I have 2 computers - both on Debian 10. I need to connect them both to the same remote VPN server. One has a desktop manager (with Network Manager), and the other does not. I will refer to the one with the desktop manager as Debian GUI and the other as Debian Server. I have successfully connected Debian GUI to the remote VPN server using Network Manager, however I am stuck unable to connect Debian Server to the remote VPN server. Here are the Network Manager settings, with details modified for privacy: My LAN IP address on client PC before turning on the VPN: 192.168.0.1 VPN Type: TTL2TP VPN VPN Gateway public IP address: 100.100.100.100 Remote network domain: mywindowsdomain Remote network username: me Remote network password: mypassword Enable IPSec tunnel to L2TP host: yes Pre-shared key: mypresharedkey Phase 1 Algorithms: aes256-md5-modp1024 Phase 2 Algorithms: aes256-md5 Enforce UDP encapsulation: yes L2TP PPP authentication: MS Chap v2 Allow BSD data compression: yes Allow deflate compression: yes Use TCP header compression: yes Use protocol field compression negotiation: yes Use address/control compression: yes MTU: 1400 MRU: 1400 These are the only settings I used in Network Manager, and I am able to successfully connect to the remote VPN server on Debian GUI. However I have been unable to do the same on Debian Server. In Debian Server I installed strongswan and xl2tpd. I don't care which client I use as long as I can get it working, these were just the ones I found available in Debian 10. I attempted to configure them like so: $ cat /etc/xl2tpd/xl2tpd.conf [lac vpn-connection] lns = 100.100.100.100 ppp debug = yes pppoptfile = /etc/ppp/options.l2tpd.client length bit = yes $ cat /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 $ cat /etc/ipsec.secrets include /var/lib/strongswan/ipsec.secrets.inc 192.168.0.1 100.100.100.100 : PSK "mypresharedkey" $ cat /etc/ipsec.conf config setup virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 nat_traversal=yes protostack=netkey plutoopts="--interface=eth0" strictcrlpolicy=yes uniqueids = no conn L2TP-PSK pfs=no auto=add authby=secret # phase 1 keyexchange=ikev1 ike=aes256-md5-modp1024 # phase 2 esp=aes256-md5 forceencaps=yes keyingtries=3 dpddelay=30 dpdtimeout=120 dpdaction=clear rekey=yes ikelifetime=8h keylife=1h type=transport type=tunnel left=192.168.0.1 leftprotoport=17/1701 right=100.100.100.100 rightprotoport=17/1701 include /var/lib/strongswan/ipsec.conf.inc $ cat /etc/ppp/options.l2tpd.client ipcp-accept-local ipcp-accept-remote refuse-eap refuse-pap refuse-chap refuse-mschap require-mschap-v2 nobsdcomp nodeflate noccp noauth idle 1800 mtu 1400 mru 1400 defaultroute usepeerdns debug connect-delay 5000 name mywindowsdomain\\me password mypassword $ cat /etc/strongswan.conf charon { # this line commented out on 2020-11-19 #load_modular = yes plugins { include strongswan.d/charon/*.conf } } include strongswan.d/*.conf Let me know if any files needed to diagnose this issue are missing and I can add their contents here. Then I started everything and got the following results: $ sudo systemctl restart xl2tpd.service $ sudo systemctl status xl2tpd.service ● xl2tpd.service - LSB: layer 2 tunelling protocol daemon Loaded: loaded (/etc/init.d/xl2tpd; generated) Active: active (running) since Thu 2020-11-19 21:13:41 ACDT; 12s ago Docs: man:systemd-sysv-generator(8) Process: 11111 ExecStart=/etc/init.d/xl2tpd start (code=exited, status=0/SUCCESS) Tasks: 1 (limit: 4915) Memory: 876.0K CGroup: /system.slice/xl2tpd.service └─11112 /usr/sbin/xl2tpd $ sudo systemctl restart strongswan.service $ sudo systemctl status strongswan.service ● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf Loaded: loaded (/lib/systemd/system/strongswan.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2020-11-19 21:17:16 ACDT; 9s ago Main PID: 11113 (starter) Tasks: 18 (limit: 4915) Memory: 3.4M CGroup: /system.slice/strongswan.service ├─11114 /usr/lib/ipsec/starter --daemon charon --nofork └─11115 /usr/lib/ipsec/charon $ # all good so far i guess, but then this fails: $ sudo ipsec up L2TP-PSK initiating Main Mode IKE_SA L2TP-PSK to 100.100.100.100 generating ID_PROT request 0 [ SA V V V V V ] sending packet: from 192.168.0.1 to 100.100.100.100 (240 bytes) received packet: from 100.100.100.100 to 192.168.0.1 (188 bytes) parsed ID_PROT response 0 [ SA V V V V V ] received NAT-T (RFC 3947) vendor ID received DPD vendor ID received unknown vendor ID: 88:77:44:11:55:aa:66:88:cc:aa:22:dd:00:00:00:00 received FRAGMENTATION vendor ID received FRAGMENTATION vendor ID selected proposal: IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024 generating ID_PROT request 0 [ KE No NAT-D NAT-D ] sending packet: from 192.168.0.1 to 100.100.100.100 (236 bytes) received packet: from 100.100.100.100 to 192.168.0.1 (220 bytes) parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] local host is behind NAT, sending keep alives generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] sending packet: from 192.168.0.1 to 100.100.100.100 (92 bytes) received packet: from 100.100.100.100 to 192.168.0.1 (76 bytes) parsed ID_PROT response 0 [ ID HASH ] IKE_SA L2TP-PSK established between 192.168.0.1[192.168.0.1]...100.100.100.100[100.100.100.100] scheduling reauthentication in 28017s maximum IKE_SA lifetime 28557s generating QUICK_MODE request 3034622638 [ HASH SA No ID ID ] sending packet: from 192.168.0.1 to 100.100.100.100 (204 bytes) received packet: from 100.100.100.100 to 192.168.0.1 (76 bytes) parsed INFORMATIONAL_V1 request 3102838840 [ HASH N(NO_PROP) ] received NO_PROPOSAL_CHOSEN error notify establishing connection 'L2TP-PSK' failed Sources I used (I have tried a lot of combinations): https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup https://github.com/xelerance/Openswan/wiki/L2tp-ipsec-configuration-using-openswan-and-xl2tpd http://manpages.ubuntu.com/manpages/bionic/man5/ipsec.conf.5.html

My Debian 10 box has a Wifi interface, wlx08beac0a6c1d running a WEP AP for old hardware that doens't wupport WPA. My main network is 192.168.1.0/24 and this interface is configured to be 192.168.2.1. For starters that interface is restricted to one MAC and it only allows DHCP on that network

iptables -A INPUT -i wlx08beac0a6c1d -m mac ! --mac-source 00:30:65:05:9F:4D -j DROP
iptables -A INPUT -i wlx08beac0a6c1d -p udp --dport 67:68 --sport 67:68 -j ACCEPT
iptables -A INPUT -i wlx08beac0a6c1d -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i wlx08beac0a6c1d -j DROP

(The MAC check is also in hostapd.conf -- where of course it is just as ineffective security measure (although it's probably fairly effective here in Shropshire).) This device (claims to) support L2TP over IPSec. I imagine that by opening another port for this I can get this old machine to join the rest of my network through a tunnel to that port and that once connected the old machine will appear as if it is on my network. Is this so? Or have I got the wrong end of the stick? Is this now secure on the WEP network? It looks like the packages needed are strongswan and xl2tpd? It looks like IPSec is going to encrypt traffic over the WEP network, and that I'll need to open some more ports to allow the encryption to be negotiated and started? It then looks like L2TP will establish a connection a PPP connection to another port on Debia and route all traffic through it? So the old machine will get a second IP address for this PPP connection? And how will it appear in Debian (and be routable between the rest of my network and the Internet)? So: first is strongswan...

# apt-get install strongswan

And now I really don't understand what to do. I've done what it says here https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2 and ended up with this ipsec.conf

config setup
    charondebug="ike 1, knl 1, cfg 0"
    uniqueids=no

conn wep-vpn
    auto=add
    compress=no
    type=tunnel
    keyexchange=ikev2
    fragmentation=yes
    forceencaps=yes
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    leftid=192.168.2.31
    leftcert=server-cert.pem
    leftsendcert=always
    leftsubnet=0.0.0.0/
    right=%any
    rightid=%any
    rightauth=eap-mschapv2
    rightsourceip=192.168.2.0/24
    rightdns=192.168.2.31
    rightsendcert=never
    eap_identity=%identity

I think that _left_ is correct if you interpret it as being _this_ machine, but not sure about _right_ which presumably is some _other_ thing? Then it goes on to do something with something called _UFW_ but I am using iptables. I think I need

iptables -A INPUT -i wlx08beac0a6c1d -p udp --dport 500 -j ACCEPT
iptables -A INPUT -i wlx08beac0a6c1d -p udp --dport 4500 -j ACCEPT

to allow connections to IPsec. Then the next part of the trick is xl2tpd...

# apt-get install xl2tpd

/etc/xl2tpd/xl2tpd.conf

[global]
ipsec saref = yes
access control = no

[lns default]
ip range = 192.168.3.100-192.168.3.254
local ip = 192.168.3.1
refuse chap = yes
refuse pap = yes
require authentication = yes
pppoptfile = /etc/ppp/xl2tpd-options
length bit = yes

/etc/ppp/xl2tpd-options

require-mschap-v2
ms-dns 192.168.3.1

Add to /etc/ppp/chap-secrets And

iptables -A INPUT -i wlx08beac0a6c1d -p udp --dport 1701 -j ACCEPT

Obviously, it doesn't work.

I have a VPN that is working when I connect through my windows using L2TP, however when I set up my ubuntu with CLI its not working. I get the following error when I run

$ nmcli c up myvpn

Error output

Error: Connection activation failed: Could not find source connection.

## What I've tried - disabled the firewall sudo ufw disable - created the vpn configuration with

nmcli connection add connection.id myvpn con-name myvpn type VPN vpn-type l2tp ifname -- connection.autoconnect no ipv4.method auto vpn.data "gateway = x.x.x.x, ipsec-enabled = yes, ipsec-psk = 0s"$(base64 <<<'psk***psk' | rev | cut -c2- | rev)"=, mru = 1400, mtu = 1400, password-flags = 0, refuse-chap = yes, refuse-mschap = yes, refuse-pap = yes, require-mppe = yes, user = username" vpn.secrets password=mypassword

- NetworkManager is managing the following interfaces

user@ubunut:~# nmcli device status
DEVICE   TYPE      STATE      CONNECTION
eth0     ethernet  connected  eth0
docker0  bridge    connected  docker0
lo       loopback  unmanaged  --

- list all NM connections: nmcli con

NAME             UUID                     TYPE      DEVICE
docker0          ef3eb3a8-c46e-434c-bfcb  bridge    docker0
eth0             fc920355-d18e-495a-b3ca  ethernet  eth0
myvpn	         2b24ce55-98d3-4bc0-8b52  vpn       --
Ifupdown (eth0)  681b428f-beaf-8932-dce4  ethernet  --

Still I'm not able to connect and I'm stuck now. I don't know what else to do to make it work. Does anyone have any idea what the problem might be?

