Sample Header Ad - 728x90

IPSec/L2TP VPN connection fails

6 votes
2 answers
29670 views
networkmanager vpn ipsec l2tp
I'm currently trying to establish a VPN connection to the network of my office using IPSec/L2TP with Ubuntu 16.04 (and/or Fedora 26) which fails with the following syslog entries (complete log below): 11:46:26 laptop NetworkManager: received packet: from x.x.x.x to 192.168.0.102 (56 bytes) 11:46:26 laptop NetworkManager: parsed INFORMATIONAL_V1 request 3879417451 [ N(NO_PROP) ] 11:46:26 laptop NetworkManager: received NO_PROPOSAL_CHOSEN error notify 11:46:26 laptop NetworkManager: establishing connection '5f4cde33-5549-4535-864b-04944a5d4d69' failed According to this answer on a similar question the problem might be the negotiation of the protocol(s) to use for the connection. As suggested I used the mentioned tool ike-scan to retrieve some information from the server: # sudo ipsec stop; sudo service xl2tpd stop; sudo ike-scan x.x.x.x Stopping strongSwan IPsec failed: starter is not running Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/) x.x.x.x Main Mode Handshake returned HDR=(CKY-R=7b0d4448e7767519) SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080) VID=1e2b516905991c7d7c96fcbfb587e46100000009 (MS NT5 ISAKMPOAKLEY) VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T) VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n) VID=4048b7d56ebce88525e7de7f00d6c2d3 (IKE Fragmentation) VID=fb1de3cdf341b7ea16b7e5be0855f120 VID=e3a5966a76379fe707228231e5ce8652 Ending ike-scan 1.9: 1 hosts scanned in 0.062 seconds (16.05 hosts/sec). 1 returned handshake; 0 returned notify As further suggested I updated the NetworkManager connection config to use those algorithms: [connection] id=SomeName uuid=5f4cde33-5549-4535-864b-04944a5d4d69 type=vpn autoconnect=false permissions=user:arne:; secondaries= [vpn] password-flags=1 ipsec-esp=3des-sha1! ipsec-psk=**** user=**** ipsec-enabled=yes ipsec-ike=3des-sha1-modp1024! mru=1400 gateway=x.x.x.x mtu=1400 service-type=org.freedesktop.NetworkManager.l2tp keyexchange=ikev1 [ipv4] dns-search= method=auto [ipv6] addr-gen-mode=stable-privacy dns-search= method=auto But this doesn't seem to change anything in the error log. Does anyone has an idea what might be the problem here? Thank you very much! ---------- Environment: # uname -a Linux arne-Latitude-E5570 4.10.0-35-generic #39~16.04.1-Ubuntu SMP Wed Sep 13 09:02:42 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux Complete syslog: 11:46:23 laptop NetworkManager: [1508492783.2731] audit: op="connection-activate" uuid="5f4cde33-5549-4535-864b-04944a5d4d69" name="SomeName" pid=31464 uid=1000 result="success" 11:46:23 laptop NetworkManager: [1508492783.2860] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: Started the VPN service, PID 1579 11:46:23 laptop NetworkManager: [1508492783.3102] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: Saw the service appear; activating connection 11:46:23 laptop NetworkManager: [1508492783.3934] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: VPN connection: (ConnectInteractive) reply received 11:46:23 laptop NetworkManager: nm-l2tp ipsec enable flag: yes 11:46:23 laptop NetworkManager: ** Message: Check port 1701 11:46:23 laptop NetworkManager: ** Message: Can't bind to port 1701 11:46:23 laptop NetworkManager: nm-l2tp L2TP port 1701 is busy, using ephemeral. 11:46:23 laptop NetworkManager: nm-l2tp starting ipsec 11:46:23 laptop NetworkManager: Stopping strongSwan IPsec failed: starter is not running 11:46:25 laptop NetworkManager: Starting strongSwan 5.3.5 IPsec [starter]... 