L2TP connection doesn't work and is being removed automatically after ~1 minute

[mie]

I have downloaded version 1.2 for NetworkManager 1.2 and successfully compiled it for my Mint 18 x86_64 (Cinnamon). The first problem I've encountered was "No valid VPN secrets" which I solved editing file /etc/NetworkManager/system-connections/MyConnection setting password-flags=0 and adding:

[vpn-secrets]
password=MyPassword

Now L2TP connection is being established but nothing works neither DNS nor any connections. Besides after like 1 minute the L2TP connection gets terminated automatically.

Relevant system logs

[dkosovic]

I have seen "plugin NeedSecrets request #1 failed" before, but not "No valid VPN secrets", so I'm not sure what the issue there is.

I'm not sure which version you are using, is it from the master branch or nm-1-2 branch? I would recommend the master branch as the nm-1-2 branch is currently a work in progress. Or as you are not using IPsec and strongSwan, the 1.2.2 version tag should be fine also.

Some people have reported issues with the system xl2tpd and are able to get a stable L2TP connection with a locally built xl2tpd installed to /usr/local/, i.e. :

sudo apt remove xl2tpd
sudo apt install libpcap0.8-dev

wget https://github.com/xelerance/xl2tpd/archive/v1.3.6/xl2tpd-1.3.6.tar.gz
tar xvzf xl2tpd-1.3.6.tar.gz
cd xl2tpd-1.3.6
make
sudo make install

[mie]

I tried both current master and nm-1.2 with the same result. I think there is something wrong with the routes being setup after the connection is established.

before

mie@luv ~ $ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.85.80.1      0.0.0.0         UG    100    0        0 eno1
10.0.0.0        10.85.80.1      255.0.0.0       UG    100    0        0 eno1
10.85.80.0      0.0.0.0         255.255.248.0   U     100    0        0 eno1
78.107.144.91   10.85.80.1      255.255.255.255 UGH   100    0        0 eno1
78.107.196.0    10.85.80.1      255.255.252.0   UG    100    0        0 eno1
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eno1
233.32.240.0    10.85.80.220    255.255.255.0   UG    100    0        0 eno1

after

mie@luv ~ $ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     50     0        0 ppp0
0.0.0.0         10.85.80.1      0.0.0.0         UG    100    0        0 eno1
10.0.0.0        10.85.80.1      255.0.0.0       UG    100    0        0 eno1
10.85.80.0      0.0.0.0         255.255.248.0   U     100    0        0 eno1
78.107.144.91   10.85.80.1      255.255.255.255 UGH   100    0        0 eno1
78.107.196.0    10.85.80.1      255.255.252.0   UG    100    0        0 eno1
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eno1
213.234.199.198 0.0.0.0         255.255.255.255 UH    50     0        0 ppp0
233.32.240.0    10.85.80.220    255.255.255.0   UG    100    0        0 eno1

In this case DNS addresses are 213.234.192.7, 85.21.152.5, VPN gateway IP is 213.234.199.198.

[dkosovic]

I think what you are seeing is the default NetworkManager VPN routing table behaviour, i.e. all traffic goes over the VPN connection. Routes with lower metrics are chosen over routes with higher metrics and it has a full netmask of 255.255.255.255. I don't see anything wrong with the routing table.

You could try the solution on the following page for a possible DNS solution :

• http://askubuntu.com/questions/320921/having-dns-issues-when-connected-to-a-vpn-in-ubuntu-13-04

You can also override the default routes in the "IPv4 Settings" for the VPN connection in the NetworkManager connection manager editor.

[mie]

I tried overriding default routes but was unable to reflect the if-up script I used before

#!/bin/sh
GW=$(route | grep ^default | awk '{print $2}')
route del $5 dev $1
route add -host $5 gw $GW
route add -net *.*.0.0 netmask 255.255.0.0 gw $GW
for i in $(grep "^nameserver" /etc/resolv.conf | awk '{print $2}') ; do
  route add -host $i gw $GW
done
route del default
route add default dev $1

Please look at my logs here

[dkosovic]

From the screenshots, I thought you weren't using IPsec (i.e. strongSwan), but looks like I didn't read the log properly and now see lines with strongSwan's IKE keying daemon charon :

Aug 12 21:30:43 luv charon[1475]: 10[KNL] 2.93.103.219 appeared on ppp0

It doesn't look any IPsec session is being setup, so not sure why that charon line appears. You could try stopping IPsec (and charon) with:

sudo ipsec stop

and then try again.

[mie]

Unfortunately that didn't help. I also tried live ubuntu for the experimental integrity - same results. I'm worried about the lines

Aug 12 21:30:43 luv pppd[4095]: Using interface ppp0
Aug 12 21:30:43 luv pppd[4095]: Connect: ppp0 <-->

Usually it's like Connect: ppp0 <--> /dev/pts/4. I don't know what else to try.

[dkosovic]

Have you tried with a locally built xl2tpd installed to /usr/local/ yet ?

Are you able to get a successful L2TP connection with the xl2tpd command-line and suitable config files ?

