You are not logged in.

#1 2021-04-27 06:26:55

svalee
Member
Registered: 2019-01-20
Posts: 41
Website

[SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

With strongswan
The vpn is protected with duo 2-factor auth.
I'm using nmcli to connect. Here's the config of my connection (passwords stripped)

[connection]
id=*vpn_id*
uuid=ffcdc390-c875-491f-a54b-5cf66c0762ed
type=vpn
permissions=

[vpn]
gateway=*server_addr*
ipsec-enabled=yes
ipsec-esp=3des-sha1
ipsec-forceencaps=yes
ipsec-ike=3des-sha1-modp1024
ipsec-psk=*shared secret here*
mru=1400
mtu=1400
password-flags=0
user=*my_username*
service-type=org.freedesktop.NetworkManager.l2tp

[vpn-secrets]
password=*password*

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto

[proxy]

I'm connecting like this:
nmcli c up *vpn_id*

Here's the output from journal
https://pastebin.com/kRzN6Cjh

I'm pretty sure it has to do something with the fact that I don't use DE. What should be done to fix the issue is not clear to me though.

I've had this issue
https://unix.stackexchange.com/question … -secrets-3
Failed to request VPN secrets #3: No agents were available for this request.

but resolved it by providing the password in a config

This looks very similar to what I have right now
https://unix.stackexchange.com/question … -signal-15

Here's the output from
sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
https://pastebin.com/n1nuR06m

Last edited by svalee (2021-05-12 02:46:07)

Offline

#2 2021-04-27 22:35:18

dkosovic
Member
Registered: 2017-12-16
Posts: 21

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

The IPsec connection is successful and the L2TP connection starts failing after an AVP issue. You can find other AVP issues on the xl2tpd issues page on github and I vaguely remember a xl2tpd build flag which might mitigate a certain AVP issue, but was a bit of a hack.

Alternatively you could try using NetworkManager-l2tp built from the latest source from the github repository:
  https://github.com/nm-l2tp/NetworkManager-l2tp

It now supports kl2tpd from Katalix's go-l2tp project (and falls back to xl2tpd if it can't find kl2tpd).

To build kl2tpd, assuming you have the go (i.e. Go language) package installed, issue the following in your home directory :

go get github.com/katalix/go-l2tp/...
sudo cp go/bin/kl2tpd /usr/local/sbin/

Unrelated to the issue, `ipsec-ike=3des-sha1-modp1024` and `ipsec-esp=3des-sha1` are redundant with newer versions of NetworkManager-l2tp as it uses a combination of Win10 and iOS L2TP/IPsec Phase 1 & 2 proposals for its default set of proposals instead of using the strongswan defaults.

Last edited by dkosovic (2021-04-27 23:19:10)

Offline

#3 2021-04-28 04:39:41

svalee
Member
Registered: 2019-01-20
Posts: 41
Website

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

Thanks for the reply!
I'm having an issue building this from source tho.
error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version 0.19 but the autoconf macros are from gettext version 0.20
Full output of make
https://pastebin.com/siGGkNsE

Output of configure
https://pastebin.com/U2mBBPAi

Here's how I configured:

./configure \
--with-gnome=no \
--with-pppd-plugin-dir=/usr/lib/pppd/2.4.8\
--sysconfdir=/etc \
--libexecdir=/usr/lib/NetworkManager \
--localstatedir=/var \
--prefix=/usr

I used this as a reference when configuring
https://github.com/archlinux/svntogit-c … k/PKGBUILD

I do have intltool and libtool installed

Last edited by svalee (2021-04-28 04:58:05)

Offline

#4 2021-04-28 12:41:49

dkosovic
Member
Registered: 2017-12-16
Posts: 21

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

I'm getting  Error 502 Bad gateway when I try to click on the pastebin links, but probably won't require them as I think you have provided enough info.

