Connection and configuration of a l2tp VPN network

thiri · 17 August 2020 12:05

Hello,

I am trying to create a VPN connection to a local network we have at my work and can not get it to work.
I have installed the necessary packages to do so, namely: xl2tpd and openswan (AUR) (https://wiki.archlinux.org/index.php/Openswan_L2TP/IPsec_VPN_client_setup)

I have then used the GUI from my MANJARO distribution under Settings/Network, to setup a new VPN connection.
I have entered the correct Gateway/IPaddress of the network I want to connect, to. As well as: User name, Password and the shared-Key. I have doubled check with the guy running the network and I do have the necessary permissions to access it.
However, when trying to toggle the VPN to ON mode, it won’t allow me.

Any idea on how to debug that?

Thank you very much for your potential contribution

xabbu · 17 August 2020 14:25

As the linked Wiki Article states, do not use OpenSwan with NM (NetworkManager). Or did you use a different kind of GUI? If so, what GUI program?

To debug something, you usually start with a log. Check the journal. If you used the Network Manager, check the log entries of the NetworkManager.service.

 journalctl -b -u NetworkManager.service

If you post log entries, please try to resist to disguise parts of the log.

If you followed the Archwiki article check relevant files you created and the journal output of the openswan.service and xl2tpd.service and the routing.

If this is a VPN you need for Work or School/University, please ask your IT department how to set up this kind of VPN. It is their job to help you with that.
If you pay for that VPN, ask the company you are paying for support.

thiri · 18 August 2020 07:56

Dear xabbu,

Thank you for your speedy reply!
I have actually tried with both OpenSwan and strongswan. Neither option worked. Now I have only strongswan installed (v 5.8.2-1) together with networkmanager-strongswan (v 1.4.5-2).

Here is the log entries from NetworkManager.service:

