Bug#1007901: Bug#1007899: network-manager: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1)
Hi Marcel , I was about to close this still open bug (which was cloned from a bug that was closed), but decided to check the forum link you posted first : https://debianforum.de/forum/viewtopic.php?t=183809 and noticed you said there you were still having an issue with network-manager-l2tp and network-manager 1.36.4-2. Sorry to hear that network-manager 1.36.4-2 didn't solve your issue and wish I heard it here earlier. Unfortunately I'm not able to reproduce the bug with Debian Sid, but happy to look into it. I suspect it is an issue with strongswan, do you have the issue if you switch to libreswan? e.g. : sudo apt install libreswan To revert back to strongswan, issue: sudo apt install strongswan If it works with libreswan, I suspect the strongswan issue with network-manager version 1.36 is with one of its modules. Cheers, Doug
Bug#1007899: network-manager: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1)
Hi Michael, > Is there anything to fix on the network-manager package side or can > this issue be closed? With the upgrade of the network-manager package to 1.36.4-1, the VPN routing issue appears to have been resolved. I just checked again now that I'm not able to reproduce the issue, so this issue can be closed. Cheers, Doug
Bug#1007899: network-manager: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1)
Hi Doug On Tue, 22 Mar 2022 00:38:54 + Douglas Kosovic wrote: I suspect this is the same as the following upstream NetworkManager 1.36.2 routing bug: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/946 I assume you have enabled the "Use this connection only for resources on its network" checkbox in the VPN connection's IPv4 settings? In which case network-manager 1.36.2 doesn't appear to be adding any routes for the VPN connection like it does if the checkbox isn't enabled or did with earlier versions of NetworkManager. Is there anything to fix on the network-manager package side or can this issue be closed? OpenPGP_signature Description: OpenPGP digital signature
Bug#1007901: [Pkg-utopia-maintainers] Bug#1007899: network-manager: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1)
As mentioned to the upstream NetworkManager 1.36.2 VPN routing bug: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/946 The routing issue when the "Use this connection only for resources on its network" IPv4 setting is enabled, no longer appears to occur with NetworkManager 1.37.2. As 1.37.2 is a developer release, I believe this issue will resolve itself once the Debian network-manager package is upgraded to whatever the next NetworkManager non-developer release will be.
Bug#1007899: network-manager: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1)
I suspect this is the same as the following upstream NetworkManager 1.36.2 routing bug: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/946 I assume you have enabled the "Use this connection only for resources on its network" checkbox in the VPN connection's IPv4 settings? In which case network-manager 1.36.2 doesn't appear to be adding any routes for the VPN connection like it does if the checkbox isn't enabled or did with earlier versions of NetworkManager.
Bug#1007899: [Pkg-utopia-maintainers] Bug#1007899: network-manager: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1)
Control: clone -1 -2 Control: reassign -2 network-manager-l2tp Am 18.03.22 um 10:50 schrieb Marcel Jira: Package: network-manager Version: 1.36.2-1 Severity: important Tags: upstream X-Debbugs-Cc: marcel.j...