Page 2 of 2

Mint 18.2... nothing works ... Re: L2TP VPN Client

Posted: Mon Dec 11, 2017 4:11 pm
by NatLun123
Hi! I have BIG problem to get VPN connection to work. I have tried all steps mentioned in the discussion above with NO result. The https://github.com/nm-l2tp/network-mana ... her-suites helped me to establish connection for ONE minute ..... sudo /usr/lib/NetworkManager/nm-l2tp-service --debug gives the following:

nm-l2tp[29541] <debug> nm-l2tp-service (version 1.2.8) starting...
nm-l2tp[29541] <debug> uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[29541] <info> ipsec enable flag: yes
** Message: Check port 1701
connection
id : "VPN HK" (s)
uuid : "f7184542-54d2-44aa-aea6-30a585d1036e" (s)
interface-name : NULL (sd)
type : "vpn" (s)
permissions : ["user:natallia:"] (s)
autoconnect : FALSE (s)
autoconnect-priority : 0 (sd)
timestamp : 0 (sd)
read-only : FALSE (sd)
zone : NULL (sd)
master : NULL (sd)
slave-type : NULL (sd)
autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
secondaries : [] (s)
gateway-ping-timeout : 0 (sd)
metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
lldp : -1 (sd)


ipv6
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x23ceb40) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x23ceb60) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
addr-gen-mode : 1 (sd)


ipv4
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x23cec20) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x23cec40) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
dhcp-client-id : NULL (sd)
dhcp-fqdn : NULL (sd)


vpn
service-type : "org.freedesktop.NetworkManager.l2tp" (s)
user-name : "natallia" (s)
persistent : FALSE (sd)
data : ((GHashTable*) 0x7ff058004cc0) (s)
secrets : ((GHashTable*) 0x23b4760) (s)
timeout : 0 (sd)


nm-l2tp[29541] <info> starting ipsec
Redirecting to: systemctl stop ipsec.service
Redirecting to: systemctl start ipsec.service
002 listening for IKE messages
002 adding interface wlp2s0/wlp2s0 192.168.1.250:500
002 adding interface wlp2s0/wlp2s0 192.168.1.250:4500
002 adding interface lo/lo 127.0.0.1:500
002 adding interface lo/lo 127.0.0.1:4500
002 adding interface lo/lo ::1:500
002 loading secrets from "/etc/ipsec.secrets"
002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-f7184542-54d2-44aa-aea6-30a585d1036e.secrets"
opening file: /var/run/nm-l2tp-ipsec-f7184542-54d2-44aa-aea6-30a585d1036e.conf
debugging mode enabled
end of file /var/run/nm-l2tp-ipsec-f7184542-54d2-44aa-aea6-30a585d1036e.conf
Loading conn f7184542-54d2-44aa-aea6-30a585d1036e
starter: left is KH_DEFAULTROUTE
loading named conns: f7184542-54d2-44aa-aea6-30a585d1036e
seeking_src = 1, seeking_gateway = 1, has_peer = 1
seeking_src = 0, seeking_gateway = 1, has_dst = 1
dst via 192.168.1.1 dev wlp2s0 src table 254
set nexthop: 192.168.1.1
dst 169.254.0.0 via dev wlp2s0 src table 254
dst 192.168.1.0 via dev wlp2s0 src 192.168.1.250 table 254
dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
dst 192.168.1.0 via dev wlp2s0 src 192.168.1.250 table 255 (ignored)
dst 192.168.1.250 via dev wlp2s0 src 192.168.1.250 table 255 (ignored)
dst 192.168.1.255 via dev wlp2s0 src 192.168.1.250 table 255 (ignored)

seeking_src = 1, seeking_gateway = 0, has_peer = 1
seeking_src = 1, seeking_gateway = 0, has_dst = 1
dst 192.168.1.1 via dev wlp2s0 src 192.168.1.250 table 254
set addr: 192.168.1.250

