Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to connect after upgrading to Ubuntu 22.04 #183

Closed
liujqian opened this issue Apr 23, 2022 · 11 comments
Closed

Failed to connect after upgrading to Ubuntu 22.04 #183

liujqian opened this issue Apr 23, 2022 · 11 comments
Assignees
@dkosovic

Comments

@liujqian
Copy link

liujqian commented Apr 23, 2022
edited

I upgraded to Ubuntun 22.04 from 20.04. I can confirm that the VPN configuration can work on ubuntu 20.04 but is no longer working. The log printed out by entering journalctl -b --no-hostname _SYSTEMD_UNIT=NetworkManager.service + SYSLOG_IDENTIFIER=pppd is given below. Any debugging tips would be helpful.

image

Apr 23 17:30:22 NetworkManager[900]: [1650706222.9405] vpn[0x55cba0acc330,006bb3fe-9e05-40d7-bb27-d5f6beb5a20b,"Sudoprivacy"]: starting l2tp
Apr 23 17:30:22 NetworkManager[900]: [1650706222.9421] audit: op="connection-activate" uuid="006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" name="Sudoprivacy" pid=178448 uid=1000 result="success"
Apr 23 17:30:23 NetworkManager[181791]: Redirecting to: systemctl restart ipsec.service
Apr 23 17:30:23 NetworkManager[182096]: 002 listening for IKE messages
Apr 23 17:30:23 NetworkManager[182096]: 002 Kernel supports NIC esp-hw-offload
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface br-ad244f876f3d/br-ad244f876f3d (esp-hw-offload not supported by kernel) 172.22.0.1:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface br-ad244f876f3d/br-ad244f876f3d 172.22.0.1:4500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface docker0/docker0 (esp-hw-offload not supported by kernel) 172.17.0.1:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface docker0/docker0 172.17.0.1:4500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface br-700f2b9a7fe0/br-700f2b9a7fe0 (esp-hw-offload not supported by kernel) 172.18.0.1:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface br-700f2b9a7fe0/br-700f2b9a7fe0 172.18.0.1:4500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface br-b1ed58e17608/br-b1ed58e17608 (esp-hw-offload not supported by kernel) 172.19.0.1:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface br-b1ed58e17608/br-b1ed58e17608 172.19.0.1:4500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface wlp2s0/wlp2s0 (esp-hw-offload not supported by kernel) 172.20.10.3:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface wlp2s0/wlp2s0 172.20.10.3:4500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface lo/lo 127.0.0.1:4500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface lo/lo (esp-hw-offload not supported by kernel) [::1]:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface wlp2s0/wlp2s0 (esp-hw-offload not supported by kernel) [2408:8409:18a1:32ff:8647:bd64:4256:9e9]:500
Apr 23 17:30:23 NetworkManager[182096]: 002 adding interface wlp2s0/wlp2s0 (esp-hw-offload not supported by kernel) [2408:8409:18a1:32ff:f082:d53c:a5dd:1fa1]:500
Apr 23 17:30:23 NetworkManager[182096]: 002 loading secrets from "/etc/ipsec.secrets"
Apr 23 17:30:23 NetworkManager[182096]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 23 17:30:23 NetworkManager[182102]: debugging mode enabled
Apr 23 17:30:23 NetworkManager[182102]: end of file /run/nm-l2tp-006bb3fe-9e05-40d7-bb27-d5f6beb5a20b/ipsec.conf
Apr 23 17:30:23 NetworkManager[182102]: Loading conn 006bb3fe-9e05-40d7-bb27-d5f6beb5a20b
Apr 23 17:30:23 NetworkManager[182102]: starter: left is KH_DEFAULTROUTE
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" modecfgdns=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" modecfgdomains=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" modecfgbanner=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" mark=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" mark-in=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" mark-out=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" vti_iface=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" redirect-to=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" accept-redirect-to=