I'm trying to configure a new VPN client (L2TP and IPSec) on a very small AWS EC2 system running Debian 11 without a desktop. I've got as far as getting NetworkManager to work, but the VPN connection doesn't start, apparently because of an error to do with IPSec. This is what I did - in one terminal window (IP addresses etc have been changed):

root@client# /run/network/interfaces.d# /usr/lib/NetworkManager/nm-l2tp-service --debug
nm-l2tp  nm-l2tp-service (version 1.2.18) starting...
nm-l2tp   uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp   ipsec enable flag: yes
** Message: 13:01:51.414: Check port 1701
** Message: 13:01:51.414: Can't bind to port 1701
nm-l2tp   L2TP port 1701 is busy, using ephemeral.
connection
        autoconnect : false
        id : 'vpnname'
        interface-name : '--'
        permissions : []
        type : 'vpn'
        uuid : '542b35f3-fadc-4df1-b340-a68eec3a9c3f'

proxy

ipv6
        address-data : []
        dns : []
        dns-search : []
        method : 'auto'
        route-data : []

vpn
        data : {'gateway': '123.456.789.012', 'ipsec-enabled': 'yes', 'ipsec-psk': '0sTiFSU190ZWNobjBsMGczCg==', 'mru': '1400', 'mtu': '1400', 'password-flags': '0', 'refuse-chap': 'yes', 'refuse-mschap': 'yes', 'refuse-pap': 'yes', 'require-mppe': 'yes', 'user': 'vpntest'}
        secrets : {'password': 'vPnt35t'}
        service-type : 'org.freedesktop.NetworkManager.l2tp'

ipv4
        address-data : []
        dns : []
        dns-search : []
        method : 'auto'
        route-data : []

nm-l2tp   starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.9.1 IPsec [starter]...
Loading config setup
Loading conn '542b35f3-fadc-4df1-b340-a68eec3a9c3f'
nm-l2tp   Spawned ipsec up script with PID 13126.
initiating Main Mode IKE_SA 542b35f3-fadc-4df1-b340-a68eec3a9c3f to 123.456.789.012
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 111.222.333.444 to 123.456.789.012 (532 bytes)
received packet: from 123.456.789.012 to 111.222.333.444 (132 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received DPD vendor ID
received NAT-T (RFC 3947) vendor ID
selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 111.222.333.444 to 123.456.789.012 (244 bytes)
received packet: from 123.456.789.012 to 111.222.333.444 (244 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH ]
sending packet: from 111.222.333.444 to 123.456.789.012 (68 bytes)
received packet: from 123.456.789.012 to 111.222.333.444 (68 bytes)
invalid HASH_V1 payload length, decryption failed?
could not decrypt payloads
message parsing failed
ignore malformed INFORMATIONAL request
INFORMATIONAL_V1 request with message ID 1308603116 processing failed
sending retransmit 1 of request message ID 0, seq 3
sending packet: from 111.222.333.444 to 123.456.789.012 (68 bytes)
received packet: from 123.456.789.012 to 111.222.333.444 (68 bytes)
invalid HASH_V1 payload length, decryption failed?
could not decrypt payloads
message parsing failed
ignore malformed INFORMATIONAL request
INFORMATIONAL_V1 request with message ID 3696528349 processing failed
nm-l2tp   Timeout trying to establish IPsec connection
nm-l2tp   Terminating ipsec script with PID 13126.
Stopping strongSwan IPsec...
destroying IKE_SA in state CONNECTING without notification
nm-l2tp   Could not establish IPsec tunnel.

(nm-l2tp-service:13017): GLib-GIO-CRITICAL **: 13:02:04.565: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed

and in another window:

root@client# nmcli c up vpnname
Error: Connection activation failed: Unknown reason
Hint: use 'journalctl -xe NM_CONNECTION=542b35f3-fadc-4df1-b340-a68eec3a9c3f + NM_DEVICE=eth0' to get more details.

Unfortunately I don't know IPSec well enough, and what I find through google and on this site seems to be several years old and doesn't really match what I see. What do I need to change? ***EDIT*** So, a downvote, but no comment. It would be nice to see why; I haven't simply thrown my question in here because I couldn't be asked to try to solve it myself or carry out a search. Even after some 25 years of Linux development and sysadmin, there are still plenty of things I've never worked with. There are loads of low-quality 'solutions' to be found, which mention ipsec, l2tp and other things, usually with pictures of some GUI; but very little that addresses the command line, and most of it seems to be old and irrelevant.

I'm trying to connect to my company's VPN from my Steam Deck. I've gone ahead and setup my VPN connection as you can see from here: My company says it has to be L2TP so that is what I've chosen, but when I right click on it and say "Connect" I get a popup that says: > NetworkManager is missing support for 'l2tp' VPN connections on SteamOS When I click on "Install", it takes me to the "Discover" app, but it can't find or install it. It says and shows the following: > Could not open appstream:network-manager-l2tp because it was not found in any available software repositories. --- So, how can I actually get this installed and get my L2TP VPN working on SteamOS? --- If it helps, this is my system info:

I set up a vpn connection according to this instruction - https://www.rapidvpn.com/setup-vpn-l2tp-mint I establish a vpn connection to my server. The connection is established, but the pings do not go, the pages on the Internet do not open, there is no access to the local network behind the server. As if there are problems with packet routing after I receive the configuration via dhcp from a remote server. After about 60 seconds, the connection is broken. I’ll make a reservation right away, such a connection to the same server from under Windows or MacOS works without problems. I tried to change the connection to the Internet. The problem is not with the ISP. Replaced the xl2tpd plugin in the network manager with kl2tpd. The problem doesn't go away. Before reinstalling Linux, the vpn client worked. What is configured wrong on Linux Mint? Logs from the client are attached Apr 15 20:31:30 LenovoPC charon: 13[IKE] local host is behind NAT, sending keep alives Apr 15 20:31:30 LenovoPC charon: 14[IKE] IKE_SA 955a0158-8008-45b4-b61b-aae634aad51b established between 192.168.1.100[192.168.1.100]...80.80.33.101[80.80.33.101] Apr 15 20:31:30 LenovoPC charon: 15[IKE] CHILD_SA 955a0158-8008-45b4-b61b-aae634aad51b{1} established with SPIs c82f58b7_i ca6daee4_o and TS 192.168.1.100/32[udp/l2f] === 80.80.33.101/32[udp/l2f] Apr 15 20:31:30 LenovoPC nm-l2tp-service: strongSwan IPsec connection is up. Apr 15 20:31:30 LenovoPC pppd: Using interface ppp0 Apr 15 20:31:30 LenovoPC pppd: Connect: ppp0 Apr 15 20:31:30 LenovoPC pppd: Overriding mtu 1500 to 1400 Apr 15 20:31:30 LenovoPC pppd: Overriding mru 1500 to mtu value 1400 Apr 15 20:32:12 LenovoPC pppd: CHAP authentication succeeded Apr 15 20:32:12 LenovoPC charon: 07[KNL] 10.100.20.1 appeared on ppp0 Apr 15 20:32:12 LenovoPC charon: 09[KNL] interface ppp0 activated pr 15 20:32:12 LenovoPC pppd: local IP address 10.100.20.1 Apr 15 20:32:12 LenovoPC pppd: remote IP address 80.80.33.101 Apr 15 20:32:12 LenovoPC NetworkManager: [1681583532.4651] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external') Apr 15 20:32:12 LenovoPC pppd: primary DNS address 1.1.1.1 Apr 15 20:32:12 LenovoPC pppd: secondary DNS address 8.8.8.8 Apr 15 20:32:12 LenovoPC NetworkManager: [1681583532.4662] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external') Apr 15 20:32:12 LenovoPC dbus-daemon: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.16' (uid=0 pid=917 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined") Apr 15 20:32:12 LenovoPC NetworkManager: [1681583532.4861] policy: set 'VPN' (ppp0) as default for IPv4 routing and DNS Apr 15 20:32:12 LenovoPC systemd-resolved: wlp3s0: Bus client set default route setting: no Apr 15 20:32:12 LenovoPC systemd-resolved: wlp3s0: Bus client reset DNS server list. Apr 15 20:32:12 LenovoPC systemd-resolved: ppp0: Bus client set default route setting: yes Apr 15 20:32:12 LenovoPC systemd-resolved: ppp0: Bus client set DNS server list to: 1.1.1.1, 8.8.8.8 Apr 15 20:32:12 LenovoPC nm-dispatcher: /etc/network/if-up.d/resolved: 12: mystatedir: not found Apr 15 20:32:28 LenovoPC systemd-resolved: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 8.8.8.8. Apr 15 20:32:33 LenovoPC systemd-resolved: Using degraded feature set UDP instead of UDP+EDNS0 for DNS server 1.1.1.1. Apr 15 20:33:10 LenovoPC NetworkManager: xl2tpd: check_control: Received out of order control packet on tunnel 56426 (got 2, expected 3) Apr 15 20:33:10 LenovoPC NetworkManager: xl2tpd: handle_control: bad control packet! Apr 15 20:33:12 LenovoPC NetworkManager: xl2tpd: check_control: Received out of order control packet on tunnel 56426 (got 2, expected 3) Apr 15 20:33:12 LenovoPC NetworkManager: xl2tpd: handle_control: bad control packet! Apr 15 20:33:16 LenovoPC NetworkManager: xl2tpd: check_control: Received out of order control packet on tunnel 56426 (got 2, expected 3) Apr 15 20:33:16 LenovoPC NetworkManager: xl2tpd: handle_control: bad control packet! Apr 15 20:33:40 LenovoPC NetworkManager: xl2tpd: Maximum retries exceeded for tunnel 4711. Closing. Apr 15 20:33:40 LenovoPC NetworkManager: xl2tpd: Terminating pppd: sending TERM signal to pid 10628 Apr 15 20:33:40 LenovoPC NetworkManager: xl2tpd: Connection 56426 closed to 80.80.33.101, port 1701 (Timeout) Apr 15 20:33:40 LenovoPC pppd: Terminating on signal 15 Apr 15 20:33:40 LenovoPC pppd: Connect time 1.5 minutes.

I have a linux (currently centos 8 but I can change it to anything) server running as l2tp VPN Server which has two network interfaces as below: NIC1: 192.168.1.4/24 NIC2: 192.168.3.2/24 Default gateway for server is 192.168.1.1 but I want to set 192.168.3.1 as vpn users default gateway. 192.168.3.1 is another router in my network. I currently use libreswan but I am open to change it to anything that does the job! Tried to read ipsec.conf file but couldn't find any related line.