Blockquote
Aug 18 09:36:33 thibaut-pc NetworkManager[868]: [1597736193.7609] vpn-connection[0x55c133b34340,c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1,“CASnetwork”,0]: VPN plugin: state changed: stopped (6)
Aug 18 09:36:33 thibaut-pc NetworkManager[868]: [1597736193.7669] vpn-connection[0x55c133b34340,c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1,“CASnetwork”,0]: VPN service disappeared
Aug 18 09:37:33 thibaut-pc NetworkManager[868]: [1597736253.6847] audit: op=“connection-activate” uuid=“c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1” name=“CASnetwork” pid=3330 uid=1000 result=“success”
Aug 18 09:37:33 thibaut-pc NetworkManager[868]: [1597736253.6916] vpn-connection[0x55c133b34550,c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1,“CASnetwork”,0]: Started the VPN service, PID 3628
Aug 18 09:37:33 thibaut-pc NetworkManager[868]: [1597736253.7013] vpn-connection[0x55c133b34550,c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1,“CASnetwork”,0]: Saw the service appear; activating connection
Aug 18 09:37:33 thibaut-pc NetworkManager[868]: [1597736253.7589] vpn-connection[0x55c133b34550,c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1,“CASnetwork”,0]: VPN connection: (ConnectInteractive) reply received
Aug 18 09:37:33 thibaut-pc nm-l2tp-service[3628]: Check port 1701
Aug 18 09:37:33 thibaut-pc NetworkManager[3643]: Stopping strongSwan IPsec failed: starter is not running
Aug 18 09:37:35 thibaut-pc NetworkManager[3640]: Starting strongSwan 5.8.2 IPsec [starter]…
Aug 18 09:37:35 thibaut-pc NetworkManager[3640]: Loading config setup
Aug 18 09:37:35 thibaut-pc NetworkManager[3640]: Loading conn ‘c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1’
Aug 18 09:37:35 thibaut-pc ipsec_starter[3640]: Starting strongSwan 5.8.2 IPsec [starter]…
Aug 18 09:37:35 thibaut-pc ipsec_starter[3640]: Loading config setup
Aug 18 09:37:35 thibaut-pc ipsec_starter[3640]: Loading conn ‘c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1’
Aug 18 09:37:35 thibaut-pc ipsec_starter[3651]: Attempting to start charon…
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, Linux 5.7.14-1-MANJARO, x86_64)
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] PKCS11 module ‘’ lacks library path
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] attr-sql plugin: database URI not set
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[NET] using forecast interface wlp2s0
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] loading ca certificates from ‘/etc/ipsec.d/cacerts’
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] loading aa certificates from ‘/etc/ipsec.d/aacerts’
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] loading ocsp signer certificates from ‘/etc/ipsec.d/ocspcerts’
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] loading attribute certificates from ‘/etc/ipsec.d/acerts’
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] loading crls from ‘/etc/ipsec.d/crls’
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] loading secrets from ‘/etc/ipsec.secrets’
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] loading secrets from ‘/etc/ipsec.d/ipsec.nm-l2tp.secrets’
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] loaded IKE secret for %any
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] sql plugin: database URI not set
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] loaded 0 RADIUS server configurations
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] HA config misses local/remote address
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[CFG] no script for ext-auth script defined, disabled
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[LIB] loaded plugins: charon ldap pkcs11 aesni aes des rc2 sha2 sha3 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ntru drbg newhope bliss curl mysql sqlite attr kernel-netlink resolve socket-default bypass-lan connmark forecast farp stroke vici updown eap->
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Aug 18 09:37:35 thibaut-pc charon[3652]: 00[JOB] spawning 16 worker threads
Aug 18 09:37:35 thibaut-pc charon[3652]: 05[IKE] installed bypass policy for 10.16.176.0/20
Aug 18 09:37:35 thibaut-pc charon[3652]: 05[KNL] received netlink error: Invalid argument (22)
Aug 18 09:37:35 thibaut-pc charon[3652]: 05[KNL] unable to install source route for %any6
Aug 18 09:37:35 thibaut-pc charon[3652]: 05[IKE] installed bypass policy for ::1/128
Aug 18 09:37:35 thibaut-pc charon[3652]: 05[IKE] installed bypass policy for fe80::/64
Aug 18 09:37:35 thibaut-pc ipsec_starter[3651]: charon (3652) started after 40 ms
Aug 18 09:37:35 thibaut-pc charon[3652]: 07[CFG] received stroke: add connection ‘c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1’
Aug 18 09:37:35 thibaut-pc charon[3652]: 07[CFG] added configuration ‘c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1’
Aug 18 09:37:36 thibaut-pc charon[3652]: 09[CFG] rereading secrets
Aug 18 09:37:36 thibaut-pc charon[3652]: 09[CFG] loading secrets from ‘/etc/ipsec.secrets’
Aug 18 09:37:36 thibaut-pc charon[3652]: 09[CFG] loading secrets from ‘/etc/ipsec.d/ipsec.nm-l2tp.secrets’
Aug 18 09:37:36 thibaut-pc charon[3652]: 09[CFG] loaded IKE secret for %any
Aug 18 09:37:36 thibaut-pc charon[3652]: 12[CFG] received stroke: initiate ‘c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1’
Aug 18 09:37:36 thibaut-pc charon[3652]: 13[IKE] initiating Main Mode IKE_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1[1] to 192.38.75.43
Aug 18 09:37:36 thibaut-pc charon[3652]: 13[IKE] initiating Main Mode IKE_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1[1] to 192.38.75.43
Aug 18 09:37:36 thibaut-pc charon[3652]: 13[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Aug 18 09:37:36 thibaut-pc charon[3652]: 13[NET] sending packet: from 10.16.177.149[500] to 192.38.75.43[500] (532 bytes)
Aug 18 09:37:36 thibaut-pc charon[3652]: 14[NET] received packet: from 192.38.75.43[500] to 10.16.177.149[500] (212 bytes)
Aug 18 09:37:36 thibaut-pc charon[3652]: 14[ENC] parsed ID_PROT response 0 [ SA V V V V V V ]
Aug 18 09:37:36 thibaut-pc charon[3652]: 14[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
Aug 18 09:37:36 thibaut-pc charon[3652]: 14[IKE] received NAT-T (RFC 3947) vendor ID
Aug 18 09:37:36 thibaut-pc charon[3652]: 14[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Aug 18 09:37:36 thibaut-pc charon[3652]: 14[IKE] received FRAGMENTATION vendor ID
Aug 18 09:37:36 thibaut-pc charon[3652]: 14[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Aug 18 09:37:36 thibaut-pc charon[3652]: 14[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Aug 18 09:37:36 thibaut-pc charon[3652]: 14[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
Aug 18 09:37:36 thibaut-pc charon[3652]: 14[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug 18 09:37:36 thibaut-pc charon[3652]: 14[NET] sending packet: from 10.16.177.149[500] to 192.38.75.43[500] (212 bytes)
Aug 18 09:37:36 thibaut-pc charon[3652]: 15[NET] received packet: from 192.38.75.43[500] to 10.16.177.149[500] (228 bytes)
Aug 18 09:37:36 thibaut-pc charon[3652]: 15[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug 18 09:37:36 thibaut-pc charon[3652]: 15[ENC] generating ID_PROT request 0 [ ID HASH ]
Aug 18 09:37:36 thibaut-pc charon[3652]: 15[NET] sending packet: from 10.16.177.149[500] to 192.38.75.43[500] (76 bytes)
Aug 18 09:37:36 thibaut-pc charon[3652]: 01[NET] received packet: from 192.38.75.43[500] to 10.16.177.149[500] (76 bytes)
Aug 18 09:37:36 thibaut-pc charon[3652]: 01[ENC] parsed ID_PROT response 0 [ ID HASH ]
Aug 18 09:37:36 thibaut-pc charon[3652]: 01[IKE] IKE_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1[1] established between 10.16.177.149[10.16.177.149]…192.38.75.43[192.38.75.43]
Aug 18 09:37:36 thibaut-pc charon[3652]: 01[IKE] IKE_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1[1] established between 10.16.177.149[10.16.177.149]…192.38.75.43[192.38.75.43]
Aug 18 09:37:36 thibaut-pc charon[3652]: 01[IKE] scheduling reauthentication in 9853s
Aug 18 09:37:36 thibaut-pc charon[3652]: 01[IKE] maximum IKE_SA lifetime 10393s
Aug 18 09:37:36 thibaut-pc charon[3652]: 01[ENC] generating QUICK_MODE request 1391010896 [ HASH SA No ID ID ]
Aug 18 09:37:36 thibaut-pc charon[3652]: 01[NET] sending packet: from 10.16.177.149[500] to 192.38.75.43[500] (220 bytes)
Aug 18 09:37:36 thibaut-pc charon[3652]: 06[NET] received packet: from 192.38.75.43[500] to 10.16.177.149[500] (188 bytes)
Aug 18 09:37:36 thibaut-pc charon[3652]: 06[ENC] parsed QUICK_MODE response 1391010896 [ HASH SA No ID ID ]
Aug 18 09:37:36 thibaut-pc charon[3652]: 06[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 18 09:37:36 thibaut-pc charon[3652]: 06[IKE] CHILD_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1{1} established with SPIs c8c94f5a_i 5cffa9e6_o and TS 10.16.177.149/32[udp/l2f] === 192.38.75.43/32[udp/l2f]
Aug 18 09:37:36 thibaut-pc charon[3652]: 06[IKE] CHILD_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1{1} established with SPIs c8c94f5a_i 5cffa9e6_o and TS 10.16.177.149/32[udp/l2f] === 192.38.75.43/32[udp/l2f]
Aug 18 09:37:36 thibaut-pc charon[3652]: 06[ENC] generating QUICK_MODE request 1391010896 [ HASH ]
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: initiating Main Mode IKE_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1[1] to 192.38.75.43
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: generating ID_PROT request 0 [ SA V V V V V ]
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: sending packet: from 10.16.177.149[500] to 192.38.75.43[500] (532 bytes)
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: received packet: from 192.38.75.43[500] to 10.16.177.149[500] (212 bytes)
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: parsed ID_PROT response 0 [ SA V V V V V V ]
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: received MS NT5 ISAKMPOAKLEY vendor ID
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: received NAT-T (RFC 3947) vendor ID
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: received FRAGMENTATION vendor ID
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: sending packet: from 10.16.177.149[500] to 192.38.75.43[500] (212 bytes)
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: received packet: from 192.38.75.43[500] to 10.16.177.149[500] (228 bytes)
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: generating ID_PROT request 0 [ ID HASH ]
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: sending packet: from 10.16.177.149[500] to 192.38.75.43[500] (76 bytes)
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: received packet: from 192.38.75.43[500] to 10.16.177.149[500] (76 bytes)
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: parsed ID_PROT response 0 [ ID HASH ]
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: IKE_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1[1] established between 10.16.177.149[10.16.177.149]…192.38.75.43[192.38.75.43]
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: scheduling reauthentication in 9853s
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: maximum IKE_SA lifetime 10393s
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: generating QUICK_MODE request 1391010896 [ HASH SA No ID ID ]
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: sending packet: from 10.16.177.149[500] to 192.38.75.43[500] (220 bytes)
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: received packet: from 192.38.75.43[500] to 10.16.177.149[500] (188 bytes)
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: parsed QUICK_MODE response 1391010896 [ HASH SA No ID ID ]
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: CHILD_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1{1} established with SPIs c8c94f5a_i 5cffa9e6_o and TS 10.16.177.149/32[udp/l2f] === 192.38.75.43/32[udp/l2f]
Aug 18 09:37:36 thibaut-pc NetworkManager[3694]: connection ‘c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1’ established successfully
Aug 18 09:37:36 thibaut-pc charon[3652]: 06[NET] sending packet: from 10.16.177.149[500] to 192.38.75.43[500] (60 bytes)
Aug 18 09:37:36 thibaut-pc charon[3652]: 05[NET] received packet: from 192.38.75.43[500] to 10.16.177.149[500] (76 bytes)
Aug 18 09:37:36 thibaut-pc charon[3652]: 05[ENC] parsed QUICK_MODE response 1391010896 [ HASH N(INIT_CONTACT) ]
Aug 18 09:37:36 thibaut-pc charon[3652]: 05[IKE] ignoring fourth Quick Mode message
Aug 18 09:37:37 thibaut-pc nm-l2tp-service[3628]: xl2tpd started with pid 3700
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Not looking for kernel SAref support.
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Using l2tp kernel support.
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: xl2tpd version xl2tpd-1.3.15 started on thibaut-pc PID:3700
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Written by Mark Spencer, Copyright © 1998, Adtran, Inc.
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Forked by Scott Balmos and David Stipp, © 2001
