254
dst 192.168.1.0 via  dev wlp2s0 src 192.168.1.226 table 254 (ignored)
dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 254 (ignored)
dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255
dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255
dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255
dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255
dst 192.168.1.0 via  dev wlp2s0 src 192.168.1.226 table 255
dst 192.168.1.226 via  dev wlp2s0 src 192.168.1.226 table 255
dst 192.168.1.255 via  dev wlp2s0 src 192.168.1.226 table 255
dst 192.168.122.0 via  dev virbr0 src 192.168.122.1 table 255
dst 192.168.122.1 via  dev virbr0 src 192.168.122.1 table 255
dst 192.168.122.255 via  dev virbr0 src 192.168.122.1 table 255

seeking_src = 1, seeking_gateway = 0, has_dst = 1
dst 192.168.1.254 via  dev wlp2s0 src 192.168.1.226 table 254 (ignored)
set addr: 192.168.1.226
conn: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" labeled_ipsec=0
conn: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" policy_label=(null)
conn: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" modecfgdomain=(null)
conn: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" modecfgbanner=(null)
002 added connection description "e56bc02e-ffe4-481c-848d-a62ed688f1e7"
nm-l2tp[24067] <info>  Spawned ipsec auto --up script with PID 25102.
002 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: initiating Main Mode
104 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: STATE_MAIN_I1: initiate
003 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: received Vendor ID payload [RFC 3947]
003 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: received Vendor ID payload [Dead Peer Detection]
003 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: ignoring unknown Vendor ID payload [8299031757a36082c6a621de00000000]
003 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: received Vendor ID payload [FRAGMENTATION]
003 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: received Vendor ID payload [FRAGMENTATION c0000000]
002 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
002 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: I am behind NAT
002 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: Main mode peer ID is ID_IPV4_ADDR: '88.119.193.209'
002 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=md5 group=MODP1024}
002 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: initiating Quick Mode PSK+ENCRYPT+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using isakmp#1 msgid:58974fb4 proposal=defaults pfsgroup=no-pfs}
117 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: STATE_QUICK_I1: initiate
003 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: ignoring informational payload IPSEC_RESPONDER_LIFETIME, msgid=58974fb4, length=28
003 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: NAT-Traversal: received 2 NAT-OA. Ignored because peer is not NATed
002 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0x4bfadb8e <0xda48a264 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=88.119.193.209:4500 DPD=passive}
nm-l2tp[24067] <info>  Libreswan IPsec tunnel is up.
** Message: xl2tpd started with pid 25113
xl2tpd[25113]: Not looking for kernel SAref support.
xl2tpd[25113]: Using l2tp kernel support.
xl2tpd[25113]: xl2tpd version xl2tpd-1.3.8 started on localhost.localdomain PID:25113
xl2tpd[25113]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[25113]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[25113]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[25113]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
xl2tpd[25113]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[25113]: get_call: allocating new tunnel for host 88.119.193.209, port 1701.
xl2tpd[25113]: Connecting to host 88.119.193.209, port 1701
xl2tpd[25113]: control_finish: message type is (null)(0).  Tunnel is 0, call is 0.
xl2tpd[25113]: control_finish: sending SCCRQ
nm-l2tp[24067] <warn>  Looks like pppd didn't initialize our dbus module
nm-l2tp[24067] <info>  Terminated xl2tpd daemon with PID 25113.
xl2tpd[25113]: death_handler: Fatal signal 15 received
xl2tpd[25113]: Connection 0 closed to 88.119.193.209, port 1701 (Server closing)
002 "e56bc02e-ffe4-481c-848d-a62ed688f1e7": deleting connection
002 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: deleting state #2 (STATE_QUICK_I2)
005 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: ESP traffic information: in=0B out=0B
002 "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: deleting state #1 (STATE_MAIN_I4)
** Message: ipsec shut down
nm-l2tp[24067] <warn>  xl2tpd exited with error code 1
021 no connection named "e56bc02e-ffe4-481c-848d-a62ed688f1e7"
** Message: ipsec shut down

So looks like the IPsec connection is now successful, but the L2TP connection is failing.

