Unable to connect to L2TP/IPSec VPN with ubuntu 17.10
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
L2TP over IPsec VPN Manager |
Invalid
|
Undecided
|
Douglas Kosovic |
Bug Description
Recently I've lost the vpn connection, maybe with some update, previous to this the connection was successful.
The connection in Windows it's working so well, and my VPN provider has told to me that he has not changed something.
The current versions:
network-
network management framework (L2TP plugin core)
network-
network management framework (L2TP plugin GNOME GUI)
xl2tpd/artful,now 1.3.8+dfsg-1 amd64 [installed]
layer 2 tunneling protocol implementation
strongswan/
IPsec VPN solution metapackage
strongswan-
strongSwan plugin to interact with NetworkManager
The result of ike-scan.sh
jorge@ulises:
SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration(
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=19 Auth=PSK LifeType=Seconds LifeDuration(
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=20 Auth=PSK LifeType=Seconds LifeDuration(
The log of connection:
jorge@ulises:~$ journalctl -f -u NetworkManager
ene 28 22:16:42 ulises NetworkManager[
ene 28 22:16:42 ulises NetworkManager[
ene 28 22:16:42 ulises NetworkManager[
ene 28 22:16:42 ulises NetworkManager[
ene 28 22:16:42 ulises nm-l2tp-
ene 28 22:16:42 ulises nm-l2tp-
ene 28 22:16:42 ulises NetworkManager[
ene 28 22:16:44 ulises NetworkManager[
ene 28 22:16:44 ulises NetworkManager[
ene 28 22:16:44 ulises NetworkManager[
ene 28 22:16:44 ulises ipsec_starter[
ene 28 22:16:44 ulises ipsec_starter[
ene 28 22:16:44 ulises ipsec_starter[
ene 28 22:16:44 ulises NetworkManager[
ene 28 22:16:44 ulises ipsec_starter[
ene 28 22:16:44 ulises ipsec_starter[
ene 28 22:16:44 ulises charon[15527]: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 4.13.0-31-generic, x86_64)
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loading ca certificates from '/etc/ipsec.
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loading aa certificates from '/etc/ipsec.
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loading attribute certificates from '/etc/ipsec.
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loaded IKE secret for %any
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loaded IKE secret for %any
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loaded IKE secret for %any
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loaded IKE secret for %any
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loaded IKE secret for %any
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:44 ulises charon[15527]: 00[CFG] loaded IKE secret for %any
ene 28 22:16:44 ulises charon[15527]: 00[LIB] loaded plugins: charon test-vectors aesni aes rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac ccm gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic
ene 28 22:16:44 ulises charon[15527]: 00[LIB] dropped capabilities, running as uid 0, gid 0
ene 28 22:16:44 ulises charon[15527]: 00[JOB] spawning 16 worker threads
ene 28 22:16:44 ulises ipsec_starter[
ene 28 22:16:44 ulises charon[15527]: 05[CFG] received stroke: add connection 'd812fb2d-
ene 28 22:16:44 ulises charon[15527]: 05[CFG] added configuration 'd812fb2d-
ene 28 22:16:45 ulises charon[15527]: 07[CFG] rereading secrets
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loaded IKE secret for %any
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loaded IKE secret for %any
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loaded IKE secret for %any
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loaded IKE secret for %any
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loaded IKE secret for %any
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loading secrets from '/etc/ipsec.
ene 28 22:16:45 ulises charon[15527]: 07[CFG] loaded IKE secret for %any
ene 28 22:16:45 ulises charon[15527]: 09[CFG] received stroke: initiate 'd812fb2d-
ene 28 22:16:45 ulises charon[15527]: 11[IKE] initiating Main Mode IKE_SA d812fb2d-
ene 28 22:16:45 ulises charon[15527]: 11[IKE] initiating Main Mode IKE_SA d812fb2d-
ene 28 22:16:45 ulises charon[15527]: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
ene 28 22:16:45 ulises charon[15527]: 11[NET] sending packet: from 192.168.0.16[500] to 200.69.103.48[500] (304 bytes)
ene 28 22:16:45 ulises charon[15527]: 12[NET] received packet: from 200.69.103.48[500] to 192.168.0.16[500] (208 bytes)
ene 28 22:16:45 ulises charon[15527]: 12[ENC] parsed ID_PROT response 0 [ SA V V V V V V ]
ene 28 22:16:45 ulises charon[15527]: 12[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
ene 28 22:16:45 ulises charon[15527]: 12[IKE] received NAT-T (RFC 3947) vendor ID
ene 28 22:16:45 ulises charon[15527]: 12[IKE] received draft-ietf-
ene 28 22:16:45 ulises charon[15527]: 12[IKE] received FRAGMENTATION vendor ID