seeking_src = 0, seeking_gateway = 0, has_peer = 1
conn: "f7184542-54d2-44aa-aea6-30a585d1036e" modecfgdomain=(null)
conn: "f7184542-54d2-44aa-aea6-30a585d1036e" modecfgbanner=(null)
conn: "f7184542-54d2-44aa-aea6-30a585d1036e" mark-in=(null)
conn: "f7184542-54d2-44aa-aea6-30a585d1036e" mark-out=(null)
conn: "f7184542-54d2-44aa-aea6-30a585d1036e" vti_iface=(null)
002 added connection description "f7184542-54d2-44aa-aea6-30a585d1036e"
nm-l2tp[29541] <info> Spawned ipsec auto --up script with PID 30214.
002 "f7184542-54d2-44aa-aea6-30a585d1036e" #1: initiating Main Mode
104 "f7184542-54d2-44aa-aea6-30a585d1036e" #1: STATE_MAIN_I1: initiate
002 "f7184542-54d2-44aa-aea6-30a585d1036e" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "f7184542-54d2-44aa-aea6-30a585d1036e" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "f7184542-54d2-44aa-aea6-30a585d1036e" #1: ignoring unknown Vendor ID payload [b136b34f6dbcbf61e511572b04d6ae50]
002 "f7184542-54d2-44aa-aea6-30a585d1036e" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "f7184542-54d2-44aa-aea6-30a585d1036e" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "f7184542-54d2-44aa-aea6-30a585d1036e" #1: Main mode peer ID is ID_IPV4_ADDR: '82.183.32.115'
002 "f7184542-54d2-44aa-aea6-30a585d1036e" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "f7184542-54d2-44aa-aea6-30a585d1036e" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=3des_cbc_192 integ=sha group=MODP1024}
002 "f7184542-54d2-44aa-aea6-30a585d1036e" #2: initiating Quick Mode PSK+ENCRYPT+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:bfca1e9e proposal=3DES(3)_000-SHA1(2) pfsgroup=no-pfs}
117 "f7184542-54d2-44aa-aea6-30a585d1036e" #2: STATE_QUICK_I1: initiate
003 "f7184542-54d2-44aa-aea6-30a585d1036e" #2: ignoring informational payload IPSEC_RESPONDER_LIFETIME, msgid=bfca1e9e, length=28
003 "f7184542-54d2-44aa-aea6-30a585d1036e" #2: NAT-Traversal: received 2 NAT-OA. Ignored because peer is not NATed
003 "f7184542-54d2-44aa-aea6-30a585d1036e" #2: our client subnet returned doesn't match my proposal - us:192.168.1.250/32 vs them:85.226.251.187/32
003 "f7184542-54d2-44aa-aea6-30a585d1036e" #2: Allowing questionable proposal anyway [ALLOW_MICROSOFT_BAD_PROPOSAL]
003 "f7184542-54d2-44aa-aea6-30a585d1036e" #2: our client peer returned port doesn't match my proposal - us:1701 vs them:0
003 "f7184542-54d2-44aa-aea6-30a585d1036e" #2: Allowing bad L2TP/IPsec proposal (see bug #849) anyway
002 "f7184542-54d2-44aa-aea6-30a585d1036e" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
004 "f7184542-54d2-44aa-aea6-30a585d1036e" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0x63ce9fbf <0x0b681f4d xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=82.183.32.115:4500 DPD=passive}
nm-l2tp[29541] <info> Libreswan IPsec tunnel is up.
** Message: xl2tpd started with pid 30225
xl2tpd[30225]: setsockopt recvref[30]: Protocol not available
xl2tpd[30225]: Using l2tp kernel support.
xl2tpd[30225]: xl2tpd version xl2tpd-1.3.6 started on natallia-HP PID:30225
xl2tpd[30225]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[30225]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[30225]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[30225]: Forked again by Xelerance (http://www.xelerance.com) (C) 2006
xl2tpd[30225]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[30225]: get_call: allocating new tunnel for host 82.183.32.115, port 1701.
xl2tpd[30225]: Connecting to host 82.183.32.115, port 1701
xl2tpd[30225]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
xl2tpd[30225]: control_finish: sending SCCRQ
xl2tpd[30225]: handle_avps: handling avp's for tunnel 11742, call 0
xl2tpd[30225]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
xl2tpd[30225]: protocol_version_avp: peer is using version 1, revision 0.
xl2tpd[30225]: framing_caps_avp: supported peer frames: async sync
xl2tpd[30225]: bearer_caps_avp: supported peer bearers: analog digital
xl2tpd[30225]: firmware_rev_avp: peer reports firmware version 4384 (0x1120)
xl2tpd[30225]: hostname_avp: peer reports hostname 'OMGFW02'
xl2tpd[30225]: vendor_avp: peer reports vendor 'Cisco Systems, Inc.'
xl2tpd[30225]: assigned_tunnel_avp: using peer's tunnel 877
xl2tpd[30225]: receive_window_size_avp: peer wants RWS of 16. Will use flow control.
xl2tpd[30225]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 877, call is 0.
xl2tpd[30225]: control_finish: sending SCCCN
xl2tpd[30225]: Connection established to 82.183.32.115, 1701. Local: 11742, Remote: 877 (ref=0/0).
xl2tpd[30225]: Calling on tunnel 11742
xl2tpd[30225]: control_finish: message type is (null)(0). Tunnel is 877, call is 0.
xl2tpd[30225]: control_finish: sending ICRQ
xl2tpd[30225]: handle_avps: handling avp's for tunnel 11742, call 18368
xl2tpd[30225]: message_type_avp: message type 11 (Incoming-Call-Reply)
xl2tpd[30225]: assigned_call_avp: using peer's call 876
xl2tpd[30225]: control_finish: message type is Incoming-Call-Reply(11). Tunnel is 877, call is 876.
xl2tpd[30225]: control_finish: Sending ICCN
xl2tpd[30225]: Call established with 82.183.32.115, Local: 18368, Remote: 876, Serial: 1 (ref=0/0)
xl2tpd[30225]: start_pppd: I'm running:
xl2tpd[30225]: "/usr/sbin/pppd"
xl2tpd[30225]: "passive"
xl2tpd[30225]: "nodetach"
xl2tpd[30225]: ":"
xl2tpd[30225]: "debug"
xl2tpd[30225]: "file"
xl2tpd[30225]: "/var/run/nm-l2tp-ppp-options-f7184542-54d2-44aa-aea6-30a585d1036e"
xl2tpd[30225]: "plugin"
xl2tpd[30225]: "pppol2tp.so"
xl2tpd[30225]: "pppol2tp"
xl2tpd[30225]: "7"
xl2tpd[30225]: handle_avps: handling avp's for tunnel 11742, call 18368
xl2tpd[30225]: message_type_avp: message type 16 (Set-Link-Info)
xl2tpd[30225]: ignore_avp : Ignoring AVP
xl2tpd[30225]: control_finish: message type is Set-Link-Info(16). Tunnel is 877, call is 876.
xl2tpd[30225]: Maximum retries exceeded for tunnel 11742. Closing.
xl2tpd[30225]: Terminating pppd: sending TERM signal to pid 30234
xl2tpd[30225]: Connection 877 closed to 82.183.32.115, port 1701 (Timeout)
nm-l2tp[29541] <info> Terminated xl2tpd daemon with PID 30225.
xl2tpd[30225]: death_handler: Fatal signal 15 received
002 "f7184542-54d2-44aa-aea6-30a585d1036e": deleting non-instance connection
002 "f7184542-54d2-44aa-aea6-30a585d1036e" #2: deleting state (STATE_QUICK_I2)
005 "f7184542-54d2-44aa-aea6-30a585d1036e" #2: ESP traffic information: in=0B out=0B
002 "f7184542-54d2-44aa-aea6-30a585d1036e" #1: deleting state (STATE_MAIN_I4)
** Message: ipsec shut down
nm-l2tp[29541] <warn> xl2tpd exited with error code 1
021 no connection named "f7184542-54d2-44aa-aea6-30a585d1036e"
** Message: ipsec shut down


