L2TP / IPSec failing to connect (Kubuntu 17.10)











up vote
2
down vote

favorite












I'm trying to connect to the corporate VPN from Kubuntu 17.10. I have network-manager-l2tp installed (version 1.2.8). The output I'm getting:



Nov 28 17:20:48 T460 NetworkManager[667]: initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
Nov 28 17:20:48 T460 NetworkManager[667]: generating ID_PROT request 0 [ SA V V V V V ]
Nov 28 17:20:48 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
Nov 28 17:20:48 T460 NetworkManager[667]: sending retransmit 1 of request message ID 0, seq 1
Nov 28 17:20:48 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
Nov 28 17:20:48 T460 NetworkManager[667]: destroying IKE_SA in state CONNECTING without notification
Nov 28 17:20:48 T460 NetworkManager[667]: establishing connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332' failed
Nov 28 17:20:48 T460 nm-l2tp-service[3673]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 28 17:20:48 T460 NetworkManager[667]: <info> [1511889648.3131] vpn-connection[0x55fe5d8fe2f0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN service disappeared
Nov 28 17:20:48 T460 NetworkManager[667]: <warn> [1511889648.3161] vpn-connection[0x55fe5d8fe2f0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9310] audit: op="connection-activate" uuid="41d2e76d-a4c4-4f56-bd6a-58ad795af332" name="WorkVPN" pid=1017 uid=1000 result="success"
Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9371] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: Started the VPN service, PID 3759
Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9477] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: Saw the service appear; activating connection
Nov 28 17:24:01 T460 nm-l2tp-service[3759]: Check port 1701
Nov 28 17:24:01 T460 NetworkManager[667]: Stopping strongSwan IPsec failed: starter is not running
Nov 28 17:24:03 T460 NetworkManager[667]: Starting strongSwan 5.5.1 IPsec [starter]...
Nov 28 17:24:03 T460 NetworkManager[667]: Loading config setup
Nov 28 17:24:03 T460 NetworkManager[667]: Loading conn '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
Nov 28 17:24:03 T460 NetworkManager[667]: found netkey IPsec stack
Nov 28 17:24:03 T460 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 4.14.2-041402-generic, x86_64)
Nov 28 17:24:03 T460 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Nov 28 17:24:03 T460 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Nov 28 17:24:03 T460 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Nov 28 17:24:03 T460 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Nov 28 17:24:03 T460 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Nov 28 17:24:03 T460 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 28 17:24:03 T460 charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-41d2e76d-a4c4-4f56-bd6a-58ad795af332.secrets'
Nov 28 17:24:03 T460 charon: 00[CFG] loaded IKE secret for %any
Nov 28 17:24:03 T460 charon: 00[LIB] loaded plugins: charon test-vectors aesni aes rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac ccm gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic
Nov 28 17:24:03 T460 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Nov 28 17:24:03 T460 charon: 00[JOB] spawning 16 worker threads
Nov 28 17:24:03 T460 charon: 05[CFG] received stroke: add connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
Nov 28 17:24:03 T460 charon: 05[CFG] added configuration '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
Nov 28 17:24:04 T460 charon: 07[CFG] rereading secrets
Nov 28 17:24:04 T460 charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 28 17:24:04 T460 charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-41d2e76d-a4c4-4f56-bd6a-58ad795af332.secrets'
Nov 28 17:24:04 T460 charon: 07[CFG] loaded IKE secret for %any
Nov 28 17:24:04 T460 charon: 10[CFG] received stroke: initiate '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
Nov 28 17:24:04 T460 charon: 11[IKE] initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
Nov 28 17:24:04 T460 charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Nov 28 17:24:04 T460 charon: 11[NET] sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
Nov 28 17:24:08 T460 charon: 12[IKE] sending retransmit 1 of request message ID 0, seq 1
Nov 28 17:24:08 T460 charon: 12[NET] sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
Nov 28 17:24:14 T460 NetworkManager[667]: Stopping strongSwan IPsec...
Nov 28 17:24:14 T460 charon: 00[DMN] signal of type SIGINT received. Shutting down
Nov 28 17:24:14 T460 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Nov 28 17:24:14 T460 NetworkManager[667]: initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
Nov 28 17:24:14 T460 NetworkManager[667]: generating ID_PROT request 0 [ SA V V V V V ]
Nov 28 17:24:14 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
Nov 28 17:24:14 T460 NetworkManager[667]: sending retransmit 1 of request message ID 0, seq 1
Nov 28 17:24:14 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
Nov 28 17:24:14 T460 NetworkManager[667]: destroying IKE_SA in state CONNECTING without notification
Nov 28 17:24:14 T460 NetworkManager[667]: establishing connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332' failed
Nov 28 17:24:14 T460 nm-l2tp-service[3759]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 28 17:24:14 T460 NetworkManager[667]: <info> [1511889854.5718] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN plugin: state changed: stopped (6)
Nov 28 17:24:14 T460 NetworkManager[667]: <info> [1511889854.5779] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN service disappeared
Nov 28 17:24:14 T460 NetworkManager[667]: <warn> [1511889854.5803] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'


EDIT:



Here's the debug info output:



van@z97:/opt/testing$ sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
nm-l2tp[24282] <debug> nm-l2tp-service (version 1.2.8) starting...
nm-l2tp[24282] <debug> uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[24282] <info> ipsec enable flag: yes
** Message: Check port 1701
** Message: Can't bind to port 1701
nm-l2tp[24282] <warn> L2TP port 1701 is busy, using ephemeral.
connection
id : "Work" (s)
uuid : "71468d41-cd5a-4c91-a70a-c6bc7e1db86a" (s)
interface-name : NULL (sd)
type : "vpn" (s)
permissions : ["user:van:"] (s)
autoconnect : TRUE (sd)
autoconnect-priority : 0 (sd)
autoconnect-retries : -1 (sd)
timestamp : 0 (sd)
read-only : FALSE (sd)
zone : NULL (sd)
master : NULL (sd)
slave-type : NULL (sd)
autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
secondaries : NULL (sd)
gateway-ping-timeout : 0 (sd)
metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
lldp : -1 (sd)
stable-id : NULL (sd)


ipv6
method : "auto" (s)
dns : (s)
dns-search : (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x5645b3895ae0) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x5645b3895ae0) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
addr-gen-mode : 1 (sd)
token : NULL (sd)


proxy
method : 0 (sd)
browser-only : FALSE (sd)
pac-url : NULL (sd)
pac-script : NULL (sd)


vpn
service-type : "org.freedesktop.NetworkManager.l2tp" (s)
user-name : "van" (s)
persistent : FALSE (sd)
data : ((GHashTable*) 0x7fef54006de0) (s)
secrets : ((GHashTable*) 0x7fef54006cc0) (s)
timeout : 0 (sd)


ipv4
method : "auto" (s)
dns : (s)
dns-search : (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x5645b38957a0) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x5645b3895a00) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
dhcp-client-id : NULL (sd)
dhcp-fqdn : NULL (sd)


nm-l2tp[24282] <info> starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.5.1 IPsec [starter]...
Loading config setup
Loading conn '71468d41-cd5a-4c91-a70a-c6bc7e1db86a'
found netkey IPsec stack
nm-l2tp[24282] <info> Spawned ipsec up script with PID 24345.
initiating Main Mode IKE_SA 71468d41-cd5a-4c91-a70a-c6bc7e1db86a[1] to xxx.xxx.xxx.xxx
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.0.2[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 192.168.0.2[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
nm-l2tp[24282] <warn> Timeout trying to establish IPsec connection
nm-l2tp[24282] <info> Terminating ipsec script with PID 24345.
Stopping strongSwan IPsec...
destroying IKE_SA in state CONNECTING without notification
establishing connection '71468d41-cd5a-4c91-a70a-c6bc7e1db86a' failed
nm-l2tp[24282] <warn> Could not establish IPsec tunnel.