ene 28 22:16:45 ulises charon[15527]: 12[ENC] received unknown vendor ID: fb:1d:e3:
ene 28 22:16:45 ulises charon[15527]: 12[ENC] received unknown vendor ID: e3:a5:96:
ene 28 22:16:45 ulises charon[15527]: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
ene 28 22:16:45 ulises charon[15527]: 12[NET] sending packet: from 192.168.0.16[500] to 200.69.103.48[500] (244 bytes)
ene 28 22:16:45 ulises charon[15527]: 13[NET] received packet: from 200.69.103.48[500] to 192.168.0.16[500] (260 bytes)
ene 28 22:16:45 ulises charon[15527]: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
ene 28 22:16:45 ulises charon[15527]: 13[IKE] local host is behind NAT, sending keep alives
ene 28 22:16:45 ulises charon[15527]: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
ene 28 22:16:45 ulises charon[15527]: 13[NET] sending packet: from 192.168.0.16[4500] to 200.69.103.48[4500] (68 bytes)
ene 28 22:16:45 ulises charon[15527]: 15[NET] received packet: from 200.69.103.48[500] to 192.168.0.16[500] (260 bytes)
ene 28 22:16:45 ulises charon[15527]: 15[IKE] received retransmit of response with ID 0, but next request already sent
ene 28 22:16:49 ulises charon[15527]: 06[IKE] sending retransmit 1 of request message ID 0, seq 3
ene 28 22:16:49 ulises charon[15527]: 06[NET] sending packet: from 192.168.0.16[4500] to 200.69.103.48[4500] (68 bytes)
ene 28 22:16:49 ulises charon[15527]: 05[NET] received packet: from 200.69.103.48[500] to 192.168.0.16[500] (260 bytes)
ene 28 22:16:49 ulises charon[15527]: 05[IKE] received retransmit of response with ID 0, but next request already sent
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises charon[15527]: 00[DMN] signal of type SIGINT received. Shutting down
ene 28 22:16:55 ulises charon[15527]: 00[IKE] destroying IKE_SA in state CONNECTING without notification
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:55 ulises nm-l2tp-
ene 28 22:16:55 ulises NetworkManager[
ene 28 22:16:56 ulises NetworkManager[
ene 28 22:16:56 ulises NetworkManager[
Changed in l2tp-ipsec-vpn: | |
assignee: | nobody → Douglas Kosovic (dkosovic) |
status: | New → Invalid |
Paste aditional information as suggest in https:/ /github. com/nm- l2tp/network- manager- l2tp/issues/ 70 https:/ /github. com/nm- l2tp/network- manager- l2tp/issues/ 64
Phase 1 Algorithms: aes128- sha1-modp2048, 3des-sha1- modp1536, 3des-sha1- modp1024 sha1,3des- sha1
Phase 2 Algorithms: aes128-
jorge@ulises: ~/Desktop$ sudo killall -TERM nm-l2tp-service ~/Desktop$ sudo /usr/lib/ NetworkManager/ nm-l2tp- service --debug p.NetworkManage r.l2tp"
jorge@ulises:
nm-l2tp[26181] <debug> nm-l2tp-service (version 1.2.8) starting...
nm-l2tp[26181] <debug> uses default --bus-name "org.freedeskto
nm-l2tp[26181] <info> ipsec enable flag: yes 2212-44d6- a8b7-aff603b6ed 10" (s) priority : 0 (sd) retries : -1 (sd) ectionAutoconne ctSlaves) NM_SETTING_ CONNECTION_ AUTOCONNECT_ SLAVES_ DEFAULT) (sd) ping-timeout : 0 (sd)
** Message: Check port 1701
** Message: Can't bind to port 1701
nm-l2tp[26181] <warn> L2TP port 1701 is busy, using ephemeral.
connection
id : "MY VPN CONN" (s)
uuid : "d812fb2d-
interface-name : NULL (sd)
type : "vpn" (s)
permissions : ["user:jorge:"] (s)
autoconnect : FALSE (s)
autoconnect-
autoconnect-
timestamp : 1513964824 (s)
read-only : FALSE (sd)
zone : NULL (sd)
master : NULL (sd)
slave-type : NULL (sd)
autoconnect-slaves : ((NMSettingConn
secondaries : NULL (sd)
gateway-
metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
lldp : -1 (sd)
stable-id : NULL (sd)
ipv6 onfigPrivacy) NM_SETTING_ IP6_CONFIG_ PRIVACY_ UNKNOWN) (sd)
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x55af6d3d3f60) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x55af6d3bed20) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
ip6-privacy : ((NMSettingIP6C
addr-gen-mode : 1 (sd)
token : NULL (sd)
proxy
method : 0 (sd)
browser-only : FALSE (sd)
pac-url : NULL (sd)
pac-script : NULL (sd)
vpn p.NetworkManage r.l2tp" (s)
service-type : "org.freedeskto
user-name : "jorge" (s)
persistent : FALSE (sd)
data : ((GHashTable*) 0x7f6100006cc0) (s)
secrets : ((GHashTable*) 0x55af6d3b4760) (s)
timeout : 0 (sd)
ipv4
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x7f61000014a0) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x7f61000014a0) (s)
route-metric : -1 (sd)
ignore-auto-routes : TRUE (s)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : TRUE (s)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
dhcp-client-id : NULL (sd)
dhcp-fqdn : NULL (sd)
nm-l2tp[26181] <info> starting ipsec 2212-44d6- a8b7-aff603b6ed 10' 2212-44d6- a8b7-aff603b6ed 10[1] to 200.69.103.48
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.5.1 IPsec [starter]...
Loading config setup
Loading conn 'd812fb2d-
found netkey IPsec stack
nm-l2tp[26181] <info> Spawned ipsec up script with PID 26248.
initiating Main Mode IKE_SA d812fb2d-
generatin...