The reason the IPsec connection failed previously with the newer libreswan is because the Phase 1 and 2 algorithms were wrong. The output of your latest log with the old libreswan has :

... ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=md5 group=MODP1024}

I then ran the ./ike-scan script to confirm and i see:

sudo ./ike-scan.sh 88.119.193.209 | grep SA=
  SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
  SA=(Enc=AES Hash=SHA1 Auth=PSK Group=2:modp1024 KeyLength=192 LifeType=Seconds LifeDuration(4)=0x00007080)
  SA=(Enc=AES Hash=MD5 Auth=PSK Group=2:modp1024 KeyLength=256 LifeType=Seconds LifeDuration(4)=0x00007080)

In the ./ike-scan.sh output, aes256-md5;modp1024 is the the strongest phase 1 proposal offered and that's why the old libreswan chose it.

Which means the following phase 1 (and most likely following phase 2) can be specified with newer libreswan versions :

Phase1 Algorithms : aes256-md5;modp1024
Phase2 Algorithms : aes256-md5

The reason the xl2tpd L2TP connection is failing is most likely due to a PPP issue and you should be able to find the reason in the system journal output, i.e. issue :

journalctl -b

It would be pppd that is generating the output.

journalctl -b output:

Jun 19 06:48:34 localhost.localdomain systemd[1]: Starting Fingerprint Authentication Daemon...
Jun 19 06:48:34 localhost.localdomain dbus[800]: [system] Successfully activated service 'net.reactivated.Fprint'
Jun 19 06:48:34 localhost.localdomain systemd[1]: Started Fingerprint Authentication Daemon.
Jun 19 06:48:34 localhost.localdomain fprintd[31258]: Launching FprintObject
Jun 19 06:48:34 localhost.localdomain fprintd[31258]: D-Bus service launched with name: net.reactivated.Fprint
Jun 19 06:48:34 localhost.localdomain fprintd[31258]: entering main loop
Jun 19 06:48:39 localhost.localdomain sudo[31252]:  gefalko : TTY=pts/15 ; PWD=/home/gefalko ; USER=root ; COMMAND=/usr/libexec/nm-l2tp-service --debug
Jun 19 06:48:44 localhost.localdomain NetworkManager[916]: <info>  [1529380124.1976] audit: op="connection-activate" uuid="e56bc02e-ffe4-481c-848d-a62ed688f1e7" name="VPN 2" pid=10855 uid=1000 result="success"
Jun 19 06:48:44 localhost.localdomain NetworkManager[916]: <info>  [1529380124.2017] vpn-connection[0x55fc57c5c310,e56bc02e-ffe4-481c-848d-a62ed688f1e7,"VPN 2",0]: Saw the service appear; activating connection
Jun 19 06:48:44 localhost.localdomain NetworkManager[916]: <info>  [1529380124.3497] vpn-connection[0x55fc57c5c310,e56bc02e-ffe4-481c-848d-a62ed688f1e7,"VPN 2",0]: VPN connection: (ConnectInteractive) reply received
Jun 19 06:48:44 localhost.localdomain polkitd[811]: Registered Authentication Agent for unix-process:31797:41796109 (system bus name :1.1426 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/Authentic
Jun 19 06:48:44 localhost.localdomain systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Jun 19 06:48:44 localhost.localdomain pluto[26011]: shutting down
Jun 19 06:48:44 localhost.localdomain pluto[26011]: forgetting secrets
Jun 19 06:48:44 localhost.localdomain pluto[26011]: "v6neighbor-hole-out": deleting connection
Jun 19 06:48:44 localhost.localdomain whack[31805]: 002 shutting down
Jun 19 06:48:44 localhost.localdomain pluto[26011]: "v6neighbor-hole-in": deleting connection
Jun 19 06:48:44 localhost.localdomain pluto[26011]: shutting down interface lo/lo ::1:500
Jun 19 06:48:44 localhost.localdomain pluto[26011]: shutting down interface lo/lo 127.0.0.1:4500
Jun 19 06:48:44 localhost.localdomain pluto[26011]: shutting down interface lo/lo 127.0.0.1:500
Jun 19 06:48:44 localhost.localdomain pluto[26011]: shutting down interface wlp2s0/wlp2s0 192.168.1.226:4500
Jun 19 06:48:44 localhost.localdomain pluto[26011]: shutting down interface wlp2s0/wlp2s0 192.168.1.226:500
Jun 19 06:48:44 localhost.localdomain pluto[26011]: shutting down interface virbr0/virbr0 192.168.122.1:4500
Jun 19 06:48:44 localhost.localdomain pluto[26011]: shutting down interface virbr0/virbr0 192.168.122.1:500
Jun 19 06:48:44 localhost.localdomain systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Jun 19 06:48:44 localhost.localdomain polkitd[811]: Unregistered Authentication Agent for unix-process:31797:41796109 (system bus name :1.1426, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected
Jun 19 06:48:44 localhost.localdomain polkitd[811]: Registered Authentication Agent for unix-process:31789:41796105 (system bus name :1.1427 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/Authentic
Jun 19 06:48:44 localhost.localdomain systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Jun 19 06:48:45 localhost.localdomain ipsec[32452]: nflog ipsec capture disabled
Jun 19 06:48:45 localhost.localdomain systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Jun 19 06:48:45 localhost.localdomain polkitd[811]: Unregistered Authentication Agent for unix-process:31789:41796105 (system bus name :1.1427, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected
Jun 19 06:48:45 localhost.localdomain pluto[32464]: NSS DB directory: sql:/etc/ipsec.d
Jun 19 06:48:45 localhost.localdomain pluto[32464]: NSS initialized
Jun 19 06:48:45 localhost.localdomain pluto[32464]: libcap-ng support [enabled]
Jun 19 06:48:45 localhost.localdomain pluto[32464]: FIPS HMAC integrity verification test passed
Jun 19 06:48:45 localhost.localdomain pluto[32464]: FIPS: pluto daemon NOT running in FIPS mode
Jun 19 06:48:45 localhost.localdomain pluto[32464]: Linux audit support [enabled]
Jun 19 06:48:45 localhost.localdomain pluto[32464]: Linux audit activated
Jun 19 06:48:45 localhost.localdomain pluto[32464]: Starting Pluto (Libreswan Version 3.15 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS) LDAP(non-NSS)) pid:32464
Jun 19 06:48:45 localhost.localdomain pluto[32464]: core dump dir: /var/run/pluto/
Jun 19 06:48:45 localhost.localdomain pluto[32464]: secrets file: /etc/ipsec.secrets
Jun 19 06:48:45 localhost.localdomain pluto[32464]: leak-detective disabled
Jun 19 06:48:45 localhost.localdomain pluto[32464]: NSS crypto [enabled]
Jun 19 06:48:45 localhost.localdomain pluto[32464]: XAUTH PAM support [enabled]
Jun 19 06:48:45 localhost.localdomain pluto[32464]:    NAT-Traversal support  [enabled]
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating OAKLEY_AES_CTR: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_A: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_B: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_C: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_hash(): Activating DISABLED-OAKLEY_AES_XCBC: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: starting up 3 crypto helpers
Jun 19 06:48:45 localhost.localdomain pluto[32464]: started thread for crypto helper 0 (master fd 10)
Jun 19 06:48:45 localhost.localdomain pluto[32464]: started thread for crypto helper 1 (master fd 13)
Jun 19 06:48:45 localhost.localdomain pluto[32464]: started thread for crypto helper 2 (master fd 15)
Jun 19 06:48:45 localhost.localdomain pluto[32464]: Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-862.3.2.el7.x86_64
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating aes_ccm_8: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating aes_ccm_12: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: ike_alg_register_enc(): Activating aes_ccm_16: Ok
Jun 19 06:48:45 localhost.localdomain pluto[32464]: | selinux support is NOT enabled.
Jun 19 06:48:45 localhost.localdomain pluto[32464]: listening for IKE messages
Jun 19 06:48:45 localhost.localdomain pluto[32464]: adding interface virbr0/virbr0 192.168.122.1:500
Jun 19 06:48:45 localhost.localdomain pluto[32464]: adding interface virbr0/virbr0 192.168.122.1:4500
Jun 19 06:48:45 localhost.localdomain pluto[32464]: adding interface wlp2s0/wlp2s0 192.168.1.226:500
Jun 19 06:48:45 localhost.localdomain pluto[32464]: adding interface wlp2s0/wlp2s0 192.168.1.226:4500
Jun 19 06:48:45 localhost.localdomain pluto[32464]: adding interface lo/lo 127.0.0.1:500
Jun 19 06:48:45 localhost.localdomain pluto[32464]: adding interface lo/lo 127.0.0.1:4500
Jun 19 06:48:45 localhost.localdomain pluto[32464]: adding interface lo/lo ::1:500
Jun 19 06:48:45 localhost.localdomain pluto[32464]: | setup callback for interface lo:500 fd 28
Jun 19 06:48:45 localhost.localdomain pluto[32464]: | setup callback for interface lo:4500 fd 27
Jun 19 06:48:45 localhost.localdomain pluto[32464]: | setup callback for interface lo:500 fd 26
