Hi Everyone,
Everything was working fine until I got the firewall and Mint update.
Trying to connect now;
"The VPN connection failed. The VPN service could not be started." gives warning.
I erased it and created it again.
I'm connecting from another device without problems. I can't find the problem here.
Where to start, where to look.
How can I solve?
All good work ..
L2TP with Zyxel Firewall
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
-
ATATRL
L2TP with Zyxel Firewall
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
-
ATATRL
Re: L2TP with Zyxel Firewall
Code: Select all
Mar 1 16:43:32 MYPCNAME NetworkManager[961]: <info> [1551447812.6300] audit: op="connection-activate" uuid="d9be949d-f24a-4b43-b035-5f6ec0e8babc" name="VPNconnName" pid=1533 uid=1000 result="success"
Mar 1 16:43:32 MYPCNAME NetworkManager[961]: <info> [1551447812.6348] vpn-connection[0x22b3270,d9be949d-f24a-4b43-b035-5f6ec0e8babc,"VPNconnName",0]: Started the VPN service, PID 12777
Mar 1 16:43:32 MYPCNAME NetworkManager[961]: <info> [1551447812.6482] vpn-connection[0x22b3270,d9be949d-f24a-4b43-b035-5f6ec0e8babc,"VPNconnName",0]: Saw the service appear; activating connection
Mar 1 16:43:39 MYPCNAME NetworkManager[961]: <info> [1551447819.6722] keyfile: update /etc/NetworkManager/system-connections/VPNconnName (d9be949d-f24a-4b43-b035-5f6ec0e8babc,"VPNconnName")
Mar 1 16:43:39 MYPCNAME NetworkManager[961]: <info> [1551447819.6869] vpn-connection[0x22b3270,d9be949d-f24a-4b43-b035-5f6ec0e8babc,"VPNconnName",0]: VPN connection: (ConnectInteractive) reply received
Mar 1 16:43:39 MYPCNAME NetworkManager[961]: nm-l2tp[12777] <info> ipsec enable flag: yes
Mar 1 16:43:39 MYPCNAME NetworkManager[961]: ** Message: Check port 1701
Mar 1 16:43:39 MYPCNAME NetworkManager[961]: nm-l2tp[12777] <info> starting ipsec
Mar 1 16:43:39 MYPCNAME NetworkManager[961]: Stopping strongSwan IPsec failed: starter is not running
Mar 1 16:43:41 MYPCNAME NetworkManager[961]: Starting strongSwan 5.3.5 IPsec [starter]...
Mar 1 16:43:41 MYPCNAME NetworkManager[961]: Loading config setup
Mar 1 16:43:41 MYPCNAME NetworkManager[961]: Loading conn 'd9be949d-f24a-4b43-b035-5f6ec0e8babc'
Mar 1 16:43:41 MYPCNAME NetworkManager[961]: found netkey IPsec stack
Mar 1 16:43:41 MYPCNAME charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.15.0-45-generic, x86_64)
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-172dff40-1b65-45ac-9c0a-9b1948d770c0.secrets'
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loaded IKE secret for %any
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-52345f12-0093-4ba9-938b-fa0b3e5036fa.secrets'
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loaded IKE secret for %any
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-d7592a13-6c0b-4da4-8c21-49e62c5d51a2.secrets'
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loaded IKE secret for %any
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-d9be949d-f24a-4b43-b035-5f6ec0e8babc.secrets'
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loaded IKE secret for %any
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-f3c5d544-e8f5-45aa-97e7-a6380604c8dc.secrets'
Mar 1 16:43:41 MYPCNAME charon: 00[CFG] loaded IKE secret for %any
Mar 1 16:43:41 MYPCNAME charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
