Re: Cannot establish a L2TP/IPSec VPN connection

Paul Smith <phhs80@xxxxxxxxx> · Wed, 4 Jul 2018 11:18:49 +0100

On Wed, Jul 4, 2018 at 7:21 AM, Gordon Messmer <gordon.messmer@xxxxxxxxx> wrote:
>>>
>>> "915d709a-49b3-4928-8d5e-0f7e7a4de99a" #1: ignoring informational
>>> payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=12
>>> Jul 03 18:50:10 xhost NetworkManager[900]: 003
>>> "915d709a-49b3-4928-8d5e-0f7e7a4de99a" #1: received and ignored
>>> informational message
>>
>>
>> This seems like a message that shouldn't be ignored or else the other end
>> is labelling it incorrectly.  According to that, it appears that your VPN
>> client side isn't offering a connection setup that the server accepts.  Make
>> sure you have the right configuration.
>
>
> Specifically, I think it means that either the phase 1 and phase 2
> algorithms proposed weren't accepted by the server, or the routes specified
> in your configuration aren't acceptable.
>
> For an ipsec/l2tp connection, you don't need to add routes to the ipsec
> connection, or use it as the default route.  The routing will be
> handled/specified in the l2tp layer.

Thanks, Gordon. I think you were right: it seems that default phase 1
and phase 2 algorithms were not accepted by the server. I changed the
algorithms, but still not able to establish the connection. The logs
are below.