**i try to create connection using lt2p vpn** > but my connection is not start [root@vps10337 system-connections]# nmcli connection add connection.id VPN_2 type vpn vpn-type l2tp connection.interface-name wlp2s0 ipv4.method auto vpn.data "gateway=xxx.xxx.xxx.xxx,ipsec-enabled= yes,ipsec-psk= 0s"$(base64 <<<'[PSK]' | rev | cut -c2- | rev)"=, mru = 1400, mtu = 1400, user=vpn, password-flags = 0, service-type=org.freedesktop.NetworkManager.l2tp , refuse-chap = yes, refuse-mschap = yes, refuse-pap = yes, require-mppe = yes, user=vpnuser " vpn.secrets password=vpnpass Connection 'VPN_2' (41de6cab-be8b-41f8-8c8e-86b1d057a477) successfully added. [root@vps10337 system-connections]# [root@vps10337 system-connections]# nmcli c up VPN_2 Error: Connection activation failed: The VPN service failed to start

I have Debian 10 Buster with KDE Plasma 5.14.5 and kernel 5.6.0-0.bpo.2-amd64. I am trying to connect to VPN L2TP over IPSec. However, when I try to connect, an error occurs with no apparent reason. It states that fatal signal 15 has occured, but no additional information is given:

Aug  3 15:22:53 ComputerOfLiza NetworkManager: xl2tpd: death_handler: Fatal signal 15 received

I would really appreciate some help with the matter. /var/log/syslog:

Aug  3 15:22:35 ComputerOfLiza NetworkManager:   [1596457355.6103] audit: op="connection-activate" uuid="8313482f-d2cd-4e39-a18c-86b540d6a8e3" name="Work" pid=990 uid=1000 result="success"
Aug  3 15:22:35 ComputerOfLiza NetworkManager:   [1596457355.6209] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: Started the VPN service, PID 1922
Aug  3 15:22:35 ComputerOfLiza NetworkManager:   [1596457355.6283] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: Saw the service appear; activating connectio
n
Aug  3 15:22:35 ComputerOfLiza NetworkManager:   [1596457355.6332] audit: op="statistics" arg="refresh-rate-ms" pid=990 uid=1000 result="success"
Aug  3 15:22:35 ComputerOfLiza nm-l2tp-service: Check port 1701
Aug  3 15:22:35 ComputerOfLiza nm-l2tp-service: Can't bind to port 1701
Aug  3 15:22:35 ComputerOfLiza NetworkManager: Stopping strongSwan IPsec...
Aug  3 15:22:35 ComputerOfLiza charon: 00[DMN] signal of type SIGINT received. Shutting down
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 5.6.0-0.bpo.2-amd64, x86_64)
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[CFG] expanding file expression '/etc/ipsec.d/*.secrets' failed
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pe
m openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown counters
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[JOB] spawning 16 worker threads
Aug  3 15:22:35 ComputerOfLiza ipsec: 08[KNL] interface wlp0s20f3 deactivated
Aug  3 15:22:35 ComputerOfLiza ipsec: 12[KNL] interface wlp0s20f3 activated
Aug  3 15:22:35 ComputerOfLiza ipsec: 08[KNL] interface wlp0s20f3 deactivated
Aug  3 15:22:35 ComputerOfLiza ipsec: 12[KNL] interface wlp0s20f3 activated
Aug  3 15:22:35 ComputerOfLiza ipsec: 13[KNL] interface wlp0s20f3 deactivated
Aug  3 15:22:35 ComputerOfLiza ipsec: 06[KNL] interface wlp0s20f3 activated
Aug  3 15:22:35 ComputerOfLiza ipsec: 07[KNL] fe80::42e7:d46c:adef:f62f appeared on wlp0s20f3
Aug  3 15:22:35 ComputerOfLiza ipsec: 13[KNL] 192.168.1.38 appeared on wlp0s20f3
Aug  3 15:22:35 ComputerOfLiza ipsec: 00[DMN] signal of type SIGINT received. Shutting down
Aug  3 15:22:35 ComputerOfLiza ipsec: charon stopped after 200 ms
Aug  3 15:22:35 ComputerOfLiza ipsec: ipsec starter stopped
Aug  3 15:22:35 ComputerOfLiza systemd: strongswan.service: Succeeded.
Aug  3 15:22:37 ComputerOfLiza NetworkManager: Starting strongSwan 5.7.2 IPsec [starter]...
Aug  3 15:22:37 ComputerOfLiza NetworkManager: Loading config setup
Aug  3 15:22:37 ComputerOfLiza NetworkManager: Loading conn '8313482f-d2cd-4e39-a18c-86b540d6a8e3'
Aug  3 15:22:37 ComputerOfLiza NetworkManager: found netkey IPsec stack
Aug  3 15:22:37 ComputerOfLiza charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 5.6.0-0.bpo.2-amd64, x86_64)
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8313482f-d2cd-4e39-a18c-86b540d6a8e3.secrets'
Aug  3 15:22:37 ComputerOfLiza charon: 00[CFG]   loaded IKE secret for %any
Aug  3 15:22:37 ComputerOfLiza charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown counters
Aug  3 15:22:37 ComputerOfLiza charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug  3 15:22:37 ComputerOfLiza charon: 00[JOB] spawning 16 worker threads
Aug  3 15:22:37 ComputerOfLiza charon: 05[CFG] received stroke: add connection '8313482f-d2cd-4e39-a18c-86b540d6a8e3'
Aug  3 15:22:37 ComputerOfLiza charon: 05[CFG] added configuration '8313482f-d2cd-4e39-a18c-86b540d6a8e3'
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG] rereading secrets
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG] loading secrets from '/etc/ipsec.secrets'
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8313482f-d2cd-4e39-a18c-86b540d6a8e3.secrets'
Aug  3 15:22:38 ComputerOfLiza charon: 09[CFG]   loaded IKE secret for %any
Aug  3 15:22:38 ComputerOfLiza charon: 08[CFG] received stroke: initiate '8313482f-d2cd-4e39-a18c-86b540d6a8e3'
Aug  3 15:22:38 ComputerOfLiza charon: 11[IKE] initiating Main Mode IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3 to 77.234.209.75
Aug  3 15:22:38 ComputerOfLiza charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Aug  3 15:22:38 ComputerOfLiza charon: 11[NET] sending packet: from 192.168.1.38 to 77.234.209.75 (176 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 12[NET] received packet: from 77.234.209.75 to 192.168.1.38 (156 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 12[ENC] parsed ID_PROT response 0 [ SA V V V V ]
Aug  3 15:22:38 ComputerOfLiza charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
Aug  3 15:22:38 ComputerOfLiza charon: 12[IKE] received XAuth vendor ID
Aug  3 15:22:38 ComputerOfLiza charon: 12[IKE] received DPD vendor ID
Aug  3 15:22:38 ComputerOfLiza charon: 12[IKE] received FRAGMENTATION vendor ID
Aug  3 15:22:38 ComputerOfLiza charon: 12[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug  3 15:22:38 ComputerOfLiza charon: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug  3 15:22:38 ComputerOfLiza charon: 12[NET] sending packet: from 192.168.1.38 to 77.234.209.75 (244 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 13[NET] received packet: from 77.234.209.75 to 192.168.1.38 (236 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug  3 15:22:38 ComputerOfLiza charon: 13[IKE] local host is behind NAT, sending keep alives
Aug  3 15:22:38 ComputerOfLiza charon: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
Aug  3 15:22:38 ComputerOfLiza charon: 13[NET] sending packet: from 192.168.1.38 to 77.234.209.75 (68 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 14[NET] received packet: from 77.234.209.75 to 192.168.1.38 (68 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 14[ENC] parsed ID_PROT response 0 [ ID HASH ]
Aug  3 15:22:38 ComputerOfLiza charon: 14[IKE] IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3 established between 192.168.1.38[192.168.1.38]...77.234.209.75[77.234.209.75]
Aug  3 15:22:38 ComputerOfLiza charon: 14[IKE] scheduling reauthentication in 9724s
Aug  3 15:22:38 ComputerOfLiza charon: 14[IKE] maximum IKE_SA lifetime 10264s
Aug  3 15:22:38 ComputerOfLiza charon: 14[ENC] generating QUICK_MODE request 2184681364 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug  3 15:22:38 ComputerOfLiza charon: 14[NET] sending packet: from 192.168.1.38 to 77.234.209.75 (188 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 15[NET] received packet: from 77.234.209.75 to 192.168.1.38 (68 bytes)
Aug  3 15:22:38 ComputerOfLiza charon: 15[ENC] parsed INFORMATIONAL_V1 request 2541531291 [ HASH N(NO_PROP) ]
Aug  3 15:22:38 ComputerOfLiza charon: 15[IKE] received NO_PROPOSAL_CHOSEN error notify
Aug  3 15:22:38 ComputerOfLiza NetworkManager: initiating Main Mode IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3 to 77.234.209.75
Aug  3 15:22:38 ComputerOfLiza NetworkManager: generating ID_PROT request 0 [ SA V V V V V ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager: sending packet: from 192.168.1.38 to 77.234.209.75 (176 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager: received packet: from 77.234.209.75 to 192.168.1.38 (156 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager: parsed ID_PROT response 0 [ SA V V V V ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager: received NAT-T (RFC 3947) vendor ID
Aug  3 15:22:38 ComputerOfLiza NetworkManager: received XAuth vendor ID
Aug  3 15:22:38 ComputerOfLiza NetworkManager: received DPD vendor ID
Aug  3 15:22:38 ComputerOfLiza NetworkManager: received FRAGMENTATION vendor ID
Aug  3 15:22:38 ComputerOfLiza NetworkManager: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug  3 15:22:38 ComputerOfLiza NetworkManager: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager: sending packet: from 192.168.1.38 to 77.234.209.75 (244 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager: received packet: from 77.234.209.75 to 192.168.1.38 (236 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager: local host is behind NAT, sending keep alives
Aug  3 15:22:38 ComputerOfLiza NetworkManager: generating ID_PROT request 0 [ ID HASH ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager: sending packet: from 192.168.1.38 to 77.234.209.75 (68 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager: received packet: from 77.234.209.75 to 192.168.1.38 (68 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager: parsed ID_PROT response 0 [ ID HASH ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager: IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3 established between 192.168.1.38[192.168.1.38]...77.234.209.75[77.234.209.75]
Aug  3 15:22:38 ComputerOfLiza NetworkManager: scheduling reauthentication in 9724s
Aug  3 15:22:38 ComputerOfLiza NetworkManager: maximum IKE_SA lifetime 10264s
Aug  3 15:22:38 ComputerOfLiza NetworkManager: generating QUICK_MODE request 2184681364 [ HASH SA No ID ID NAT-OA NAT-OA ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager: sending packet: from 192.168.1.38 to 77.234.209.75 (188 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager: received packet: from 77.234.209.75 to 192.168.1.38 (68 bytes)
Aug  3 15:22:38 ComputerOfLiza NetworkManager: parsed INFORMATIONAL_V1 request 2541531291 [ HASH N(NO_PROP) ]
Aug  3 15:22:38 ComputerOfLiza NetworkManager: received NO_PROPOSAL_CHOSEN error notify
Aug  3 15:22:38 ComputerOfLiza NetworkManager: establishing connection '8313482f-d2cd-4e39-a18c-86b540d6a8e3' failed
Aug  3 15:22:39 ComputerOfLiza nm-l2tp-service: xl2tpd started with pid 1997
Aug  3 15:22:39 ComputerOfLiza NetworkManager: xl2tpd: Not looking for kernel SAref support.
Aug  3 15:22:39 ComputerOfLiza NetworkManager: xl2tpd: Using l2tp kernel support.
Aug  3 15:22:39 ComputerOfLiza NetworkManager: xl2tpd: xl2tpd version xl2tpd-1.3.12 started on ComputerOfLiza PID:1997
Aug  3 15:22:39 ComputerOfLiza NetworkManager: xl2tpd: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Aug  3 15:22:39 ComputerOfLiza NetworkManager: xl2tpd: Forked by Scott Balmos and David Stipp, (C) 2001
Aug  3 15:22:39 ComputerOfLiza NetworkManager: xl2tpd: Inherited by Jeff McAdams, (C) 2002
Aug  3 15:22:39 ComputerOfLiza NetworkManager: xl2tpd: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Aug  3 15:22:39 ComputerOfLiza NetworkManager: xl2tpd: Listening on IP address 0.0.0.0, port 47189
Aug  3 15:22:39 ComputerOfLiza NetworkManager: xl2tpd: Connecting to host 77.234.209.75, port 1701
Aug  3 15:22:39 ComputerOfLiza NetworkManager:   [1596457359.0670] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: state changed: starting (3)
Aug  3 15:22:46 ComputerOfLiza PackageKit: get-updates transaction /205_aeabdccb from uid 1000 finished with success after 736ms
Aug  3 15:22:53 ComputerOfLiza NetworkManager: xl2tpd: death_handler: Fatal signal 15 received
Aug  3 15:22:53 ComputerOfLiza NetworkManager: xl2tpd: Connection 0 closed to 77.234.209.75, port 1701 (Server closing)
Aug  3 15:22:53 ComputerOfLiza NetworkManager:   [1596457373.0812] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: failed: connect-failed (1)
Aug  3 15:22:53 ComputerOfLiza NetworkManager:   [1596457373.0813] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: failed: connect-failed (1)
Aug  3 15:22:53 ComputerOfLiza NetworkManager:   [1596457373.0813] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: state changed: stopping (5)
Aug  3 15:22:53 ComputerOfLiza NetworkManager: Stopping strongSwan IPsec...
Aug  3 15:22:53 ComputerOfLiza charon: 00[DMN] signal of type SIGINT received. Shutting down
Aug  3 15:22:53 ComputerOfLiza charon: 00[IKE] deleting IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3 between 192.168.1.38[192.168.1.38]...77.234.209.75[77.234.209.75]
Aug  3 15:22:53 ComputerOfLiza charon: 00[IKE] sending DELETE for IKE_SA 8313482f-d2cd-4e39-a18c-86b540d6a8e3
Aug  3 15:22:53 ComputerOfLiza charon: 00[ENC] generating INFORMATIONAL_V1 request 2766966862 [ HASH D ]
Aug  3 15:22:53 ComputerOfLiza charon: 00[NET] sending packet: from 192.168.1.38 to 77.234.209.75 (84 bytes)
Aug  3 15:22:53 ComputerOfLiza nm-l2tp-service: ipsec shut down
Aug  3 15:22:53 ComputerOfLiza NetworkManager:   [1596457373.1879] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN plugin: state changed: stopped (6)
Aug  3 15:22:53 ComputerOfLiza NetworkManager:   [1596457373.1906] vpn-connection[0x55c0c1266110,8313482f-d2cd-4e39-a18c-86b540d6a8e3,"Work",0]: VPN service disappeared
Aug  3 15:23:02 ComputerOfLiza NetworkManager:   [1596457382.2593] audit: op="statistics" arg="refresh-rate-ms" pid=990 uid=1000 result="success"

