Paste aditional information as suggest in https://github.com/nm-l2tp/network-manager-l2tp/issues/70 https://github.com/nm-l2tp/network-manager-l2tp/issues/64 Phase 1 Algorithms: aes128-sha1-modp2048,3des-sha1-modp1536,3des-sha1-modp1024 Phase 2 Algorithms: aes128-sha1,3des-sha1 jorge@ulises:~/Desktop$ sudo killall -TERM nm-l2tp-service jorge@ulises:~/Desktop$ sudo /usr/lib/NetworkManager/nm-l2tp-service --debug nm-l2tp[26181] nm-l2tp-service (version 1.2.8) starting... nm-l2tp[26181] uses default --bus-name "org.freedesktop.NetworkManager.l2tp" nm-l2tp[26181] ipsec enable flag: yes ** Message: Check port 1701 ** Message: Can't bind to port 1701 nm-l2tp[26181] L2TP port 1701 is busy, using ephemeral. connection id : "MY VPN CONN" (s) uuid : "d812fb2d-2212-44d6-a8b7-aff603b6ed10" (s) interface-name : NULL (sd) type : "vpn" (s) permissions : ["user:jorge:"] (s) autoconnect : FALSE (s) autoconnect-priority : 0 (sd) autoconnect-retries : -1 (sd) timestamp : 1513964824 (s) read-only : FALSE (sd) zone : NULL (sd) master : NULL (sd) slave-type : NULL (sd) autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd) secondaries : NULL (sd) gateway-ping-timeout : 0 (sd) metered : ((NMMetered) NM_METERED_UNKNOWN) (sd) lldp : -1 (sd) stable-id : NULL (sd) ipv6 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray*) 0x55af6d3d3f60) (s) gateway : NULL (sd) routes : ((GPtrArray*) 0x55af6d3bed20) (s) route-metric : -1 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd) addr-gen-mode : 1 (sd) token : NULL (sd) proxy method : 0 (sd) browser-only : FALSE (sd) pac-url : NULL (sd) pac-script : NULL (sd) vpn service-type : "org.freedesktop.NetworkManager.l2tp" (s) user-name : "jorge" (s) persistent : FALSE (sd) data : ((GHashTable*) 0x7f6100006cc0) (s) secrets : ((GHashTable*) 0x55af6d3b4760) (s) timeout : 0 (sd) ipv4 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray*) 0x7f61000014a0) (s) gateway : NULL (sd) routes : ((GPtrArray*) 0x7f61000014a0) (s) route-metric : -1 (sd) ignore-auto-routes : TRUE (s) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : TRUE (s) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) dhcp-client-id : NULL (sd) dhcp-fqdn : NULL (sd) nm-l2tp[26181] starting ipsec Stopping strongSwan IPsec failed: starter is not running Starting strongSwan 5.5.1 IPsec [starter]... Loading config setup Loading conn 'd812fb2d-2212-44d6-a8b7-aff603b6ed10' found netkey IPsec stack nm-l2tp[26181] Spawned ipsec up script with PID 26248. initiating Main Mode IKE_SA d812fb2d-2212-44d6-a8b7-aff603b6ed10[1] to 200.69.103.48 generating ID_PROT request 0 [ SA V V V V V ] sending packet: from 192.168.0.16[500] to 200.69.103.48[500] (304 bytes) received packet: from 200.69.103.48[500] to 192.168.0.16[500] (208 bytes) parsed ID_PROT response 0 [ SA V V V V V V ] received MS NT5 ISAKMPOAKLEY vendor ID received NAT-T (RFC 3947) vendor ID received draft-ietf-ipsec-nat-t-ike-02\n vendor ID received FRAGMENTATION vendor ID received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20 received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52 generating ID_PROT request 0 [ KE No NAT-D NAT-D ] sending packet: from 192.168.0.16[500] to 200.69.103.48[500] (244 bytes) received packet: from 200.69.103.48[500] to 192.168.0.16[500] (260 bytes) parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] local host is behind NAT, sending keep alives generating ID_PROT request 0 [ ID HASH ] sending packet: from 192.168.0.16[4500] to 200.69.103.48[4500] (68 bytes) received packet: from 200.69.103.48[4500] to 192.168.0.16[4500] (68 bytes) parsed ID_PROT response 0 [ ID HASH ] IKE_SA d812fb2d-2212-44d6-a8b7-aff603b6ed10[1] established