Hi Josh,
For Ubuntu I would recommend using the latest version of network-manager-l2tp from the following as it has a number of bug fixes and feature updates : https://launchpad.net/~nm-l2tp/+archive/ubuntu/network-manager-l2tp Regarding "we require IKEv1 peer to have ID 'X.X.X.27', but peer declares 'X.X.X.222'" error, you could set the "Remote ID" to X.X.X.222 in the IPsec config dialog box, assuming it was previously empty. Cheers, Doug -----Original Message----- From: Josh <[email protected]> Sent: Friday, 3 June 2022 12:01 PM To: Douglas Kosovic <[email protected]> Cc: [email protected] Subject: Re: [Swan] Configuring L2TP client using NetworkManager Hi Douglas, Disabling PFS did not help but sudo systemctl stop ipsec.service && sudo dnf -y erase libreswan && sudo dnf -y install strongswan resulted in a successful connection! I did not realize that a switch between swans is that easy. For a test I switched Ubuntu to libreswan and connection fails. This time, upon examination journalctl --since=today -u ipsec.service -u NetworkManager errors were completely different, from pluto: #1: Peer ID is ID_IPV4_ADDR: 'X.X.X.222' #1: we require IKEv1 peer to have ID 'X.X.X.27', but peer declares 'X.X.X.222' #1: sending encrypted notification INVALID_ID_INFORMATION to X.X.X.27:4500 #1: byte at offset 1 (29) of 'ISAKMP Hash Payload'.'reserved' is 0x33 but should have been zero (ignored) #1: length of ISAKMP Hash Payload is larger than can fit #1: malformed payload in packet above block repeats indefinitely, until 'sudo systemctl stop ipsec.service' is issued. Gateway hostname corresponds to X.X.X.27 Please advise. Josh. On 6/2/22 18:28, Douglas Kosovic wrote: > Correction, on Ubuntu to switch to libreswan with the network-manager-l2tp > package, issue: > > sudo apt install libreswan > > -----Original Message----- > From: Douglas Kosovic > Sent: Friday, 3 June 2022 8:25 AM > To: Josh <[email protected]> > Cc: [email protected] > Subject: RE: [Swan] Configuring L2TP client using NetworkManager > > Hi Josh, > > As it is failing Quick Mode (phase 2) for libreswan but not strongswan, you > try could clicking the "Disable PFS" checkbox in NetworkManager-l2tp's IPsec > config dialog box, PFS is enabled by default with libreswan, but not with > strongswan (where the option is greyed out). > > Unrelated to this issue, but since you are using Fedora, I would recommend > removing the blacklistings of L2TP kernel modules, see: > https://github.com/nm-l2tp/NetworkManager-l2tp/tree/1.20.4#issue-with- > blacklisting-of-l2tp-kernel-modules > > For historical reasons on Ubuntu, the network-manager-l2tp package default > dependency is strongswan, to switch to libreswan, issue the following: > > sudo dnf install libreswan > > On Fedora, NetworkManager-l2tp will use strongswan if it can't find libreswan. > > > > Cheers, > Doug > >> On Jun 2, 2022, at 13:49, Josh <[email protected]> wrote: >> >> Hello Paul, >> >> You are correct. I found instructions from a random VPN provider: >> >> https://www.rapidvpn.com/setup-vpn-l2tp-ubuntu >> https://www.rapidvpn.com/setup-vpn-l2tp-fedora >> >> Ubuntu 20 uses strongswan for l2tp/ipsec and connects to keenetic l2tp >> server just fine. >> Fedora 36 uses libreswan and connection to the same instance fails >> with error messages matching >> >> https://lists.libreswan.org/pipermail/swan/2017/002022.html >> >> Could anyone suggest any debugging steps? >> >> Josh. >> >>> On 5/30/22 17:17, Paul Wouters wrote: >>>> On Fri, 27 May 2022, Josh wrote: >>>> >>>> Subject: [Swan] Configuring L2TP client using NetworkManager On my >>>> latest Fedora NetworkManager UI there are many different options. >>>> I tried to do my best finding places I need to enter four given above but >>>> result is still a failure. >>> Did you use install NetworkManager-l2tp-gnome and then select "add vpn" ? >>> >>> gateway is the remote vpn host, username and password is what you >>> expect, and under "IPsec settings" at the bottom you can see "enable >>> IPsec" and "pre-shared key". Possibly under "advanced" you put in >>> the DNS name of the remote vpn server under "remote ID". >>> >>>> Is there a manual to setup L2TP connection via NetworkManager UI? >>> Possibly, but I wouldn't know. _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