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Inherited by Jeff McAdams, © 2002
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Forked again by Xelerance (www.xelerance.com) © 2006-2016
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Listening on IP address 0.0.0.0, port 1701
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Connecting to host 192.38.75.43, port 1701
Aug 18 09:37:37 thibaut-pc NetworkManager[868]: [1597736257.1079] vpn-connection[0x55c133b34550,c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1,“CASnetwork”,0]: VPN plugin: state changed: starting (3)
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Connection established to 192.38.75.43, 1701. Local: 16087, Remote: 50 (ref=0/0).
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Calling on tunnel 16087
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Call established with 192.38.75.43, Local: 1730, Remote: 61, Serial: 1 (ref=0/0)
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: start_pppd: I’m running:
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: “/usr/sbin/pppd”
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: “plugin”
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: “pppol2tp.so”
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: “pppol2tp”
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: “7”
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: “passive”
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: “nodetach”
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: “:”
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: “file”
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: “/var/run/nm-l2tp-c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1/ppp-options”
Aug 18 09:37:37 thibaut-pc pppd[3701]: Plugin pppol2tp.so loaded.
Aug 18 09:37:37 thibaut-pc pppd[3701]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
Aug 18 09:37:37 thibaut-pc pppd[3701]: pppd 2.4.7 started by root, uid 0
Aug 18 09:37:37 thibaut-pc pppd[3701]: Using interface ppp0
Aug 18 09:37:37 thibaut-pc pppd[3701]: Connect: ppp0 <–>
Aug 18 09:37:37 thibaut-pc pppd[3701]: Overriding mtu 1500 to 1400
Aug 18 09:37:37 thibaut-pc pppd[3701]: Overriding mru 1500 to mtu value 1400
Aug 18 09:37:37 thibaut-pc NetworkManager[868]: [1597736257.1230] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/8)
Aug 18 09:37:37 thibaut-pc pppd[3701]: EAP: peer reports authentication failure
Aug 18 09:37:37 thibaut-pc pppd[3701]: Overriding mtu 1500 to 1400
Aug 18 09:37:37 thibaut-pc pppd[3701]: Overriding mru 1500 to mtu value 1400
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: control_finish: Connection closed to 192.38.75.43, serial 1 ()
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Terminating pppd: sending TERM signal to pid 3701
Aug 18 09:37:37 thibaut-pc pppd[3701]: Connection terminated.
Aug 18 09:37:37 thibaut-pc charon[3652]: 11[KNL] interface ppp0 deleted
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: death_handler: Fatal signal 15 received
Aug 18 09:37:37 thibaut-pc NetworkManager[3700]: xl2tpd[3700]: Connection 50 closed to 192.38.75.43, port 1701 (Server closing)
Aug 18 09:37:37 thibaut-pc NetworkManager[868]: [1597736257.1409] vpn-connection[0x55c133b34550,c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1,“CASnetwork”,0]: VPN plugin: failed: connect-failed (1)
Aug 18 09:37:37 thibaut-pc NetworkManager[868]: [1597736257.1452] vpn-connection[0x55c133b34550,c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1,“CASnetwork”,0]: VPN plugin: state changed: stopping (5)
Aug 18 09:37:37 thibaut-pc NetworkManager[3709]: Stopping strongSwan IPsec…
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[DMN] signal of type SIGINT received. Shutting down
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[IKE] closing CHILD_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1{1} with SPIs c8c94f5a_i (632 bytes) 5cffa9e6_o (584 bytes) and TS 10.16.177.149/32[udp/l2f] === 192.38.75.43/32[udp/l2f]
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[IKE] closing CHILD_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1{1} with SPIs c8c94f5a_i (632 bytes) 5cffa9e6_o (584 bytes) and TS 10.16.177.149/32[udp/l2f] === 192.38.75.43/32[udp/l2f]
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[IKE] sending DELETE for ESP CHILD_SA with SPI c8c94f5a
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[ENC] generating INFORMATIONAL_V1 request 436951665 [ HASH D ]
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[NET] sending packet: from 10.16.177.149[500] to 192.38.75.43[500] (76 bytes)
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[IKE] deleting IKE_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1[1] between 10.16.177.149[10.16.177.149]…192.38.75.43[192.38.75.43]
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[IKE] deleting IKE_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1[1] between 10.16.177.149[10.16.177.149]…192.38.75.43[192.38.75.43]
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[IKE] sending DELETE for IKE_SA c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1[1]
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[ENC] generating INFORMATIONAL_V1 request 1076347734 [ HASH D ]
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[NET] sending packet: from 10.16.177.149[500] to 192.38.75.43[500] (92 bytes)
Aug 18 09:37:37 thibaut-pc pppd[3701]: Exit.
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[IKE] uninstalling bypass policy for fe80::/64
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[IKE] uninstalling bypass policy for 10.16.176.0/20
Aug 18 09:37:37 thibaut-pc charon[3652]: 00[IKE] uninstalling bypass policy for ::1/128
Aug 18 09:37:37 thibaut-pc ipsec_starter[3651]: child 3652 (charon) has quit (exit code 0)
Aug 18 09:37:37 thibaut-pc ipsec_starter[3651]:
Aug 18 09:37:37 thibaut-pc ipsec_starter[3651]: charon stopped after 200 ms
Aug 18 09:37:37 thibaut-pc ipsec_starter[3651]: ipsec starter stopped
Aug 18 09:37:37 thibaut-pc nm-l2tp-service[3628]: ipsec shut down
Aug 18 09:37:37 thibaut-pc NetworkManager[868]: [1597736257.2616] vpn-connection[0x55c133b34550,c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1,“CASnetwork”,0]: VPN plugin: state changed: stopped (6)
Aug 18 09:37:37 thibaut-pc NetworkManager[868]: [1597736257.2651] vpn-connection[0x55c133b34550,c20f1ff4-5d53-4a14-9cde-1ecbdd088cf1,“CASnetwork”,0]: VPN service disappeared