(nm-l2tp-service:24282): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed









share|improve this question




























    up vote
    2
    down vote

    favorite












    I'm trying to connect to the corporate VPN from Kubuntu 17.10. I have network-manager-l2tp installed (version 1.2.8). The output I'm getting:



    Nov 28 17:20:48 T460 NetworkManager[667]: initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
    Nov 28 17:20:48 T460 NetworkManager[667]: generating ID_PROT request 0 [ SA V V V V V ]
    Nov 28 17:20:48 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
    Nov 28 17:20:48 T460 NetworkManager[667]: sending retransmit 1 of request message ID 0, seq 1
    Nov 28 17:20:48 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
    Nov 28 17:20:48 T460 NetworkManager[667]: destroying IKE_SA in state CONNECTING without notification
    Nov 28 17:20:48 T460 NetworkManager[667]: establishing connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332' failed
    Nov 28 17:20:48 T460 nm-l2tp-service[3673]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
    Nov 28 17:20:48 T460 NetworkManager[667]: <info> [1511889648.3131] vpn-connection[0x55fe5d8fe2f0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN service disappeared
    Nov 28 17:20:48 T460 NetworkManager[667]: <warn> [1511889648.3161] vpn-connection[0x55fe5d8fe2f0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
    Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9310] audit: op="connection-activate" uuid="41d2e76d-a4c4-4f56-bd6a-58ad795af332" name="WorkVPN" pid=1017 uid=1000 result="success"
    Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9371] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: Started the VPN service, PID 3759
    Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9477] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: Saw the service appear; activating connection
    Nov 28 17:24:01 T460 nm-l2tp-service[3759]: Check port 1701
    Nov 28 17:24:01 T460 NetworkManager[667]: Stopping strongSwan IPsec failed: starter is not running
    Nov 28 17:24:03 T460 NetworkManager[667]: Starting strongSwan 5.5.1 IPsec [starter]...
    Nov 28 17:24:03 T460 NetworkManager[667]: Loading config setup
    Nov 28 17:24:03 T460 NetworkManager[667]: Loading conn '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
    Nov 28 17:24:03 T460 NetworkManager[667]: found netkey IPsec stack
    Nov 28 17:24:03 T460 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 4.14.2-041402-generic, x86_64)
    Nov 28 17:24:03 T460 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
    Nov 28 17:24:03 T460 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
    Nov 28 17:24:03 T460 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
    Nov 28 17:24:03 T460 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
    Nov 28 17:24:03 T460 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
    Nov 28 17:24:03 T460 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
    Nov 28 17:24:03 T460 charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-41d2e76d-a4c4-4f56-bd6a-58ad795af332.secrets'
    Nov 28 17:24:03 T460 charon: 00[CFG] loaded IKE secret for %any
    Nov 28 17:24:03 T460 charon: 00[LIB] loaded plugins: charon test-vectors aesni aes rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac ccm gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic
    Nov 28 17:24:03 T460 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
    Nov 28 17:24:03 T460 charon: 00[JOB] spawning 16 worker threads
    Nov 28 17:24:03 T460 charon: 05[CFG] received stroke: add connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
    Nov 28 17:24:03 T460 charon: 05[CFG] added configuration '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
    Nov 28 17:24:04 T460 charon: 07[CFG] rereading secrets
    Nov 28 17:24:04 T460 charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
    Nov 28 17:24:04 T460 charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-41d2e76d-a4c4-4f56-bd6a-58ad795af332.secrets'
    Nov 28 17:24:04 T460 charon: 07[CFG] loaded IKE secret for %any
    Nov 28 17:24:04 T460 charon: 10[CFG] received stroke: initiate '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
    Nov 28 17:24:04 T460 charon: 11[IKE] initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
    Nov 28 17:24:04 T460 charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
    Nov 28 17:24:04 T460 charon: 11[NET] sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
    Nov 28 17:24:08 T460 charon: 12[IKE] sending retransmit 1 of request message ID 0, seq 1
    Nov 28 17:24:08 T460 charon: 12[NET] sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
    Nov 28 17:24:14 T460 NetworkManager[667]: Stopping strongSwan IPsec...
    Nov 28 17:24:14 T460 charon: 00[DMN] signal of type SIGINT received. Shutting down
    Nov 28 17:24:14 T460 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
    Nov 28 17:24:14 T460 NetworkManager[667]: initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
    Nov 28 17:24:14 T460 NetworkManager[667]: generating ID_PROT request 0 [ SA V V V V V ]
    Nov 28 17:24:14 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
    Nov 28 17:24:14 T460 NetworkManager[667]: sending retransmit 1 of request message ID 0, seq 1
    Nov 28 17:24:14 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
    Nov 28 17:24:14 T460 NetworkManager[667]: destroying IKE_SA in state CONNECTING without notification
    Nov 28 17:24:14 T460 NetworkManager[667]: establishing connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332' failed
    Nov 28 17:24:14 T460 nm-l2tp-service[3759]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
    Nov 28 17:24:14 T460 NetworkManager[667]: <info> [1511889854.5718] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN plugin: state changed: stopped (6)
    Nov 28 17:24:14 T460 NetworkManager[667]: <info> [1511889854.5779] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN service disappeared
    Nov 28 17:24:14 T460 NetworkManager[667]: <warn> [1511889854.5803] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'


    EDIT:



    Here's the debug info output:



    van@z97:/opt/testing$ sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
    nm-l2tp[24282] <debug> nm-l2tp-service (version 1.2.8) starting...
    nm-l2tp[24282] <debug> uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
    nm-l2tp[24282] <info> ipsec enable flag: yes
    ** Message: Check port 1701
    ** Message: Can't bind to port 1701
    nm-l2tp[24282] <warn> L2TP port 1701 is busy, using ephemeral.
    connection
    id : "Work" (s)
    uuid : "71468d41-cd5a-4c91-a70a-c6bc7e1db86a" (s)
    interface-name : NULL (sd)
    type : "vpn" (s)
    permissions : ["user:van:"] (s)
    autoconnect : TRUE (sd)
    autoconnect-priority : 0 (sd)
    autoconnect-retries : -1 (sd)
    timestamp : 0 (sd)
    read-only : FALSE (sd)
    zone : NULL (sd)
    master : NULL (sd)
    slave-type : NULL (sd)
    autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
    secondaries : NULL (sd)
    gateway-ping-timeout : 0 (sd)
    metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
    lldp : -1 (sd)
    stable-id : NULL (sd)


    ipv6
    method : "auto" (s)
    dns : (s)
    dns-search : (s)
    dns-options : NULL (sd)
    dns-priority : 0 (sd)
    addresses : ((GPtrArray*) 0x5645b3895ae0) (s)
    gateway : NULL (sd)
    routes : ((GPtrArray*) 0x5645b3895ae0) (s)
    route-metric : -1 (sd)
    ignore-auto-routes : FALSE (sd)
    ignore-auto-dns : FALSE (sd)
    dhcp-hostname : NULL (sd)
    dhcp-send-hostname : TRUE (sd)
    never-default : FALSE (sd)
    may-fail : TRUE (sd)
    dad-timeout : -1 (sd)
    dhcp-timeout : 0 (sd)
    ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
    addr-gen-mode : 1 (sd)
    token : NULL (sd)


    proxy
    method : 0 (sd)
    browser-only : FALSE (sd)
    pac-url : NULL (sd)
    pac-script : NULL (sd)


    vpn
    service-type : "org.freedesktop.NetworkManager.l2tp" (s)
    user-name : "van" (s)
    persistent : FALSE (sd)
    data : ((GHashTable*) 0x7fef54006de0) (s)
    secrets : ((GHashTable*) 0x7fef54006cc0) (s)
    timeout : 0 (sd)


    ipv4
    method : "auto" (s)
    dns : (s)
    dns-search : (s)
    dns-options : NULL (sd)
    dns-priority : 0 (sd)
    addresses : ((GPtrArray*) 0x5645b38957a0) (s)
    gateway : NULL (sd)
    routes : ((GPtrArray*) 0x5645b3895a00) (s)
    route-metric : -1 (sd)
    ignore-auto-routes : FALSE (sd)
    ignore-auto-dns : FALSE (sd)
    dhcp-hostname : NULL (sd)
    dhcp-send-hostname : TRUE (sd)
    never-default : FALSE (sd)
    may-fail : TRUE (sd)
    dad-timeout : -1 (sd)
    dhcp-timeout : 0 (sd)
    dhcp-client-id : NULL (sd)
    dhcp-fqdn : NULL (sd)


    nm-l2tp[24282] <info> starting ipsec
    Stopping strongSwan IPsec failed: starter is not running
    Starting strongSwan 5.5.1 IPsec [starter]...
    Loading config setup
    Loading conn '71468d41-cd5a-4c91-a70a-c6bc7e1db86a'
    found netkey IPsec stack
    nm-l2tp[24282] <info> Spawned ipsec up script with PID 24345.
    initiating Main Mode IKE_SA 71468d41-cd5a-4c91-a70a-c6bc7e1db86a[1] to xxx.xxx.xxx.xxx
    generating ID_PROT request 0 [ SA V V V V V ]
    sending packet: from 192.168.0.2[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
    sending retransmit 1 of request message ID 0, seq 1
    sending packet: from 192.168.0.2[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
    nm-l2tp[24282] <warn> Timeout trying to establish IPsec connection
    nm-l2tp[24282] <info> Terminating ipsec script with PID 24345.
    Stopping strongSwan IPsec...
    destroying IKE_SA in state CONNECTING without notification
    establishing connection '71468d41-cd5a-4c91-a70a-c6bc7e1db86a' failed
    nm-l2tp[24282] <warn> Could not establish IPsec tunnel.

    (nm-l2tp-service:24282): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed









    share|improve this question


























      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      I'm trying to connect to the corporate VPN from Kubuntu 17.10. I have network-manager-l2tp installed (version 1.2.8). The output I'm getting:



      Nov 28 17:20:48 T460 NetworkManager[667]: initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
      Nov 28 17:20:48 T460 NetworkManager[667]: generating ID_PROT request 0 [ SA V V V V V ]
      Nov 28 17:20:48 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      Nov 28 17:20:48 T460 NetworkManager[667]: sending retransmit 1 of request message ID 0, seq 1
      Nov 28 17:20:48 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      Nov 28 17:20:48 T460 NetworkManager[667]: destroying IKE_SA in state CONNECTING without notification
      Nov 28 17:20:48 T460 NetworkManager[667]: establishing connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332' failed
      Nov 28 17:20:48 T460 nm-l2tp-service[3673]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
      Nov 28 17:20:48 T460 NetworkManager[667]: <info> [1511889648.3131] vpn-connection[0x55fe5d8fe2f0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN service disappeared
      Nov 28 17:20:48 T460 NetworkManager[667]: <warn> [1511889648.3161] vpn-connection[0x55fe5d8fe2f0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
      Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9310] audit: op="connection-activate" uuid="41d2e76d-a4c4-4f56-bd6a-58ad795af332" name="WorkVPN" pid=1017 uid=1000 result="success"
      Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9371] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: Started the VPN service, PID 3759
      Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9477] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: Saw the service appear; activating connection
      Nov 28 17:24:01 T460 nm-l2tp-service[3759]: Check port 1701
      Nov 28 17:24:01 T460 NetworkManager[667]: Stopping strongSwan IPsec failed: starter is not running
      Nov 28 17:24:03 T460 NetworkManager[667]: Starting strongSwan 5.5.1 IPsec [starter]...
      Nov 28 17:24:03 T460 NetworkManager[667]: Loading config setup
      Nov 28 17:24:03 T460 NetworkManager[667]: Loading conn '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
      Nov 28 17:24:03 T460 NetworkManager[667]: found netkey IPsec stack
      Nov 28 17:24:03 T460 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 4.14.2-041402-generic, x86_64)
      Nov 28 17:24:03 T460 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
      Nov 28 17:24:03 T460 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
      Nov 28 17:24:03 T460 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
      Nov 28 17:24:03 T460 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
      Nov 28 17:24:03 T460 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
      Nov 28 17:24:03 T460 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
      Nov 28 17:24:03 T460 charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-41d2e76d-a4c4-4f56-bd6a-58ad795af332.secrets'
      Nov 28 17:24:03 T460 charon: 00[CFG] loaded IKE secret for %any
      Nov 28 17:24:03 T460 charon: 00[LIB] loaded plugins: charon test-vectors aesni aes rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac ccm gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic
      Nov 28 17:24:03 T460 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
      Nov 28 17:24:03 T460 charon: 00[JOB] spawning 16 worker threads
      Nov 28 17:24:03 T460 charon: 05[CFG] received stroke: add connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
      Nov 28 17:24:03 T460 charon: 05[CFG] added configuration '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
      Nov 28 17:24:04 T460 charon: 07[CFG] rereading secrets
      Nov 28 17:24:04 T460 charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
      Nov 28 17:24:04 T460 charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-41d2e76d-a4c4-4f56-bd6a-58ad795af332.secrets'
      Nov 28 17:24:04 T460 charon: 07[CFG] loaded IKE secret for %any
      Nov 28 17:24:04 T460 charon: 10[CFG] received stroke: initiate '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
      Nov 28 17:24:04 T460 charon: 11[IKE] initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
      Nov 28 17:24:04 T460 charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
      Nov 28 17:24:04 T460 charon: 11[NET] sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      Nov 28 17:24:08 T460 charon: 12[IKE] sending retransmit 1 of request message ID 0, seq 1
      Nov 28 17:24:08 T460 charon: 12[NET] sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      Nov 28 17:24:14 T460 NetworkManager[667]: Stopping strongSwan IPsec...
      Nov 28 17:24:14 T460 charon: 00[DMN] signal of type SIGINT received. Shutting down
      Nov 28 17:24:14 T460 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
      Nov 28 17:24:14 T460 NetworkManager[667]: initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
      Nov 28 17:24:14 T460 NetworkManager[667]: generating ID_PROT request 0 [ SA V V V V V ]
      Nov 28 17:24:14 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      Nov 28 17:24:14 T460 NetworkManager[667]: sending retransmit 1 of request message ID 0, seq 1
      Nov 28 17:24:14 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      Nov 28 17:24:14 T460 NetworkManager[667]: destroying IKE_SA in state CONNECTING without notification
      Nov 28 17:24:14 T460 NetworkManager[667]: establishing connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332' failed
      Nov 28 17:24:14 T460 nm-l2tp-service[3759]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
      Nov 28 17:24:14 T460 NetworkManager[667]: <info> [1511889854.5718] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN plugin: state changed: stopped (6)
      Nov 28 17:24:14 T460 NetworkManager[667]: <info> [1511889854.5779] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN service disappeared
      Nov 28 17:24:14 T460 NetworkManager[667]: <warn> [1511889854.5803] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'


