[Bug 1726135] Re: need to use group name
Marked as invalid as the VPN server is using an algorithm considered broken by stronswan and workaround was provided. ** Changed in: network-manager-l2tp (Ubuntu) Assignee: (unassigned) => Douglas Kosovic (dkosovic) ** Changed in: network-manager-l2tp (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1726135 Title: need to use group name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1726135/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1726135] Re: need to use group name
Thanks, adding the Algorithms to Phase1 and Phase2 params, I've solved the connection problem. I've report the problem with mi VPN provider too. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1726135 Title: need to use group name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1726135/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1726135] Re: need to use group name
>From the logs, it definitely isn't using IPsec XAuth. The "NO_PROPOSAL_CHOSEN error" means your VPN server is using a legacy encryption algorithm that strongswan considers broken as it is old and weak, it is most likely 3DES : https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites It would be best if the VPN server can be updated to use stronger cipher suites, but if you can't, in the README.md file, see the "User specified IPsec IKEv1 cipher suites" section : https://github.com/nm-l2tp/network-manager-l2tp#user-specified-ipsec- ikev1-cipher-suites Extract : If you are using strongSwan with this VPN plugin and you need to use the same ciphers that older versions of strongSwan and this VPN plugin used, enter the following in the corresponding IPsec configuration dialog text boxes: Phase1 Algorithms : aes128-sha1-modp2048,3des-sha1-modp1536,3des-sha1-modp1024 Phase2 Algorithms : aes128-sha1,3des-sha1 If you then get a xl2tpd failure, you might also need to stop the system xl2tpd service, see "Issue with not stopping system xl2tpd service" section in the README.md file : https://github.com/nm-l2tp/network-manager-l2tp#issue-with-not-stopping- system-xl2tpd-service I think OpenSUSE doesn't start the system xl2tpd service by default, but Ubuntu does. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1726135 Title: need to use group name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1726135/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1726135] Re: need to use group name
Thanks for clarification, really I've used this https://software.opensuse.org/package/NetworkManager-l2tp in OpenSUSE 42.3, exactly this project https://build.opensuse.org/package/show/home%3AiSipi/NetworkManager-l2tp that is developed using Strongswan. I thought that network-manager-l2tp-gnome in ubuntu was the same, but in newer version. Now I'm using ubuntu and network-manager-libreswan is not available in official repositories, appears it's only for compilation https://github.com/nm-l2tp/network-manager-l2tp/blob/master/README.md I'm test with Windows 10 and connect with the attached parameters. For this configuration I don't need "group name", and I suspect that is only an L2TP/IPsec VPN like you describe. I paste the log of the connection if you what to see it. $ journalctl -f -t NetworkManager oct 23 12:19:17 ulises NetworkManager[831]: [1508779157.6301] audit: op="connection-activate" uuid="8800b906-99f8-45aa-aa9d-35324e9cb297" name="VPN TEST" pid=2066 uid=1000 result="success" oct 23 12:19:17 ulises NetworkManager[831]: [1508779157.6361] vpn-connection[0x5577050b46a0,8800b906-99f8-45aa-aa9d-35324e9cb297,"VPN TEST",0]: Started the VPN service, PID 6440 oct 23 12:19:17 ulises NetworkManager[831]: [1508779157.6426] vpn-connection[0x5577050b46a0,8800b906-99f8-45aa-aa9d-35324e9cb297,"VPN TEST",0]: Saw the service appear; activating connection oct 23 12:19:17 ulises NetworkManager[831]: [1508779157.7202] vpn-connection[0x5577050b46a0,8800b906-99f8-45aa-aa9d-35324e9cb297,"VPN TEST",0]: VPN connection: (ConnectInteractive) reply received oct 23 12:19:17 ulises NetworkManager[831]: Stopping strongSwan IPsec failed: starter is not running oct 23 12:19:19 ulises NetworkManager[831]: Starting strongSwan 5.5.1 IPsec [starter]... oct 23 12:19:19 ulises NetworkManager[831]: Loading config setup oct 23 12:19:19 ulises NetworkManager[831]: Loading conn '8800b906-99f8-45aa-aa9d-35324e9cb297' oct 23 12:19:19 ulises NetworkManager[831]: found netkey IPsec stack oct 23 12:19:20 ulises NetworkManager[831]: initiating Main Mode IKE_SA 8800b906-99f8-45aa-aa9d-35324e9cb297[1] to 200.69.148.03 oct 23 12:19:20 ulises NetworkManager[831]: generating ID_PROT request 0 [ SA V V V V V ] oct 23 12:19:20 ulises NetworkManager[831]: sending packet: from 192.168.98.77[500] to 200.69.148.03[500] (240 bytes) oct 23 12:19:20 ulises NetworkManager[831]: received packet: from 200.69.148.03[500] to 192.168.98.77[500] (56 bytes) oct 23 12:19:20 ulises NetworkManager[831]: parsed INFORMATIONAL_V1 request 1006639256 [ N(NO_PROP) ] oct 23 12:19:20 ulises NetworkManager[831]: received NO_PROPOSAL_CHOSEN error notify oct 23 12:19:20 ulises NetworkManager[831]: establishing connection '8800b906-99f8-45aa-aa9d-35324e9cb297' failed oct 23 12:19:21 ulises NetworkManager[831]: Stopping strongSwan IPsec... oct 23 12:19:21 ulises NetworkManager[831]: [1508779161.1521] vpn-connection[0x5577050b46a0,8800b906-99f8-45aa-aa9d-35324e9cb297,"VPN TEST",0]: VPN plugin: state changed: stopped (6) oct 23 12:19:21 ulises NetworkManager[831]: [1508779161.1568] vpn-connection[0x5577050b46a0,8800b906-99f8-45aa-aa9d-35324e9cb297,"VPN TEST",0]: VPN service disappeared oct 23 12:19:21 ulises NetworkManager[831]: [1508779161.1579] vpn-connection[0x5577050b46a0,8800b906-99f8-45aa-aa9d-35324e9cb297,"VPN TEST",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying' ** Attachment added: "Captura de pantalla (65).png" https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1726135/+attachment/4988758/+files/Captura%20de%20pantalla%20%2865%29.png -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1726135 Title: need to use group name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1726135/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1726135] Re: need to use group name
Group Name is for IPsec Extended authentication (XAuth). Xauth support was never implemented in network-manager-l2tp and it doesn't make sense as XAuth doesn't use L2TP, so Group Name was removed from the IPsec configuration dialog box. So a summary for the differences in the two VPN connections are: - IPsec XAuth uses XAuth for the user credentials which involves a Group Name. - L2TP/IPsec uses L2TP for the PPP user credentials. The Gnome Project provides a VPN IPsec IKEv1 VPN client with Group Name called network-manager-libreswan : https://git.gnome.org/browse/network-manager-libreswan/plain/appdata/libreswan.png Did Group Name ever work for you in the old network-manager-l2tp? If it did, it was for something other than XAuth. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1726135 Title: need to use group name To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/1726135/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