How can I use a GUI for configuring an L2TP VPN on a system running Awesome ? I'm trying to force myself to use a tiling window manager for a period long enough to decide if I really like it better than a floating window manager. I've installed Awesome onto debian 11, that doesn't have any desktop environments installed. I've gotten through most of my obstacles, but one thing I can't seem to locate is a rich network-manager-applet. What I mean by rich, is one that has all the features required to set up a VPN with advanced configurations for L2TP IPsec and phase Algorithms. I know that, if I installed KDE or GNOME, the network manager applet in those desktops provide a GUI for setting all these advanced configurations I need to set for the network-manager-l2tp package. But, so far, on Awesome, the network-manager applets I've gotten into the tray are missing the portion of the gui for configuring advanced setting like L2TP IPsec Options, phase algorithms, and UDP encapsulation. Maybe I can install KDE onto another computer, set up the VPN, and then locate the file where this configuration is kept, and move that file to this computer as a means of setting up the VPN. Or, maybe I can figure out how to configure the VPN via the command line alone. It would probably be easier to use a GUI to generate the config files and then use that as a bases of learning how to configure VPNs without a GUI. However, maybe I can indeed get a network-manager applet into Awesome's system tray that is just a feature-rich as what's provided by GNOME and KDE. I'm open to advice and suggestions.

I'm trying to get StrongSwan package in Red Hat Enterprise Linux release 8.5 (Ootpa). But it shows an issue, even with libgcrypt-1.8.5-6.el8.x86_64 installed. I tried to install StrongSwan and Libgcrypt rpm packages from pkgs.org with rpm -Uvh package.rpm but those are requiring another packages already installed. A few weeks ago I installed same StrongSwan version, but the little difference than previous one... Was the Red Hat subversion: Red Hat Enterprise Linux release 8.4 (Ootpa) I've checked also the repolist with yum repolist command and both Linux have the same repolist. I'm little disoriented on this, so that's why I inquiring your support. Thank you.

I'm connecting to a corporate VPN via network-manager-l2tp with a pre-shared key and user+pass. I'm getting a correct DNS server IP automatically, which resolves the companies URLs correctly. However, public internet isn't resolved (I tested with www.google.com all the time), but this depends on the perspective: I can't get systemd-resolved to resolve from 2 DNS servers at the same time (1.1.1.1 and the corporate DNS). It's strictly either or and I've tried a lot of different configs... **Question: How do I configure systemd-resolved to use both a corporate VPN's DNS and the regular DNS servers at the same time?** I don't care if it's 'conditional forwarding' based on domain or using the 2nd DNS after the 1st fails. I couldn't get neither approach to work. My guess is this has something to do with l2tp, but I can't find any solutions that apply to my case. I use: NetworkManager 1.30.0, systemd-resolved (systemd 247.3) and openresolv (instead of old resolvconf) on Pop OS. Both services are up and running. resolv.conf -> /run/systemd/resolve/stub-resolv.conf

# This file is managed by man:systemd-resolved(8). Do not edit.
[...]

nameserver 127.0.0.53
options edns0 trust-ad
search fritz.box

/etc/systemd/resolved.conf

[Resolve]
FallbackDNS=1.1.1.1 corp.ip.add.ress

resolvectl status output after connecting to VPN

Global
           Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
Fallback DNS Servers: 1.1.1.1 corp.ip.add.ress

Link 2 (enp6s0)
    Current Scopes: DNS
         Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.178.1
       DNS Servers: 192.168.178.1
        DNS Domain: fritz.box

Link 3 (ip_vti0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 23 (ppp0)
    Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: corp.ip.add.ress
       DNS Servers: 1.1.1.1 corp.ip.add.ress

I've tried a lot of different things, but what you see above is a good starting point to come up with a robust, final solution.

I'm trying to connect to my universities VPN on Ubuntu. Here is their online guide - Off Campus | University of Stirling Going by the Mac installation guide, it states: "VPN Type: L2TP over IPsec" .. so I've run sudo apt-get install network-manager-l2tp-gnome, restarted Ubuntu and now I have the option to create a Layer 2 Tunneling Protocol (L2TP) connection. I've entered the gateway and username as they instruct. As they also request "over IPsec" I've checked the box, IPsec Settings... > "Enable IPsec tunnel to L2TP host", I've also entered "secret" in the Pre shared key box. By the way, I also tried to connect prior to setting these but it didn't work, and doesn't work now I've entered them either. Here is the log from sudo tail -f /var/log/syslog: Mar 1 15:29:32 martyn-Lenovo-B590 NetworkManager: [1519918172.6221] audit: op="connection-activate" uuid="9f1fcb5e-7d9b-41e2-9637-2a9545283b10" name="UoS VPN" pid=2301 uid=1000 result="success" Mar 1 15:29:32 martyn-Lenovo-B590 NetworkManager: [1519918172.6310] vpn-connection[0x27291e0,9f1fcb5e-7d9b-41e2-9637-2a9545283b10,"UoS VPN",0]: Started the VPN service, PID 4452 Mar 1 15:29:32 martyn-Lenovo-B590 NetworkManager: [1519918172.6452] vpn-connection[0x27291e0,9f1fcb5e-7d9b-41e2-9637-2a9545283b10,"UoS VPN",0]: Saw the service appear; activating connection Mar 1 15:29:32 martyn-Lenovo-B590 gnome-session: Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged. Mar 1 15:29:37 martyn-Lenovo-B590 NetworkManager: [1519918177.6835] keyfile: update /etc/NetworkManager/system-connections/UoS VPN (9f1fcb5e-7d9b-41e2-9637-2a9545283b10,"UoS VPN") Mar 1 15:29:37 martyn-Lenovo-B590 NetworkManager: [1519918177.6915] vpn-connection[0x27291e0,9f1fcb5e-7d9b-41e2-9637-2a9545283b10,"UoS VPN",0]: VPN connection: (ConnectInteractive) reply received Mar 1 15:29:37 martyn-Lenovo-B590 NetworkManager: nm-l2tp ipsec enable flag: yes Mar 1 15:29:37 martyn-Lenovo-B590 NetworkManager: ** Message: Check port 1701 Mar 1 15:29:37 martyn-Lenovo-B590 NetworkManager: ** Message: Can't bind to port 1701 Mar 1 15:29:37 martyn-Lenovo-B590 NetworkManager: nm-l2tp L2TP port 1701 is busy, using ephemeral. Mar 1 15:29:37 martyn-Lenovo-B590 NetworkManager: nm-l2tp starting ipsec Mar 1 15:29:37 martyn-Lenovo-B590 NetworkManager: Stopping strongSwan IPsec failed: starter is not running Mar 1 15:29:39 martyn-Lenovo-B590 NetworkManager: Starting strongSwan 5.3.5 IPsec [starter]... Mar 1 15:29:39 martyn-Lenovo-B590 NetworkManager: Loading config setup Mar 1 15:29:39 martyn-Lenovo-B590 NetworkManager: Loading conn '9f1fcb5e-7d9b-41e2-9637-2a9545283b10' Mar 1 15:29:39 martyn-Lenovo-B590 NetworkManager: found netkey IPsec stack Mar 1 15:29:39 martyn-Lenovo-B590 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-116-generic, x86_64) Mar 1 15:29:39 martyn-Lenovo-B590 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Mar 1 15:29:39 martyn-Lenovo-B590 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Mar 1 15:29:39 martyn-Lenovo-B590 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Mar 1 15:29:39 martyn-Lenovo-B590 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Mar 1 15:29:39 martyn-Lenovo-B590 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Mar 1 15:29:39 martyn-Lenovo-B590 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Mar 1 15:29:39 martyn-Lenovo-B590 charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-9f1fcb5e-7d9b-41e2-9637-2a9545283b10.secrets' Mar 1 15:29:39 martyn-Lenovo-B590 charon: 00[CFG] loaded IKE secret for %any Mar 1 15:29:39 martyn-Lenovo-B590 charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown Mar 1 15:29:39 martyn-Lenovo-B590 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0 Mar 1 15:29:39 martyn-Lenovo-B590 charon: 00[JOB] spawning 16 worker threads Mar 1 15:29:39 martyn-Lenovo-B590 charon: 13[CFG] received stroke: add connection '9f1fcb5e-7d9b-41e2-9637-2a9545283b10' Mar 1 15:29:39 martyn-Lenovo-B590 charon: 13[CFG] added configuration '9f1fcb5e-7d9b-41e2-9637-2a9545283b10' Mar 1 15:29:40 martyn-Lenovo-B590 charon: 01[CFG] rereading secrets Mar 1 15:29:40 martyn-Lenovo-B590 charon: 01[CFG] loading secrets from '/etc/ipsec.secrets' Mar 1 15:29:40 martyn-Lenovo-B590 charon: 01[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-9f1fcb5e-7d9b-41e2-9637-2a9545283b10.secrets' Mar 1 15:29:40 martyn-Lenovo-B590 charon: 01[CFG] loaded IKE secret for %any Mar 1 15:29:40 martyn-Lenovo-B590 NetworkManager: nm-l2tp Spawned ipsec up script with PID 4531. Mar 1 15:29:40 martyn-Lenovo-B590 charon: 11[CFG] received stroke: initiate '9f1fcb5e-7d9b-41e2-9637-2a9545283b10' Mar 1 15:29:40 martyn-Lenovo-B590 charon: 07[IKE] initiating Main Mode IKE_SA 9f1fcb5e-7d9b-41e2-9637-2a9545283b10[1] to 139.153.12.200 Mar 1 15:29:40 martyn-Lenovo-B590 charon: 07[ENC] generating ID_PROT request 0 [ SA V V V V ] Mar 1 15:29:40 martyn-Lenovo-B590 charon: 07[NET] sending packet: from 192.168.1.134 to 139.153.12.200 (248 bytes) Mar 1 15:29:44 martyn-Lenovo-B590 charon: 02[IKE] sending retransmit 1 of request message ID 0, seq 1 Mar 1 15:29:44 martyn-Lenovo-B590 charon: 02[NET] sending packet: from 192.168.1.134 to 139.153.12.200 (248 bytes) Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: nm-l2tp Timeout trying to establish IPsec connection Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: nm-l2tp Terminating ipsec script with PID 4531. Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: Stopping strongSwan IPsec... Mar 1 15:29:50 martyn-Lenovo-B590 charon: 00[DMN] signal of type SIGINT received. Shutting down Mar 1 15:29:50 martyn-Lenovo-B590 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: initiating Main Mode IKE_SA 9f1fcb5e-7d9b-41e2-9637-2a9545283b10[1] to 139.153.12.200 Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: generating ID_PROT request 0 [ SA V V V V ] Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: sending packet: from 192.168.1.134 to 139.153.12.200 (248 bytes) Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: sending retransmit 1 of request message ID 0, seq 1 Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: sending packet: from 192.168.1.134 to 139.153.12.200 (248 bytes) Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: destroying IKE_SA in state CONNECTING without notification Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: nm-l2tp Could not establish IPsec tunnel. Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: (nm-l2tp-service:4452): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: [1519918190.9294] vpn-connection[0x27291e0,9f1fcb5e-7d9b-41e2-9637-2a9545283b10,"UoS VPN",0]: VPN plugin: state changed: stopped (6) Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: [1519918190.9315] vpn-connection[0x27291e0,9f1fcb5e-7d9b-41e2-9637-2a9545283b10,"UoS VPN",0]: VPN plugin: state change reason: unknown (0) Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: [1519918190.9339] vpn-connection[0x27291e0,9f1fcb5e-7d9b-41e2-9637-2a9545283b10,"UoS VPN",0]: VPN service disappeared Mar 1 15:29:50 martyn-Lenovo-B590 NetworkManager: [1519918190.9360] vpn-connection[0x27291e0,9f1fcb5e-7d9b-41e2-9637-2a9545283b10,"UoS VPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying' UPDATE 2nd March $ ip r default via 192.168.1.1 dev wlp2s0 proto static metric 600 169.254.0.0/16 dev wlp2s0 scope link metric 1000 192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.134 metric 600