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" esp=aes256-sha1,aes128-sha1,3des-sha1
Apr 23 17:30:23 NetworkManager[182102]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" ike=aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-ecp_384,aes128-sha1-ecp_256,3des-sha1-modp2048
Apr 23 17:30:23 NetworkManager[182102]: opening file: /run/nm-l2tp-006bb3fe-9e05-40d7-bb27-d5f6beb5a20b/ipsec.conf
Apr 23 17:30:23 NetworkManager[182102]: loading named conns: 006bb3fe-9e05-40d7-bb27-d5f6beb5a20b
Apr 23 17:30:23 NetworkManager[182102]: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Apr 23 17:30:23 NetworkManager[182102]: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Apr 23 17:30:23 NetworkManager[182102]: dst via 172.20.10.1 dev wlp2s0 src table 254
Apr 23 17:30:23 NetworkManager[182102]: set nexthop: 172.20.10.1
Apr 23 17:30:23 NetworkManager[182102]: dst 169.254.0.0 via dev wlp2s0 src table 254
Apr 23 17:30:23 NetworkManager[182102]: dst 172.17.0.0 via dev docker0 src 172.17.0.1 table 254
Apr 23 17:30:23 NetworkManager[182102]: dst 172.18.0.0 via dev br-700f2b9a7fe0 src 172.18.0.1 table 254
Apr 23 17:30:23 NetworkManager[182102]: dst 172.19.0.0 via dev br-b1ed58e17608 src 172.19.0.1 table 254
Apr 23 17:30:23 NetworkManager[182102]: dst 172.20.10.0 via dev wlp2s0 src 172.20.10.3 table 254
Apr 23 17:30:23 NetworkManager[182102]: dst 172.22.0.0 via dev br-ad244f876f3d src 172.22.0.1 table 254
Apr 23 17:30:23 NetworkManager[182102]: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.17.0.1 via dev docker0 src 172.17.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.17.255.255 via dev docker0 src 172.17.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.18.0.1 via dev br-700f2b9a7fe0 src 172.18.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.18.255.255 via dev br-700f2b9a7fe0 src 172.18.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.19.0.1 via dev br-b1ed58e17608 src 172.19.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.19.255.255 via dev br-b1ed58e17608 src 172.19.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.20.10.3 via dev wlp2s0 src 172.20.10.3 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.20.10.15 via dev wlp2s0 src 172.20.10.3 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.22.0.1 via dev br-ad244f876f3d src 172.22.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: dst 172.22.255.255 via dev br-ad244f876f3d src 172.22.0.1 table 255 (ignored)
Apr 23 17:30:23 NetworkManager[182102]: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Apr 23 17:30:23 NetworkManager[182102]: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Apr 23 17:30:23 NetworkManager[182102]: dst 172.20.10.1 via dev wlp2s0 src 172.20.10.3 table 254
Apr 23 17:30:23 NetworkManager[182102]: set addr: 172.20.10.3
Apr 23 17:30:23 NetworkManager[182102]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Apr 23 17:30:23 NetworkManager[182104]: 031 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b": cannot initiate connection with narrowing=no and (kind=CK_TEMPLATE)
Apr 23 17:30:23 NetworkManager[182104]: 036 failed to initiate 006bb3fe-9e05-40d7-bb27-d5f6beb5a20b
Apr 23 17:30:24 nm-l2tp-service[181778]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
@dkosovic dkosovic self-assigned this Apr 23, 2022
@dkosovic
Copy link
Member

Looking at the cannot initiate connection with narrowing=no which is mentioned on the following page and seems to be related to port 1701:

Could you try stopping the system xl2tpd to make port 1701 free, see :

Then try connecting again.

@dkosovic
Copy link
Member

I suspect it is the following line in the code is causing this issue:

But stopping the system xl2tpd and not enabling the "Use L2TP ephemeral source port" should be a workaround for the time being if libreswan is used.

@liujqian
Copy link
Author

@dkosovic Thank you for replying, I have already shut stopped the system xl2tpd as described in the repo's readme and I still cannot connect. "Use L2TP ephemeral source port" is not ticked. Is there any other workaround that you can think of? Thank you for replying.

@liujqian
Copy link
Author

@dkosovic I tried again and got the following logs:
Apr 23 18:23:12 NetworkManager[900]: [1650709392.8332] vpn[0x55cba0acc0b0,006bb3fe-9e05-40d7-bb27-d5f6beb5a20b,"Sudoprivacy"]: starting l2tp
Apr 23 18:23:12 NetworkManager[900]: [1650709392.8345] audit: op="connection-activate" uuid="006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" name="Sudoprivacy" pid=201210 uid=1000 result="success"
Apr 23 18:23:12 nm-l2tp-service[203088]: Check port 1701
Apr 23 18:23:12 NetworkManager[203100]: Redirecting to: systemctl restart ipsec.service
Apr 23 18:23:13 NetworkManager[203405]: 002 listening for IKE messages
Apr 23 18:23:13 NetworkManager[203405]: 002 Kernel supports NIC esp-hw-offload
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface br-ad244f876f3d/br-ad244f876f3d (esp-hw-offload not supported by kernel) 172.22.0.1:500
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface br-ad244f876f3d/br-ad244f876f3d 172.22.0.1:4500
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface docker0/docker0 (esp-hw-offload not supported by kernel) 172.17.0.1:500
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface docker0/docker0 172.17.0.1:4500
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface br-700f2b9a7fe0/br-700f2b9a7fe0 (esp-hw-offload not supported by kernel) 172.18.0.1:500
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface br-700f2b9a7fe0/br-700f2b9a7fe0 172.18.0.1:4500
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface br-b1ed58e17608/br-b1ed58e17608 (esp-hw-offload not supported by kernel) 172.19.0.1:500
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface br-b1ed58e17608/br-b1ed58e17608 172.19.0.1:4500
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface wlp2s0/wlp2s0 (esp-hw-offload not supported by kernel) 172.16.20.104:500
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface wlp2s0/wlp2s0 172.16.20.104:4500
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface lo/lo 127.0.0.1:4500
Apr 23 18:23:13 NetworkManager[203405]: 002 adding interface lo/lo (esp-hw-offload not supported by kernel) [::1]:500
Apr 23 18:23:13 NetworkManager[203405]: 002 loading secrets from "/etc/ipsec.secrets"
Apr 23 18:23:13 NetworkManager[203405]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 23 18:23:13 NetworkManager[203411]: debugging mode enabled
Apr 23 18:23:13 NetworkManager[203411]: end of file /run/nm-l2tp-006bb3fe-9e05-40d7-bb27-d5f6beb5a20b/ipsec.conf
Apr 23 18:23:13 NetworkManager[203411]: Loading conn 006bb3fe-9e05-40d7-bb27-d5f6beb5a20b
Apr 23 18:23:13 NetworkManager[203411]: starter: left is KH_DEFAULTROUTE
Apr 23 18:23:13 NetworkManager[203411]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" modecfgdns=
Apr 23 18:23:13 NetworkManager[203411]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" modecfgdomains=
Apr 23 18:23:13 NetworkManager[203411]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" modecfgbanner=
Apr 23 18:23:13 NetworkManager[203411]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" mark=
Apr 23 18:23:13 NetworkManager[203411]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" mark-in=
Apr 23 18:23:13 NetworkManager[203411]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" mark-out=
Apr 23 18:23:13 NetworkManager[203411]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" vti_iface=
Apr 23 18:23:13 NetworkManager[203411]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" redirect-to=
Apr 23 18:23:13 NetworkManager[203411]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" accept-redirect-to=
Apr 23 18:23:13 NetworkManager[203411]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" esp=aes256-sha1,aes128-sha1,3des-sha1
Apr 23 18:23:13 NetworkManager[203411]: conn: "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" ike=aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-ecp_384,aes128-sha1-ecp_256,3des-sha1-modp2048
