The existing answers for connecting VPN using L2TP VPN on Ubuntu 16.04 did not work. I get VPN connection failed error. I tried many suggestions on AU

Question

I am new to Stack Exchange. I am also new to Ubuntu.

I have problems connecting with VPN network.

I followed these instructions from these existing answers for this problem on Ask Ubuntu:

But I still get"VPN connection failed because the VPN service failed to start".

Please help me in resolving this.

Hello, Could you give more information (which command did you start to get this message?. Also take a look at the logs (/var/log/syslog). — Marc Vanhoomissen, Sep 05 '17 at 09:51
@MarcVanhoomissen Here is the syslog https://paste.ee/p/Xk3bc — Venkat, Sep 06 '17 at 04:35
From what I see, you could have run into the same problem as described here. Could you check? — Marc Vanhoomissen, Sep 06 '17 at 07:20
Possible duplicate of VPN L2TP/IPSec client on Ubuntu 16.04 VPN service failed to start — Marc Vanhoomissen, Sep 06 '17 at 07:20
@MarcVanhoomissen Thank you. Like I mentioned in my question, I also tried the solution of the question above, https://askubuntu.com/a/920497/733107 but could not make the connection work.
Could you please explain what IP address should I put for this command? sudo ike-scan 123.54.76.9 — Venkat, Sep 06 '17 at 07:54
Sorry, I have been mislead by the figures of the questions. The IP adress is the one of the server you are trying to connect to. — Marc Vanhoomissen, Sep 06 '17 at 08:14
See the following to work out which ciphers the VPN server supports, it is more than just running the ike-scan command
https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues#querying-vpn-server-for-supported-ipsec-ikev1-ciphers — Douglas Kosovic, Sep 07 '17 at 00:25

score 1 · Accepted Answer · answered Sep 06 '17 at 08:20

1

I assume you a using network-manager-l2tp and network-manager-l2tp-gnome version 1.2.8 packages from the following PPA:

https://launchpad.net/~nm-l2tp/+archive/ubuntu/network-manager-l2tp

For whatever reason, the IPsec connection is taking more than 10 seconds to establish, so is hitting a nm-l2tp's 10 second IPsec timeout.

Could you try deleting the temporary secrets files:

sudo rm -f /etc/ipsec.d/nm-l2tp-ipsec*.secrets

nm-l2tp 1.2.6 would leave those files behind, but 1.2.8 which is the latest and current version has a fix to delete what it generates. It looks like you might have reconfigured the connection multiple times with 1.2.6 and it left behind the secrets files. I'm not sure how much of an impact on reducing the timing it will have, but no harm in trying.

You could try using libreswan instead of strongswan which can be installed with the following command (which will also uninstall strongswan) :

sudo apt install libreswan

With libreswan, please delete any Phase 1 & 2 Algorithm settings you might have entered in the advanced section of the IPsec dialog box.

If you do get the IPsec connection up, and L2TP connection doesn't work, you may need to stop the system xl2tp service, see:

https://github.com/nm-l2tp/network-manager-l2tp#issue-with-not-stopping-system-xl2tpd-service

answered Sep 06 '17 at 08:20

Douglas Kosovic

721

Hi Douglas, yes removing secrets file and installing libreswan fixed the issue. Thank you so much.
So, if some one starts the installation from scratch, can he/she can do this?

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt-get update
sudo apt install libreswan type the user credentials and passkey.
– Venkat Sep 06 '17 at 10:44
Hi Douglas, when I disconnect VPN and try to reconnect again, I get the same error "VPN connection failed because the VPN service failed to start", but after a while say 3-5 mins, when I retry the VPN connection is successful. Could you please explain why this is happening? – Venkat Sep 06 '17 at 11:07
Does it still happen after doing the following?
```
sudo systemctl restart NetworkManager
```
If it does, it is an issue on the VPN server side. Without looking at the logs it is hard to say why it is happening.
– Douglas Kosovic Sep 07 '17 at 00:14
No, it does not work even after doing what you suggested. Here is the log for your reference. https://paste.ee/p/WesJN – Venkat Sep 07 '17 at 04:14
So it is a VPN server side issues and the log file confirms it with Remote message: User unknown - cannot authenticate via PAM and PAP authentication failed. In the VPN connection's PPP settings, I would try disabling PAP and every other authentication method except from MSCHAP and MSCHAPv2. – Douglas Kosovic Sep 07 '17 at 11:25
Hi Douglas, I think the PAP authentication failed because of an authentication issue with my account in my company. They have fixed it now and I can connect with the VPN without disabling any authentication methods. Also when I switch to another network (eg. wired network) while on VPN (without disconnecting VPN first) and reconnect to VPN again, I get a failure message. I have to restart Network Manager to reconnect with VPN at that time. Thanks for your help. Appreciated! – Venkat Sep 08 '17 at 04:44
I agree it should be more graceful in this situation, but I'm not able to reproduce the issue to be able to fix it in the code and not sure what might be going wrong. L2TP/IPsec doesn't support mobility and multihoming, but the newer IPsec IKEv2 protocol does. – Douglas Kosovic Sep 09 '17 at 06:25

score 0 · Answer 2 · answered Sep 07 '17 at 00:12

The network-manager-l2tp 1.2.8 package has a dependency on strongswan or libreswan. It's just because strongswan is listed before libreswan that strongswan gets installed by default.

A user wanting to install from scratch and use libreswan can issue the following:

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp
sudo apt update
sudo apt install libreswan
sudo apt install network-manager-l2tp network-manager-l2tp-gnome

The existing answers for connecting VPN using L2TP VPN on Ubuntu 16.04 did not work. I get VPN connection failed error. I tried many suggestions on AU

2 Answers2

Linked