I have a server running Ubuntu Server 20.04 which has two ethernet interfaces and is hosting the L2TP server (using accel-ppp). 'eno1' has a single public IPv4 address assigned. 'eno2' has access to a /26 public IPv4 block which I'd like to make use of from another location via an L2TP server. Details further down. Now what I'm trying to do is make it so my router, at another location, can connect to the L2TP server and have a public facing IPv4 as well as a /27 public IPv4 routed to it from splitting the /26 public IPv4 mentioned earlier. For example, x.x.161.64/27. While I can ping the IP of the router connected to the L2TP server, from the L2TP server, as well as any /27 IPv4 I assigned via the router's LAN, I can't figure out how to get a route to the internet or beyond presumably the L2TP server's own gateway IP (x.x.161.122). eno1

IP address:  x.x.176.62 (public IPv4)
Subnet mask: 255.255.255.0
Gateway IP:  x.x.176.254

eno2

IP address:  x.x.161.125 (public IPv4)
Subnet mask: 255.255.255.252 (split from what is actually a /26)
Gateway IP:  x.x.161.126

My router assigned IP addresses, that's connecting to the L2TP server but aren't currently able to access the internet or go beyond x.x.161.122 (the L2TP server's gateway IP address - I believe) it seems.

x.x.161.121/30
x.x.161.64/27

On this Ubuntu server I have accel-ppp installed and configured as an L2TP server. In

/etc/accel-ppp.conf

I have the following:

[modules]
log_file

pptp
l2tp

auth_mschap_v2
auth_mschap_v1
auth_pap

chap-secrets

ippool

pppd_compat

[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4

[common]
single-session=replace

[ppp]
verbose=1
min-mtu=1280
mtu=1400
mru=1400
ipv4=require
ipv6=deny
ipv6-intf-id=0:0:0:1
ipv6-peer-intf-id=0:0:0:2
ipv6-accept-peer-intf-id=1
lcp-echo-interval=1
lcp-echo-failure=5
lcp-echo-timeout=120
unit-cache=1

[pptp]
verbose=1
#echo-interval=30
#ip-pool=pptp
#ipv6-pool=pptp
#ipv6-pool-delegate=pptp
ifname=pptp%d

[l2tp]
verbose=1
ifname=l2tp%d

[dns]
dns1=8.8.8.8
dns2=8.8.4.4

[client-ip-range]
disable

[ip-pool]
gw-ip-address=x.x.161.122
attr=Framed-Pool
x.x.161.121/30

[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
copy=1
level=3

[pppd-compat]
verbose=1

[chap-secrets]
chap-secrets=/etc/ppp/chap-secrets

Current ip route:

default via x.x.161.126 dev eno2 proto static
default via x.x.176.254 dev eno1 proto dhcp src x.x.176.62 metric 100
x.x.176.0/24 dev eno1 proto kernel scope link src x.x.176.62
x.x.176.254 dev eno1 proto dhcp scope link src x.x.176.62 metric 100
x.x.161.64/27 via x.x.161.121 dev l2tp0
x.x.161.121 dev l2tp0 proto kernel scope link src x.x.161.122
x.x.161.124/30 dev eno2 proto kernel scope link src x.x.161.125

Current route:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         x.x.161.126     0.0.0.0         UG    0      0        0 eno2
default         x.x.176.254     0.0.0.0         UG    100    0        0 eno1
x.x.176.0       0.0.0.0         255.255.255.0   U     0      0        0 eno1
x.x.176.254     0.0.0.0         255.255.255.255 UH    100    0        0 eno1
x.x.161.64      x.x.161.121     255.255.255.224 UG    0      0        0 l2tp0
x.x.161.121     0.0.0.0         255.255.255.255 UH    0      0        0 l2tp0
x.x.161.124     0.0.0.0         255.255.255.252 U     0      0        0 eno2

Current ifconfig:

eno1: flags=4163  mtu 1500
        inet x.x.176.62  netmask 255.255.255.0  broadcast x.x.176.255
        inet6 x:x:x:x::  prefixlen 56  scopeid 0x0
        inet6 fe80::d250:99ff:feda:91b6  prefixlen 64  scopeid 0x20
        ether d0:50:99:da:91:b6  txqueuelen 1000  (Ethernet)

eno2: flags=4163  mtu 1500
        inet x.x.161.125  netmask 255.255.255.252  broadcast x.x.161.127
        inet6 fe80::d250:99ff:feda:91b5  prefixlen 64  scopeid 0x20
        ether d0:50:99:da:91:b5  txqueuelen 1000  (Ethernet)

l2tp0: flags=4305  mtu 1400
        inet 198.244.161.122  netmask 255.255.255.255  destination x.x.161.121
        ppp  txqueuelen 3  (Point-to-Point Protocol)

How would I go about making it so, for example, the router IP address x.x.161.121 would be able to reach the internet and be reachable from the internet? Presumably it would need to somehow have a route to x.x.161.126, the gateway IP address of the entire original /26 IPv4 block. If there's a simpler or different approach I should be taking please say. I don't want to do NAT as that I imagine defeats what I'm trying to do. Hopefully I've been reasonably clear and provided plenty of details, if there's more details you need please ask. I've been trying to get my head round this for nearly two days. Playing around with changing routes is a little new to me. Thanks in advance for any assistance! EDIT: It doesn't look hopeful that I'll get an answer here so I might just have to see about finding an expert to hire for this task, assuming quotes aren't ridiculously pricey. If someone does read this question and knows the answer then I'd be really grateful to hear your solution! Thanks.

Hi i'm using network manager on debian 10 to create an L2TP over IPSEC vpn connection. for a very wird reason the process gets Termninating on signal 15. i bring up the connection with:

`
nmcli con up office

` The configuration file /etc/NetworkManager/system-connections/office.nmconnection is:

`
[connection]
id=office
uuid=cf7498fb-01c9-44c1-91a9-789d6627950b
type=vpn
autoconnect=true
interface-name=--
permissions=

[vpn]
gateway=10.0.0.1
ipsec-enabled=yes
ipsec-psk=0sbWVuZWxhb3M3MTg=
mru=1400
mtu=1400
password-flags=0
ipsec-esp=3des-sha1
ipsec-ike=3des-sha1-modp1024!
#refuse-chap=yes
#refuse-mschap=yes
#refuse-pap=yes
#require-mppe=yes
user=raspberry1
service-type=org.freedesktop.NetworkManager.l2tp

[vpn-secrets]
password=...