The issue is a consequence of the following commit which removed need for intltool with newer versions of gettext :
https://github.com/nm-l2tp/NetworkManag … dc63a839d3

in particular the issue is because of the following line in configure.ac :

AM_GNU_GETTEXT_VERSION([0.19.8])

Try modifying configure.ac to add the following AM_GNU_GETTEXT_REQUIRE_VERSION line:

AM_GNU_GETTEXT_VERSION([0.19.8])
AM_GNU_GETTEXT_REQUIRE_VERSION([0.19.8])

That fix is based on :
https://gitlab.gnome.org/GNOME/geocode- … 5c1f487b63

Offline

#5 2021-04-28 12:55:31

dkosovic
Member
Registered: 2017-12-16
Posts: 21

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

Oh forgot to mention regarding not being asked for the password with nmcli because you don't have a DE secret service agent, you could try:

nmcli --ask c up *vpn_id*

Offline

#6 2021-04-28 14:03:50

dkosovic
Member
Registered: 2017-12-16
Posts: 21

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

https://github.com/nm-l2tp/NetworkManager-l2tp.git main branch now has the AM_GNU_GETTEXT_REQUIRE_VERSION fix in configure.ac.

Offline

#7 2021-04-29 04:37:27

svalee
Member
Registered: 2019-01-20
Posts: 41
Website

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

Ah, it seems like the pastebin was down yesterday for some time.

I really appreciate your effort and very quick fix! Pulled the new version from the master and was able to install it with no problems.

Now the errors look a bit different, can you look into it?
This is output from sudo /usr/lib/NetworkManager/nm-l2tp-service --debug

https://pastebin.com/KiE5ZN5H

Maybe I can provide any other useful info?

With regards to this

Oh forgot to mention regarding not being asked for the password with nmcli because you don't have a DE secret service agent, you could try:

nmcli --ask c up *vpn_id*

I can just provide a password inside the [secrets] and it should work just fine, right? No need to use --ask flag.

Last edited by svalee (2021-04-29 04:38:19)

Offline

#8 2021-04-29 11:12:16

dkosovic
Member
Registered: 2017-12-16
Posts: 21

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

The issue is definitely the following in the kl2tpd logs:

level=error tunnel_name=t1 function=transport message="frame receive failed" error="malformed header: length 17024 exceeds buffer bounds of 30"

You'll also notice elsewhere that tunnel_id=17024, so it would appear that the malformed header received from the VPN server for the AVP ICCN response has the length field mixed up somehow with the tunnel_id.

Apart from hacking the go-l2tp code where the parsing of the header is occurring and try to handle the malformed header :
  https://github.com/katalix/go-l2tp/blob … sg.go#L547
sorry I don't have any advice in that regard, I'm not sure what else to try, maybe post to the go-l2tp issues page on github.

Yeah, no need to use the --ask flag if you are happy with storing the password in the vpn connection config file.

Offline

#9 2021-04-29 12:29:10

svalee
Member
Registered: 2019-01-20
Posts: 41
Website

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

You've already been of huge help, so I can't ask for more!

Open Source needs more people like you, such a nice and supportive person.

I'm working to be the same kind of person for someone else.

With regards to VPN, I'll try to ask on go-l2tp issues.
What really surprises me is that's a company VPN and a lot of people using Linux there don't have that much problem with it.

Last edited by svalee (2021-04-29 12:42:52)

Offline

#10 2021-04-29 22:29:23

dkosovic
Member
Registered: 2017-12-16
Posts: 21

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

Actually the "malformed header: length 17024 exceeds buffer bounds of 30" error might be a red herring.

xl2tpd has the following AVP Set-Link-Info error:

xl2tpd[689663]: message_type_avp: message type 16 (Set-Link-Info)
xl2tpd[689663]: ignore_avp : Ignoring AVP
xl2tpd[689663]: control_finish: message type is Set-Link-Info(16).  Tunnel is 21664, call is 7738.
nm-l2tp[689590] <info>  Terminated xl2tpd daemon with PID 689663.

and kl2tpd has a similar Set-Link-Info error:

level=debug tunnel_name=t1 function=transport message=recv message_type=avpMsgTypeSli
level=error tunnel_name=t1 message="bad control message" message_type=avpMsgTypeSli error="no specification for v2 message avpMsgTypeSli"

It looks like there is something the VPN server doesn't like about the link (possibly due to ISP, home router, etc) and wants to do some PPP settings.

I'm not seeing any pppd and kernel ppp log output which might be going somewhere else and not in the output from "nm-l2tp-service --debug". pppd log output goes to wherever syslogd output goes to.

Some PPP settings you could try setting include the MTU/MRU to a lower value, maybe drop from 1400 to 1200 and disable all the PPP authentication methods except MSCHAPv2 with the following :

refuse-chap=yes
refuse-eap=yes
refuse-mschap=yes
refuse-pap=yes

Last edited by dkosovic (2021-04-29 22:41:01)

Offline

#11 2021-04-30 07:06:05

svalee
Member
Registered: 2019-01-20
Posts: 41
Website

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

Didn't get much from syslog, maybe you can understand better.
What I've understood is that 1400 mru/mtu seems the server settings, so that it can be left as is, although it doesn't hurt to let them be 1200?
The last few lines of logs before terminating was:

Apr 30 09:47:59 halee pppd[237631]: nm-l2tp[237556] <info>  [helper-237631] phasechange: status 6 / phase 'authenticate'
Apr 30 09:47:59 halee pppd[237631]: nm-l2tp[237556] <info>  [helper-237631] phasechange: status 8 / phase 'network'
Apr 30 09:47:59 halee pppd[237631]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
Apr 30 09:47:59 halee pppd[237631]: rcvd [LCP EchoReq id=0x0 magic=0x999be7a]
Apr 30 09:47:59 halee pppd[237631]: sent [LCP EchoRep id=0x0 magic=0x4765997]
Apr 30 09:47:59 halee pppd[237631]: Terminating on signal 2

Full output:
https://pastebin.com/XumxeNL4

Oh, forgot to mention, I also had an idea that it could be the router or ISP, so I've connected through my cellular network and had the same error. I will try to connect from other networks tomorrow.

Last edited by svalee (2021-04-30 07:10:13)

Offline

#12 2021-04-30 13:15:16

dkosovic
Member
Registered: 2017-12-16
Posts: 21

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

I wasn't certain where pppd's syslog output goes on Arch Linux, I had vague memories the default was systemd journalctl, but could be configured at Arch Linux install time.

I was clutching at straws with the MTU/MRU setting, the setting of 1200 may even be causing problems now. There have been a few cases where setting to something lower like 1200 fixed connection issues due to some intermediate devices in the hops not being able to handle a MTU of 1400. Probably best to go back to the default of 1400 (which is also what the Windows L2TP/IPsec clients use).

There is log output missing between phase 'authenticate' and phase 'network'. This is what I see for the authenticate:

pppd[5693]: Overriding mtu 1352 to 1200
pppd[5693]: PPPoL2TP options: tid 59302 sid 63795 debugmask 0
pppd[5693]: nm-l2tp[5618] <info>  [helper-5693] phasechange: status 6 / phase 'authenticate'
pppd[5693]: rcvd [CHAP Challenge id=0x1 <0161fe94641632a10b384ad3ca1037d5>, name = "us.freevpn4you.net"]
pppd[5693]: nm-l2tp[5618] <info>  [helper-5693] passwd-hook: requesting credentials...
pppd[5693]: nm-l2tp[5618] <info>  [helper-5693] passwd-hook: got credentials from NetworkManager-l2tp
pppd[5693]: added response cache entry 0
pppd[5693]: sent [CHAP Response id=0x1 <f2b59514500a61dc6c176f0a78f4a4250000000000000000a30995c026b82bdac263579c46693641f4eb7e859c69fa7100>, name = "myusername"]
pppd[5693]: rcvd [CHAP Success id=0x1 "S=107B0BA2033A20B0CF40C83F7BF73AA31F65343B"]
pppd[5693]: response found in cache (entry 0)
pppd[5693]: CHAP authentication succeeded
pppd[5693]: nm-l2tp[5618] <info>  [helper-5693] phasechange: status 8 / phase 'network'
ppd[5693]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
...
pppd[5693]: nm-l2tp[5618] <info>  [helper-5693] phasechange: status 9 / phase 'running'

Although the above log output says CHAP, it is actually MSCHAPv2 that is being used and not CHAP.

If nm-l2tp-service --debug is being used, I would expect CHAP authentication succeeded or failed to be in the log output.

Offline

#13 2021-04-30 14:04:38

svalee
Member
Registered: 2019-01-20
Posts: 41
Website

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

I've just double-checked (by trying this again) and this is all that I have in my journal.

I just started it like this sudo journalctl -f before I've tried to connect.

And I'm running nm-l2tp-service with --debug flag. Could it be that it is written somewhere else, or?

Last edited by svalee (2021-04-30 14:05:04)

Offline

#14 2021-05-01 00:56:33

dkosovic
Member
Registered: 2017-12-16
Posts: 21

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

I was guessing what the issues might be with pppd before I saw the pppd log output, perhaps you aren't seeing the following line in the 'authenticate' phase because your VPN server isn't using MSCHAPv2 :

pppd[5693]: rcvd [CHAP Challenge id=0x1 <0161fe94641632a10b384ad3ca1037d5>, name = "us.freevpn4you.net"]

You could try removing the following lines I previously suggested :

refuse-chap=yes
refuse-eap=yes
refuse-mschap=yes
refuse-pap=yes

You mentioned duo 2-factor auth, not sure what PPP auth method it uses, maybe EAP.