I'm not seeing the /dev/pts/* in my log output for the Connect line either on Ubuntu 16.04 and Fedora both using pppd 2.4.7, but I do see it with Debian 8 and pppd 2.4.6.

Snippet from my log output for a successful connection around that line :

Aug 15 22:23:00 m900 pppd[14927]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
Aug 15 22:23:00 m900 NetworkManager[14469]: ** Message: nm-l2tp-ppp-plugin: (plugin_init): initializing
Aug 15 22:23:00 m900 pppd[14927]: Plugin pppol2tp.so loaded.
Aug 15 22:23:00 m900 pppd[14927]: pppd 2.4.7 started by root, uid 0
Aug 15 22:23:00 m900 NetworkManager[14469]: ** Message: nm-l2tp-ppp-plugin: (nm_phasechange): status 3 / phase 'serial connection'
Aug 15 22:23:00 m900 pppd[14927]: Using interface ppp0
Aug 15 22:23:00 m900 pppd[14927]: Connect: ppp0 <-->
Aug 15 22:23:00 m900 NetworkManager[14469]: ** Message: nm-l2tp-ppp-plugin: (nm_phasechange): status 5 / phase 'establish'
Aug 15 22:23:00 m900 pppd[14927]: Overriding mtu 1500 to 1200
Aug 15 22:23:00 m900 NetworkManager[14469]: nm_device_get_device_type: assertion 'NM_IS_DEVICE (self)' failed
Aug 15 22:23:00 m900 pppd[14927]: Overriding mru 1500 to mtu value 1200
Aug 15 22:23:00 m900 NetworkManager[14469]: <info>  [1471263806.1536] manager: (ppp0): new Generic device (/org/freedesktop/NetworkM
Aug 15 22:23:00 m900 NetworkManager[14469]: <info>  [1471263806.1609] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp
Aug 15 22:23:00 m900 NetworkManager[14469]: <info>  [1471263806.1609] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0
Aug 15 22:23:00 m900 NetworkManager[14469]: ** Message: nm-l2tp-ppp-plugin: (nm_phasechange): status 6 / phase 'authenticate'
Aug 15 22:23:00 m900 NetworkManager[14469]: ** Message: nm-l2tp-ppp-plugin: (get_credentials): passwd-hook, requesting credentials..
Aug 15 22:23:00 m900 NetworkManager[14469]: ** Message: nm-l2tp-ppp-plugin: (get_credentials): got credentials from NetworkManager-l
Aug 15 22:23:00 m900 pppd[14927]: CHAP authentication succeeded
Aug 15 22:23:00 m900 NetworkManager[14469]: ** Message: nm-l2tp-ppp-plugin: (nm_phasechange): status 8 / phase 'network'
Aug 15 22:23:00 m900 charon[14885]: 13[KNL] 192.168.67.215 appeared on ppp0
Aug 15 22:23:00 m900 charon[14885]: 15[KNL] 192.168.67.215 disappeared from ppp0
Aug 15 22:23:00 m900 charon[14885]: 12[KNL] 192.168.67.215 appeared on ppp0
Aug 15 22:23:00 m900 charon[14885]: 01[KNL] interface ppp0 activated

[mie]

I tried a new Ubuntu 16.04 installation, still with no success. But when I create the connection manually it works:

1. Attach cable, wait for automatic routes configuration (by network-manager I believe)
2. sudo systemctl stop network-manager
3. sudo systemctl start xl2tpd with the following configs:

/etc/xl2tpd/xl2tpd.conf

[global]
access control = yes
auth file = /etc/ppp/chap-secrets
[lac beeline]
lns = tp.internet.beeline.ru
redial = yes
redial timeout = 5
require chap = yes
require authentication = no
name = My ISP Login
ppp debug = no
pppoptfile = /etc/ppp/peers/options.l2tpd
require pap = no
autodial = yes
tx bps = 1000000000

/etc/ppp/peers/options.l2tpd

lcp-echo-interval 10
lcp-echo-failure 2
name My ISP Login
remotename l2tp
ipparam corbina
connect /bin/true
mtu 1460
nodeflate
nobsdcomp
persist
maxfail 0
nopcomp
noaccomp
noauth
noproxyarp

/etc/ppp/ip-up.d/10beeline

#!/bin/sh
#GW="*.*.*.*" # My route here
GW=$(route | grep ^default | awk '{print $2}')
route del $5 dev $1
route add -host $5 gw $GW
route add -net *.*.0.0 netmask 255.255.0.0 gw $GW
for i in $(grep "^nameserver" /etc/resolv.conf | awk '{print $2}') ; do
route add -host $i gw $GW
done
route del default
route add default dev $1

nm-l2tp plugin still doesn't work even if xl2tpd is compiled locally.

[mie]

It's weird but after the aforementioned procedure nm-l2tp plugin started to work. You may close the issue but I still don't understand it.

[dkosovic]

Glad to hear it is now working.

I wonder if it there was a NetworkManager package update, Ubuntu 16.04 shipped with a developer release of NetworkManager 1.1.93 and then they made version 1.2.0 available as an update. Version 1.9.3 had a number of issues, but can't remember if routing was one of them.