      EDIT:



      Here's the debug info output:



      van@z97:/opt/testing$ sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
      nm-l2tp[24282] <debug> nm-l2tp-service (version 1.2.8) starting...
      nm-l2tp[24282] <debug> uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
      nm-l2tp[24282] <info> ipsec enable flag: yes
      ** Message: Check port 1701
      ** Message: Can't bind to port 1701
      nm-l2tp[24282] <warn> L2TP port 1701 is busy, using ephemeral.
      connection
      id : "Work" (s)
      uuid : "71468d41-cd5a-4c91-a70a-c6bc7e1db86a" (s)
      interface-name : NULL (sd)
      type : "vpn" (s)
      permissions : ["user:van:"] (s)
      autoconnect : TRUE (sd)
      autoconnect-priority : 0 (sd)
      autoconnect-retries : -1 (sd)
      timestamp : 0 (sd)
      read-only : FALSE (sd)
      zone : NULL (sd)
      master : NULL (sd)
      slave-type : NULL (sd)
      autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
      secondaries : NULL (sd)
      gateway-ping-timeout : 0 (sd)
      metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
      lldp : -1 (sd)
      stable-id : NULL (sd)


      ipv6
      method : "auto" (s)
      dns : (s)
      dns-search : (s)
      dns-options : NULL (sd)
      dns-priority : 0 (sd)
      addresses : ((GPtrArray*) 0x5645b3895ae0) (s)
      gateway : NULL (sd)
      routes : ((GPtrArray*) 0x5645b3895ae0) (s)
      route-metric : -1 (sd)
      ignore-auto-routes : FALSE (sd)
      ignore-auto-dns : FALSE (sd)
      dhcp-hostname : NULL (sd)
      dhcp-send-hostname : TRUE (sd)
      never-default : FALSE (sd)
      may-fail : TRUE (sd)
      dad-timeout : -1 (sd)
      dhcp-timeout : 0 (sd)
      ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
      addr-gen-mode : 1 (sd)
      token : NULL (sd)


      proxy
      method : 0 (sd)
      browser-only : FALSE (sd)
      pac-url : NULL (sd)
      pac-script : NULL (sd)


      vpn
      service-type : "org.freedesktop.NetworkManager.l2tp" (s)
      user-name : "van" (s)
      persistent : FALSE (sd)
      data : ((GHashTable*) 0x7fef54006de0) (s)
      secrets : ((GHashTable*) 0x7fef54006cc0) (s)
      timeout : 0 (sd)


      ipv4
      method : "auto" (s)
      dns : (s)
      dns-search : (s)
      dns-options : NULL (sd)
      dns-priority : 0 (sd)
      addresses : ((GPtrArray*) 0x5645b38957a0) (s)
      gateway : NULL (sd)
      routes : ((GPtrArray*) 0x5645b3895a00) (s)
      route-metric : -1 (sd)
      ignore-auto-routes : FALSE (sd)
      ignore-auto-dns : FALSE (sd)
      dhcp-hostname : NULL (sd)
      dhcp-send-hostname : TRUE (sd)
      never-default : FALSE (sd)
      may-fail : TRUE (sd)
      dad-timeout : -1 (sd)
      dhcp-timeout : 0 (sd)
      dhcp-client-id : NULL (sd)
      dhcp-fqdn : NULL (sd)


      nm-l2tp[24282] <info> starting ipsec
      Stopping strongSwan IPsec failed: starter is not running
      Starting strongSwan 5.5.1 IPsec [starter]...
      Loading config setup
      Loading conn '71468d41-cd5a-4c91-a70a-c6bc7e1db86a'
      found netkey IPsec stack
      nm-l2tp[24282] <info> Spawned ipsec up script with PID 24345.
      initiating Main Mode IKE_SA 71468d41-cd5a-4c91-a70a-c6bc7e1db86a[1] to xxx.xxx.xxx.xxx
      generating ID_PROT request 0 [ SA V V V V V ]
      sending packet: from 192.168.0.2[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      sending retransmit 1 of request message ID 0, seq 1
      sending packet: from 192.168.0.2[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      nm-l2tp[24282] <warn> Timeout trying to establish IPsec connection
      nm-l2tp[24282] <info> Terminating ipsec script with PID 24345.
      Stopping strongSwan IPsec...
      destroying IKE_SA in state CONNECTING without notification
      establishing connection '71468d41-cd5a-4c91-a70a-c6bc7e1db86a' failed
      nm-l2tp[24282] <warn> Could not establish IPsec tunnel.

