Ubuntu: Unable to connect L2TP IPSec VPN from ubuntu 16.04 [duplicate]



Question:

This question already has an answer here:

I am trying to connect L2TP IPSec VPN connection from my Ubuntu 16.04 laptop. Every time I am facing same error since the same credentials working properly to connect VPNs server from any windows system.

Can anyone guide me to resolve this issue?

Syslog:

Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.2586] audit: op="connection-activate" uuid="83adbec9-817f-4faf-9839-42eb41897c10" name="VPN connection 1" pid=2254 uid=1000 result="success"  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.2664] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: Started the VPN service, PID 5561  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.2808] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: Saw the service appear; activating connection  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068318.4059] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN connection: (ConnectInteractive) reply received  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: ** Message: Check port 1701  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  ipsec enable flag: yes  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: ** Message: Check port 1701  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  starting ipsec  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: Stopping strongSwan IPsec...  Apr 13 12:55:18 pratip-vostro-2520 charon: 00[DMN] signal of type SIGINT received. Shutting down  Apr 13 12:55:18 pratip-vostro-2520 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (2/0)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (3/0)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: giving up after 5 retransmits  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: peer not responding, trying again (4/0)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: initiating Main Mode IKE_SA nm-ipsec-l2tp-4250[1] to 76.194.82.189  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: generating ID_PROT request 0 [ SA V V V V ]  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 1 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 2 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 3 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 4 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending retransmit 5 of request message ID 0, seq 1  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:18 pratip-vostro-2520 NetworkManager[858]: destroying IKE_SA in state CONNECTING without notification  Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Starting strongSwan 5.3.5 IPsec [starter]...  Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Loading config setup  Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: Loading conn 'nm-ipsec-l2tp-5561'  Apr 13 12:55:20 pratip-vostro-2520 NetworkManager[858]: found netkey IPsec stack  Apr 13 12:55:20 pratip-vostro-2520 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-72-generic, x86_64)  Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'  Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'  Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'  Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'  Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'  Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'  Apr 13 12:55:20 pratip-vostro-2520 charon: 00[CFG]   loaded IKE secret for %any  Apr 13 12:55:20 pratip-vostro-2520 charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown  Apr 13 12:55:20 pratip-vostro-2520 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0  Apr 13 12:55:20 pratip-vostro-2520 charon: 00[JOB] spawning 16 worker threads  Apr 13 12:55:20 pratip-vostro-2520 charon: 08[CFG] received stroke: add connection 'nm-ipsec-l2tp-5561'  Apr 13 12:55:20 pratip-vostro-2520 charon: 08[CFG] added configuration 'nm-ipsec-l2tp-5561'  Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG] rereading secrets  Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG] loading secrets from '/etc/ipsec.secrets'  Apr 13 12:55:21 pratip-vostro-2520 charon: 10[CFG]   loaded IKE secret for %any  Apr 13 12:55:21 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  Spawned ipsec up script with PID 5634.  Apr 13 12:55:21 pratip-vostro-2520 charon: 11[CFG] received stroke: initiate 'nm-ipsec-l2tp-5561'  Apr 13 12:55:21 pratip-vostro-2520 charon: 13[IKE] initiating Main Mode IKE_SA nm-ipsec-l2tp-5561[1] to 76.194.82.189  Apr 13 12:55:21 pratip-vostro-2520 charon: 13[ENC] generating ID_PROT request 0 [ SA V V V V ]  Apr 13 12:55:21 pratip-vostro-2520 charon: 13[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:25 pratip-vostro-2520 charon: 07[IKE] sending retransmit 1 of request message ID 0, seq 1  Apr 13 12:55:25 pratip-vostro-2520 charon: 07[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <warn>  Timeout trying to establish IPsec connection  Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <info>  Terminating ipsec script with PID 5634.  Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: nm-l2tp[5561] <warn>  Could not establish IPsec tunnel.  Apr 13 12:55:31 pratip-vostro-2520 charon: 14[CFG] rereading secrets  Apr 13 12:55:31 pratip-vostro-2520 charon: 14[CFG] loading secrets from '/etc/ipsec.secrets'  Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: (nm-l2tp-service:5561): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed  Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068331.6006] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN plugin: state changed: stopped (6)  Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068331.6023] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN plugin: state change reason: unknown (0)  Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <info>  [1492068331.6067] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN service disappeared  Apr 13 12:55:31 pratip-vostro-2520 NetworkManager[858]: <warn>  [1492068331.6102] vpn-connection[0x1db45c0,83adbec9-817f-4faf-9839-42eb41897c10,"VPN connection 1",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'  Apr 13 12:55:32 pratip-vostro-2520 charon: 05[IKE] sending retransmit 2 of request message ID 0, seq 1  Apr 13 12:55:32 pratip-vostro-2520 charon: 05[NET] sending packet: from 10.17.144.110[500] to 76.194.82.189[500] (248 bytes)  


Solution:1

I finded solution in developer's repository.

https://github.com/nm-l2tp/network-manager-l2tp/issues/38#issuecomment-303052751

Version 1.2.6 no longer overrides the default IPsec ciphers and I suspect your VPN server is using a legacy cipher newer strongSwan versions consider to be broken.

See the user specified IPsec cipher suites section in the README.md file on how to supplement the strongSwan default ciphers with your own :

https://github.com/nm-l2tp/network-manager-l2tp#user-specified-ipsec-ikev1-cipher-suites

I would recommend installing the ike-scan package to check what ciphers your VPN server is advertising it supports, e.g. :

$ sudo systemctl stop strongswan    $ sudo ike-scan 123.54.76.9    Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)  123.54.76.9   Main Mode Handshake returned HDR=(CKY-R=5735eb949670e5dd) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)  Ending ike-scan 1.9: 1 hosts scanned in 0.263 seconds (3.80 hosts/sec).  1 returned handshake; 0 returned notify  

So with this example where a broken 3DES cipher is advertised, in the advanced section of the IPsec dialog box for version 1.2.6, add the following:

  • Phase1 Algorithms : 3des-sha1-modp1024

  • Phase2 Algorithms : 3des-sha1

After all steps try you L2TP connnection, it must be established.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »