Hi Rémi, > since upgrading to 1.20.12-1, I cannot connect to my ipsec/l2tp vpn anymore. > > I tried many things, but the only thing that works is disabling mppe, or > downgrading to 1.20.10-1 > > Here are the debug log for 1.20.12-1: > ... > > And here is the log with 1.20.10-1: ... > I still have the «Unsupported protocol», but then the connection carries on > and works.
That behaviour is a consequence of the following commit in version 1.20.12 which doesn't disable the Compression Control Protocol (CCP) when MPPE is enabled (as MPPE protocol negotiation happens within CPP) : https://github.com/nm-l2tp/NetworkManager-l2tp/commit/fdf5d98e86c5f0a97f9649fa3e23b3c001a93340 MPPE protocol negotiation had been broken since 2013 with the following commit which disabled CCP : https://github.com/nm-l2tp/NetworkManager-l2tp/commit/5fe98f70344e842faa28014be7ba259c2db7ae8b I don't think any MPPE encryption is being used in your 1.20.10-1 log output, even though MPPE is enabled, or am I interpreting things wrong? MPPE encryption is very weak and is typically only used with L2TP VPN connections, not L2TP/IPsec which use much stronger IPsec encryption. Cheers, Doug