PLEASE, help.

Re: L2TP VPN Client

Posted: Sat Feb 10, 2018 11:55 am
by mrGromov
rickcr wrote:
Thu Sep 14, 2017 3:57 pm
/bump. Real shame since linux is much slower in my VM than native, I really want to get this VPN thing worked out.
A bit late , but may by useful for someone.

Try to use libreswan instead of strongswan.

Code: Select all

sudo apt install libreswan
Mint 18 KDE.

Re: L2TP VPN Client

Posted: Mon Feb 12, 2018 3:29 am
by NatLun123
Hm, I tried them both, libreswan and strongswan, but nothing worked for me....

Re: L2TP VPN Client

Posted: Mon Feb 12, 2018 8:44 am
by psg9196
Hi NatLun123,

There are some posts from Apr 26, 2017 on in this thread that may help you. If you are using Microsoft domain authentication, you may need to check only the MSCHAPv2 authentication method in the L2TP PPP Options.
You can also scan the vpn gateway (using the method described in my earlier post - May 20, 2017) and set the Phase1/Phase2 algorithms in the IPSec Settings accordingly.

Re: L2TP VPN Client

Posted: Sun Mar 04, 2018 4:23 pm
by GamesBond
Confirm that the solution by canove » Wed Jun 07, 2017 2:35 pm works on Linux Mint 18.3!!!

(the post by by psg9196 @ Wed Apr 26, 2017 3:10 pm doesn´t work on LM 18.3 but was written for LM 18.1)

I managed to connect to a Draytek VPN router using L2TP over IPSEC, thanks!!!

Re: L2TP VPN Client

Posted: Tue Sep 18, 2018 5:13 pm
by araknafobia
Hi all,
I just found this and it worked like a charm. Hope it helps someone.
http://stuffjasondoes.com/2018/08/16/co ... k-manager/

Re: L2TP VPN Client

Posted: Fri Apr 12, 2019 4:22 pm
by Ohmu93
araknafobia wrote:
Tue Sep 18, 2018 5:13 pm
Hi all,
I just found this and it worked like a charm. Hope it helps someone.
http://stuffjasondoes.com/2018/08/16/co ... k-manager/
You sir saved my day, thank you!