Mar 1 16:43:41 MYPCNAME charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Mar 1 16:43:41 MYPCNAME charon: 00[JOB] spawning 16 worker threads
Mar 1 16:43:41 MYPCNAME charon: 03[CFG] received stroke: add connection 'd9be949d-f24a-4b43-b035-5f6ec0e8babc'
Mar 1 16:43:41 MYPCNAME charon: 03[CFG] added configuration 'd9be949d-f24a-4b43-b035-5f6ec0e8babc'
Mar 1 16:43:42 MYPCNAME charon: 06[CFG] rereading secrets
Mar 1 16:43:42 MYPCNAME charon: 06[CFG] loading secrets from '/etc/ipsec.secrets'
Mar 1 16:43:42 MYPCNAME charon: 06[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-172dff40-1b65-45ac-9c0a-9b1948d770c0.secrets'
Mar 1 16:43:42 MYPCNAME charon: 06[CFG] loaded IKE secret for %any
Mar 1 16:43:42 MYPCNAME charon: 06[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-52345f12-0093-4ba9-938b-fa0b3e5036fa.secrets'
Mar 1 16:43:42 MYPCNAME charon: 06[CFG] loaded IKE secret for %any
Mar 1 16:43:42 MYPCNAME charon: 06[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-d7592a13-6c0b-4da4-8c21-49e62c5d51a2.secrets'
Mar 1 16:43:42 MYPCNAME charon: 06[CFG] loaded IKE secret for %any
Mar 1 16:43:42 MYPCNAME charon: 06[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-d9be949d-f24a-4b43-b035-5f6ec0e8babc.secrets'
Mar 1 16:43:42 MYPCNAME charon: 06[CFG] loaded IKE secret for %any
Mar 1 16:43:42 MYPCNAME NetworkManager[961]: nm-l2tp[12777] <info> Spawned ipsec up script with PID 12847.
Mar 1 16:43:42 MYPCNAME charon: 06[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-f3c5d544-e8f5-45aa-97e7-a6380604c8dc.secrets'
Mar 1 16:43:42 MYPCNAME charon: 06[CFG] loaded IKE secret for %any
Mar 1 16:43:42 MYPCNAME charon: 01[CFG] received stroke: initiate 'd9be949d-f24a-4b43-b035-5f6ec0e8babc'
Mar 1 16:43:42 MYPCNAME charon: 08[IKE] initiating Main Mode IKE_SA d9be949d-f24a-4b43-b035-5f6ec0e8babc[1] to xxx.xxx.xxx.xxx
Mar 1 16:43:42 MYPCNAME charon: 08[ENC] generating ID_PROT request 0 [ SA V V V V ]
Mar 1 16:43:42 MYPCNAME charon: 08[NET] sending packet: from 192.168.2.18[500] to xxx.xxx.xxx.xxx[500] (248 bytes)
Mar 1 16:43:42 MYPCNAME charon: 07[NET] received packet: from xxx.xxx.xxx.xxx[500] to 192.168.2.18[500] (386 bytes)
Mar 1 16:43:42 MYPCNAME charon: 07[ENC] parsed ID_PROT response 0 [ SA V V V V V V V V V V ]
Mar 1 16:43:42 MYPCNAME charon: 07[ENC] received unknown vendor ID: f7:58:f2:26:68:75:0f:03:b0:8d:f6:eb:e1:d0:04:03
Mar 1 16:43:42 MYPCNAME charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Mar 1 16:43:42 MYPCNAME charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 1 16:43:42 MYPCNAME charon: 07[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Mar 1 16:43:42 MYPCNAME charon: 07[IKE] received NAT-T (RFC 3947) vendor ID
Mar 1 16:43:42 MYPCNAME charon: 07[IKE] received XAuth vendor ID
Mar 1 16:43:42 MYPCNAME charon: 07[IKE] received DPD vendor ID
Mar 1 16:43:42 MYPCNAME charon: 07[ENC] received unknown vendor ID: af:ca:d7:13:68:a1:f1:c9:6b:86:96:fc:77:57
Mar 1 16:43:42 MYPCNAME charon: 07[ENC] received unknown vendor ID: f9:19:6d:f8:6b:81:2f:b0:f6:80:26:d8:87:6d:cb:7b:00:04:32:00
Mar 1 16:43:42 MYPCNAME charon: 07[ENC] received unknown vendor ID: ac:40:f8:c4:38:99:27:c6:e8:ac:24:53:1b:b7:8b:2b:9b:78:ca:c6:c2:6c:8e:09:bd:89:98:76:d8:0f:13:71:a3:17:eb:41:bb:23:23:ab:56:2b:9f:8c:8a:ca:2d:fa:62:24:3d:17:1b:86:a0:47:00:05:3a:3e:67:e8:3b:16:3f:e0:f7:eb:76:de:19:65:fc:32:21:25:3d:b8:a7:75:5c:2f:47:06:eb:91:eb:0b:e0:ce:a0:b7:86:0b:c9:6d:56:ef:c8:0b:cf:5a:ed:a5:2e:ce:1b:7a:1e:4d:41:c3:1f:c8:6f:eb:a2:41:10:fb:82:4f:be:af:d1:0b:fb:a4
