Vpn l2tp ipsec connection failed

Support Network
1

Hello,
when I trying to connect l2tp vpn - show message “vpn connection failed”

log

окт 22 09:46:56 robotm-redmibook16 NetworkManager[617]: <info>  [1603342016.6876] audit: op="connection-activate" uuid="895d7bd9-bb59-4936-bfc4-602a0a5ef15e" name="VPN1" pid=1423 uid=1000 result="success"
окт 22 09:46:56 robotm-redmibook16 NetworkManager[617]: <info>  [1603342016.6947] vpn-connection[0x5575ee1142d0,895d7bd9-bb59-4936-bfc4-602a0a5ef15e,"VPN1",0]: Started the VPN service, PID 2633
окт 22 09:46:56 robotm-redmibook16 NetworkManager[617]: <info>  [1603342016.7108] vpn-connection[0x5575ee1142d0,895d7bd9-bb59-4936-bfc4-602a0a5ef15e,"VPN1",0]: Saw the service appear; activating connection
окт 22 09:47:02 robotm-redmibook16 NetworkManager[617]: <info>  [1603342022.2979] vpn-connection[0x5575ee1142d0,895d7bd9-bb59-4936-bfc4-602a0a5ef15e,"VPN1",0]: VPN connection: (ConnectInteractive) reply received
окт 22 09:47:02 robotm-redmibook16 nm-l2tp-service[2633]: Check port 1701
окт 22 09:47:02 robotm-redmibook16 NetworkManager[2651]: Stopping strongSwan IPsec failed: starter is not running
окт 22 09:47:04 robotm-redmibook16 NetworkManager[2648]: Starting strongSwan 5.9.0 IPsec [starter]...
окт 22 09:47:04 robotm-redmibook16 NetworkManager[2648]: Loading config setup
окт 22 09:47:04 robotm-redmibook16 NetworkManager[2648]: Loading conn '895d7bd9-bb59-4936-bfc4-602a0a5ef15e'
окт 22 09:47:04 robotm-redmibook16 ipsec_starter[2648]: Starting strongSwan 5.9.0 IPsec [starter]...
окт 22 09:47:04 robotm-redmibook16 ipsec_starter[2648]: Loading config setup
окт 22 09:47:04 robotm-redmibook16 ipsec_starter[2648]: Loading conn '895d7bd9-bb59-4936-bfc4-602a0a5ef15e'
окт 22 09:47:04 robotm-redmibook16 ipsec_starter[2661]: Attempting to start charon...
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.0, Linux 5.9.1-1-MANJARO, x86_64)
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] PKCS11 module '<name>' lacks library path
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[LIB] plugin 'mysql' failed to load: libmariadb.so.3: cannot open shared object file: No such file or directory
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] attr-sql plugin: database URI not set
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[NET] using forecast interface wlp1s0
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG]   loaded IKE secret for %any
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] sql plugin: database URI not set
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] loaded 0 RADIUS server configurations
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] HA config misses local/remote address
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[CFG] no script for ext-auth script defined, disabled
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[LIB] loaded plugins: charon ldap pkcs11 aesni aes des rc2 sha2 sha3 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ntru drbg newhope bliss curl sqlite attr kernel-netlink resolve socket-default bypass-lan connmark forecast farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp radattr unity counters
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[LIB] dropped capabilities, running as uid 0, gid 0
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 00[JOB] spawning 16 worker threads
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 05[IKE] installed bypass policy for 192.168.2.0/24
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 05[IKE] installed bypass policy for ::1/128
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 05[IKE] installed bypass policy for fe80::/64
окт 22 09:47:04 robotm-redmibook16 ipsec_starter[2661]: charon (2663) started after 40 ms
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 09[CFG] received stroke: add connection '895d7bd9-bb59-4936-bfc4-602a0a5ef15e'
окт 22 09:47:04 robotm-redmibook16 charon[2663]: 09[CFG] added configuration '895d7bd9-bb59-4936-bfc4-602a0a5ef15e'
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 11[CFG] rereading secrets