Apr 23 18:23:13 NetworkManager[203411]: opening file: /run/nm-l2tp-006bb3fe-9e05-40d7-bb27-d5f6beb5a20b/ipsec.conf
Apr 23 18:23:13 NetworkManager[203411]: loading named conns: 006bb3fe-9e05-40d7-bb27-d5f6beb5a20b
Apr 23 18:23:13 NetworkManager[203411]: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Apr 23 18:23:13 NetworkManager[203411]: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Apr 23 18:23:13 NetworkManager[203411]: dst via 172.16.20.1 dev wlp2s0 src table 254
Apr 23 18:23:13 NetworkManager[203411]: set nexthop: 172.16.20.1
Apr 23 18:23:13 NetworkManager[203411]: dst 169.254.0.0 via dev wlp2s0 src table 254
Apr 23 18:23:13 NetworkManager[203411]: dst 172.16.20.0 via dev wlp2s0 src 172.16.20.104 table 254
Apr 23 18:23:13 NetworkManager[203411]: dst 172.17.0.0 via dev docker0 src 172.17.0.1 table 254
Apr 23 18:23:13 NetworkManager[203411]: dst 172.18.0.0 via dev br-700f2b9a7fe0 src 172.18.0.1 table 254
Apr 23 18:23:13 NetworkManager[203411]: dst 172.19.0.0 via dev br-b1ed58e17608 src 172.19.0.1 table 254
Apr 23 18:23:13 NetworkManager[203411]: dst 172.22.0.0 via dev br-ad244f876f3d src 172.22.0.1 table 254
Apr 23 18:23:13 NetworkManager[203411]: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: dst 172.16.20.104 via dev wlp2s0 src 172.16.20.104 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: dst 172.16.20.255 via dev wlp2s0 src 172.16.20.104 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: dst 172.17.0.1 via dev docker0 src 172.17.0.1 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: dst 172.17.255.255 via dev docker0 src 172.17.0.1 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: dst 172.18.0.1 via dev br-700f2b9a7fe0 src 172.18.0.1 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: dst 172.18.255.255 via dev br-700f2b9a7fe0 src 172.18.0.1 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: dst 172.19.0.1 via dev br-b1ed58e17608 src 172.19.0.1 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: dst 172.19.255.255 via dev br-b1ed58e17608 src 172.19.0.1 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: dst 172.22.0.1 via dev br-ad244f876f3d src 172.22.0.1 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: dst 172.22.255.255 via dev br-ad244f876f3d src 172.22.0.1 table 255 (ignored)
Apr 23 18:23:13 NetworkManager[203411]: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Apr 23 18:23:13 NetworkManager[203411]: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Apr 23 18:23:13 NetworkManager[203411]: dst 172.16.20.1 via dev wlp2s0 src 172.16.20.104 table 254
Apr 23 18:23:13 NetworkManager[203411]: set addr: 172.16.20.104
Apr 23 18:23:13 NetworkManager[203411]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Apr 23 18:23:13 NetworkManager[203413]: 002 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #1: initiating Main Mode
Apr 23 18:23:13 NetworkManager[203413]: 102 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #1: STATE_MAIN_I1: sent MI1, expecting MR1
Apr 23 18:23:13 NetworkManager[203413]: 002 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #1: WARNING: connection 006bb3fe-9e05-40d7-bb27-d5f6beb5a20b PSK length of 7 bytes is too short for sha PRF in FIPS mode (10 bytes required)
Apr 23 18:23:13 NetworkManager[203413]: 104 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 23 18:23:14 NetworkManager[203413]: 106 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 23 18:23:14 NetworkManager[203413]: 002 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #1: Peer ID is ID_IPV4_ADDR: '43.243.139.42'
Apr 23 18:23:14 NetworkManager[203413]: 004 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP2048}
Apr 23 18:23:14 NetworkManager[203413]: 002 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:6609da98 proposal=AES_CBC_256-HMAC_SHA1_96, AES_CBC_128-HMAC_SHA1_96, 3DES_CBC-HMAC_S>
Apr 23 18:23:14 NetworkManager[203413]: 115 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #2: STATE_QUICK_I1: sent QI1, expecting QR1
Apr 23 18:23:14 NetworkManager[203413]: 003 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #2: NAT-Traversal: received 2 NAT-OA. Ignored because peer is not NATed
