Ubuntu
xl2tpd package

L2TP+IPSec not working after upgrade to 22.04 LTS

Bug #1970068 reported by pawelw
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
New
Undecided
Unassigned
network-manager-l2tp (Ubuntu)
New
Undecided
Unassigned
ppp (Ubuntu)
New
Undecided
Unassigned
xl2tpd (Ubuntu)
New
Undecided
Unassigned

Bug Description

In 20.04LTS i was able to connect to my work over the L2TP tunel. Now it seems like this in journald:

kwi 24 01:00:37 nm-l2tp-service[11368]: xl2tpd started with pid 11433
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: Not looking for kernel SAref support.
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: Using l2tp kernel support.
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: xl2tpd version xl2tpd-1.3.16 started on crushXnitro PID:11433
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: Forked by Scott Balmos and David Stipp, (C) 2001
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: Inherited by Jeff McAdams, (C) 2002
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: Listening on IP address 0.0.0.0, port 49636
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: Connecting to host X.X.X.X, port 1701
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: Connection established to X.X.X.X, 1701. Local: 19994, Remote: 201 (ref=0/0).
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: Calling on tunnel 19994
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: Call established with X.X.X.X, Local: 65441, Remote: 142, Serial: 1 (ref=0/0)
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: start_pppd: I'm running:
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: "/usr/sbin/pppd"
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: "plugin"
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: "pppol2tp.so"
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: "pppol2tp"
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: "7"
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: "passive"
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: "nodetach"
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: ":"
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: "file"
kwi 24 01:00:37 NetworkManager[11433]: xl2tpd[11433]: "/run/nm-l2tp-bd8ac49b-a2e9-4094-91dc-17a13ce61ec8/ppp-options"
kwi 24 01:00:37 pppd[11434]: Plugin pppol2tp.so loaded.
kwi 24 01:00:37 pppd[11434]: Plugin /usr/lib/pppd/2.4.9/nm-l2tp-pppd-plugin.so loaded.
kwi 24 01:00:37 pppd[11434]: pppd 2.4.9 started by root, uid 0
kwi 24 01:00:37 pppd[11434]: Using interface ppp0
kwi 24 01:00:37 pppd[11434]: Connect: ppp0 <-->
kwi 24 01:00:37 pppd[11434]: Overriding mtu 1500 to 1400
kwi 24 01:00:37 pppd[11434]: Overriding mru 1500 to mtu value 1400
kwi 24 01:00:37 NetworkManager[1017]: <info> [1650754837.9839] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/6)
kwi 24 01:00:38 pppd[11434]: CHAP authentication succeeded
kwi 24 01:00:38 charon[11397]: 10[KNL] interface ppp0 activated
kwi 24 01:00:38 charon[11397]: 13[KNL] fe80::81ee:6717:6637:2084 appeared on ppp0
kwi 24 01:00:38 charon[11397]: 14[KNL] flags changed for fe80::81ee:6717:6637:2084 on ppp0
kwi 24 01:00:38 pppd[11434]: local LL address fe80::81ee:6717:6637:2084
kwi 24 01:00:38 pppd[11434]: remote LL address fe80::0000:0000:00f0:0c0e
kwi 24 01:00:38 charon[11397]: 16[KNL] 192.168.57.181 appeared on ppp0
kwi 24 01:00:38 NetworkManager[1017]: <info> [1650754838.0741] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
kwi 24 01:00:38 charon[11397]: 08[KNL] 192.168.57.181 disappeared from ppp0
kwi 24 01:00:38 charon[11397]: 10[KNL] 192.168.57.181 appeared on ppp0
kwi 24 01:00:38 NetworkManager[1017]: <info> [1650754838.0751] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external')
kwi 24 01:00:38 pppd[11434]: local IP address 192.168.57.181
kwi 24 01:00:38 pppd[11434]: remote IP address X.X.X.X
kwi 24 01:00:38 pppd[11434]: primary DNS address 192.168.56.19
kwi 24 01:00:38 NetworkManager[1017]: <info> [1650754838.0952] policy: set 'yyyyxyyyxyyyx' (ppp0) as default for IPv4 routing and DNS
kwi 24 01:01:03 charon[11397]: 12[IKE] sending keep alive to 91.X.63.182[4500]
kwi 24 01:01:23 charon[11397]: 15[IKE] sending keep alive to X.X.X.X[4500]
kwi 24 01:01:38 NetworkManager[11433]: xl2tpd[11433]: check_control: Received out of order control packet on tunnel 201 (got 2, expected 3)
kwi 24 01:01:38 NetworkManager[11433]: xl2tpd[11433]: handle_control: bad control packet!
kwi 24 01:01:40 NetworkManager[11433]: xl2tpd[11433]: check_control: Received out of order control packet on tunnel 201 (got 2, expected 3)