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 11[CFG] loading secrets from '/etc/ipsec.secrets'
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 11[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 11[CFG]   loaded IKE secret for %any
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 14[CFG] received stroke: initiate '895d7bd9-bb59-4936-bfc4-602a0a5ef15e'
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 15[IKE] initiating Main Mode IKE_SA 895d7bd9-bb59-4936-bfc4-602a0a5ef15e[1] to --IP--
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 15[IKE] initiating Main Mode IKE_SA 895d7bd9-bb59-4936-bfc4-602a0a5ef15e[1] to --IP--
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 15[ENC] generating ID_PROT request 0 [ SA V V V V V ]
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 15[NET] sending packet: from 192.168.2.104[500] to --IP--[500] (236 bytes)
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 16[NET] received packet: from --IP--[500] to 192.168.2.104[500] (100 bytes)
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 16[ENC] parsed ID_PROT response 0 [ SA V ]
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 16[IKE] received NAT-T (RFC 3947) vendor ID
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 16[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 16[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 16[NET] sending packet: from 192.168.2.104[500] to --IP--[500] (244 bytes)
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 06[NET] received packet: from --IP--[500] to 192.168.2.104[500] (304 bytes)
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 06[ENC] parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 06[IKE] received Cisco Unity vendor ID
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 06[IKE] received DPD vendor ID
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 06[ENC] received unknown vendor ID: 87:a0:86:2b:a1:a6:11:33:0c:32:1f:cb:36:b7:a7:c5
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 06[IKE] received XAuth vendor ID
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 06[IKE] local host is behind NAT, sending keep alives
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 06[ENC] generating ID_PROT request 0 [ ID HASH ]
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 06[NET] sending packet: from 192.168.2.104[4500] to --IP--[4500] (68 bytes)
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 07[NET] received packet: from --IP--[4500] to 192.168.2.104[4500] (68 bytes)
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 07[ENC] parsed ID_PROT response 0 [ ID HASH ]
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 07[IKE] IKE_SA 895d7bd9-bb59-4936-bfc4-602a0a5ef15e[1] established between 192.168.2.104[192.168.2.104]...--IP--[--IP--]
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 07[IKE] IKE_SA 895d7bd9-bb59-4936-bfc4-602a0a5ef15e[1] established between 192.168.2.104[192.168.2.104]...--IP--[--IP--]
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 07[IKE] scheduling reauthentication in 10246s
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 07[IKE] maximum IKE_SA lifetime 10786s
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 07[ENC] generating QUICK_MODE request 3879677440 [ HASH SA No ID ID NAT-OA NAT-OA ]
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 07[NET] sending packet: from 192.168.2.104[4500] to --IP--[4500] (356 bytes)
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 08[NET] received packet: from --IP--[4500] to 192.168.2.104[4500] (204 bytes)
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 08[ENC] parsed QUICK_MODE response 3879677440 [ HASH SA No ID ID NAT-OA NAT-OA N((24576)) ]
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 08[IKE] peer did not accept our IPComp proposal, IPComp disabled
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 08[CFG] selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 08[IKE] no acceptable traffic selectors found
