I apologize for the images, this is the first time using the mailing list. Here are the images: https://ibb.co/bsG5g8N https://ibb.co/pfTC7dS
Best regards, Emil On Thu, Apr 21, 2022 at 3:15 PM Emil Karlsson <emi...@kth.se> wrote: > Hi all, > > I am experiencing issues with VPN. > I have set up an isolated network with a VPN, but can't connect to it. > > On my own device I setup a L2TP/IPsec VPN with the preshared key from > CloudStack. > > The server is located behind a NAT, so the ports 500, 1701 and 4500 UDP > are forwarded to the isolated network's public ip in CloudStack. > > It seems as if the initial setup is done by reading the tail of journalctl > on my local machine, but right after that an error code is received which > kills the VPN connection. > > Error message: > Apr 21 13:55:50 n177-p213.eduroam.kth.se NetworkManager[12295]: > xl2tpd[12295]: Listening on IP address 0.0.0.0, port 36337 > Apr 21 13:55:50 n177-p213.eduroam.kth.se NetworkManager[12295]: > xl2tpd[12295]: Connecting to host 130.237.83.249, port 1701 > Apr 21 13:55:50 n177-p213.eduroam.kth.se NetworkManager[12295]: > xl2tpd[12295]: Connection established to 130.237.83.249, 1701. Local: > 56329, Remote: 37074 (ref=0/0). > Apr 21 13:55:50 n177-p213.eduroam.kth.se NetworkManager[12295]: > xl2tpd[12295]: Calling on tunnel 56329 > Apr 21 13:55:50 n177-p213.eduroam.kth.se NetworkManager[12295]: > xl2tpd[12295]: Call established with 130.237.83.249, Local: 60132, Remote: > 14169, Serial: 1 (ref=0/0) > Apr 21 13:55:50 n177-p213.eduroam.kth.se NetworkManager[12295]: > xl2tpd[12295]: control_finish: Connection closed to 130.237.83.249, serial > 1 () > Apr 21 13:56:04 n177-p213.eduroam.kth.se NetworkManager[12295]: > *xl2tpd[12295]: > death_handler: Fatal signal 15 received* > Apr 21 13:56:04 n177-p213.eduroam.kth.se NetworkManager[910]: <warn> > [1650542164.6400] > vpn-connection[0x5592c68440c0,eb332772-87fc-4d85-a0f5-d7f15c797487,"VPN > 1",0]: VPN plugin: failed: connect-failed (1) > Apr 21 13:56:04 n177-p213.eduroam.kth.se NetworkManager[910]: <warn> > [1650542164.6402] > vpn-connection[0x5592c68440c0,eb332772-87fc-4d85-a0f5-d7f15c797487,"VPN > 1",0]: VPN plugin: failed: connect-failed (1) > Apr 21 13:56:04 n177-p213.eduroam.kth.se NetworkManager[910]: <info> > [1650542164.6404] > vpn-connection[0x5592c68440c0,eb332772-87fc-4d85-a0f5-d7f15c797487,"VPN > 1",0]: VPN plugin: state changed: stopping (5) > Apr 21 13:56:04 n177-p213.eduroam.kth.se NetworkManager[12302]: Stopping > strongSwan IPsec... > Apr 21 13:56:04 n177-p213.eduroam.kth.se charon[12262]: 00[DMN] SIGINT > received, shutting down > > > To access the server-side I used ssh to access the virtual router for the > Isolated network. When reading the tail of journalctl I find the following > error message, which appears every time a VPN-connection is attempted. > Error message: > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: Connection established to <hidden > client ip>, 52956. Local: 32408, Remote: 36988 (ref=0/0). LNS session is > 'default' > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: start_pppd: I'm running: > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "/usr/sbin/pppd" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "plugin" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "pppol2tp.so" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "pppol2tp" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "7" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "pppol2tp_lns_mode" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "pppol2tp_tunnel_id" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "32408" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "pppol2tp_session_id" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "54146" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "passive" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "nodetach" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "10.1.2.1:10.1.2.2" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "refuse-pap" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "file" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: "/etc/ppp/options.xl2tpd" > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: Call established with <hidden client > ip>, PID: 120925, Local: 54146, Remote: 64867, Serial: 1 > Apr 21 11:58:51 r-5-VM pppd[120925]: Plugin pppol2tp.so loaded. > > *Apr 21 11:58:51 r-5-VM pppd[120925]: The remote system is required to > authenticate itselfApr 21 11:58:51 r-5-VM pppd[120925]: but I couldn't find > any suitable secret (password) for it to use to do so.* > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: write_packet: tty is not open yet. > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: write_packet: tty is not open yet. > Apr 21 11:58:51 r-5-VM xl2tpd[7124]: child_handler : pppd exited for call > 64867 with code 1 > > > The client VPN is 'default'-configured on a Fedora 35 using packages > Networkmanager-l2tp and networkmanager-l2tp-gnome . It is set up to accept > any authentication protocol (PEP, CHAP, MSCHAP, MSCHAPv2, EAP). We use > credentials from a VPN-user in CloudStack (created under Manage VPN User). > See image below: > > [image: Screenshot from 2022-04-21 14-11-54.png] > > [image: Screenshot from 2022-04-21 14-12-13.png] > > Thanks in advance, > > Best regards, > Emil >