between 192.168.0.16[192.168.0.16]...200.69.103.48[200.69.103.48] scheduling reauthentication in 10197s maximum IKE_SA lifetime 10737s generating QUICK_MODE request 909758342 [ HASH SA No ID ID NAT-OA NAT-OA ] sending packet: from 192.168.0.16[4500] to 200.69.103.48[4500] (244 bytes) received packet: from 200.69.103.48[4500] to 192.168.0.16[4500] (212 bytes) parsed QUICK_MODE response 909758342 [ HASH SA No ID ID NAT-OA NAT-OA ] CHILD_SA d812fb2d-2212-44d6-a8b7-aff603b6ed10{1} established with SPIs ca89bf90_i 4c616fe2_o and TS 192.168.0.16/32 === 200.69.103.48/32[udp/l2f] connection 'd812fb2d-2212-44d6-a8b7-aff603b6ed10' established successfully nm-l2tp[26181] strongSwan IPsec tunnel is up. ** Message: xl2tpd started with pid 26257 xl2tpd[26257]: setsockopt recvref[30]: Protocol not available xl2tpd[26257]: Using l2tp kernel support. xl2tpd[26257]: xl2tpd version xl2tpd-1.3.8 started on ulises PID:26257 xl2tpd[26257]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd[26257]: Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd[26257]: Inherited by Jeff McAdams, (C) 2002 xl2tpd[26257]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 xl2tpd[26257]: Listening on IP address 0.0.0.0, port 46615 xl2tpd[26257]: get_call: allocating new tunnel for host 200.69.103.48, port 1701. xl2tpd[26257]: Connecting to host 200.69.103.48, port 1701 xl2tpd[26257]: control_finish: message type is (null)(0). Tunnel is 0, call is 0. xl2tpd[26257]: control_finish: sending SCCRQ xl2tpd[26257]: message_type_avp: message type 2 (Start-Control-Connection-Reply) xl2tpd[26257]: protocol_version_avp: peer is using version 1, revision 0. xl2tpd[26257]: framing_caps_avp: supported peer frames: sync xl2tpd[26257]: bearer_caps_avp: supported peer bearers: xl2tpd[26257]: firmware_rev_avp: peer reports firmware version 1539 (0x0603) xl2tpd[26257]: hostname_avp: peer reports hostname 'mercurio.udistrital.edu.co' xl2tpd[26257]: vendor_avp: peer reports vendor 'Microsoft' xl2tpd[26257]: assigned_tunnel_avp: using peer's tunnel 379 xl2tpd[26257]: receive_window_size_avp: peer wants RWS of 8. Will use flow control. xl2tpd[26257]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 379, call is 0. xl2tpd[26257]: control_finish: sending SCCCN xl2tpd[26257]: Connection established to 200.69.103.48, 1701. Local: 4676, Remote: 379 (ref=0/0). xl2tpd[26257]: Calling on tunnel 4676 xl2tpd[26257]: control_finish: message type is (null)(0). Tunnel is 379, call is 0. xl2tpd[26257]: control_finish: sending ICRQ xl2tpd[26257]: message_type_avp: message type 11 (Incoming-Call-Reply) xl2tpd[26257]: assigned_call_avp: using peer's call 2 xl2tpd[26257]: control_finish: message type is Incoming-Call-Reply(11). Tunnel is 379, call is 2. xl2tpd[26257]: control_finish: Sending ICCN xl2tpd[26257]: Call established with 200.69.103.48, Local: 386, Remote: 2, Serial: 1 (ref=0/0) xl2tpd[26257]: start_pppd: I'm running: xl2tpd[26257]: "/usr/sbin/pppd" xl2tpd[26257]: "plugin" xl2tpd[26257]: "pppol2tp.so" xl2tpd[26257]: "pppol2tp" xl2tpd[26257]: "7" xl2tpd[26257]: "passive" xl2tpd[26257]: "nodetach" xl2tpd[26257]: ":" xl2tpd[26257]: "debug" xl2tpd[26257]: "file" xl2tpd[26257]: "/var/run/nm-l2tp-ppp-options-d812fb2d-2212-44d6-a8b7-aff603b6ed10" nm-l2tp[26181] Terminated xl2tpd daemon with PID 26257. xl2tpd[26257]: death_handler: Fatal signal 15 received xl2tpd[26257]: Terminating pppd: sending TERM signal to pid 26258 xl2tpd[26257]: Connection 379 closed to 200.69.103.48, port 1701 (Server closing) Stopping strongSwan IPsec... ** Message: ipsec shut down nm-l2tp[26181] xl2tpd exited with error code 1 Stopping strongSwan IPsec failed: starter is not running ** Message: ipsec shut down