Mar 1 16:43:42 MYPCNAME charon: 07[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mar 1 16:43:42 MYPCNAME charon: 07[NET] sending packet: from 192.168.2.18[500] to xxx.xxx.xxx.xxx[500] (244 bytes)
Mar 1 16:43:43 MYPCNAME charon: 10[NET] received packet: from xxx.xxx.xxx.xxx[500] to 192.168.2.18[500] (228 bytes)
Mar 1 16:43:43 MYPCNAME charon: 10[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Mar 1 16:43:43 MYPCNAME charon: 10[IKE] local host is behind NAT, sending keep alives
Mar 1 16:43:43 MYPCNAME charon: 10[ENC] generating ID_PROT request 0 [ ID HASH ]
Mar 1 16:43:43 MYPCNAME charon: 10[NET] sending packet: from 192.168.2.18[4500] to xxx.xxx.xxx.xxx[4500] (68 bytes)
Mar 1 16:43:47 MYPCNAME charon: 14[IKE] sending retransmit 1 of request message ID 0, seq 3
Mar 1 16:43:47 MYPCNAME charon: 14[NET] sending packet: from 192.168.2.18[4500] to xxx.xxx.xxx.xxx[4500] (68 bytes)
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: nm-l2tp[12777] <warn> Timeout trying to establish IPsec connection
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: nm-l2tp[12777] <info> Terminating ipsec script with PID 12847.
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: Stopping strongSwan IPsec...
Mar 1 16:43:52 MYPCNAME charon: 00[DMN] signal of type SIGINT received. Shutting down
Mar 1 16:43:52 MYPCNAME charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: initiating Main Mode IKE_SA d9be949d-f24a-4b43-b035-5f6ec0e8babc[1] to xxx.xxx.xxx.xxx
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: generating ID_PROT request 0 [ SA V V V V ]
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: sending packet: from 192.168.2.18[500] to xxx.xxx.xxx.xxx[500] (248 bytes)
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: received packet: from xxx.xxx.xxx.xxx[500] to 192.168.2.18[500] (386 bytes)
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: parsed ID_PROT response 0 [ SA V V V V V V V V V V ]
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: received unknown vendor ID: f7:58:f2:26:68:75:0f:03:b0:8d:f6:eb:e1:d0:04:03
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: received NAT-T (RFC 3947) vendor ID
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: received XAuth vendor ID
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: received DPD vendor ID
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: received unknown vendor ID: af:ca:d7:13:68:a1:f1:c9:6b:86:96:fc:77:57
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: received unknown vendor ID: f9:19:6d:f8:6b:81:2f:b0:f6:80:26:d8:87:6d:cb:7b:00:04:32:00
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: received unknown vendor ID: ac:40:f8:c4:38:99:27:c6:e8:ac:24:53:1b:b7:8b:2b:9b:78:ca:c6:c2:6c:8e:09:bd:89:98:76:d8:0f:13:71:a3:17:eb:41:bb:23:23:ab:56:2b:9f:8c:8a:ca:2d:fa:62:24:3d:17:1b:86:a0:47:00:05:3a:3e:67:e8:3b:16:3f:e0:f7:eb:76:de:19:65:fc:32:21:25:3d:b8:a7:75:5c:2f:47:06:eb:91:eb:0b:e0:ce:a0:b7:86:0b:c9:6d:56:ef:c8:0b:cf:5a:ed:a5:2e:ce:1b:7a:1e:4d:41:c3:1f:c8:6f:eb:a2:41:10:fb:82:4f:be:af:d1:0b:fb:a4
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: sending packet: from 192.168.2.18[500] to xxx.xxx.xxx.xxx[500] (244 bytes)
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: received packet: from xxx.xxx.xxx.xxx[500] to 192.168.2.18[500] (228 bytes)
