VPN L2tp Problem

GTerigi · 16 March 2022 17:36

Hi, I’m currently smart working due to covid…
I’m supposed to log in via VPN to my work server but it’s all day that I cannot log in.

I followed the article on the archlinux Wiki but the services keeps shutting me down.

I have these data:

vpn server address
username
password
shared key
vpn server authentication methods: CHAP and MSCHAPv2

Here my journalctl log of n/etworkManager:

mar 16 18:31:04 giulio-inspiron7591 charon[32747]: 00[ENC] generating INFORMATIONAL_V1 request 3004941845 [ HASH D ]
mar 16 18:31:04 giulio-inspiron7591 charon[32747]: 00[NET] sending packet: from 192.168.178.196[4500] to 188.12.199.2[4500] (84 bytes)
mar 16 18:31:04 giulio-inspiron7591 charon[32747]: 00[IKE] uninstalling bypass policy for 192.168.178.0/24
mar 16 18:31:04 giulio-inspiron7591 charon[32747]: 00[IKE] uninstalling bypass policy for ::1/128
mar 16 18:31:04 giulio-inspiron7591 charon[32747]: 00[IKE] uninstalling bypass policy for fe80::/64
mar 16 18:31:04 giulio-inspiron7591 ipsec_starter[32746]: child 32747 (charon) has quit (exit code 0)
mar 16 18:31:04 giulio-inspiron7591 ipsec_starter[32746]: 
mar 16 18:31:04 giulio-inspiron7591 ipsec_starter[32746]: charon stopped after 200 ms
mar 16 18:31:04 giulio-inspiron7591 ipsec_starter[32746]: ipsec starter stopped
mar 16 18:31:04 giulio-inspiron7591 nm-l2tp-service[32725]: ipsec shut down
mar 16 18:33:59 giulio-inspiron7591 NetworkManager[603]: <info>  [1647452039.3794] audit: op="statistics" interface="wlp0s20f3" ifindex=2 args="2000" pid=1299 uid=1000 result="success"
mar 16 18:34:00 giulio-inspiron7591 NetworkManager[603]: <info>  [1647452040.9513] vpn[0x557b8334a980,5d225da3-81e4-44b8-a6c2-a58fe76252f0,"New vpn connection"]: starting l2tp
mar 16 18:34:00 giulio-inspiron7591 NetworkManager[603]: <info>  [1647452040.9525] audit: op="connection-activate" uuid="5d225da3-81e4-44b8-a6c2-a58fe76252f0" name="New vpn connection" pid=1299 uid=1000 result="success"
mar 16 18:34:00 giulio-inspiron7591 nm-l2tp-service[32896]: Check port 1701
mar 16 18:34:01 giulio-inspiron7591 NetworkManager[32909]: Stopping strongSwan IPsec failed: starter is not running
mar 16 18:34:01 giulio-inspiron7591 NetworkManager[603]: <info>  [1647452041.9840] audit: op="statistics" interface="wlp0s20f3" ifindex=2 args="0" pid=1299 uid=1000 result="success"
mar 16 18:34:03 giulio-inspiron7591 NetworkManager[32906]: Starting strongSwan 5.9.5 IPsec [starter]...
mar 16 18:34:03 giulio-inspiron7591 NetworkManager[32906]: Loading config setup
mar 16 18:34:03 giulio-inspiron7591 NetworkManager[32906]: Loading conn '5d225da3-81e4-44b8-a6c2-a58fe76252f0'
mar 16 18:34:03 giulio-inspiron7591 ipsec_starter[32906]: Starting strongSwan 5.9.5 IPsec [starter]...
mar 16 18:34:03 giulio-inspiron7591 ipsec_starter[32906]: Loading config setup
mar 16 18:34:03 giulio-inspiron7591 ipsec_starter[32906]: Loading conn '5d225da3-81e4-44b8-a6c2-a58fe76252f0'
mar 16 18:34:03 giulio-inspiron7591 ipsec_starter[32917]: Attempting to start charon...
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.5, Linux 5.15.28-1-MANJARO, x86_64)
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] PKCS11 module '<name>' lacks library path
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] attr-sql plugin: database URI not set
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[NET] using forecast interface wlp0s20f3
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG]   loaded IKE secret for %any
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] sql plugin: database URI not set
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] loaded 0 RADIUS server configurations
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] HA config misses local/remote address
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[CFG] no script for ext-auth script defined, disabled
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[LIB] loaded plugins: charon ldap pkcs11 aesni aes des rc2 sha2 sha3 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ntru drbg newhope bliss curl mysql sqlite attr kernel-netlink resolve socket-default bypass-lan connmark forecast farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp radattr unity counters
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[LIB] dropped capabilities, running as uid 0, gid 0
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 00[JOB] spawning 16 worker threads
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 05[IKE] installed bypass policy for 192.168.178.0/24
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 05[IKE] installed bypass policy for ::1/128
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 05[IKE] installed bypass policy for fe80::/64
mar 16 18:34:03 giulio-inspiron7591 ipsec_starter[32917]: charon (32918) started after 20 ms
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 10[CFG] received stroke: add connection '5d225da3-81e4-44b8-a6c2-a58fe76252f0'
mar 16 18:34:03 giulio-inspiron7591 charon[32918]: 10[CFG] added configuration '5d225da3-81e4-44b8-a6c2-a58fe76252f0'
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 11[CFG] rereading secrets
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 11[CFG] loading secrets from '/etc/ipsec.secrets'
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 11[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 11[CFG]   loaded IKE secret for %any
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 14[CFG] received stroke: initiate '5d225da3-81e4-44b8-a6c2-a58fe76252f0'
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 15[IKE] initiating Main Mode IKE_SA 5d225da3-81e4-44b8-a6c2-a58fe76252f0[1] to 188.12.199.2
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 15[IKE] initiating Main Mode IKE_SA 5d225da3-81e4-44b8-a6c2-a58fe76252f0[1] to 188.12.199.2
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 15[ENC] generating ID_PROT request 0 [ SA V V V V V ]
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 15[NET] sending packet: from 192.168.178.196[500] to 188.12.199.2[500] (532 bytes)
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 01[NET] received packet: from 188.12.199.2[500] to 192.168.178.196[500] (176 bytes)
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 01[ENC] parsed ID_PROT response 0 [ SA V V V V V ]
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 01[IKE] received XAuth vendor ID
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 01[IKE] received DPD vendor ID
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 01[IKE] received Cisco Unity vendor ID
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 01[IKE] received FRAGMENTATION vendor ID
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 01[IKE] received NAT-T (RFC 3947) vendor ID
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 01[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 01[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 01[NET] sending packet: from 192.168.178.196[500] to 188.12.199.2[500] (372 bytes)
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 07[NET] received packet: from 188.12.199.2[500] to 192.168.178.196[500] (372 bytes)
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 07[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 07[IKE] local host is behind NAT, sending keep alives
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 07[ENC] generating ID_PROT request 0 [ ID HASH ]
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 07[NET] sending packet: from 192.168.178.196[4500] to 188.12.199.2[4500] (68 bytes)
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 06[NET] received packet: from 188.12.199.2[4500] to 192.168.178.196[4500] (68 bytes)
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 06[ENC] parsed ID_PROT response 0 [ ID HASH ]
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 06[IKE] IKE_SA 5d225da3-81e4-44b8-a6c2-a58fe76252f0[1] established between 192.168.178.196[192.168.178.196]...188.12.199.2[188.12.199.2]
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 06[IKE] IKE_SA 5d225da3-81e4-44b8-a6c2-a58fe76252f0[1] established between 192.168.178.196[192.168.178.196]...188.12.199.2[188.12.199.2]