Right now I have set the VPN connection using the Manjaro Network Manager GUI and not the “manual” implementation explained in Archwiki (had tried that too but no success either. If we do not find a solution for the current implementation, I could do it again following the Archwiki procedure and see what’s wrong from there).

Regarding support from my work/university, I am a linux enthusiastic and do not want to work on a windows machine. My work/university is ok with people using opensource alternatives but does not provide support to them … I have been an ubuntu user for many years and have just switched to Manjaro/Arch. Additionally, I am not much of a “network guy”, which is why I have trouble setting such things up. But I want to learn more about it!

Hope I have provided enough information to move forward.
Take you for your time!

xabbu · 19 August 2020 13:53

This looks promising. Unfortunately this does not mean that you used wrong credentials.

Known Issues · nm-l2tp/NetworkManager-l2tp Wiki · GitHub

Try that. Maybe you will get a different error.

Two notes, this has nothing to do with your VPN problem. I did not received a notification that you replied. Did you used the green Reply button or the grey one directly in my last post?

If you want to post log messages, please use the “Preformatted Text” format. This is the </> code Icon in the forum editor. This makes logs a little bit easier to read.

thiri · 19 August 2020 14:29

Hi xabbu,

Following your suggestion on the known issue worked:

https://github.com/nm-l2tp/NetworkManager-l2tp/wiki/Known-Issues#eap-peer-reports-authentication-failure

In the VPN connection’s PPP Settings dialog box, I di untick EAP in the authentication methods list. After doing that the VPN connection worked and I am piping through the correct IP address now.

Thank you very much.

For the reply I have now used the green button, and do not remember what I used on the previous reply.
Thank you for the good advices for better formatting my posts. I am new to this forum and will do my best to comply with those standards in the future

I’ll mark your latest reply as the solution and close the topic. Thank you very much!

xabbu · 19 August 2020 14:46

I only received a notification for the “solution” not for your post. Maybe I need to check my settings again.

No worries about the formatting, sometimes it is not necessary. But the </> format is often nicer for logs and terminal output.

system · 22 August 2020 14:46

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.