Hi, It looks like something is off with your phase two configuration. It can be anything in your phase two configuration that it doesn't like. You're better off just asking the administrator of the other side what they expect.
Kind regards Noel Am 16.10.18 um 22:16 schrieb Jonas Koperdraat: > Hello there, > > I'm having trouble connecting to my company's VPN from my Linux laptop. I > have spent quite some time trying to figure out what might be causing this > problem, but frankly my knowledge on the subject is limited, so I'm hoping > someone here might be able to help me in the right direction. Any help would > be greatly appreciated! > > My campany uses an L2TP VPN with en IPSec tunnel. Using the same credentials > as I'm using on my laptop, I am able to connect to the network from my mobile > phone funning Android Oreo, without any problems, but from my laptop I am > unable to connect. > > I am running Ubuntu 18.04.1 LTS. > > jonas@Jonas-XPS13:~$ uname -a > Linux Jonas-XPS13 4.15.0-1018-oem #21-Ubuntu SMP Tue Aug 28 14:12:47 UTC 2018 > x86_64 x86_64 x86_64 GNU/Linux > > Following these instructions, I added the L2TP network manager to Gnome: > https://medium.com/@hkdb/ubuntu-16-04-connecting-to-l2tp-over-ipsec-via-network-manager-204b5d475721 > > However, I wasn't able to connect. This stackoverflow question/answer (among > others) mentioned that I might have to specify phase 1 and phase 2 algorithms: > https://askubuntu.com/questions/904217/unable-to-connect-l2tp-ipsec-vpn-from-ubuntu-16-04 > > I ran an ike-scan, from which I concluded that the VPN indeed uses old > algorithms, so I added 3des-sha1-modp1024! and 3des-sha1! as phase 1 and > phase 2 algorithms. For good measure I added the exclamation marks, as some > solutions mentioned that might be required. > > jonas@Jonas-XPS13:~$ sudo ike-scan -v office.********.nl > DEBUG: pkt len=336 bytes, bandwidth=56000 bps, int=52000 us > Starting ike-scan 1.9.4 with 1 hosts > (http://www.nta-monitor.com/tools/ike-scan/) > 87.213.34.174Main Mode Handshake returned HDR=(CKY-R=254e5ebbbb17c30a) > SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds > LifeDuration=28800) VID=5b362bc820f60007 (SonicWall-7) > > Ending ike-scan 1.9.4: 1 hosts scanned in 0.060 seconds (16.70 hosts/sec). 1 > returned handshake; 0 returned notify > > Unfortunately, even though that seemed to be the solution for the majority of > the problems I encountered online, I am still unable to connect. Below are > links to pastebins with relevant information: > > Logging of a connection attempt: https://pastebin.com/cEwMQjjC > /etc/strongswan.conf: https://pastebin.com/LppKLiqw > /etc/strongswan.d/charon.conf https://pastebin.com/9ecW0LXJ > > Kind regards and thanks in advance, > > Jonas > > > >
signature.asc
Description: OpenPGP digital signature