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: local host is behind NAT, sending keep alives
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: generating ID_PROT request 0 [ ID HASH ]
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: sending packet: from 192.168.2.18[4500] to xxx.xxx.xxx.xxx[4500] (68 bytes)
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: sending retransmit 1 of request message ID 0, seq 3
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: sending packet: from 192.168.2.18[4500] to xxx.xxx.xxx.xxx[4500] (68 bytes)
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: destroying IKE_SA in state CONNECTING without notification
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: nm-l2tp[12777] <warn> Could not establish IPsec tunnel.
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: (nm-l2tp-service:12777): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: <info> [1551447832.9668] vpn-connection[0x22b3270,d9be949d-f24a-4b43-b035-5f6ec0e8babc,"VPNconnName",0]: VPN plugin: state changed: stopped (6)
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: <info> [1551447832.9693] vpn-connection[0x22b3270,d9be949d-f24a-4b43-b035-5f6ec0e8babc,"VPNconnName",0]: VPN plugin: state change reason: unknown (0)
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: <info> [1551447832.9708] vpn-connection[0x22b3270,d9be949d-f24a-4b43-b035-5f6ec0e8babc,"VPNconnName",0]: VPN service disappeared
Mar 1 16:43:52 MYPCNAME NetworkManager[961]: <warn> [1551447832.9718] vpn-connection[0x22b3270,d9be949d-f24a-4b43-b035-5f6ec0e8babc,"VPNconnName",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
-
ATATRL
Re: L2TP with Zyxel Firewall
Hello to everyone,
No one has this problem or not much attention
I would fix the problem by contacting the person I received the Network-Manager-l2tp package.
The problem is caused by the remaining * .secrets files after the update.
I share the solution by quoting the mail;
Unrelated, you seem to have a lot of stray /etc/ipsec.d/nm-l2tp-ipsec-*.secrets files which can have an impact and can be deleted by doing:
sudo su -
sudo rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets
It looks like you aren’t able to establish an IPsec connection. I suspect it is because the VPN server is proposing weak algorithms for phase 1. You could try using the following weak algorithms (which is what the Windows L2TP/IPsec client uses):
· Phase1 Algorithms : 3des-sha1-modp1024!
· Phase2 Algorithms : 3des-sha1!
Sicerely,
Mehmet
No one has this problem or not much attention
I would fix the problem by contacting the person I received the Network-Manager-l2tp package.
The problem is caused by the remaining * .secrets files after the update.
I share the solution by quoting the mail;
Unrelated, you seem to have a lot of stray /etc/ipsec.d/nm-l2tp-ipsec-*.secrets files which can have an impact and can be deleted by doing:
sudo su -
sudo rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets
It looks like you aren’t able to establish an IPsec connection. I suspect it is because the VPN server is proposing weak algorithms for phase 1. You could try using the following weak algorithms (which is what the Windows L2TP/IPsec client uses):
· Phase1 Algorithms : 3des-sha1-modp1024!
· Phase2 Algorithms : 3des-sha1!
Sicerely,
Mehmet