      (nm-l2tp-service:24282): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed









      share|improve this question















      I'm trying to connect to the corporate VPN from Kubuntu 17.10. I have network-manager-l2tp installed (version 1.2.8). The output I'm getting:



      Nov 28 17:20:48 T460 NetworkManager[667]: initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
      Nov 28 17:20:48 T460 NetworkManager[667]: generating ID_PROT request 0 [ SA V V V V V ]
      Nov 28 17:20:48 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      Nov 28 17:20:48 T460 NetworkManager[667]: sending retransmit 1 of request message ID 0, seq 1
      Nov 28 17:20:48 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      Nov 28 17:20:48 T460 NetworkManager[667]: destroying IKE_SA in state CONNECTING without notification
      Nov 28 17:20:48 T460 NetworkManager[667]: establishing connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332' failed
      Nov 28 17:20:48 T460 nm-l2tp-service[3673]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
      Nov 28 17:20:48 T460 NetworkManager[667]: <info> [1511889648.3131] vpn-connection[0x55fe5d8fe2f0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN service disappeared
      Nov 28 17:20:48 T460 NetworkManager[667]: <warn> [1511889648.3161] vpn-connection[0x55fe5d8fe2f0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
      Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9310] audit: op="connection-activate" uuid="41d2e76d-a4c4-4f56-bd6a-58ad795af332" name="WorkVPN" pid=1017 uid=1000 result="success"
      Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9371] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: Started the VPN service, PID 3759
      Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9477] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: Saw the service appear; activating connection
      Nov 28 17:24:01 T460 nm-l2tp-service[3759]: Check port 1701
      Nov 28 17:24:01 T460 NetworkManager[667]: Stopping strongSwan IPsec failed: starter is not running
      Nov 28 17:24:03 T460 NetworkManager[667]: Starting strongSwan 5.5.1 IPsec [starter]...
      Nov 28 17:24:03 T460 NetworkManager[667]: Loading config setup
      Nov 28 17:24:03 T460 NetworkManager[667]: Loading conn '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
      Nov 28 17:24:03 T460 NetworkManager[667]: found netkey IPsec stack
      Nov 28 17:24:03 T460 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 4.14.2-041402-generic, x86_64)
      Nov 28 17:24:03 T460 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
      Nov 28 17:24:03 T460 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
      Nov 28 17:24:03 T460 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
      Nov 28 17:24:03 T460 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
      Nov 28 17:24:03 T460 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
      Nov 28 17:24:03 T460 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
      Nov 28 17:24:03 T460 charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-41d2e76d-a4c4-4f56-bd6a-58ad795af332.secrets'
      Nov 28 17:24:03 T460 charon: 00[CFG] loaded IKE secret for %any
      Nov 28 17:24:03 T460 charon: 00[LIB] loaded plugins: charon test-vectors aesni aes rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac ccm gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic
      Nov 28 17:24:03 T460 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
      Nov 28 17:24:03 T460 charon: 00[JOB] spawning 16 worker threads
      Nov 28 17:24:03 T460 charon: 05[CFG] received stroke: add connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
      Nov 28 17:24:03 T460 charon: 05[CFG] added configuration '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
      Nov 28 17:24:04 T460 charon: 07[CFG] rereading secrets
      Nov 28 17:24:04 T460 charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
      Nov 28 17:24:04 T460 charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-41d2e76d-a4c4-4f56-bd6a-58ad795af332.secrets'
      Nov 28 17:24:04 T460 charon: 07[CFG] loaded IKE secret for %any
      Nov 28 17:24:04 T460 charon: 10[CFG] received stroke: initiate '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
      Nov 28 17:24:04 T460 charon: 11[IKE] initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
      Nov 28 17:24:04 T460 charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
      Nov 28 17:24:04 T460 charon: 11[NET] sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      Nov 28 17:24:08 T460 charon: 12[IKE] sending retransmit 1 of request message ID 0, seq 1
      Nov 28 17:24:08 T460 charon: 12[NET] sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      Nov 28 17:24:14 T460 NetworkManager[667]: Stopping strongSwan IPsec...
      Nov 28 17:24:14 T460 charon: 00[DMN] signal of type SIGINT received. Shutting down
      Nov 28 17:24:14 T460 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
      Nov 28 17:24:14 T460 NetworkManager[667]: initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
      Nov 28 17:24:14 T460 NetworkManager[667]: generating ID_PROT request 0 [ SA V V V V V ]
      Nov 28 17:24:14 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      Nov 28 17:24:14 T460 NetworkManager[667]: sending retransmit 1 of request message ID 0, seq 1
      Nov 28 17:24:14 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      Nov 28 17:24:14 T460 NetworkManager[667]: destroying IKE_SA in state CONNECTING without notification
      Nov 28 17:24:14 T460 NetworkManager[667]: establishing connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332' failed
      Nov 28 17:24:14 T460 nm-l2tp-service[3759]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
      Nov 28 17:24:14 T460 NetworkManager[667]: <info> [1511889854.5718] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN plugin: state changed: stopped (6)
      Nov 28 17:24:14 T460 NetworkManager[667]: <info> [1511889854.5779] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN service disappeared
      Nov 28 17:24:14 T460 NetworkManager[667]: <warn> [1511889854.5803] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'


      EDIT:



      Here's the debug info output:



      van@z97:/opt/testing$ sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
      nm-l2tp[24282] <debug> nm-l2tp-service (version 1.2.8) starting...
      nm-l2tp[24282] <debug> uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
      nm-l2tp[24282] <info> ipsec enable flag: yes
      ** Message: Check port 1701
      ** Message: Can't bind to port 1701
      nm-l2tp[24282] <warn> L2TP port 1701 is busy, using ephemeral.
      connection
      id : "Work" (s)
      uuid : "71468d41-cd5a-4c91-a70a-c6bc7e1db86a" (s)
      interface-name : NULL (sd)
      type : "vpn" (s)
      permissions : ["user:van:"] (s)
      autoconnect : TRUE (sd)
      autoconnect-priority : 0 (sd)
      autoconnect-retries : -1 (sd)
      timestamp : 0 (sd)
      read-only : FALSE (sd)
      zone : NULL (sd)
      master : NULL (sd)
      slave-type : NULL (sd)
      autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
      secondaries : NULL (sd)
      gateway-ping-timeout : 0 (sd)
      metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
      lldp : -1 (sd)
      stable-id : NULL (sd)


      ipv6
      method : "auto" (s)
      dns : (s)
      dns-search : (s)
      dns-options : NULL (sd)
      dns-priority : 0 (sd)
      addresses : ((GPtrArray*) 0x5645b3895ae0) (s)
      gateway : NULL (sd)
      routes : ((GPtrArray*) 0x5645b3895ae0) (s)
      route-metric : -1 (sd)
      ignore-auto-routes : FALSE (sd)
      ignore-auto-dns : FALSE (sd)
      dhcp-hostname : NULL (sd)
      dhcp-send-hostname : TRUE (sd)
      never-default : FALSE (sd)
      may-fail : TRUE (sd)
      dad-timeout : -1 (sd)
      dhcp-timeout : 0 (sd)
      ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
      addr-gen-mode : 1 (sd)
      token : NULL (sd)