kwi 24 01:01:40 NetworkManager[11433]: xl2tpd[11433]: handle_control: bad control packet!
kwi 24 01:01:42 NetworkManager[11433]: xl2tpd[11433]: check_control: Received out of order control packet on tunnel 201 (got 2, expected 3)
kwi 24 01:01:42 NetworkManager[11433]: xl2tpd[11433]: handle_control: bad control packet!
kwi 24 01:01:43 charon[11397]: 07[IKE] sending keep alive to X.X.X.X[4500]
kwi 24 01:01:46 NetworkManager[11433]: xl2tpd[11433]: check_control: Received out of order control packet on tunnel 201 (got 2, expected 3)
kwi 24 01:01:46 NetworkManager[11433]: xl2tpd[11433]: handle_control: bad control packet!
kwi 24 01:01:54 NetworkManager[11433]: xl2tpd[11433]: check_control: Received out of order control packet on tunnel 201 (got 2, expected 3)
kwi 24 01:01:54 NetworkManager[11433]: xl2tpd[11433]: handle_control: bad control packet!
kwi 24 01:02:03 charon[11397]: 10[IKE] sending keep alive to X.X.X.X[4500]
kwi 24 01:02:08 NetworkManager[11433]: xl2tpd[11433]: Maximum retries exceeded for tunnel 19994. Closing.
kwi 24 01:02:08 NetworkManager[11433]: xl2tpd[11433]: Terminating pppd: sending TERM signal to pid 11434
kwi 24 01:02:08 NetworkManager[11433]: xl2tpd[11433]: Connection 201 closed to X.X.X.X, port 1701 (Timeout)
kwi 24 01:02:08 pppd[11434]: Terminating on signal 15
kwi 24 01:02:08 pppd[11434]: Connect time 1.5 minutes.
kwi 24 01:02:08 pppd[11434]: Sent 3408418759 bytes, received 0 bytes.
kwi 24 01:02:08 charon[11397]: 13[KNL] 192.168.57.181 disappeared from ppp0
kwi 24 01:02:08 charon[11397]: 16[KNL] fe80::81ee:6717:6637:2084 disappeared from ppp0
kwi 24 01:02:08 charon[11397]: 06[KNL] interface ppp0 deactivated
kwi 24 01:02:08 NetworkManager[1017]: <info> [1650754928.9942] device (ppp0): state change: disconnected -> unmanaged (reason 'connection-assumed', sys-iface-state: 'external')
kwi 24 01:02:09 pppd[11434]: Overriding mtu 1500 to 1400
kwi 24 01:02:09 pppd[11434]: Overriding mru 1500 to mtu value 1400
kwi 24 01:02:12 charon[11397]: 11[KNL] 192.168.57.181 appeared on ppp0
kwi 24 01:02:15 pppd[11434]: Connection terminated.
kwi 24 01:02:15 pppd[11434]: Connect time 1.5 minutes.
kwi 24 01:02:15 pppd[11434]: Sent 3408422107 bytes, received 0 bytes.
kwi 24 01:02:15 NetworkManager[11433]: xl2tpd[11433]: death_handler: Fatal signal 15 received
kwi 24 01:02:15 charon[11397]: 13[KNL] 192.168.57.181 disappeared from ppp0
kwi 24 01:02:15 charon[11397]: 14[KNL] interface ppp0 deleted
kwi 24 01:02:15 NetworkManager[11975]: Stopping strongSwan IPsec...
kwi 24 01:02:15 charon[11397]: 00[DMN] SIGINT received, shutting down
kwi 24 01:02:15 charon[11397]: 00[IKE] closing CHILD_SA bd8ac49b-a2e9-4094-91dc-17a13ce61ec8{1} with SPIs c99e9909_i (843 bytes) 09519760_o (3486181540 bytes) and TS 10.0.5.8/32[udp] === X.X.X.X/32[udp/l2f]
kwi 24 01:02:15 charon[11397]: 00[IKE] closing CHILD_SA bd8ac49b-a2e9-4094-91dc-17a13ce61ec8{1} with SPIs c99e9909_i (843 bytes) 09519760_o (3486181540 bytes) and TS 10.0.5.8/32[udp] === X.X.X.X/32[udp/l2f]
kwi 24 01:02:15 charon[11397]: 00[IKE] sending DELETE for ESP CHILD_SA with SPI c99e9909
kwi 24 01:02:15 charon[11397]: 00[ENC] generating INFORMATIONAL_V1 request 2999438773 [ HASH D ]
kwi 24 01:02:15 charon[11397]: 00[NET] sending packet: from 10.0.5.8[4500] to X.X.X.X[4500] (76 bytes)
kwi 24 01:02:15 charon[11397]: 00[IKE] deleting IKE_SA bd8ac49b-a2e9-4094-91dc-17a13ce61ec8[1] between 10.0.5.8[10.0.5.8]...X.X.X.X[X.X.X.X]
kwi 24 01:02:15 charon[11397]: 00[IKE] deleting IKE_SA bd8ac49b-a2e9-4094-91dc-17a13ce61ec8[1] between 10.0.5.8[10.0.5.8]...X.X.X.X[X.X.X.X]
kwi 24 01:02:15 charon[11397]: 00[IKE] sending DELETE for IKE_SA bd8ac49b-a2e9-4094-91dc-17a13ce61ec8[1]
kwi 24 01:02:15 charon[11397]: 00[ENC] generating INFORMATIONAL_V1 request 2417094363 [ HASH D ]
kwi 24 01:02:15 charon[11397]: 00[NET] sending packet: from 10.0.5.8[4500] to X.X.X.X[4500] (92 bytes)
kwi 24 01:02:15 ipsec_starter[11396]: child 11397 (charon) has quit (exit code 0)
kwi 24 01:02:15 ipsec_starter[11396]:
kwi 24 01:02:15 ipsec_starter[11396]: charon stopped after 200 ms
kwi 24 01:02:15 ipsec_starter[11396]: ipsec starter stopped
kwi 24 01:02:15 pppd[11434]: Modem hangup
kwi 24 01:02:15 pppd[11434]: Exit.
kwi 24 01:02:15 nm-l2tp-service[11368]: ipsec shut down
kwi 24 01:02:15 NetworkManager[1017]: <info> [1650754935.1179] policy: set 'Woloszyn-5G' (wlp9s0) as default for IPv4 routing and DNS
kwi 24 01:02:15 NetworkManager[1017]: <warn> [1650754935.1424] dns-sd-resolved[89a44b1630a1bf13]: send-updates SetLinkDomains@5 failed: GDBus.Error:org.freedesktop.resolve1.NoSuchLink: Link 5 not known