[ipv4]
dns-search=
method=auto
never-default=true

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto

` In /var/log/messages i can see the connection and also the error

`
May 19 07:25:01 rpi4-20210210 NetworkManager:   [1621409101.4139] agent-manager: req[0xffff98002ca0, :1.53/nmcli-connect/0]: agent registered
May 19 07:25:01 rpi4-20210210 NetworkManager:   [1621409101.4195] audit: op="connection-activate" uuid="cf7498fb-01c9-44c1-91a9-789d6627950b" name="office" pid=1330 uid=0 result="success"
May 19 07:25:01 rpi4-20210210 NetworkManager:   [1621409101.4277] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",0]: Started the VPN service, PID 1336
May 19 07:25:01 rpi4-20210210 NetworkManager:   [1621409101.4445] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",0]: Saw the service appear; activating connection
May 19 07:25:01 rpi4-20210210 NetworkManager:   [1621409101.4561] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",0]: VPN connection: (ConnectInteractive) reply received
May 19 07:25:01 rpi4-20210210 nm-l2tp-service: Check port 1701
May 19 07:25:04 rpi4-20210210 nm-l2tp-service: xl2tpd started with pid 1407
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.8892] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",0]: VPN plugin: state changed: starting (3)
May 19 07:25:04 rpi4-20210210 pppd: Plugin pppol2tp.so loaded.
May 19 07:25:04 rpi4-20210210 pppd: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
May 19 07:25:04 rpi4-20210210 pppd: pppd 2.4.7 started by root, uid 0
May 19 07:25:04 rpi4-20210210 pppd: Using interface ppp0
May 19 07:25:04 rpi4-20210210 pppd: Connect: ppp0  
May 19 07:25:04 rpi4-20210210 pppd: Overriding mtu 1500 to 1400
May 19 07:25:04 rpi4-20210210 pppd: Overriding mru 1500 to mtu value 1400
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9186] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/9)
May 19 07:25:04 rpi4-20210210 pppd: Overriding mtu 1450 to 1400
May 19 07:25:04 rpi4-20210210 pppd: CHAP authentication succeeded
May 19 07:25:04 rpi4-20210210 pppd: local  IP address 10.1.1.10
May 19 07:25:04 rpi4-20210210 pppd: remote IP address 10.1.1.1
May 19 07:25:04 rpi4-20210210 pppd: primary   DNS address 10.1.1.1
May 19 07:25:04 rpi4-20210210 pppd: secondary DNS address 1.1.1.1
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9512] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",0]: VPN connection: (IP4 Config Get) reply received from old-style plugin
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9524] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: Data: VPN Gateway: 10.0.0.1
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9525] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: Data: Tunnel Device: "ppp0"
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9526] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: Data: IPv4 configuration:
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9526] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: Data:   Internal Address: 10.1.1.10
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9526] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: Data:   Internal Prefix: 32
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9527] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: Data:   Internal Point-to-Point Address: 10.1.1.1
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9527] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: Data:   Static Route: 10.1.1.1/32   Next Hop: 0.0.0.0
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9527] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: Data:   Internal DNS: 10.1.1.1
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9528] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: Data:   Internal DNS: 1.1.1.1
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9528] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: Data:   DNS Domain: '(none)'
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9528] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: Data: No IPv6 configuration
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9529] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: VPN plugin: state changed: started (4)
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9592] vpn-connection[0xaaaafdcd24d0,cf7498fb-01c9-44c1-91a9-789d6627950b,"office",9:(ppp0)]: VPN connection: (IP Config Get) complete
May 19 07:25:04 rpi4-20210210 NetworkManager:   [1621409104.9596] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
May 19 07:25:05 rpi4-20210210 NetworkManager:   [1621409105.0093] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external')
May 19 07:26:35 rpi4-20210210 NetworkManager:   [1621409195.9260] device (ppp0): state change: disconnected -> unmanaged (reason 'connection-assumed', sys-iface-state: 'external')
May 19 07:26:35 rpi4-20210210 pppd: Terminating on signal 15
May 19 07:26:35 rpi4-20210210 pppd: Connect time 1.6 minutes.
May 19 07:26:35 rpi4-20210210 pppd: Sent 0 bytes, received 343296 bytes.
May 19 07:26:35 rpi4-20210210 pppd: Overriding mtu 1500 to 1400
May 19 07:26:35 rpi4-20210210 pppd: Overriding mru 1500 to mtu value 1400

` while connected, it seems to be working good, however i can't diagnose the "state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')" which is probably what is causing the ppp client to send the signal 15 to terminate the connection. any clues?

Trying to get Windows 10 (192.168.1.11) to connect to IPSec/L2TP on Debian 10 (192.168.1.31). Windows firewall is off and I have added AssumeUDPEncapsulationContextOnSendRule (value 2) to the registry and rebooted. The only iptables stuff going on on 192.168.1.31 is ip masquerade for the 192.168.1.0/24 network to the Internet. I've got Debian set up as below and have configured the VPN in Windows with the username and password. However Windows will not connect; an error appears in the System part of the Event Viewer which says > The user RWB-LAPTOP-DELL\User dialed a connection named VPN@mini31 which has failed. The error code returned on failure is 809. */etc/ipsec.conf*

config setup

conn wep-ap
        type=transport
        authby=secret
        pfs=no
        rekey=no
        keyingtries=1
        left=%any
        leftid=%any
        right=%any
        auto=add
        esp=aes128-sha1-modp1536
        ike=aes128-sha1-modp1536
        include /var/lib/strongswan/ipsec.conf.inc

*/etc/strongswan.conf*

charon {
    plugins {
        eap_dynamic {
            preferred = eap-mschapv2, eap-tls
        }
    }
}

*/etc/ipsec.secrets*

%any %any : PSK "password"

*/etc/ppp/chap-secrets*

laptop  *       password *

*/etc/ppp/options.xl2tpd*

noccp
auth
mtu 1410
mru 1410
nodefaultroute
proxyarp
silent
debug
ms-dns 192.168.3.31

*/etc/xl2tpd/xl2tpd.conf*

[global]                                                                ; Global parameters:
port = 1701                                                     ; * Bind to port 1701
access control = no
[lns default]                                                   ; Our fallthrough LNS definition
ip range = 192.168.3.100-192.168.3.254                          ; * But this one is okay
local ip = 192.168.3.31                         ; * Our local IP to use
name = mini31                                           ; * Report this as our hostname
pppoptfile = /etc/ppp/options.xl2tpd

In Windows: And in syslog:

mini31 # cat -n syslog | tail +3203
  3203  Nov 20 20:24:45 mini31 charon: 13[NET] received packet: from 192.168.1.11 to 192.168.1.31 (408 bytes)
  3204  Nov 20 20:24:45 mini31 charon: 13[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
  3205  Nov 20 20:24:45 mini31 charon: 13[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
  3206  Nov 20 20:24:45 mini31 charon: 13[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
  3207  Nov 20 20:24:45 mini31 charon: 13[IKE] received NAT-T (RFC 3947) vendor ID
  3208  Nov 20 20:24:45 mini31 charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
  3209  Nov 20 20:24:45 mini31 charon: 13[IKE] received FRAGMENTATION vendor ID
  3210  Nov 20 20:24:45 mini31 charon: 13[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
  3211  Nov 20 20:24:45 mini31 charon: 13[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
  3212  Nov 20 20:24:45 mini31 charon: 13[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
  3213  Nov 20 20:24:45 mini31 charon: 13[IKE] 192.168.1.11 is initiating a Main Mode IKE_SA
  3214  Nov 20 20:24:45 mini31 charon: 13[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
  3215  Nov 20 20:24:45 mini31 charon: 13[ENC] generating ID_PROT response 0 [ SA V V V V ]
  3216  Nov 20 20:24:45 mini31 charon: 13[NET] sending packet: from 192.168.1.31 to 192.168.1.11 (160 bytes)
  3217  Nov 20 20:24:45 mini31 charon: 14[NET] received packet: from 192.168.1.11 to 192.168.1.31 (228 bytes)
  3218  Nov 20 20:24:45 mini31 charon: 14[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
  3219  Nov 20 20:24:45 mini31 charon: 14[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
  3220  Nov 20 20:24:45 mini31 charon: 14[NET] sending packet: from 192.168.1.31 to 192.168.1.11 (212 bytes)
  3221  Nov 20 20:24:45 mini31 charon: 15[NET] received packet: from 192.168.1.11 to 192.168.1.31 (76 bytes)
  3222  Nov 20 20:24:45 mini31 charon: 15[ENC] parsed ID_PROT request 0 [ ID HASH ]
  3223  Nov 20 20:24:45 mini31 charon: 15[CFG] looking for pre-shared key peer configs matching 192.168.1.31...192.168.1.11[192.168.1.11]
  3224  Nov 20 20:24:45 mini31 charon: 15[CFG] selected peer config "wep-ap"
  3225  Nov 20 20:24:45 mini31 charon: 15[IKE] IKE_SA wep-ap established between 192.168.1.31[192.168.1.31]...192.168.1.11[192.168.1.11]
  3226  Nov 20 20:24:45 mini31 charon: 15[ENC] generating ID_PROT response 0 [ ID HASH ]
  3227  Nov 20 20:24:45 mini31 charon: 15[NET] sending packet: from 192.168.1.31 to 192.168.1.11 (76 bytes)
  3228  Nov 20 20:24:45 mini31 charon: 06[NET] received packet: from 192.168.1.11 to 192.168.1.31 (316 bytes)
  3229  Nov 20 20:24:45 mini31 charon: 06[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID ]
  3230  Nov 20 20:24:45 mini31 charon: 06[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
  3231  Nov 20 20:24:45 mini31 charon: 06[IKE] received 3600s lifetime, configured 0s
  3232  Nov 20 20:24:45 mini31 charon: 06[IKE] received 250000000 lifebytes, configured 0
  3233  Nov 20 20:24:45 mini31 charon: 06[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID ]
  3234  Nov 20 20:24:45 mini31 charon: 06[NET] sending packet: from 192.168.1.31 to 192.168.1.11 (188 bytes)
  3235  Nov 20 20:24:45 mini31 charon: 05[NET] received packet: from 192.168.1.11 to 192.168.1.31 (60 bytes)
  3236  Nov 20 20:24:45 mini31 charon: 05[ENC] parsed QUICK_MODE request 1 [ HASH ]
  3237  Nov 20 20:24:45 mini31 charon: 05[IKE] CHILD_SA wep-ap{6} established with SPIs c2b5d044_i 1726a3e2_o and TS 192.168.1.31/32[udp/l2f] === 192.168.1.11/32[udp/l2f]
  3238  Nov 20 20:24:46 mini31 xl2tpd: control_finish: Peer requested tunnel 3 twice, ignoring second one.
  3239  Nov 20 20:24:48 mini31 xl2tpd: control_finish: Peer requested tunnel 3 twice, ignoring second one.
  3240  Nov 20 20:24:52 mini31 xl2tpd: control_finish: Peer requested tunnel 3 twice, ignoring second one.
  3241  Nov 20 20:25:00 mini31 xl2tpd: control_finish: Peer requested tunnel 3 twice, ignoring second one.
  3242  Nov 20 20:25:10 mini31 xl2tpd: control_finish: Peer requested tunnel 3 twice, ignoring second one.
  3243  Nov 20 20:25:16 mini31 xl2tpd: Maximum retries exceeded for tunnel 13486.  Closing.
  3244  Nov 20 20:25:16 mini31 xl2tpd: Connection 3 closed to 192.168.1.11, port 1701 (Timeout)
  3245  Nov 20 20:25:20 mini31 charon: 09[NET] received packet: from 192.168.1.11 to 192.168.1.31 (76 bytes)
  3246  Nov 20 20:25:20 mini31 charon: 09[ENC] parsed INFORMATIONAL_V1 request 3379181600 [ HASH D ]
  3247  Nov 20 20:25:20 mini31 charon: 09[IKE] received DELETE for ESP CHILD_SA with SPI 1726a3e2
  3248  Nov 20 20:25:20 mini31 charon: 09[IKE] closing CHILD_SA wep-ap{6} with SPIs c2b5d044_i (696 bytes) 1726a3e2_o (0 bytes) and TS 192.168.1.31/32[udp/l2f] === 192.168.1.11/32[udp/l2f]
  3249  Nov 20 20:25:20 mini31 charon: 10[NET] received packet: from 192.168.1.11 to 192.168.1.31 (92 bytes)
  3250  Nov 20 20:25:20 mini31 charon: 10[ENC] parsed INFORMATIONAL_V1 request 309590672 [ HASH D ]
  3251  Nov 20 20:25:20 mini31 charon: 10[IKE] received DELETE for IKE_SA wep-ap
  3252  Nov 20 20:25:20 mini31 charon: 10[IKE] deleting IKE_SA wep-ap between 192.168.1.31[192.168.1.31]...192.168.1.11[192.168.1.11]
mini31 #