I'm pretty sure the pppd 'authenticate' log output isn't going somewhere else, as you are seeing other pppd log output.

Offline

#15 2021-05-01 02:50:40

svalee
Member
Registered: 2019-01-20
Posts: 41
Website

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

Oh, yeah, now it exists:

May 01 05:40:54 halee pppd[252139]: nm-l2tp[252056] <info>  [helper-252139] phasechange: status 6 / phase 'authenticate'
May 01 05:40:54 halee pppd[252139]: nm-l2tp[252056] <info>  [helper-252139] passwd-hook: requesting credentials...
May 01 05:40:54 halee pppd[252139]: nm-l2tp[252056] <info>  [helper-252139] passwd-hook: got credentials from NetworkManager-l2tp
May 01 05:40:54 halee pppd[252139]: sent [PAP AuthReq id=0x1 user="*username*" password=<hidden>]
May 01 05:40:54 halee pppd[252139]: rcvd [LCP EchoReq id=0x0 magic=0xaee6ec30]
May 01 05:40:54 halee pppd[252139]: sent [LCP EchoRep id=0x0 magic=0xa8fb849d]
May 01 05:40:54 halee pppd[252139]: Terminating on signal 2
May 01 05:40:54 halee pppd[252139]: nm-l2tp[252056] <info>  [helper-252139] phasechange: status 10 / phase 'terminate'
May 01 05:40:54 halee pppd[252139]: nm-l2tp[252056] <info>  [helper-252139] phasechange: status 5 / phase 'establish'
May 01 05:40:54 halee pppd[252139]: Overriding mtu 1500 to 1400
May 01 05:40:54 halee pppd[252139]: PPPoL2TP options: tid 33287 sid 21487 debugmask 0
May 01 05:40:54 halee pppd[252139]: Overriding mru 1500 to mtu value 1400
May 01 05:40:54 halee pppd[252139]: sent [LCP TermReq id=0x2 "User request"]
May 01 05:40:57 halee pppd[252139]: sent [LCP TermReq id=0x3 "User request"]
May 01 05:41:00 halee pppd[252139]: nm-l2tp[252056] <info>  [helper-252139] phasechange: status 11 / phase 'disconnect'
May 01 05:41:00 halee pppd[252139]: Connection terminated.

Full output:
https://pastebin.com/Ct67g1Ss

I know nothing about the stuff, but could it be that I have wrong credential, since pppd fails exactly after the step where it sent credentials?

Offline

#16 2021-05-01 03:20:43

dkosovic
Member
Registered: 2017-12-16
Posts: 21

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

Most likely wrong credentials.

One more thing to try is setting the following :

refuse-pap=yes

and then see if it tries a different authentication method, might have more luck with a different authentication method. The backends are often wired up differently for authentication with the different authentication methods.

Although not in this case, a common problem is that some VPN servers have all the authentication methods enabled, but only some of them have been configured, so the credentials fail for some authentication methods.

If you have an iPhone or Android phone or Win10 or macOS, you could test the L2TP/IPsec connection with their native L2TP/IPsec client and see if it connects with those credentials.

Offline

#17 2021-05-05 02:50:44

svalee
Member
Registered: 2019-01-20
Posts: 41
Website

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

It turns out that my duo account wasn't activated... However, the journey is not over.

I was able to connect with my phone, but not with linux.
From logs, I can see only previously discussed

level=debug tunnel_name=t1 function=transport message=recv message_type=avpMsgTypeSli
level=error tunnel_name=t1 message="bad control message" message_type=avpMsgTypeSli error="no specification for v2 message avpMsgTypeSli"

Here are the network-manager-l2tp logs
https://pastebin.com/i5nzmj6j

Journal:
https://pastebin.com/8h9sPzLc

Offline

#18 2021-05-06 04:42:11

svalee
Member
Registered: 2019-01-20
Posts: 41
Website

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

I might go insane, but it still seems to be the auth issue.
I do get a notification on my phone to approve my connection, but the connection terminates before I approve, I think.
I double-checked the password, shared-secret, and username, everything seems to be okay. (and works on phone)