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 08[ENC] generating INFORMATIONAL_V1 request 3409828180 [ HASH N(NO_PROP) ]
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: initiating Main Mode IKE_SA 895d7bd9-bb59-4936-bfc4-602a0a5ef15e[1] to --IP--
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: generating ID_PROT request 0 [ SA V V V V V ]
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: sending packet: from 192.168.2.104[500] to --IP--[500] (236 bytes)
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: received packet: from --IP--[500] to 192.168.2.104[500] (100 bytes)
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: parsed ID_PROT response 0 [ SA V ]
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: received NAT-T (RFC 3947) vendor ID
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: sending packet: from 192.168.2.104[500] to --IP--[500] (244 bytes)
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: received packet: from --IP--[500] to 192.168.2.104[500] (304 bytes)
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: received Cisco Unity vendor ID
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: received DPD vendor ID
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: received unknown vendor ID: 87:a0:86:2b:a1:a6:11:33:0c:32:1f:cb:36:b7:a7:c5
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: received XAuth vendor ID
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: local host is behind NAT, sending keep alives
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: generating ID_PROT request 0 [ ID HASH ]
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: sending packet: from 192.168.2.104[4500] to --IP--[4500] (68 bytes)
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: received packet: from --IP--[4500] to 192.168.2.104[4500] (68 bytes)
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: parsed ID_PROT response 0 [ ID HASH ]
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: IKE_SA 895d7bd9-bb59-4936-bfc4-602a0a5ef15e[1] established between 192.168.2.104[192.168.2.104]...--IP--[--IP--]
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: scheduling reauthentication in 10246s
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: maximum IKE_SA lifetime 10786s
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: generating QUICK_MODE request 3879677440 [ HASH SA No ID ID NAT-OA NAT-OA ]
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: sending packet: from 192.168.2.104[4500] to --IP--[4500] (356 bytes)
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: received packet: from --IP--[4500] to 192.168.2.104[4500] (204 bytes)
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: parsed QUICK_MODE response 3879677440 [ HASH SA No ID ID NAT-OA NAT-OA N((24576)) ]
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: peer did not accept our IPComp proposal, IPComp disabled
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: no acceptable traffic selectors found
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2689]: establishing connection '895d7bd9-bb59-4936-bfc4-602a0a5ef15e' failed
окт 22 09:47:05 robotm-redmibook16 charon[2663]: 08[NET] sending packet: from 192.168.2.104[4500] to --IP--[4500] (76 bytes)
окт 22 09:47:05 robotm-redmibook16 nm-l2tp-service[2633]: xl2tpd started with pid 2695
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2695]: xl2tpd[2695]: Not looking for kernel SAref support.
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2695]: xl2tpd[2695]: Using l2tp kernel support.
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2695]: xl2tpd[2695]: xl2tpd version xl2tpd-1.3.15 started on robotm-redmibook16 PID:2695
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2695]: xl2tpd[2695]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2695]: xl2tpd[2695]: Forked by Scott Balmos and David Stipp, (C) 2001
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2695]: xl2tpd[2695]: Inherited by Jeff McAdams, (C) 2002