**Update: eap and ike** If I use

esp=aes-sha1,3des-sha1,aes128-sha1,3des-sha1,aes128-sha256,aes128-sha1-modp1536
ike=aes-sha,3des-sha,aes128-aes256-sha1-modp3072-modp2048,3des-sha1-md5-modp1024,aes128-sha1-modp1536

(How do you find out what values to use?) Then something different happens:

Nov 21 13:40:04 mini31 charon: 07[NET] received packet: from 192.168.1.11 to 192.168.1.31 (408 bytes)
Nov 21 13:40:04 mini31 charon: 07[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Nov 21 13:40:04 mini31 charon: 07[IKE] no IKE config found for 192.168.1.31...192.168.1.11, sending NO_PROPOSAL_CHOSEN
Nov 21 13:40:04 mini31 charon: 07[ENC] generating INFORMATIONAL_V1 request 1021960079 [ N(NO_PROP) ]
Nov 21 13:40:04 mini31 charon: 07[NET] sending packet: from 192.168.1.31 to 192.168.1.11 (40 bytes)
Nov 21 13:40:05 mini31 charon: 08[NET] received packet: from 192.168.1.11 to 192.168.1.31 (408 bytes)
Nov 21 13:40:05 mini31 charon: 08[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Nov 21 13:40:05 mini31 charon: 08[IKE] no IKE config found for 192.168.1.31...192.168.1.11, sending NO_PROPOSAL_CHOSEN
Nov 21 13:40:05 mini31 charon: 08[ENC] generating INFORMATIONAL_V1 request 440253701 [ N(NO_PROP) ]
Nov 21 13:40:05 mini31 charon: 08[NET] sending packet: from 192.168.1.31 to 192.168.1.11 (40 bytes)
Nov 21 13:40:06 mini31 charon: 09[NET] received packet: from 192.168.1.11 to 192.168.1.31 (408 bytes)
Nov 21 13:40:06 mini31 charon: 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Nov 21 13:40:06 mini31 charon: 09[IKE] no IKE config found for 192.168.1.31...192.168.1.11, sending NO_PROPOSAL_CHOSEN
Nov 21 13:40:06 mini31 charon: 09[ENC] generating INFORMATIONAL_V1 request 101389495 [ N(NO_PROP) ]
Nov 21 13:40:06 mini31 charon: 09[NET] sending packet: from 192.168.1.31 to 192.168.1.11 (40 bytes)
Nov 21 13:40:09 mini31 charon: 10[NET] received packet: from 192.168.1.11 to 192.168.1.31 (408 bytes)
Nov 21 13:40:09 mini31 charon: 10[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Nov 21 13:40:09 mini31 charon: 10[IKE] no IKE config found for 192.168.1.31...192.168.1.11, sending NO_PROPOSAL_CHOSEN
Nov 21 13:40:09 mini31 charon: 10[ENC] generating INFORMATIONAL_V1 request 171333823 [ N(NO_PROP) ]
Nov 21 13:40:09 mini31 charon: 10[NET] sending packet: from 192.168.1.31 to 192.168.1.11 (40 bytes)

**Another update** While Windows is connecting ipsec showall shows a connection, so I think the problem is with xl2tpd and in particular the Maximum retries exceeded for tunnel... Closing thing. **Update again** New evidence in dmesg:

[2106321.117169] audit: type=1400 audit(1611348027.206:30): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/20839/fd/" pid=20839 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2106356.184250] audit: type=1400 audit(1611348062.273:31): apparmor="DENIED" operation="open" profile="/usr/lib/ipsec/charon" name="/proc/20858/fd/" pid=20858 comm="charon" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
m

Howerver

# aa-complain /usr/lib/ipsec/charon

made no difference.

My company gave me ip address, username, password & pre-shared key to connect to vpn using L2TP. My workstation: Fedora 32 + Gnome. Installed xl2tpd, NetworkManager-l2tp, NetworkManager-l2tp-gnome, ike-scan packages. enabled L2TP kernel modules by commenting blacklisting lines in modprobe files: /etc/modprobe.d/l2tp_ppp-blacklist.conf & /etc/modprobe.d/l2tp_netlink-blacklist.conf Rebooted. Created VPN connection from Gnome settings. Didn't work. Got this in logs: NO_PROPOSAL_CHOSEN Found out, I was missing Phase1 & Phase2 algorithm config in connection. Ran a script mentioned here to query VPN server for its IKEv1 algorithm proposals. Got output: SA=(Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) SA=(Enc=3DES Hash=MD5 Group=2:modp1024 Auth=RSA_Sig LifeType=Seconds LifeDuration=28800) SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=RSA_Sig LifeType=Seconds LifeDuration=28800) Based on above output, used these as Phase1 & Phase2 algorithms respectively: 3des-sha1-modp1024,3des-md5-modp1024 aes256-sha1,aes128-sha1,3des-sha1,3des-md5 Still doesn't work. Fetched this from journalctl logs: Jun 29 19:19:40 localhost.localdomain NetworkManager: [1593438580.8130] audit: op="connection-activate" uuid="4dd9b863-c9f3-4c0a-9f41-240078fa51d1" name="RMP" pid=6295 uid=1000 result="success" Jun 29 19:19:40 localhost.localdomain NetworkManager: [1593438580.8190] vpn-connection[0x56139c388540,4dd9b863-c9f3-4c0a-9f41-240078fa51d1,"RMP",0]: Started the VPN service, PID 6406 Jun 29 19:19:40 localhost.localdomain NetworkManager: [1593438580.8288] vpn-connection[0x56139c388540,4dd9b863-c9f3-4c0a-9f41-240078fa51d1,"RMP",0]: Saw the service appear; activating connection Jun 29 19:19:40 localhost.localdomain NetworkManager: [1593438580.8839] vpn-connection[0x56139c388540,4dd9b863-c9f3-4c0a-9f41-240078fa51d1,"RMP",0]: VPN connection: (ConnectInteractive) reply received Jun 29 19:19:40 localhost.localdomain nm-l2tp-service: Check port 1701 Jun 29 19:19:40 localhost.localdomain NetworkManager: whack: Pluto is not running (no "/run/pluto/pluto.ctl") Jun 29 19:19:40 localhost.localdomain NetworkManager: Redirecting to: systemctl restart ipsec.service Jun 29 19:19:41 localhost.localdomain NetworkManager: 002 listening for IKE messages Jun 29 19:19:41 localhost.localdomain NetworkManager: 002 forgetting secrets Jun 29 19:19:41 localhost.localdomain NetworkManager: 002 loading secrets from "/etc/ipsec.secrets" Jun 29 19:19:41 localhost.localdomain NetworkManager: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets" Jun 29 19:19:41 localhost.localdomain NetworkManager: debugging mode enabled Jun 29 19:19:41 localhost.localdomain NetworkManager: end of file /var/run/nm-l2tp-4dd9b863-c9f3-4c0a-9f41-240078fa51d1/ipsec.conf Jun 29 19:19:41 localhost.localdomain NetworkManager: Loading conn 4dd9b863-c9f3-4c0a-9f41-240078fa51d1 Jun 29 19:19:41 localhost.localdomain NetworkManager: starter: left is KH_DEFAULTROUTE Jun 29 19:19:41 localhost.localdomain NetworkManager: conn: "4dd9b863-c9f3-4c0a-9f41-240078fa51d1" modecfgdns= Jun 29 19:19:41 localhost.localdomain NetworkManager: conn: "4dd9b863-c9f3-4c0a-9f41-240078fa51d1" modecfgdomains= Jun 29 19:19:41 localhost.localdomain NetworkManager: conn: "4dd9b863-c9f3-4c0a-9f41-240078fa51d1" modecfgbanner= Jun 29 19:19:41 localhost.localdomain NetworkManager: conn: "4dd9b863-c9f3-4c0a-9f41-240078fa51d1" mark= Jun 29 19:19:41 localhost.localdomain NetworkManager: conn: "4dd9b863-c9f3-4c0a-9f41-240078fa51d1" mark-in= Jun 29 19:19:41 localhost.localdomain NetworkManager: conn: "4dd9b863-c9f3-4c0a-9f41-240078fa51d1" mark-out= Jun 29 19:19:41 localhost.localdomain NetworkManager: conn: "4dd9b863-c9f3-4c0a-9f41-240078fa51d1" vti_iface= Jun 29 19:19:41 localhost.localdomain NetworkManager: conn: "4dd9b863-c9f3-4c0a-9f41-240078fa51d1" redirect-to= Jun 29 19:19:41 localhost.localdomain NetworkManager: conn: "4dd9b863-c9f3-4c0a-9f41-240078fa51d1" accept-redirect-to= Jun 29 19:19:41 localhost.localdomain NetworkManager: conn: "4dd9b863-c9f3-4c0a-9f41-240078fa51d1" esp=aes256-sha1,aes128-sha1,3des-sha1,3des-md5 Jun 29 19:19:41 localhost.localdomain NetworkManager: conn: "4dd9b863-c9f3-4c0a-9f41-240078fa51d1" ike=3des-sha1-modp1024,3des-md5-modp1024 Jun 29 19:19:41 localhost.localdomain NetworkManager: opening file: /var/run/nm-l2tp-4dd9b863-c9f3-4c0a-9f41-240078fa51d1/ipsec.conf Jun 29 19:19:41 localhost.localdomain NetworkManager: loading named conns: 4dd9b863-c9f3-4c0a-9f41-240078fa51d1 Jun 29 19:19:41 localhost.localdomain NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1 Jun 29 19:19:41 localhost.localdomain NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1 Jun 29 19:19:41 localhost.localdomain NetworkManager: dst via 192.168.0.1 dev wlp3s0 src table 254 Jun 29 19:19:41 localhost.localdomain NetworkManager: set nexthop: 192.168.0.1 Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 192.168.0.0 via dev wlp3s0 src 192.168.0.107 table 254 Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254 Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored) Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored) Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored) Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored) Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 192.168.0.0 via dev wlp3s0 src 192.168.0.107 table 255 (ignored) Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 192.168.0.107 via dev wlp3s0 src 192.168.0.107 table 255 (ignored) Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 192.168.0.255 via dev wlp3s0 src 192.168.0.107 table 255 (ignored) Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored) Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored) Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored) Jun 29 19:19:41 localhost.localdomain NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1 Jun 29 19:19:41 localhost.localdomain NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1 Jun 29 19:19:41 localhost.localdomain NetworkManager: dst 192.168.0.1 via dev wlp3s0 src 192.168.0.107 table 254 Jun 29 19:19:41 localhost.localdomain NetworkManager: set addr: 192.168.0.107 Jun 29 19:19:41 localhost.localdomain NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1 Jun 29 19:19:41 localhost.localdomain nm-l2tp-service: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed Jun 29 19:19:41 localhost.localdomain NetworkManager: [1593438581.3082] vpn-connection[0x56139c388540,4dd9b863-c9f3-4c0a-9f41-240078fa51d1,"RMP",0]: VPN plugin: state changed: stopped (6) Jun 29 19:19:41 localhost.localdomain NetworkManager: [1593438581.3107] vpn-connection[0x56139c388540,4dd9b863-c9f3-4c0a-9f41-240078fa51d1,"RMP",0]: VPN service disappeared Jun 29 19:19:41 localhost.localdomain NetworkManager: [1593438581.3118] vpn-connection[0x56139c388540,4dd9b863-c9f3-4c0a-9f41-240078fa51d1,"RMP",0]: VPN connection: failed to connect: 'Remote peer disconnected' Don't understand what I'm doing wrong here. Any help on resolving this is highly appreciated! I have to connect to vpn asap to resume my work. The same connection properties work in Windows without any issues. I don't even have to configure any deciphering algorithms. It just works out of the box. My company wants me to use Windows in that case and I cannot stand that OS. It brings my machine to grinding halt and thrashes on my HDD non-stop. Please help me connect to the VPN.