Apr 23 18:23:14 NetworkManager[203413]: 004 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0x02b01246 <0xc367e6bb xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=none NATD=43.243.139.42:4500 DPD=passive}
Apr 23 18:23:14 nm-l2tp-service[203088]: xl2tpd started with pid 203431
Apr 23 18:23:14 NetworkManager[203431]: xl2tpd[203431]: Not looking for kernel SAref support.
Apr 23 18:23:14 NetworkManager[203431]: xl2tpd[203431]: Using l2tp kernel support.
Apr 23 18:23:14 NetworkManager[203431]: xl2tpd[203431]: xl2tpd version xl2tpd-1.3.16 started on jingqian-HP PID:203431
Apr 23 18:23:14 NetworkManager[203431]: xl2tpd[203431]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Apr 23 18:23:14 NetworkManager[203431]: xl2tpd[203431]: Forked by Scott Balmos and David Stipp, (C) 2001
Apr 23 18:23:14 NetworkManager[203431]: xl2tpd[203431]: Inherited by Jeff McAdams, (C) 2002
Apr 23 18:23:14 NetworkManager[203431]: xl2tpd[203431]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Apr 23 18:23:14 NetworkManager[203431]: xl2tpd[203431]: Listening on IP address 0.0.0.0, port 1701
Apr 23 18:23:14 NetworkManager[203431]: xl2tpd[203431]: Connecting to host 43.243.139.42, port 1701
Apr 23 18:23:14 NetworkManager[203431]: xl2tpd[203431]: Can not find tunnel 103 (refhim=0)
Apr 23 18:23:14 NetworkManager[203431]: xl2tpd[203431]: network_thread: unable to find call or tunnel to handle packet. call = 42400, tunnel = 103 Dumping.
Apr 23 18:23:15 NetworkManager[203431]: xl2tpd[203431]: Can not find tunnel 103 (refhim=0)
Apr 23 18:23:15 NetworkManager[203431]: xl2tpd[203431]: network_thread: unable to find call or tunnel to handle packet. call = 42400, tunnel = 103 Dumping.
Apr 23 18:23:15 NetworkManager[203431]: xl2tpd[203431]: Can not find tunnel 12 (refhim=0)
Apr 23 18:23:15 NetworkManager[203431]: xl2tpd[203431]: network_thread: unable to find call or tunnel to handle packet. call = 42400, tunnel = 12 Dumping.
Apr 23 18:23:16 NetworkManager[203431]: xl2tpd[203431]: Can not find tunnel 103 (refhim=0)
Apr 23 18:23:16 NetworkManager[203431]: xl2tpd[203431]: network_thread: unable to find call or tunnel to handle packet. call = 42400, tunnel = 103 Dumping.
Apr 23 18:23:17 NetworkManager[203431]: xl2tpd[203431]: Can not find tunnel 12 (refhim=0)
Apr 23 18:23:17 NetworkManager[203431]: xl2tpd[203431]: network_thread: unable to find call or tunnel to handle packet. call = 42400, tunnel = 12 Dumping.
Apr 23 18:23:18 NetworkManager[203431]: xl2tpd[203431]: Can not find tunnel 103 (refhim=0)
Apr 23 18:23:18 NetworkManager[203431]: xl2tpd[203431]: network_thread: unable to find call or tunnel to handle packet. call = 42400, tunnel = 103 Dumping.
Apr 23 18:23:21 NetworkManager[203431]: xl2tpd[203431]: Can not find tunnel 12 (refhim=0)
Apr 23 18:23:21 NetworkManager[203431]: xl2tpd[203431]: network_thread: unable to find call or tunnel to handle packet. call = 42400, tunnel = 12 Dumping.
Apr 23 18:23:22 NetworkManager[203431]: xl2tpd[203431]: Can not find tunnel 103 (refhim=0)
Apr 23 18:23:22 NetworkManager[203431]: xl2tpd[203431]: network_thread: unable to find call or tunnel to handle packet. call = 42400, tunnel = 103 Dumping.
Apr 23 18:23:28 NetworkManager[203431]: xl2tpd[203431]: death_handler: Fatal signal 15 received
Apr 23 18:23:28 NetworkManager[203431]: xl2tpd[203431]: Connection 0 closed to 43.243.139.42, port 1701 (Server closing)
Apr 23 18:23:28 NetworkManager[900]: [1650709408.4558] vpn[0x55cba0acc0b0,006bb3fe-9e05-40d7-bb27-d5f6beb5a20b,"Sudoprivacy"]: dbus: failure: connect-failed (1)
Apr 23 18:23:28 NetworkManager[900]: [1650709408.4560] vpn[0x55cba0acc0b0,006bb3fe-9e05-40d7-bb27-d5f6beb5a20b,"Sudoprivacy"]: dbus: failure: connect-failed (1)
Apr 23 18:23:28 NetworkManager[203436]: 002 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b": terminating SAs using this connection
Apr 23 18:23:28 NetworkManager[203436]: 002 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #2: deleting state (STATE_QUICK_I2) aged 14.340s and sending notification
Apr 23 18:23:28 NetworkManager[203436]: 005 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #2: ESP traffic information: in=635B out=524B
Apr 23 18:23:28 NetworkManager[203436]: 002 "006bb3fe-9e05-40d7-bb27-d5f6beb5a20b" #1: deleting state (STATE_MAIN_I4) aged 14.533s and sending notification