Paul

-------------------------
Jul 04 11:12:41 xhost NetworkManager[911]: <info>  [1530699161.9279]
audit: op="connection-activate"
uuid="915d709a-49b3-4928-8d5e-0f7e7a4de99a" name="FEP VPN 3" pid=1564
uid=1000 result="success"
Jul 04 11:12:41 xhost NetworkManager[911]: <info>  [1530699161.9371]
vpn-connection[0x56336f4382e0,915d709a-49b3-4928-8d5e-0f7e7a4de99a,"FEP
VPN 3",0]: Started the VPN service, PID 9514
Jul 04 11:12:41 xhost NetworkManager[911]: <info>  [1530699161.9473]
vpn-connection[0x56336f4382e0,915d709a-49b3-4928-8d5e-0f7e7a4de99a,"FEP
VPN 3",0]: Saw the service appear; activating connection
Jul 04 11:12:42 xhost NetworkManager[911]: <info>  [1530699162.0548]
vpn-connection[0x56336f4382e0,915d709a-49b3-4928-8d5e-0f7e7a4de99a,"FEP
VPN 3",0]: VPN connection: (ConnectInteractive) reply received
Jul 04 11:12:42 xhost nm-l2tp-service[9514]: Check port 1701
Jul 04 11:12:42 xhost NetworkManager[911]: Redirecting to: systemctl
stop ipsec.service
Jul 04 11:12:42 xhost NetworkManager[911]: warning: could not open
include filename: '/etc/ipsec.d/*.conf'
Jul 04 11:12:42 xhost libipsecconf[9544]: warning: could not open
include filename: '/etc/ipsec.d/*.conf'
Jul 04 11:12:42 xhost NetworkManager[911]: warning: could not open
include filename: '/etc/ipsec.d/*.conf'
Jul 04 11:12:42 xhost libipsecconf[9549]: warning: could not open
include filename: '/etc/ipsec.d/*.conf'
Jul 04 11:12:42 xhost NetworkManager[911]: warning: could not open
include filename: '/etc/ipsec.d/*.conf'
Jul 04 11:12:42 xhost libipsecconf[9562]: warning: could not open
include filename: '/etc/ipsec.d/*.conf'
Jul 04 11:12:42 xhost NetworkManager[911]: warning: could not open
include filename: '/etc/ipsec.d/*.conf'
Jul 04 11:12:42 xhost libipsecconf[9567]: warning: could not open
include filename: '/etc/ipsec.d/*.conf'
Jul 04 11:12:42 xhost NetworkManager[911]: Redirecting to: systemctl
start ipsec.service
Jul 04 11:12:43 xhost NetworkManager[911]: 002 listening for IKE messages
Jul 04 11:12:43 xhost NetworkManager[911]: 002 adding interface
enp3s0/enp3s0 192.168.1.4:500
Jul 04 11:12:43 xhost NetworkManager[911]: 002 adding interface
enp3s0/enp3s0 192.168.1.4:4500
Jul 04 11:12:43 xhost NetworkManager[911]: 002 adding interface lo/lo
127.0.0.1:500
Jul 04 11:12:43 xhost NetworkManager[911]: 002 adding interface lo/lo
127.0.0.1:4500
Jul 04 11:12:43 xhost NetworkManager[911]: 002 adding interface lo/lo ::1:500
Jul 04 11:12:43 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.secrets"
Jul 04 11:12:43 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-06788735-e3e9-4051-a515-c7d9ed14aee7.secrets"
Jul 04 11:12:43 xhost NetworkManager[911]: 003 WARNING: using a weak
secret (PSK)
Jul 04 11:12:43 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-915d709a-49b3-4928-8d5e-0f7e7a4de99a.secrets"
Jul 04 11:12:43 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-abea2bcd-c2b7-46a8-993d-0f44aa7d6075.secrets"
Jul 04 11:12:43 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-eea9d5c0-b3b5-4a28-83a1-13b0ced7f080.secrets"
Jul 04 11:12:44 xhost NetworkManager[911]: 002 listening for IKE messages
Jul 04 11:12:44 xhost NetworkManager[911]: 002 forgetting secrets
Jul 04 11:12:44 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.secrets"
Jul 04 11:12:44 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-06788735-e3e9-4051-a515-c7d9ed14aee7.secrets"
Jul 04 11:12:44 xhost NetworkManager[911]: 003 WARNING: using a weak
secret (PSK)
Jul 04 11:12:44 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-915d709a-49b3-4928-8d5e-0f7e7a4de99a.secrets"
Jul 04 11:12:44 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-abea2bcd-c2b7-46a8-993d-0f44aa7d6075.secrets"
Jul 04 11:12:44 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-eea9d5c0-b3b5-4a28-83a1-13b0ced7f080.secrets"
Jul 04 11:12:45 xhost NetworkManager[911]: 002 listening for IKE messages
Jul 04 11:12:45 xhost NetworkManager[911]: 002 forgetting secrets
Jul 04 11:12:45 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.secrets"
Jul 04 11:12:45 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-06788735-e3e9-4051-a515-c7d9ed14aee7.secrets"
Jul 04 11:12:45 xhost NetworkManager[911]: 003 WARNING: using a weak
secret (PSK)
Jul 04 11:12:45 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-915d709a-49b3-4928-8d5e-0f7e7a4de99a.secrets"
Jul 04 11:12:45 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-abea2bcd-c2b7-46a8-993d-0f44aa7d6075.secrets"
Jul 04 11:12:45 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-eea9d5c0-b3b5-4a28-83a1-13b0ced7f080.secrets"
Jul 04 11:12:46 xhost NetworkManager[911]: 002 listening for IKE messages
Jul 04 11:12:46 xhost NetworkManager[911]: 002 forgetting secrets
Jul 04 11:12:46 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.secrets"
Jul 04 11:12:46 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-06788735-e3e9-4051-a515-c7d9ed14aee7.secrets"
Jul 04 11:12:46 xhost NetworkManager[911]: 003 WARNING: using a weak
secret (PSK)
Jul 04 11:12:46 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-915d709a-49b3-4928-8d5e-0f7e7a4de99a.secrets"
Jul 04 11:12:46 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-abea2bcd-c2b7-46a8-993d-0f44aa7d6075.secrets"
Jul 04 11:12:46 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-eea9d5c0-b3b5-4a28-83a1-13b0ced7f080.secrets"
Jul 04 11:12:47 xhost NetworkManager[911]: 002 listening for IKE messages
Jul 04 11:12:47 xhost NetworkManager[911]: 002 forgetting secrets
Jul 04 11:12:47 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.secrets"
Jul 04 11:12:47 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-06788735-e3e9-4051-a515-c7d9ed14aee7.secrets"