      proxy
      method : 0 (sd)
      browser-only : FALSE (sd)
      pac-url : NULL (sd)
      pac-script : NULL (sd)


      vpn
      service-type : "org.freedesktop.NetworkManager.l2tp" (s)
      user-name : "van" (s)
      persistent : FALSE (sd)
      data : ((GHashTable*) 0x7fef54006de0) (s)
      secrets : ((GHashTable*) 0x7fef54006cc0) (s)
      timeout : 0 (sd)


      ipv4
      method : "auto" (s)
      dns : (s)
      dns-search : (s)
      dns-options : NULL (sd)
      dns-priority : 0 (sd)
      addresses : ((GPtrArray*) 0x5645b38957a0) (s)
      gateway : NULL (sd)
      routes : ((GPtrArray*) 0x5645b3895a00) (s)
      route-metric : -1 (sd)
      ignore-auto-routes : FALSE (sd)
      ignore-auto-dns : FALSE (sd)
      dhcp-hostname : NULL (sd)
      dhcp-send-hostname : TRUE (sd)
      never-default : FALSE (sd)
      may-fail : TRUE (sd)
      dad-timeout : -1 (sd)
      dhcp-timeout : 0 (sd)
      dhcp-client-id : NULL (sd)
      dhcp-fqdn : NULL (sd)


      nm-l2tp[24282] <info> starting ipsec
      Stopping strongSwan IPsec failed: starter is not running
      Starting strongSwan 5.5.1 IPsec [starter]...
      Loading config setup
      Loading conn '71468d41-cd5a-4c91-a70a-c6bc7e1db86a'
      found netkey IPsec stack
      nm-l2tp[24282] <info> Spawned ipsec up script with PID 24345.
      initiating Main Mode IKE_SA 71468d41-cd5a-4c91-a70a-c6bc7e1db86a[1] to xxx.xxx.xxx.xxx
      generating ID_PROT request 0 [ SA V V V V V ]
      sending packet: from 192.168.0.2[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      sending retransmit 1 of request message ID 0, seq 1
      sending packet: from 192.168.0.2[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
      nm-l2tp[24282] <warn> Timeout trying to establish IPsec connection
      nm-l2tp[24282] <info> Terminating ipsec script with PID 24345.
      Stopping strongSwan IPsec...
      destroying IKE_SA in state CONNECTING without notification
      establishing connection '71468d41-cd5a-4c91-a70a-c6bc7e1db86a' failed
      nm-l2tp[24282] <warn> Could not establish IPsec tunnel.

      (nm-l2tp-service:24282): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed






      kubuntu vpn 17.10 ipsec






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 28 '17 at 20:46

























      asked Nov 28 '17 at 17:31









      Vanessa Deagan

      523413




      523413






















          3 Answers
          3






          active

          oldest

          votes

















          up vote
          3
          down vote



          accepted










          After spending a few hours digging around, I found out what the problem is, and the solution.



          The problem:




          1. Linux no longer supports the 3DES cipher, but many appliances still use it.

          2. Kubuntu 17.10 is missing phase1 and phase2 algorithm entry fields under IPSec Settings (this is a known bug), which are needed to setup an L2TP/IPSec connection to use 3DES.


          The solution:




          1. Install the latest version of KDE Plasma from the "backports" PPA.

          2. Reboot, then create a new L2TP/IPSec VPN connection - phase1 and phase2 algorithm entry fields should now be present.

          3. For the Phase1 Algorithm, enter: 3des-sha1-modp1024!

          4. For the Phase2 Algorithm, enter: 3des-sha1!


          From memory, I did the following:



          sudo add-apt-repository ppa:kubuntu-ppa/backports
          sudo apt update && sudo apt upgrade
          sudo reboot
          sudo apt install network-manager-l2tp-gnome
          sudo apt install strongswan
          sudo apt install libstrongswan-extra-plugins
          sudo apt install libcharon-extra-plugins


          Reboot, then add L2TP/IPSec as normal. You should now see the Phase1 and Phase2 algorithm textboxes as show in the attached image.



          enter image description here



          It's important to note that the above steps will not work if you have installed the latest Linux kernel (4.14 or higher, I believe), so it is highly likely that this workaround to get L2TP/IPSec working with the 3DES cipher will not work when the up and coming *Ubuntu 18.04 LTS is released.






          share|improve this answer























          • I'am use 16.04. I try your recommendations but still missing phase1 and phase2 algorithm entry fields. Can you give me your config from /etc/NetworkManager/system-connections/ ?
            – Yura Shinkarev
            Sep 10 at 15:08










          • @YuraShinkarev - In my [vpn] section I have: ipsec-esp=3des-sha1 and ipsec-ike=3des-sha1-modp1024
            – Vanessa Deagan
            Sep 11 at 20:41


















          up vote
          2
          down vote













          I know that this question was in regards to getting L2TP/IPSec working on Kubuntu 17.10. However, 18.04 is out now, and here's how I get L2TP/IPSec working on Kubuntu 18.04:




          1. $ sudo apt install network-manager-l2tp

          2. $ sudo stop xl2tpd.service

          3. $ sudo systemctl disable xl2tpd.service


          Messing around with backports is not longer required as the Phase1 algorithms and Phase2 algorithms text-inputs are now included in the default Network Manager.






          share|improve this answer




























            up vote
            1
            down vote













            The kernel 4.14 bug is related to the following commit :




            • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/net/xfrm?h=v4.14.8&id=c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e


            That kernel 4.14 commit breaks IPsec transportation mode when a wildcard address is used on the client side as is the case with network-manager-l2tp. The commit was reverted in kernel-4.15-rc1 :




            • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/xfrm?h=v4.15-rc1&id=94802151894d482e82c324edf2c658f8e6b96508


            Unfortunately the reversion commit reintroduces a stack out-of-bounds bug. We might need to wait for the kernel 4.14 branch to get a fix after kernel 4.15 is released. More details in this netdev linux kernel mailing list thread :




            • https://patchwork.ozlabs.org/patch/838470/






            share|improve this answer























              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "89"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f981165%2fl2tp-ipsec-failing-to-connect-kubuntu-17-10%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              3 Answers
              3






              active

              oldest

              votes








              3 Answers
              3






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes








              up vote
              3
              down vote



              accepted










              After spending a few hours digging around, I found out what the problem is, and the solution.



              The problem:




              1. Linux no longer supports the 3DES cipher, but many appliances still use it.

              2. Kubuntu 17.10 is missing phase1 and phase2 algorithm entry fields under IPSec Settings (this is a known bug), which are needed to setup an L2TP/IPSec connection to use 3DES.