Jun 19 06:48:45 localhost.localdomain pluto[32464]: | setup callback for interface wlp2s0:4500 fd 25
Jun 19 06:48:45 localhost.localdomain pluto[32464]: | setup callback for interface wlp2s0:500 fd 24
Jun 19 06:48:45 localhost.localdomain pluto[32464]: | setup callback for interface virbr0:4500 fd 23
Jun 19 06:48:45 localhost.localdomain pluto[32464]: | setup callback for interface virbr0:500 fd 22
Jun 19 06:48:45 localhost.localdomain pluto[32464]: loading secrets from "/etc/ipsec.secrets"
Jun 19 06:48:45 localhost.localdomain pluto[32464]: loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-0e23a094-047a-4f3d-9386-f56de1ff84a2.secrets"
Jun 19 06:48:45 localhost.localdomain pluto[32464]: loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.secrets"
Jun 19 06:48:45 localhost.localdomain pluto[32464]: loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e56bc02e-ffe4-481c-848d-a62ed688f1e7.secrets"
Jun 19 06:48:45 localhost.localdomain pluto[32464]: | certificate not loaded for this end
Jun 19 06:48:45 localhost.localdomain pluto[32464]: | certificate not loaded for this end
Jun 19 06:48:45 localhost.localdomain pluto[32464]: added connection description "e56bc02e-ffe4-481c-848d-a62ed688f1e7"
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: initiating Main Mode
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: received Vendor ID payload [RFC 3947]
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: received Vendor ID payload [Dead Peer Detection]
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: ignoring unknown Vendor ID payload [8299031757a36082c6a621de00000000]
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: received Vendor ID payload [FRAGMENTATION]
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: received Vendor ID payload [FRAGMENTATION c0000000]
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: I am behind NAT
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: Main mode peer ID is ID_IPV4_ADDR: '88.119.193.209'
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=md5 group=MODP1024}
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: initiating Quick Mode PSK+ENCRYPT+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using isakmp#1 msgid:b94f842e proposal=defaults pfsgro
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: ignoring informational payload IPSEC_RESPONDER_LIFETIME, msgid=b94f842e, length=28
Jun 19 06:48:45 localhost.localdomain pluto[32464]: | ISAKMP Notification Payload
Jun 19 06:48:45 localhost.localdomain pluto[32464]: |   00 00 00 1c  00 00 00 01  03 04 60 00
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: NAT-Traversal: received 2 NAT-OA. Ignored because peer is not NATed
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Jun 19 06:48:45 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0x4bfadba9 <0x7d307c36 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=88.119.193
Jun 19 06:48:45 localhost.localdomain NetworkManager[916]: <info>  [1529380125.8208] vpn-connection[0x55fc57c5c310,e56bc02e-ffe4-481c-848d-a62ed688f1e7,"VPN 2",0]: VPN plugin: state changed: starting (3)
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | certificate not loaded for this end
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | certificate not loaded for this end
Jun 19 06:48:46 localhost.localdomain pluto[32464]: added connection description "v6neighbor-hole-in"
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | certificate not loaded for this end
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | certificate not loaded for this end
Jun 19 06:48:46 localhost.localdomain pluto[32464]: added connection description "v6neighbor-hole-out"
Jun 19 06:48:46 localhost.localdomain pluto[32464]: listening for IKE messages
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | refresh. setup callback for interface lo:500 28
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | setup callback for interface lo:500 fd 28
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | refresh. setup callback for interface lo:4500 27
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | setup callback for interface lo:4500 fd 27