@gmail.com I used to connect to a VPN using network-manager-l2tp and network-manager-l2tp- gnome. The connection recently stopped working (see log below). A connection is established but terminates quickly after logging a series of "Received out of order control packet" messages. Also the connection is not usable (no ping to a machine in the vpn possible) in the short amount of time the connection is present. Downgrading the packages "libnm0" and "network-manager" to version 1.34.0-1 solves the problem and makes the VPN usable again. A similar problem was described at * https://forum.manjaro.org/t/stable-update-2022-03-14-kernels-kde-libreoffice- kodi-qt5-mozilla-networkmanager-pipewire/105493/53?page=3 A big shoutout to eggy and michaa7 in the German Debian forum who helped me find a temporary solution for the problem: https://debianforum.de/forum/viewtopic.php?t=183809 Log snippet of failing VPN connection: Mär 08 09:24:32 austernpilz-marcel charon[5989]: 01[ENC] parsed INFORMATIONAL_V1 request 2021249469 [ HASH N(DPD) ] Mär 08 09:24:32 austernpilz-marcel charon[5989]: 01[ENC] generating INFORMATIONAL_V1 request 356123565 [ HASH N(DPD_ACK) ] Mär 08 09:24:32 austernpilz-marcel charon[5989]: 01[NET] sending packet: from 192.168.0.180[4500] to [4500] (92 bytes) Mär 08 09:24:45 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: check_control: Received out of order control packet on tunnel 61041 (got 3, expected 4) Mär 08 09:24:45 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: handle_control: bad control packet! Mär 08 09:24:45 austernpilz-marcel charon[5989]: 07[NET] received packet: from [4500] to 192.168.0.180[4500] (84 bytes) Mär 08 09:24:45 austernpilz-marcel charon[5989]: 07[ENC] parsed INFORMATIONAL_V1 request 3124328840 [ HASH N(DPD) ] Mär 08 09:24:45 austernpilz-marcel charon[5989]: 07[ENC] generating INFORMATIONAL_V1 request 1656922586 [ HASH N(DPD_ACK) ] Mär 08 09:24:45 austernpilz-marcel charon[5989]: 07[NET] sending packet: from 192.168.0.180[4500] to [4500] (92 bytes) Mär 08 09:24:47 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: check_control: Received out of order control packet on tunnel 61041 (got 3, expected 4) Mär 08 09:24:47 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: handle_control: bad control packet! Mär 08 09:24:51 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: check_control: Received out of order control packet on tunnel 61041 (got 3, expected 4) Mär 08 09:24:51 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: handle_control: bad control packet! Mär 08 09:24:59 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: check_control: Received out of order control packet on tunnel 61041 (got 3, expected 4) Mär 08 09:24:59 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: handle_control: bad control packet! Mär 08 09:25:05 austernpilz-marcel charon[5989]: 11[IKE] sending keep alive to [4500] Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[NET] received packet: from [4500] to 192.168.0.180[4500] (84 bytes) Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[ENC] parsed INFORMATIONAL_V1 request 2249792635 [ HASH D ] Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[IKE] received DELETE for IKE_SA 016e39e7-c775-46be-85d3-215b15580b02[1] Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[IKE] deleting IKE_SA 016e39e7-c775-46be-85d3-215b15580b02[1] between 192.168.0.180[192.168.0.180]...[] Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[IKE] deleting IKE_SA 016e39e7-c775-46be-85d3-215b15580b02[1] between 192.168.0.180[192.168.0.180]...[] Mär 08 09:25:14 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: Maximum retries exceeded for tunnel 62233. Closing. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.16.0-4-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8), LANGUAGE=de_AT:de Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages network-manager depends on: ii adduser 3.120 ii dbus 1.14.0-1 ii libaudit11:3.0.7-1+b1 ii libbluetooth35.62-2 ii libc62.33-7 ii libcurl3-gnutls 7.81.0-1 ii libglib2.0-0 2.70.4-1 ii libgnutls30 3.7.3-4+b1 ii libjansson4 2.13.1-1.1 ii libmm-glib0 1.18.6-2 ii libndp0 1.6-1+b1 ii libnewt0.52 0.52.21-5+b1 ii libnm0 1.34.0-1 ii libpsl5 0.21.0-1.2 ii libreadline8 8.1.2-1 ii libselinux1 3.3-1+b2 ii
Bug#1007899: network-manager: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1)