See original description
Tags: jammy
pawelw (crush2000)
description: updated
description: updated
Revision history for this message
Norbert (nrbrtx) wrote :

Please run

apport-collect 1970068

tags: added: jammy
no longer affects: ubuntu-mate
Revision history for this message
Douglas Kosovic (dkosovic) wrote :

I think this is a duplicate of the following, although the xl2tpd errors manifest slightly differently :
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1951832
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1968336

But as others have confirmed, Ubuntu 22.05's xl2tpd-1.3.16-1 is broken, so the most likely culprit.

network-manager-l2tp uses kl2tpd as its default L2TP daemon and falls back to xl2tpd if it can't find kl2tpd. To confirm it is only xl2tpd that is broken for you, try installing kl2tpd with the following :

sudo apt install golang-go

go install "github.com/katalix/go-l2tp/...@latest"
sudo mkdir /usr/local/sbin
sudo cp go/bin/kl2tpd /usr/local/sbin

Revision history for this message
msaxl (saxl) wrote :

this is probably not a duplicate but this
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/961

#1951832 does talk about a issue with xl2tpd, looking at this log output, the ppp session is established but is terminated afer 1.5 minutes. A lot of bytes where sent, but none was received. looks like the ppp packet was routed inside the ppp tunnel (this is, according to Douglas Kosovic, a regression in network manager)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.