              The solution:




              1. Install the latest version of KDE Plasma from the "backports" PPA.

              2. Reboot, then create a new L2TP/IPSec VPN connection - phase1 and phase2 algorithm entry fields should now be present.

              3. For the Phase1 Algorithm, enter: 3des-sha1-modp1024!

              4. For the Phase2 Algorithm, enter: 3des-sha1!


              From memory, I did the following:



              sudo add-apt-repository ppa:kubuntu-ppa/backports
              sudo apt update && sudo apt upgrade
              sudo reboot
              sudo apt install network-manager-l2tp-gnome
              sudo apt install strongswan
              sudo apt install libstrongswan-extra-plugins
              sudo apt install libcharon-extra-plugins


              Reboot, then add L2TP/IPSec as normal. You should now see the Phase1 and Phase2 algorithm textboxes as show in the attached image.



              enter image description here



              It's important to note that the above steps will not work if you have installed the latest Linux kernel (4.14 or higher, I believe), so it is highly likely that this workaround to get L2TP/IPSec working with the 3DES cipher will not work when the up and coming *Ubuntu 18.04 LTS is released.






              share|improve this answer























              • I'am use 16.04. I try your recommendations but still missing phase1 and phase2 algorithm entry fields. Can you give me your config from /etc/NetworkManager/system-connections/ ?
                – Yura Shinkarev
                Sep 10 at 15:08










              • @YuraShinkarev - In my [vpn] section I have: ipsec-esp=3des-sha1 and ipsec-ike=3des-sha1-modp1024
                – Vanessa Deagan
                Sep 11 at 20:41















              up vote
              3
              down vote



              accepted










              After spending a few hours digging around, I found out what the problem is, and the solution.



              The problem:




              1. Linux no longer supports the 3DES cipher, but many appliances still use it.

              2. Kubuntu 17.10 is missing phase1 and phase2 algorithm entry fields under IPSec Settings (this is a known bug), which are needed to setup an L2TP/IPSec connection to use 3DES.


              The solution:




              1. Install the latest version of KDE Plasma from the "backports" PPA.

              2. Reboot, then create a new L2TP/IPSec VPN connection - phase1 and phase2 algorithm entry fields should now be present.

              3. For the Phase1 Algorithm, enter: 3des-sha1-modp1024!

              4. For the Phase2 Algorithm, enter: 3des-sha1!


              From memory, I did the following:



              sudo add-apt-repository ppa:kubuntu-ppa/backports
              sudo apt update && sudo apt upgrade
              sudo reboot
              sudo apt install network-manager-l2tp-gnome
              sudo apt install strongswan
              sudo apt install libstrongswan-extra-plugins
              sudo apt install libcharon-extra-plugins


              Reboot, then add L2TP/IPSec as normal. You should now see the Phase1 and Phase2 algorithm textboxes as show in the attached image.



              enter image description here



              It's important to note that the above steps will not work if you have installed the latest Linux kernel (4.14 or higher, I believe), so it is highly likely that this workaround to get L2TP/IPSec working with the 3DES cipher will not work when the up and coming *Ubuntu 18.04 LTS is released.






              share|improve this answer























              • I'am use 16.04. I try your recommendations but still missing phase1 and phase2 algorithm entry fields. Can you give me your config from /etc/NetworkManager/system-connections/ ?
                – Yura Shinkarev
                Sep 10 at 15:08










              • @YuraShinkarev - In my [vpn] section I have: ipsec-esp=3des-sha1 and ipsec-ike=3des-sha1-modp1024
                – Vanessa Deagan
                Sep 11 at 20:41













              up vote
              3
              down vote



              accepted







              up vote
              3
              down vote



              accepted






              After spending a few hours digging around, I found out what the problem is, and the solution.



              The problem:




              1. Linux no longer supports the 3DES cipher, but many appliances still use it.

              2. Kubuntu 17.10 is missing phase1 and phase2 algorithm entry fields under IPSec Settings (this is a known bug), which are needed to setup an L2TP/IPSec connection to use 3DES.


              The solution:




              1. Install the latest version of KDE Plasma from the "backports" PPA.

              2. Reboot, then create a new L2TP/IPSec VPN connection - phase1 and phase2 algorithm entry fields should now be present.

              3. For the Phase1 Algorithm, enter: 3des-sha1-modp1024!

              4. For the Phase2 Algorithm, enter: 3des-sha1!


              From memory, I did the following:



              sudo add-apt-repository ppa:kubuntu-ppa/backports
              sudo apt update && sudo apt upgrade
              sudo reboot
              sudo apt install network-manager-l2tp-gnome
              sudo apt install strongswan
              sudo apt install libstrongswan-extra-plugins
              sudo apt install libcharon-extra-plugins


              Reboot, then add L2TP/IPSec as normal. You should now see the Phase1 and Phase2 algorithm textboxes as show in the attached image.



              enter image description here



              It's important to note that the above steps will not work if you have installed the latest Linux kernel (4.14 or higher, I believe), so it is highly likely that this workaround to get L2TP/IPSec working with the 3DES cipher will not work when the up and coming *Ubuntu 18.04 LTS is released.






              share|improve this answer














              After spending a few hours digging around, I found out what the problem is, and the solution.



              The problem:




              1. Linux no longer supports the 3DES cipher, but many appliances still use it.

              2. Kubuntu 17.10 is missing phase1 and phase2 algorithm entry fields under IPSec Settings (this is a known bug), which are needed to setup an L2TP/IPSec connection to use 3DES.


              The solution:




              1. Install the latest version of KDE Plasma from the "backports" PPA.

              2. Reboot, then create a new L2TP/IPSec VPN connection - phase1 and phase2 algorithm entry fields should now be present.

              3. For the Phase1 Algorithm, enter: 3des-sha1-modp1024!

              4. For the Phase2 Algorithm, enter: 3des-sha1!


              From memory, I did the following:



              sudo add-apt-repository ppa:kubuntu-ppa/backports
              sudo apt update && sudo apt upgrade
              sudo reboot
              sudo apt install network-manager-l2tp-gnome
              sudo apt install strongswan
              sudo apt install libstrongswan-extra-plugins
              sudo apt install libcharon-extra-plugins


              Reboot, then add L2TP/IPSec as normal. You should now see the Phase1 and Phase2 algorithm textboxes as show in the attached image.



              enter image description here



              It's important to note that the above steps will not work if you have installed the latest Linux kernel (4.14 or higher, I believe), so it is highly likely that this workaround to get L2TP/IPSec working with the 3DES cipher will not work when the up and coming *Ubuntu 18.04 LTS is released.