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 06[IKE] scheduling reauthentication in 9768s
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 06[IKE] maximum IKE_SA lifetime 10308s
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 06[ENC] generating QUICK_MODE request 2386162258 [ HASH SA No ID ID NAT-OA NAT-OA ]
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 06[NET] sending packet: from 192.168.178.196[4500] to 188.12.199.2[4500] (244 bytes)
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 08[NET] received packet: from 188.12.199.2[4500] to 192.168.178.196[4500] (188 bytes)
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 08[ENC] parsed QUICK_MODE response 2386162258 [ HASH SA No ID ID NAT-OA NAT-OA ]
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 08[CFG] selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 08[IKE] no acceptable traffic selectors found
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 08[ENC] generating INFORMATIONAL_V1 request 1082083171 [ HASH N(NO_PROP) ]
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: initiating Main Mode IKE_SA 5d225da3-81e4-44b8-a6c2-a58fe76252f0[1] to 188.12.199.2
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: generating ID_PROT request 0 [ SA V V V V V ]
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: sending packet: from 192.168.178.196[500] to 188.12.199.2[500] (532 bytes)
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: received packet: from 188.12.199.2[500] to 192.168.178.196[500] (176 bytes)
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: parsed ID_PROT response 0 [ SA V V V V V ]
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: received XAuth vendor ID
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: received DPD vendor ID
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: received Cisco Unity vendor ID
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: received FRAGMENTATION vendor ID
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: received NAT-T (RFC 3947) vendor ID
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: sending packet: from 192.168.178.196[500] to 188.12.199.2[500] (372 bytes)
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: received packet: from 188.12.199.2[500] to 192.168.178.196[500] (372 bytes)
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: local host is behind NAT, sending keep alives
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: generating ID_PROT request 0 [ ID HASH ]
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: sending packet: from 192.168.178.196[4500] to 188.12.199.2[4500] (68 bytes)
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: received packet: from 188.12.199.2[4500] to 192.168.178.196[4500] (68 bytes)
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: parsed ID_PROT response 0 [ ID HASH ]
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: IKE_SA 5d225da3-81e4-44b8-a6c2-a58fe76252f0[1] established between 192.168.178.196[192.168.178.196]...188.12.199.2[188.12.199.2]
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: scheduling reauthentication in 9768s
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: maximum IKE_SA lifetime 10308s
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: generating QUICK_MODE request 2386162258 [ HASH SA No ID ID NAT-OA NAT-OA ]
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: sending packet: from 192.168.178.196[4500] to 188.12.199.2[4500] (244 bytes)
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: received packet: from 188.12.199.2[4500] to 192.168.178.196[4500] (188 bytes)
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: parsed QUICK_MODE response 2386162258 [ HASH SA No ID ID NAT-OA NAT-OA ]
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: no acceptable traffic selectors found
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32945]: establishing connection '5d225da3-81e4-44b8-a6c2-a58fe76252f0' failed
