Public bug reported: On freshly installed and fully updated Ubuntu 24.04.2 there is a regression that prevents VPN connections to Meraki MX firewalls using with the following configuration (which worked perfectly in Ubuntu 22.04 and prior releases):
https://community.meraki.com/t5/Security-SD-WAN/Guide-Client-VPN-on- Linux-Debian/m-p/72315 This is the permanent error from the logs: level=debug tunnel_name=t1 function=transport message=recv message_type=avpMsgTypeSli level=error tunnel_name=t1 message="bad control message" message_type=avpMsgTypeSli error="no specification for v2 message avpMsgTypeSli" The connection process shows: 1. The IPsec tunnel establishes successfully 2. The L2TP tunnel starts to establish 3. Then there's a failure when receiving a "Set Link Info" (SLI) message from the Meraki server The local L2TP client doesn't understand this message type and disconnects This appears to be a compatibility issue between the L2TP implementation in fresh Ubuntu 24.04.2 and the Meraki MX firewall. Interestingly, this same issue does not occur on fresh Debian 12 installs or on systems upgraded from previous versions. The L2TP protocol implementation may have changed in Ubuntu 24.04.2 There might be a version mismatch between packages in fresh vs. upgraded installations. Some configuration file or setting that handles these message types properly might be preserved during upgrades but not set correctly in fresh installations Since fresh Debian 12 installations are now working, this narrows down the issue specifically to Ubuntu 24.04.2 fresh installations, which should help in identifying and resolving the regression. Workaround: sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp && sudo apt update && sudo apt install network-manager-l2tp network-manager-l2tp- gnome go-l2tp && sudo systemctl restart NetworkManager After adding the repository above and replacing the packages from Ubunu 24.04.2 with the ones from this repository (and restarting NetworkManager. The created VPN profile immediately begins to work as expected. This work-around was provided by Douglas Kosovic during this bug report: https://github.com/nm-l2tp/NetworkManager-l2tp/issues/237 ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: network-manager-l2tp-gnome 1.20.12-1build2 ProcVersionSignature: Ubuntu 6.11.0-21.21~24.04.1-generic 6.11.11 Uname: Linux 6.11.0-21-generic x86_64 ApportVersion: 2.28.1-0ubuntu3.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Apr 12 22:39:02 2025 InstallationDate: Installed on 2025-04-13 (0 days ago) InstallationMedia: Ubuntu 24.04.2 LTS "Noble Numbat" - Release amd64 (20250215) ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> SourcePackage: network-manager-l2tp UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: network-manager-l2tp (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug noble wayland-session ** Attachment added: "vpn-debug.log" https://bugs.launchpad.net/bugs/2107270/+attachment/5871463/+files/vpn-debug.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107270 Title: Regression Preventing VPN to Meraki MX To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/2107270/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