Package: network-manager Version: 1.36.2-1 Severity: important Tags: upstream X-Debbugs-Cc: marcel.j...@gmail.com I used to connect to a VPN using network-manager-l2tp and network-manager-l2tp- gnome. The connection recently stopped working (see log below). A connection is established but terminates quickly after logging a series of "Received out of order control packet" messages. Also the connection is not usable (no ping to a machine in the vpn possible) in the short amount of time the connection is present. Downgrading the packages "libnm0" and "network-manager" to version 1.34.0-1 solves the problem and makes the VPN usable again. A similar problem was described at * https://forum.manjaro.org/t/stable-update-2022-03-14-kernels-kde-libreoffice- kodi-qt5-mozilla-networkmanager-pipewire/105493/53?page=3 A big shoutout to eggy and michaa7 in the German Debian forum who helped me find a temporary solution for the problem: https://debianforum.de/forum/viewtopic.php?t=183809 Log snippet of failing VPN connection: Mär 08 09:24:32 austernpilz-marcel charon[5989]: 01[ENC] parsed INFORMATIONAL_V1 request 2021249469 [ HASH N(DPD) ] Mär 08 09:24:32 austernpilz-marcel charon[5989]: 01[ENC] generating INFORMATIONAL_V1 request 356123565 [ HASH N(DPD_ACK) ] Mär 08 09:24:32 austernpilz-marcel charon[5989]: 01[NET] sending packet: from 192.168.0.180[4500] to [4500] (92 bytes) Mär 08 09:24:45 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: check_control: Received out of order control packet on tunnel 61041 (got 3, expected 4) Mär 08 09:24:45 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: handle_control: bad control packet! Mär 08 09:24:45 austernpilz-marcel charon[5989]: 07[NET] received packet: from [4500] to 192.168.0.180[4500] (84 bytes) Mär 08 09:24:45 austernpilz-marcel charon[5989]: 07[ENC] parsed INFORMATIONAL_V1 request 3124328840 [ HASH N(DPD) ] Mär 08 09:24:45 austernpilz-marcel charon[5989]: 07[ENC] generating INFORMATIONAL_V1 request 1656922586 [ HASH N(DPD_ACK) ] Mär 08 09:24:45 austernpilz-marcel charon[5989]: 07[NET] sending packet: from 192.168.0.180[4500] to [4500] (92 bytes) Mär 08 09:24:47 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: check_control: Received out of order control packet on tunnel 61041 (got 3, expected 4) Mär 08 09:24:47 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: handle_control: bad control packet! Mär 08 09:24:51 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: check_control: Received out of order control packet on tunnel 61041 (got 3, expected 4) Mär 08 09:24:51 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: handle_control: bad control packet! Mär 08 09:24:59 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: check_control: Received out of order control packet on tunnel 61041 (got 3, expected 4) Mär 08 09:24:59 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: handle_control: bad control packet! Mär 08 09:25:05 austernpilz-marcel charon[5989]: 11[IKE] sending keep alive to [4500] Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[NET] received packet: from [4500] to 192.168.0.180[4500] (84 bytes) Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[ENC] parsed INFORMATIONAL_V1 request 2249792635 [ HASH D ] Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[IKE] received DELETE for IKE_SA 016e39e7-c775-46be-85d3-215b15580b02[1] Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[IKE] deleting IKE_SA 016e39e7-c775-46be-85d3-215b15580b02[1] between 192.168.0.180[192.168.0.180]...[] Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[IKE] deleting IKE_SA 016e39e7-c775-46be-85d3-215b15580b02[1] between 192.168.0.180[192.168.0.180]...[] Mär 08 09:25:14 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: Maximum retries exceeded for tunnel 62233. Closing. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.16.0-4-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8), LANGUAGE=de_AT:de Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages network-manager depends on: ii adduser 3.120 ii dbus 1.14.0-1 ii libaudit11:3.0.7-1+b1 ii libbluetooth35.62-2 ii libc62.33-7 ii libcurl3-gnutls 7.81.0-1 ii libglib2.0-0 2.70.4-1 ii libgnutls30 3.7.3-4+b1 ii libjansson4 2.13.1-1.1 ii libmm-glib0 1.18.6-2 ii libndp0 1.6-1+b1 ii libnewt0.52 0.52.21-5+b1 ii libnm0 1.34.0-1 ii libpsl5 0.21.0-1.2 ii libreadline8 8.1.2-1 ii libselinux1 3.3-1+b2 ii libsystemd0 250.4-1 ii libteamdctl0 1.31-1 ii libudev1 250.4-1 ii policykit-1 0.105-33 ii