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2695]: xl2tpd[2695]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2695]: xl2tpd[2695]: Listening on IP address 0.0.0.0, port 1701
окт 22 09:47:05 robotm-redmibook16 NetworkManager[2695]: xl2tpd[2695]: Connecting to host --IP--, port 1701
окт 22 09:47:05 robotm-redmibook16 NetworkManager[617]: <info>  [1603342025.9657] vpn-connection[0x5575ee1142d0,895d7bd9-bb59-4936-bfc4-602a0a5ef15e,"VPN1",0]: VPN plugin: state changed: starting (3)
окт 22 09:47:16 robotm-redmibook16 charon[2663]: 15[NET] received packet: from --IP--[4500] to 192.168.2.104[4500] (204 bytes)
окт 22 09:47:16 robotm-redmibook16 charon[2663]: 15[IKE] received retransmit of response with ID 3879677440, but next request already sent
окт 22 09:47:19 robotm-redmibook16 NetworkManager[2695]: xl2tpd[2695]: death_handler: Fatal signal 15 received
окт 22 09:47:19 robotm-redmibook16 NetworkManager[617]: <warn>  [1603342039.9668] vpn-connection[0x5575ee1142d0,895d7bd9-bb59-4936-bfc4-602a0a5ef15e,"VPN1",0]: VPN plugin: failed: connect-failed (1)
окт 22 09:47:19 robotm-redmibook16 NetworkManager[617]: <warn>  [1603342039.9669] vpn-connection[0x5575ee1142d0,895d7bd9-bb59-4936-bfc4-602a0a5ef15e,"VPN1",0]: VPN plugin: failed: connect-failed (1)
окт 22 09:47:19 robotm-redmibook16 NetworkManager[617]: <info>  [1603342039.9669] vpn-connection[0x5575ee1142d0,895d7bd9-bb59-4936-bfc4-602a0a5ef15e,"VPN1",0]: VPN plugin: state changed: stopping (5)
окт 22 09:47:19 robotm-redmibook16 NetworkManager[2695]: xl2tpd[2695]: Connection 0 closed to --IP--, port 1701 (Server closing)
окт 22 09:47:19 robotm-redmibook16 NetworkManager[2699]: Stopping strongSwan IPsec...
окт 22 09:47:19 robotm-redmibook16 charon[2663]: 00[DMN] signal of type SIGINT received. Shutting down
окт 22 09:47:19 robotm-redmibook16 charon[2663]: 00[IKE] deleting IKE_SA 895d7bd9-bb59-4936-bfc4-602a0a5ef15e[1] between 192.168.2.104[192.168.2.104]...--IP--[--IP--]
окт 22 09:47:19 robotm-redmibook16 charon[2663]: 00[IKE] deleting IKE_SA 895d7bd9-bb59-4936-bfc4-602a0a5ef15e[1] between 192.168.2.104[192.168.2.104]...--IP--[--IP--]
окт 22 09:47:19 robotm-redmibook16 charon[2663]: 00[IKE] sending DELETE for IKE_SA 895d7bd9-bb59-4936-bfc4-602a0a5ef15e[1]
окт 22 09:47:19 robotm-redmibook16 charon[2663]: 00[ENC] generating INFORMATIONAL_V1 request 2245680925 [ HASH D ]
окт 22 09:47:19 robotm-redmibook16 charon[2663]: 00[NET] sending packet: from 192.168.2.104[4500] to --IP--[4500] (84 bytes)
окт 22 09:47:20 robotm-redmibook16 charon[2663]: 00[IKE] uninstalling bypass policy for 192.168.2.0/24
окт 22 09:47:20 robotm-redmibook16 charon[2663]: 00[IKE] uninstalling bypass policy for ::1/128
окт 22 09:47:20 robotm-redmibook16 charon[2663]: 00[IKE] uninstalling bypass policy for fe80::/64
окт 22 09:47:20 robotm-redmibook16 ipsec_starter[2661]: child 2663 (charon) has quit (exit code 0)
окт 22 09:47:20 robotm-redmibook16 ipsec_starter[2661]: 
окт 22 09:47:20 robotm-redmibook16 ipsec_starter[2661]: charon stopped after 200 ms
окт 22 09:47:20 robotm-redmibook16 ipsec_starter[2661]: ipsec starter stopped
окт 22 09:47:20 robotm-redmibook16 nm-l2tp-service[2633]: ipsec shut down
окт 22 09:47:20 robotm-redmibook16 NetworkManager[617]: <info>  [1603342040.1972] vpn-connection[0x5575ee1142d0,895d7bd9-bb59-4936-bfc4-602a0a5ef15e,"VPN1",0]: VPN service disappeared
2

Contact your IT department as this is professional Cisco equipment and tell them you’re running a rolling Linux release with the latest and greatest up-to-date VPN software so they might will very probably have to upgrade their Cisco Firmware.

:man_shrugging:

1 Like
3

It is complaining about the VPN server not accepting the IPComp proposal. you could try unchecking the IP Compression tick box.

As it is an IPSec VPN on a Cisco, you could try networkmanager-vpnc instead.

1 Like
5

Sorry, i hitted a hotkey i never knew existed before, which changed the tab while i was responding to someone else :rofl:

6

I install windows 10 as second OS for my working vpn((

7

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.