Jul 04 11:12:47 xhost NetworkManager[911]: 003 WARNING: using a weak
secret (PSK)
Jul 04 11:12:47 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-915d709a-49b3-4928-8d5e-0f7e7a4de99a.secrets"
Jul 04 11:12:47 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-abea2bcd-c2b7-46a8-993d-0f44aa7d6075.secrets"
Jul 04 11:12:47 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-eea9d5c0-b3b5-4a28-83a1-13b0ced7f080.secrets"
Jul 04 11:12:48 xhost NetworkManager[911]: 002 listening for IKE messages
Jul 04 11:12:48 xhost NetworkManager[911]: 002 forgetting secrets
Jul 04 11:12:48 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.secrets"
Jul 04 11:12:48 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-06788735-e3e9-4051-a515-c7d9ed14aee7.secrets"
Jul 04 11:12:48 xhost NetworkManager[911]: 003 WARNING: using a weak
secret (PSK)
Jul 04 11:12:48 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-915d709a-49b3-4928-8d5e-0f7e7a4de99a.secrets"
Jul 04 11:12:48 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-abea2bcd-c2b7-46a8-993d-0f44aa7d6075.secrets"
Jul 04 11:12:48 xhost NetworkManager[911]: 002 loading secrets from
"/etc/ipsec.d/nm-l2tp-ipsec-eea9d5c0-b3b5-4a28-83a1-13b0ced7f080.secrets"
Jul 04 11:12:48 xhost NetworkManager[911]: debugging mode enabled
Jul 04 11:12:48 xhost NetworkManager[911]: end of file
/var/run/nm-l2tp-ipsec-915d709a-49b3-4928-8d5e-0f7e7a4de99a.conf
Jul 04 11:12:48 xhost NetworkManager[911]: Loading conn
915d709a-49b3-4928-8d5e-0f7e7a4de99a
Jul 04 11:12:48 xhost NetworkManager[911]: Warning: obsolete keyword
'forceencaps' ignored
Jul 04 11:12:48 xhost NetworkManager[911]: starter: left is KH_DEFAULTROUTE
Jul 04 11:12:48 xhost NetworkManager[911]: conn:
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" labeled_ipsec=0
Jul 04 11:12:48 xhost NetworkManager[911]: conn:
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" modecfgdns=(null)
Jul 04 11:12:48 xhost NetworkManager[911]: conn:
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" modecfgdomains=(null)
Jul 04 11:12:48 xhost NetworkManager[911]: conn:
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" modecfgbanner=(null)
Jul 04 11:12:48 xhost NetworkManager[911]: conn:
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" mark=(null)
Jul 04 11:12:48 xhost NetworkManager[911]: conn:
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" mark-in=(null)
Jul 04 11:12:48 xhost NetworkManager[911]: conn:
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" mark-out=(null)
Jul 04 11:12:48 xhost NetworkManager[911]: conn:
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" vti_iface=(null)
Jul 04 11:12:48 xhost NetworkManager[911]: opening file:
/var/run/nm-l2tp-ipsec-915d709a-49b3-4928-8d5e-0f7e7a4de99a.conf
Jul 04 11:12:48 xhost NetworkManager[911]: loading named conns:
915d709a-49b3-4928-8d5e-0f7e7a4de99a
Jul 04 11:12:48 xhost NetworkManager[911]: seeking_src = 1,
seeking_gateway = 1, has_peer = 1
Jul 04 11:12:48 xhost NetworkManager[911]: seeking_src = 0,
seeking_gateway = 1, has_dst = 1
Jul 04 11:12:48 xhost NetworkManager[911]: dst  via 192.168.1.1 dev
enp3s0 src  table 254
Jul 04 11:12:48 xhost NetworkManager[911]: set nexthop: 192.168.1.1
Jul 04 11:12:48 xhost NetworkManager[911]: dst 192.168.1.0 via  dev
enp3s0 src 192.168.1.4 table 254
Jul 04 11:12:48 xhost NetworkManager[911]: dst 127.0.0.0 via  dev lo
src 127.0.0.1 table 255 (ignored)
Jul 04 11:12:48 xhost NetworkManager[911]: dst 127.0.0.1 via  dev lo
src 127.0.0.1 table 255 (ignored)
Jul 04 11:12:48 xhost NetworkManager[911]: dst 127.255.255.255 via
dev lo src 127.0.0.1 table 255 (ignored)
Jul 04 11:12:48 xhost NetworkManager[911]: dst 192.168.1.0 via  dev
enp3s0 src 192.168.1.4 table 255 (ignored)
Jul 04 11:12:48 xhost NetworkManager[911]: dst 192.168.1.4 via  dev
enp3s0 src 192.168.1.4 table 255 (ignored)
Jul 04 11:12:48 xhost NetworkManager[911]: dst 192.168.1.255 via  dev
enp3s0 src 192.168.1.4 table 255 (ignored)
Jul 04 11:12:48 xhost NetworkManager[911]: seeking_src = 1,
seeking_gateway = 0, has_peer = 1
Jul 04 11:12:48 xhost NetworkManager[911]: seeking_src = 1,
seeking_gateway = 0, has_dst = 1
Jul 04 11:12:48 xhost NetworkManager[911]: dst 192.168.1.1 via  dev
enp3s0 src 192.168.1.4 table 254
Jul 04 11:12:48 xhost NetworkManager[911]: set addr: 192.168.1.4
Jul 04 11:12:48 xhost NetworkManager[911]: seeking_src = 0,
seeking_gateway = 0, has_peer = 1
Jul 04 11:12:48 xhost NetworkManager[911]: 002
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" #1: initiating Main Mode
Jul 04 11:12:48 xhost NetworkManager[911]: 104
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" #1: STATE_MAIN_I1: initiate
Jul 04 11:12:48 xhost NetworkManager[911]: 002
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" #1: WARNING: connection
915d709a-49b3-4928-8d5e-0f7e7a4de99a PSK length of 0 bytes is too
short for sha PRF in FIPS mode (10 bytes required)
Jul 04 11:12:48 xhost NetworkManager[911]: 106
"915d709a-49b3-4928-8d5e-0f7e7a4de99a" #1: STATE_MAIN_I2: sent MI2,
expecting MR2
Jul 04 11:12:49 xhost NetworkManager[911]: <info>  [1530699169.4418]
vpn-connection[0x56336f4382e0,915d709a-49b3-4928-8d5e-0f7e7a4de99a,"FEP
VPN 3",0]: VPN plugin: state changed: stopped (6)
Jul 04 11:12:49 xhost NetworkManager[911]: <info>  [1530699169.4443]
vpn-connection[0x56336f4382e0,915d709a-49b3-4928-8d5e-0f7e7a4de99a,"FEP
VPN 3",0]: VPN service disappeared
Jul 04 11:12:49 xhost NetworkManager[911]: <warn>  [1530699169.4459]
vpn-connection[0x56336f4382e0,915d709a-49b3-4928-8d5e-0f7e7a4de99a,"FEP
VPN 3",0]: VPN connection: failed to connect: 'Message recipient
disconnected from message bus without replying'
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/DKUXTCYO3FEMHNRIYMJKMWKLO5BCQW4U/