mar 16 18:34:04 giulio-inspiron7591 charon[32918]: 08[NET] sending packet: from 192.168.178.196[4500] to 188.12.199.2[4500] (76 bytes)
mar 16 18:34:04 giulio-inspiron7591 nm-l2tp-service[32896]: xl2tpd started with pid 32951
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32951]: xl2tpd[32951]: Not looking for kernel SAref support.
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32951]: xl2tpd[32951]: Using l2tp kernel support.
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32951]: xl2tpd[32951]: xl2tpd version xl2tpd-1.3.17 started on giulio-inspiron7591 PID:32951
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32951]: xl2tpd[32951]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32951]: xl2tpd[32951]: Forked by Scott Balmos and David Stipp, (C) 2001
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32951]: xl2tpd[32951]: Inherited by Jeff McAdams, (C) 2002
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32951]: xl2tpd[32951]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32951]: xl2tpd[32951]: Listening on IP address 0.0.0.0, port 1701
mar 16 18:34:04 giulio-inspiron7591 NetworkManager[32951]: xl2tpd[32951]: Connecting to host 188.12.199.2, port 1701
mar 16 18:34:18 giulio-inspiron7591 NetworkManager[32951]: xl2tpd[32951]: death_handler: Fatal signal 15 received
mar 16 18:34:18 giulio-inspiron7591 NetworkManager[32951]: xl2tpd[32951]: Connection 0 closed to 188.12.199.2, port 1701 (Server closing)
mar 16 18:34:18 giulio-inspiron7591 NetworkManager[603]: <warn>  [1647452058.6155] vpn[0x557b8334a980,5d225da3-81e4-44b8-a6c2-a58fe76252f0,"New vpn connection"]: dbus: failure: connect-failed (1)
mar 16 18:34:18 giulio-inspiron7591 NetworkManager[603]: <warn>  [1647452058.6155] vpn[0x557b8334a980,5d225da3-81e4-44b8-a6c2-a58fe76252f0,"New vpn connection"]: dbus: failure: connect-failed (1)
mar 16 18:34:18 giulio-inspiron7591 NetworkManager[32954]: Stopping strongSwan IPsec...
mar 16 18:34:18 giulio-inspiron7591 charon[32918]: 00[DMN] SIGINT received, shutting down
mar 16 18:34:18 giulio-inspiron7591 charon[32918]: 00[IKE] deleting IKE_SA 5d225da3-81e4-44b8-a6c2-a58fe76252f0[1] between 192.168.178.196[192.168.178.196]...188.12.199.2[188.12.199.2]
mar 16 18:34:18 giulio-inspiron7591 charon[32918]: 00[IKE] deleting IKE_SA 5d225da3-81e4-44b8-a6c2-a58fe76252f0[1] between 192.168.178.196[192.168.178.196]...188.12.199.2[188.12.199.2]
mar 16 18:34:18 giulio-inspiron7591 charon[32918]: 00[IKE] sending DELETE for IKE_SA 5d225da3-81e4-44b8-a6c2-a58fe76252f0[1]
mar 16 18:34:18 giulio-inspiron7591 charon[32918]: 00[ENC] generating INFORMATIONAL_V1 request 3731176013 [ HASH D ]
mar 16 18:34:18 giulio-inspiron7591 charon[32918]: 00[NET] sending packet: from 192.168.178.196[4500] to 188.12.199.2[4500] (84 bytes)
mar 16 18:34:18 giulio-inspiron7591 charon[32918]: 00[IKE] uninstalling bypass policy for 192.168.178.0/24
mar 16 18:34:18 giulio-inspiron7591 charon[32918]: 00[IKE] uninstalling bypass policy for ::1/128
mar 16 18:34:18 giulio-inspiron7591 charon[32918]: 00[IKE] uninstalling bypass policy for fe80::/64
mar 16 18:34:18 giulio-inspiron7591 ipsec_starter[32917]: child 32918 (charon) has quit (exit code 0)
mar 16 18:34:18 giulio-inspiron7591 ipsec_starter[32917]: 
mar 16 18:34:18 giulio-inspiron7591 ipsec_starter[32917]: charon stopped after 200 ms
mar 16 18:34:18 giulio-inspiron7591 ipsec_starter[32917]: ipsec starter stopped
mar 16 18:34:18 giulio-inspiron7591 nm-l2tp-service[32896]: ipsec shut down

linux-aarhus · 16 March 2022 18:19

Did you install the necessary plugin for Network Manager?

Other than that I don’t know.

GTerigi · 17 March 2022 14:24

Like it’s said in the wiki I installed the networkmanager-l2tp and strongswan packages.

Other than that I’m clueless

GTerigi · 18 March 2022 15:46

I found out what was the problem. My IPS are assholes and they do a double NAT without telling me, basically preventing me from connecting to my VPN.
I lost 2 days of work and a few hours of sleep for nothing.

Thanks again for the answer, it’s apprecieted.

system · 21 March 2022 05:47

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.