11:46:25 laptop NetworkManager: Loading config setup 11:46:25 laptop NetworkManager: Loading conn '5f4cde33-5549-4535-864b-04944a5d4d69' 11:46:25 laptop NetworkManager: found netkey IPsec stack 11:46:25 laptop charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.10.0-35-generic, x86_64) 11:46:25 laptop charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' 11:46:25 laptop charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' 11:46:25 laptop charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' 11:46:25 laptop charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' 11:46:25 laptop charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' 11:46:25 laptop charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' 11:46:25 laptop charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-5f4cde33-5549-4535-864b-04944a5d4d69.secrets' 11:46:25 laptop charon: 00[CFG] loaded IKE secret for %any 11:46:25 laptop charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-77751670-3316-4fdc-abaf-1293b25b7687.secrets' 11:46:25 laptop charon: 00[CFG] loaded IKE secret for %any 11:46:25 laptop charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown 11:46:25 laptop charon: 00[LIB] dropped capabilities, running as uid 0, gid 0 11:46:25 laptop charon: 00[JOB] spawning 16 worker threads 11:46:25 laptop charon: 04[CFG] received stroke: add connection '5f4cde33-5549-4535-864b-04944a5d4d69' 11:46:25 laptop charon: 04[CFG] added configuration '5f4cde33-5549-4535-864b-04944a5d4d69' 11:46:26 laptop charon: 06[CFG] rereading secrets 11:46:26 laptop charon: 06[CFG] loading secrets from '/etc/ipsec.secrets' 11:46:26 laptop charon: 06[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-5f4cde33-5549-4535-864b-04944a5d4d69.secrets' 11:46:26 laptop charon: 06[CFG] loaded IKE secret for %any 11:46:26 laptop charon: 06[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-77751670-3316-4fdc-abaf-1293b25b7687.secrets' 11:46:26 laptop charon: 06[CFG] loaded IKE secret for %any 11:46:26 laptop NetworkManager: nm-l2tp Spawned ipsec up script with PID 1655. 11:46:26 laptop charon: 08[CFG] received stroke: initiate '5f4cde33-5549-4535-864b-04944a5d4d69' 11:46:26 laptop charon: 10[IKE] initiating Main Mode IKE_SA 5f4cde33-5549-4535-864b-04944a5d4d69[1] to x.x.x.x 11:46:26 laptop charon: 10[ENC] generating ID_PROT request 0 [ SA V V V V ] 11:46:26 laptop charon: 10[NET] sending packet: from 192.168.0.102 to x.x.x.x (148 bytes) 11:46:26 laptop charon: 09[NET] received packet: from x.x.x.x to 192.168.0.102 (56 bytes) 11:46:26 laptop charon: 09[ENC] parsed INFORMATIONAL_V1 request 3879417451 [ N(NO_PROP) ] 11:46:26 laptop charon: 09[IKE] received NO_PROPOSAL_CHOSEN error notify 11:46:26 laptop NetworkManager: initiating Main Mode IKE_SA 5f4cde33-5549-4535-864b-04944a5d4d69[1] to x.x.x.x 11:46:26 laptop NetworkManager: generating ID_PROT request 0 [ SA V V V V ] 11:46:26 laptop NetworkManager: sending packet: from 192.168.0.102 to x.x.x.x (148 bytes) 11:46:26 laptop NetworkManager: received packet: from x.x.x.x to 192.168.0.102 (56 bytes) 11:46:26 laptop NetworkManager: parsed INFORMATIONAL_V1 request 3879417451 [ N(NO_PROP) ] 11:46:26 laptop NetworkManager: received NO_PROPOSAL_CHOSEN error notify 11:46:26 laptop NetworkManager: establishing connection '5f4cde33-5549-4535-864b-04944a5d4d69' failed 11:46:26 laptop NetworkManager: Stopping strongSwan IPsec... 11:46:26 laptop charon: 00[DMN] signal of type SIGINT received. Shutting down 11:46:26 laptop NetworkManager: nm-l2tp Could not establish IPsec tunnel. 11:46:26 laptop NetworkManager: (nm-l2tp-service:1579): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed 11:46:26 laptop NetworkManager: [1508492786.8335] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: VPN plugin: state changed: stopped (6) 11:46:26 laptop NetworkManager: [1508492786.8359] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: VPN plugin: state change reason: unknown (0) 11:46:26 laptop NetworkManager: [1508492786.8393] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: VPN service disappeared 11:46:26 laptop NetworkManager: [1508492786.8418] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Asked by user2900170 (61 rep)
Oct 20, 2017, 10:33 AM
Last activity: Jan 10, 2020, 10:19 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "networkmanager"
More questions tagged "vpn"
More questions tagged "ipsec"
Footer Ad - 728x90