I am running Ubuntu 18.04 and trying to get a VPN (L2TP/IPSec) connection to my company. The necessary tools are already installed and I have a profile with the correct access data. However, if I try to activate the VPN with nmcli c up VPN it quits with the following error: Error: Connection activation failed: Could not find source connection. If I do a nmcli device status I get: DEVICE TYPE STATE CONNECTION br0 bridge connected br0 virbr0 bridge connected virbr0 eno1 ethernet connected eno1 lo loopback not managed -- virbr0-nic tun not managed -- **EDIT:** Here on StackExchange, there is similar issue , with two possible solutions. Both don't work for me. Let me explain: The 1st solution suggests to set 127.0.0.1 as default route. The only way for me to do so, is to set the default route of br0. But then I loose the IPv4 connection until the next restart. Changing the default route back, does not get the connection back online. The 2nd solution suggests to setup a netplan config. If I do so, I overcome the Could not find source connection.-Error, but I loose complete network access as well (until next reboot). So these are no working solutions for me. So I hope someone is able to help me. Thanks. **EDIT 2:** So apparently, I missunderstood the 1st provided solution - the default route. ip r gives me the following output: default via 10.1.10.1 dev br0 10.1.0.0/16 dev br0 proto kernel scope link src 10.1.20.25 169.254.0.0/16 dev br0 scope link metric 1000 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown If I understand this correctly, br0 is the default route!? netstat -rn gives me the following output: Kernel-IP-Routentabelle Ziel Router Genmask Flags MSS Fenster irtt Iface 0.0.0.0 10.1.10.1 0.0.0.0 UG 0 0 0 br0 10.1.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 And my etc/network/interfaces looks like this: # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback auto br0 iface br0 inet dhcp bridge_ports eno1 bridge_stp off bridge_maxwait 0 bridge_fd 0 So right now I am not really sure what to do. As of my understanding the default route is set and [ifupdown] managed=true is set. So, what else could I do? I could try to get rid of that bridge, but I don't know if that would help. Thanks for any advice.

I'm currently trying to establish a VPN connection to the network of my office using IPSec/L2TP with Ubuntu 16.04 (and/or Fedora 26) which fails with the following syslog entries (complete log below): 11:46:26 laptop NetworkManager: received packet: from x.x.x.x to 192.168.0.102 (56 bytes) 11:46:26 laptop NetworkManager: parsed INFORMATIONAL_V1 request 3879417451 [ N(NO_PROP) ] 11:46:26 laptop NetworkManager: received NO_PROPOSAL_CHOSEN error notify 11:46:26 laptop NetworkManager: establishing connection '5f4cde33-5549-4535-864b-04944a5d4d69' failed According to this answer on a similar question the problem might be the negotiation of the protocol(s) to use for the connection. As suggested I used the mentioned tool ike-scan to retrieve some information from the server: # sudo ipsec stop; sudo service xl2tpd stop; sudo ike-scan x.x.x.x Stopping strongSwan IPsec failed: starter is not running Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/) x.x.x.x Main Mode Handshake returned HDR=(CKY-R=7b0d4448e7767519) SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(4)=0x00007080) VID=1e2b516905991c7d7c96fcbfb587e46100000009 (MS NT5 ISAKMPOAKLEY) VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T) VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n) VID=4048b7d56ebce88525e7de7f00d6c2d3 (IKE Fragmentation) VID=fb1de3cdf341b7ea16b7e5be0855f120 VID=e3a5966a76379fe707228231e5ce8652 Ending ike-scan 1.9: 1 hosts scanned in 0.062 seconds (16.05 hosts/sec). 1 returned handshake; 0 returned notify As further suggested I updated the NetworkManager connection config to use those algorithms: [connection] id=SomeName uuid=5f4cde33-5549-4535-864b-04944a5d4d69 type=vpn autoconnect=false permissions=user:arne:; secondaries= [vpn] password-flags=1 ipsec-esp=3des-sha1! ipsec-psk=**** user=**** ipsec-enabled=yes ipsec-ike=3des-sha1-modp1024! mru=1400 gateway=x.x.x.x mtu=1400 service-type=org.freedesktop.NetworkManager.l2tp keyexchange=ikev1 [ipv4] dns-search= method=auto [ipv6] addr-gen-mode=stable-privacy dns-search= method=auto But this doesn't seem to change anything in the error log. Does anyone has an idea what might be the problem here? Thank you very much! ---------- Environment: # uname -a Linux arne-Latitude-E5570 4.10.0-35-generic #39~16.04.1-Ubuntu SMP Wed Sep 13 09:02:42 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux Complete syslog: 11:46:23 laptop NetworkManager: [1508492783.2731] audit: op="connection-activate" uuid="5f4cde33-5549-4535-864b-04944a5d4d69" name="SomeName" pid=31464 uid=1000 result="success" 11:46:23 laptop NetworkManager: [1508492783.2860] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: Started the VPN service, PID 1579 11:46:23 laptop NetworkManager: [1508492783.3102] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: Saw the service appear; activating connection 11:46:23 laptop NetworkManager: [1508492783.3934] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: VPN connection: (ConnectInteractive) reply received 11:46:23 laptop NetworkManager: nm-l2tp ipsec enable flag: yes 11:46:23 laptop NetworkManager: ** Message: Check port 1701 11:46:23 laptop NetworkManager: ** Message: Can't bind to port 1701 11:46:23 laptop NetworkManager: nm-l2tp L2TP port 1701 is busy, using ephemeral. 11:46:23 laptop NetworkManager: nm-l2tp starting ipsec 11:46:23 laptop NetworkManager: Stopping strongSwan IPsec failed: starter is not running 11:46:25 laptop NetworkManager: Starting strongSwan 5.3.5 IPsec [starter]... 11:46:25 laptop NetworkManager: Loading config setup 11:46:25 laptop NetworkManager: Loading conn '5f4cde33-5549-4535-864b-04944a5d4d69' 11:46:25 laptop NetworkManager: found netkey IPsec stack 11:46:25 laptop charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.10.0-35-generic, x86_64) 11:46:25 laptop charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' 11:46:25 laptop charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' 11:46:25 laptop charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' 11:46:25 laptop charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' 11:46:25 laptop charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' 11:46:25 laptop charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' 11:46:25 laptop charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-5f4cde33-5549-4535-864b-04944a5d4d69.secrets' 11:46:25 laptop charon: 00[CFG] loaded IKE secret for %any 11:46:25 laptop charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-77751670-3316-4fdc-abaf-1293b25b7687.secrets' 11:46:25 laptop charon: 00[CFG] loaded IKE secret for %any 11:46:25 laptop charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown 11:46:25 laptop charon: 00[LIB] dropped capabilities, running as uid 0, gid 0 11:46:25 laptop charon: 00[JOB] spawning 16 worker threads 11:46:25 laptop charon: 04[CFG] received stroke: add connection '5f4cde33-5549-4535-864b-04944a5d4d69' 11:46:25 laptop charon: 04[CFG] added configuration '5f4cde33-5549-4535-864b-04944a5d4d69' 11:46:26 laptop charon: 06[CFG] rereading secrets 11:46:26 laptop charon: 06[CFG] loading secrets from '/etc/ipsec.secrets' 11:46:26 laptop charon: 06[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-5f4cde33-5549-4535-864b-04944a5d4d69.secrets' 11:46:26 laptop charon: 06[CFG] loaded IKE secret for %any 11:46:26 laptop charon: 06[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-77751670-3316-4fdc-abaf-1293b25b7687.secrets' 11:46:26 laptop charon: 06[CFG] loaded IKE secret for %any 11:46:26 laptop NetworkManager: nm-l2tp Spawned ipsec up script with PID 1655. 11:46:26 laptop charon: 08[CFG] received stroke: initiate '5f4cde33-5549-4535-864b-04944a5d4d69' 11:46:26 laptop charon: 10[IKE] initiating Main Mode IKE_SA 5f4cde33-5549-4535-864b-04944a5d4d69[1] to x.x.x.x 11:46:26 laptop charon: 10[ENC] generating ID_PROT request 0 [ SA V V V V ] 11:46:26 laptop charon: 10[NET] sending packet: from 192.168.0.102 to x.x.x.x (148 bytes) 11:46:26 laptop charon: 09[NET] received packet: from x.x.x.x to 192.168.0.102 (56 bytes) 11:46:26 laptop charon: 09[ENC] parsed INFORMATIONAL_V1 request 3879417451 [ N(NO_PROP) ] 11:46:26 laptop charon: 09[IKE] received NO_PROPOSAL_CHOSEN error notify 11:46:26 laptop NetworkManager: initiating Main Mode IKE_SA 5f4cde33-5549-4535-864b-04944a5d4d69[1] to x.x.x.x 11:46:26 laptop NetworkManager: generating ID_PROT request 0 [ SA V V V V ] 11:46:26 laptop NetworkManager: sending packet: from 192.168.0.102 to x.x.x.x (148 bytes) 11:46:26 laptop NetworkManager: received packet: from x.x.x.x to 192.168.0.102 (56 bytes) 11:46:26 laptop NetworkManager: parsed INFORMATIONAL_V1 request 3879417451 [ N(NO_PROP) ] 11:46:26 laptop NetworkManager: received NO_PROPOSAL_CHOSEN error notify 11:46:26 laptop NetworkManager: establishing connection '5f4cde33-5549-4535-864b-04944a5d4d69' failed 11:46:26 laptop NetworkManager: Stopping strongSwan IPsec... 11:46:26 laptop charon: 00[DMN] signal of type SIGINT received. Shutting down 11:46:26 laptop NetworkManager: nm-l2tp Could not establish IPsec tunnel. 11:46:26 laptop NetworkManager: (nm-l2tp-service:1579): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed 11:46:26 laptop NetworkManager: [1508492786.8335] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: VPN plugin: state changed: stopped (6) 11:46:26 laptop NetworkManager: [1508492786.8359] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: VPN plugin: state change reason: unknown (0) 11:46:26 laptop NetworkManager: [1508492786.8393] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: VPN service disappeared 11:46:26 laptop NetworkManager: [1508492786.8418] vpn-connection[0xfbd460,5f4cde33-5549-4535-864b-04944a5d4d69,"SomeName",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'

I can't seem to access this VPN despite successfully connecting to it. I am using UbuntuMate 18.04 and it is a L2TP VPN. I know my credentials are correct because I am able to access stuff on my android phone with my credentials, but not on my Ubuntu desktop. Basically the exact same problem as this guy , but the answers there are not helping. Any advice on what I could be the problem?