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | refresh. setup callback for interface lo:500 26
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | setup callback for interface lo:500 fd 26
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | refresh. setup callback for interface wlp2s0:4500 25
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | setup callback for interface wlp2s0:4500 fd 25
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | refresh. setup callback for interface wlp2s0:500 24
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | setup callback for interface wlp2s0:500 fd 24
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | refresh. setup callback for interface virbr0:4500 23
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | setup callback for interface virbr0:4500 fd 23
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | refresh. setup callback for interface virbr0:500 22
Jun 19 06:48:46 localhost.localdomain pluto[32464]: | setup callback for interface virbr0:500 fd 22
Jun 19 06:48:46 localhost.localdomain pluto[32464]: forgetting secrets
Jun 19 06:48:46 localhost.localdomain pluto[32464]: loading secrets from "/etc/ipsec.secrets"
Jun 19 06:48:46 localhost.localdomain pluto[32464]: loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-0e23a094-047a-4f3d-9386-f56de1ff84a2.secrets"
Jun 19 06:48:46 localhost.localdomain pluto[32464]: loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-49a95a8c-275b-464b-8f62-a7639b48e966.secrets"
Jun 19 06:48:46 localhost.localdomain pluto[32464]: loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e56bc02e-ffe4-481c-848d-a62ed688f1e7.secrets"
Jun 19 06:48:59 localhost.localdomain NetworkManager[916]: <warn>  [1529380139.8345] vpn-connection[0x55fc57c5c310,e56bc02e-ffe4-481c-848d-a62ed688f1e7,"VPN 2",0]: VPN plugin: failed: connect-failed (1)
Jun 19 06:48:59 localhost.localdomain NetworkManager[916]: <warn>  [1529380139.8346] vpn-connection[0x55fc57c5c310,e56bc02e-ffe4-481c-848d-a62ed688f1e7,"VPN 2",0]: VPN plugin: failed: connect-failed (1)
Jun 19 06:48:59 localhost.localdomain NetworkManager[916]: <info>  [1529380139.8352] vpn-connection[0x55fc57c5c310,e56bc02e-ffe4-481c-848d-a62ed688f1e7,"VPN 2",0]: VPN plugin: state changed: stopping (5)
Jun 19 06:48:59 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7": deleting connection
Jun 19 06:48:59 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: deleting state #2 (STATE_QUICK_I2)
Jun 19 06:48:59 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #2: ESP traffic information: in=0B out=0B
Jun 19 06:48:59 localhost.localdomain pluto[32464]: "e56bc02e-ffe4-481c-848d-a62ed688f1e7" #1: deleting state #1 (STATE_MAIN_I4)
Jun 19 06:48:59 localhost.localdomain NetworkManager[916]: <info>  [1529380139.8828] vpn-connection[0x55fc57c5c310,e56bc02e-ffe4-481c-848d-a62ed688f1e7,"VPN 2",0]: VPN plugin: state changed: stopped (6)
Jun 19 06:48:59 localhost.localdomain NetworkManager[916]: <warn>  [1529380139.9094] vpn-connection[0x55fc57c5c310,e56bc02e-ffe4-481c-848d-a62ed688f1e7,"VPN 2",0]: VPN plugin: failed: connect-failed (1)
Jun 19 06:49:04 localhost.localdomain fprintd[31258]: No devices in use, exit
Jun 19 06:49:23 localhost.localdomain sudo[1972]:  gefalko : TTY=pts/15 ; PWD=/home/gefalko ; USER=root ; COMMAND=/bin/journalctl -b

Was that sudo journalctl -b output after running the following and trying the VPN connection ?

sudo killall -TERM nm-l2tp-service
sudo /usr/libexec/nm-l2tp-service --debug

If so, it's odd that we don't see any pppd output. Which would also means xl2tpd is failing before it starts its pppd child process, but it is not giving any useful output error message.

Yes sudo journalctl -b output was after running the following and trying the VPN connection.

I will be adding support for rp-l2tp as an optional alternative to xl2tpd maybe in the next few weeks as rp-l2tp sometimes works when xl2tpd fails for some weird reason.

Sorry I wasn't of much help with the xl2tpd issue.

Thanks of help. Finally I connected. To resolve xl2tpd issue for me help this article: https://linuxexplore.com/how-tos/l2tp-vpn-using-xl2tpd/

nm-l2tp / NetworkManager-l2tp

Failed to connect (Centos 7) #84