3

Despite considering all the following posts,

[1] L2TP IPsec VPN client on Ubuntu 14.10 [2] How to connect to L2TP over IPSec VPN? [3] How to connect to L2TP over IPSec VPN? [4] l2tp/ipsec problem [5] Can´t connect VPN using network-manager-l2tp [6] L2TP/IPsec NetworkManager plugin using only username, password and PSK

I have been unable to set up a connection to my university's VPN.

Although strongswan and network-manager-l2tp are running, and all data (gateway/vpn ip, username, password, pre-shared key, phase1 & phase2 algorithms) are entered, I get the error message that the "Connection failed: Activation of network connection failed."

What am I missing?

EDIT 1:

ike-scan
terminal output:

130.82.18.20 Main Mode Handshake returned HDR=(CKY-R=e8f536147acee1d4) SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) VID=4048b7d56ebce88525e7de7f00d6c2d3c0000000 (IKE Fragmentation)

Thus, I have set the "Advanced Options"-Tab to:
Phase 1 = 3des-sha1-modp1024
Phase 2 = 3des-sha1
[no UDP encapsulation]

system xl2tpd

Stopping the system xl2tpd in the terminal hasn't helped either.

apitsch
  • 342

2 Answers2

1

I assume you are using network-manager-l2tp-1.2.8 and network-manager-l2tp-gnome-1.2.8 packages that are available in the default Ubuntu 17.10 repository.

Have you tried stopping and disabling the system xl2tpd ? More details in the README.md file :

What is the output of running ike-scan.sh script against your university's VPN server? You can find more details on the following page:

After seeing the output of ike-scan.sh I can advise what the phase1 & phase2 algorithms should be.

Also from the README.md file, you could look at the journalctl --boot output to help with the debugging, alternatively after issuing the following, try performing a VPN connection, which will then result in debugging info going to the terminal :

sudo killall -TERM nm-l2tp-service
sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
Douglas Kosovic
  • 721
  • Thanks for your answer. Unfortunately, none of your hints solved my problem. Please see the edits to my original post above. – apitsch Nov 22 '17 at 03:22
  • The issue is a bug/side effect as a result of using a weak pre-shared key. – Douglas Kosovic Nov 22 '17 at 09:26
  • Sorry prematurely sent the last comment, as hitting the return key results in an 'Add Comment'.

    A workaround was added in the following commit : https://github.com/nm-l2tp/network-manager-l2tp/commit/900233275bf07886dd6161bf9a5de4c62b1bd60e , the issue is that the PSK warning has an exit status of an error and after 10 attempts it still has an error and nm-l2tp then decides to exit.

     – Douglas Kosovic Nov 22 '17 at 09:35
  • If you are using libreswan, you could try switching to strongswan as I believe the "WARNING: using a weak secret (PSK)" message is from libreswan. Alternatively you could build from sourcecode which has the workaround commit, see the following page for building instructions : https://github.com/nm-l2tp/network-manager-l2tp/wiki/Building – Douglas Kosovic Nov 22 '17 at 09:43
  • Forgot to mention, the "using a weak secret (PSK)" message happens if the PSK is less than 8 characters. – Douglas Kosovic Nov 22 '17 at 09:46
0

The solution/workaround to my problem was basically described in this answer to a similar question:

How do I install the Cisco Anyconnect VPN client?

Running

sudo apt-get install network-manager-openconnect-gnome

and configuring the VPN with the newly available ''Cisco Anyconnect Compatible VPN (openconnect)'' did its job.

apitsch
  • 342