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Dec 4 at 21:15









              Vitalii Borisov

              32




              32










              answered Dec 4 '17 at 14:12









              Vanessa Deagan

              523413




              523413












              • I'am use 16.04. I try your recommendations but still missing phase1 and phase2 algorithm entry fields. Can you give me your config from /etc/NetworkManager/system-connections/ ?
                – Yura Shinkarev
                Sep 10 at 15:08










              • @YuraShinkarev - In my [vpn] section I have: ipsec-esp=3des-sha1 and ipsec-ike=3des-sha1-modp1024
                – Vanessa Deagan
                Sep 11 at 20:41


















              • I'am use 16.04. I try your recommendations but still missing phase1 and phase2 algorithm entry fields. Can you give me your config from /etc/NetworkManager/system-connections/ ?
                – Yura Shinkarev
                Sep 10 at 15:08










              • @YuraShinkarev - In my [vpn] section I have: ipsec-esp=3des-sha1 and ipsec-ike=3des-sha1-modp1024
                – Vanessa Deagan
                Sep 11 at 20:41
















              I'am use 16.04. I try your recommendations but still missing phase1 and phase2 algorithm entry fields. Can you give me your config from /etc/NetworkManager/system-connections/ ?
              – Yura Shinkarev
              Sep 10 at 15:08




              I'am use 16.04. I try your recommendations but still missing phase1 and phase2 algorithm entry fields. Can you give me your config from /etc/NetworkManager/system-connections/ ?
              – Yura Shinkarev
              Sep 10 at 15:08












              @YuraShinkarev - In my [vpn] section I have: ipsec-esp=3des-sha1 and ipsec-ike=3des-sha1-modp1024
              – Vanessa Deagan
              Sep 11 at 20:41




              @YuraShinkarev - In my [vpn] section I have: ipsec-esp=3des-sha1 and ipsec-ike=3des-sha1-modp1024
              – Vanessa Deagan
              Sep 11 at 20:41












              up vote
              2
              down vote













              I know that this question was in regards to getting L2TP/IPSec working on Kubuntu 17.10. However, 18.04 is out now, and here's how I get L2TP/IPSec working on Kubuntu 18.04:




              1. $ sudo apt install network-manager-l2tp

              2. $ sudo stop xl2tpd.service

              3. $ sudo systemctl disable xl2tpd.service


              Messing around with backports is not longer required as the Phase1 algorithms and Phase2 algorithms text-inputs are now included in the default Network Manager.






              share|improve this answer

























                up vote
                2
                down vote













                I know that this question was in regards to getting L2TP/IPSec working on Kubuntu 17.10. However, 18.04 is out now, and here's how I get L2TP/IPSec working on Kubuntu 18.04:




                1. $ sudo apt install network-manager-l2tp

                2. $ sudo stop xl2tpd.service

                3. $ sudo systemctl disable xl2tpd.service


                Messing around with backports is not longer required as the Phase1 algorithms and Phase2 algorithms text-inputs are now included in the default Network Manager.






                share|improve this answer























                  up vote
                  2
                  down vote










                  up vote
                  2
                  down vote









                  I know that this question was in regards to getting L2TP/IPSec working on Kubuntu 17.10. However, 18.04 is out now, and here's how I get L2TP/IPSec working on Kubuntu 18.04:




                  1. $ sudo apt install network-manager-l2tp

                  2. $ sudo stop xl2tpd.service

                  3. $ sudo systemctl disable xl2tpd.service


                  Messing around with backports is not longer required as the Phase1 algorithms and Phase2 algorithms text-inputs are now included in the default Network Manager.






                  share|improve this answer












                  I know that this question was in regards to getting L2TP/IPSec working on Kubuntu 17.10. However, 18.04 is out now, and here's how I get L2TP/IPSec working on Kubuntu 18.04:




                  1. $ sudo apt install network-manager-l2tp

                  2. $ sudo stop xl2tpd.service

                  3. $ sudo systemctl disable xl2tpd.service


                  Messing around with backports is not longer required as the Phase1 algorithms and Phase2 algorithms text-inputs are now included in the default Network Manager.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Sep 30 at 14:16









                  Andy Turfer

                  803610




                  803610






















                      up vote
                      1
                      down vote













                      The kernel 4.14 bug is related to the following commit :




                      • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/net/xfrm?h=v4.14.8&id=c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e


                      That kernel 4.14 commit breaks IPsec transportation mode when a wildcard address is used on the client side as is the case with network-manager-l2tp. The commit was reverted in kernel-4.15-rc1 :




                      • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/xfrm?h=v4.15-rc1&id=94802151894d482e82c324edf2c658f8e6b96508


                      Unfortunately the reversion commit reintroduces a stack out-of-bounds bug. We might need to wait for the kernel 4.14 branch to get a fix after kernel 4.15 is released. More details in this netdev linux kernel mailing list thread :




                      • https://patchwork.ozlabs.org/patch/838470/






                      share|improve this answer



























                        up vote
                        1
                        down vote













                        The kernel 4.14 bug is related to the following commit :




                        • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/net/xfrm?h=v4.14.8&id=c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e


                        That kernel 4.14 commit breaks IPsec transportation mode when a wildcard address is used on the client side as is the case with network-manager-l2tp. The commit was reverted in kernel-4.15-rc1 :




                        • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/xfrm?h=v4.15-rc1&id=94802151894d482e82c324edf2c658f8e6b96508


                        Unfortunately the reversion commit reintroduces a stack out-of-bounds bug. We might need to wait for the kernel 4.14 branch to get a fix after kernel 4.15 is released. More details in this netdev linux kernel mailing list thread :




                        • https://patchwork.ozlabs.org/patch/838470/






                        share|improve this answer

























                          up vote
                          1
                          down vote










                          up vote
                          1
                          down vote









                          The kernel 4.14 bug is related to the following commit :




                          • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/net/xfrm?h=v4.14.8&id=c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e


                          That kernel 4.14 commit breaks IPsec transportation mode when a wildcard address is used on the client side as is the case with network-manager-l2tp. The commit was reverted in kernel-4.15-rc1 :




                          • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/xfrm?h=v4.15-rc1&id=94802151894d482e82c324edf2c658f8e6b96508


                          Unfortunately the reversion commit reintroduces a stack out-of-bounds bug. We might need to wait for the kernel 4.14 branch to get a fix after kernel 4.15 is released. More details in this netdev linux kernel mailing list thread :




                          • https://patchwork.ozlabs.org/patch/838470/






                          share|improve this answer














                          The kernel 4.14 bug is related to the following commit :




                          • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/net/xfrm?h=v4.14.8&id=c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e


                          That kernel 4.14 commit breaks IPsec transportation mode when a wildcard address is used on the client side as is the case with network-manager-l2tp. The commit was reverted in kernel-4.15-rc1 :




                          • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/xfrm?h=v4.15-rc1&id=94802151894d482e82c324edf2c658f8e6b96508


                          Unfortunately the reversion commit reintroduces a stack out-of-bounds bug. We might need to wait for the kernel 4.14 branch to get a fix after kernel 4.15 is released. More details in this netdev linux kernel mailing list thread :




                          • https://patchwork.ozlabs.org/patch/838470/







                          share|improve this answer














                          share|improve this answer



                          share|improve this answer








                          edited Dec 24 '17 at 3:06

























                          answered Dec 23 '17 at 13:06









                          Douglas Kosovic

                          32614




                          32614






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Ask Ubuntu!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.





                              Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                              Please pay close attention to the following guidance:


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f981165%2fl2tp-ipsec-failing-to-connect-kubuntu-17-10%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

                              Mangá

                              Eduardo VII do Reino Unido