I think it is very similar to the problem reported at #182 (comment). Can you please double check on that? Thank you so much!

@dkosovic
Copy link
Member

I've just finished upgrading to Ubuntu 22.04 and have reproduced the xl2tpd issue.

The main difference with the other issue is that the strongswan quick mode (phase 2) failed for the IPsec connection. In your case and mine, quick mode was successful, but the xl2tpd connection failed in the same way.

@liujqian
Copy link
Author

@dkosovic Thanks again for your help and replies. I see that you mentioned kl2tpd in the other issue. If the issue is about xl2tpd, would installing kl2tpd be a work around?

@dkosovic
Copy link
Member

maybe

@liujqian
Copy link
Author

@dkosovic The connection is working again after I downloaded kl2tpd as you instructed in #182 (comment). Thank you so much for the help! I am closing this issue for now. If the xl2tpd problem is later fixed, can you please make a mention to me so I am aware? Thank you for your work.

@dkosovic dkosovic mentioned this issue Apr 23, 2022
Closed
@dkosovic
Copy link
Member

Will do, thanks for letting me know it works with kl2tpd (which is from the authors of the L2TP Linux kernel modules that xl2tpd also uses).

@dkosovic
Copy link
Member

The broken Ubuntu 22.04 xl2tpd package was first reported back on 2021-11-22 :

Hopefully Ubuntu will release a new xl2tpd soon now that Ubuntu 22.04 has been released. Probably best to keep an eye out on the above Ubuntu report for latest news.

@erik78se
Copy link

I have no issues connecting with the current Ubuntu 22.04.

Just make sure to select only PPP options -> "MSCHAP + MSCHAP2". No other authentication methods should be there.

uname -a
Linux frozen 5.15.0-40-generic #43-Ubuntu SMP Wed Jun 15 12:54:21 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dkosovic dkosovic

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@erik78se @dkosovic @liujqian