It seems like the duo app using PAP since after disabling it, I'm not receiving any notifications
However, I'm pretty certain that this log happens way before I'm able to approve my 2-factor auth

May 06 07:21:23 halee pppd[368081]: Terminating on signal 2
May 06 07:21:20 halee pppd[368081]: Plugin pppol2tp.so loaded.
May 06 07:21:20 halee pppd[368081]: Plugin /usr/lib/pppd/2.4.8--sysconfdir=/etc/nm-l2tp-pppd-plugin.so loaded.
May 06 07:21:20 halee pppd[368081]: nm-l2tp[367988] <info>  [helper-368081] initializing
May 06 07:21:20 halee pppd[368081]: pppd 2.4.8 started by paulefou, uid 0
May 06 07:21:20 halee pppd[368081]: nm-l2tp[367988] <info>  [helper-368081] phasechange: status 3 / phase 'serial connection'
May 06 07:21:20 halee pppd[368081]: using channel 18
May 06 07:21:20 halee pppd[368081]: Using interface ppp0
May 06 07:21:20 halee pppd[368081]: Connect: ppp0 <-->
May 06 07:21:20 halee pppd[368081]: nm-l2tp[367988] <info>  [helper-368081] phasechange: status 5 / phase 'establish'
May 06 07:21:20 halee pppd[368081]: Overriding mtu 1500 to 1400
May 06 07:21:20 halee pppd[368081]: PPPoL2TP options: tid 7258 sid 19403 debugmask 0
May 06 07:21:20 halee pppd[368081]: Overriding mru 1500 to mtu value 1400
May 06 07:21:20 halee pppd[368081]: sent [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <magic 0xd77c9756>]
May 06 07:21:20 halee NetworkManager[418]: <info>  [1620274880.5894] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/5081)
May 06 07:21:20 halee systemd-udevd[368087]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
May 06 07:21:20 halee pppd[368081]: rcvd [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <magic 0xd77c9756>]
May 06 07:21:23 halee pppd[368081]: rcvd [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <auth pap> <magic 0xef3e1d47>]
May 06 07:21:23 halee pppd[368081]: sent [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <auth pap> <magic 0xef3e1d47>]
May 06 07:21:23 halee pppd[368081]: PPPoL2TP options: tid 7258 sid 19403 debugmask 0
May 06 07:21:23 halee pppd[368081]: nm-l2tp[367988] <info>  [helper-368081] phasechange: status 6 / phase 'authenticate'
May 06 07:21:23 halee pppd[368081]: nm-l2tp[367988] <info>  [helper-368081] passwd-hook: requesting credentials...
May 06 07:21:23 halee pppd[368081]: nm-l2tp[367988] <info>  [helper-368081] passwd-hook: got credentials from NetworkManager-l2tp
May 06 07:21:23 halee pppd[368081]: sent [PAP AuthReq id=0x1 user="*user*" password=<hidden>]
May 06 07:21:23 halee pppd[368081]: rcvd [LCP EchoReq id=0x0 magic=0xef3e1d47]
May 06 07:21:23 halee pppd[368081]: sent [LCP EchoRep id=0x0 magic=0xd77c9756]
May 06 07:21:23 halee pppd[368081]: Terminating on signal 2

Last edited by svalee (2021-05-06 04:42:53)

Offline

#19 2021-05-07 23:43:45

dkosovic
Member
Registered: 2017-12-16
Posts: 21

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

The following output line looks very strange:

pppd: Plugin /usr/lib/pppd/2.4.8--sysconfdir=/etc/nm-l2tp-pppd-plugin.so loaded.

If you configured NetworkManager-l2tp with the following (based on the Arch Linux networkmanager-l2tp's PKGBUILD):

./configure \
    --localstatedir=/var \
    --libexecdir=/usr/lib/NetworkManager \
    --prefix=/usr \
    --sysconfdir=/etc \
    --with-pppd-plugin-dir=/usr/lib/pppd/2.4.8

I would have expected the following output line :

pppd: Plugin /usr/lib/pppd/2.4.8/nm-l2tp-pppd-plugin.so loaded.

As ppp 2.4.9 is the current version, you could try upgrading the ppp package and reconfiguring and rebuilding NetworkManager-l2tp with --with-pppd-plugin-dir=/usr/lib/pppd/2.4.9

I'm not familiar with what pppd's PAP output is supposed to be when it is working, but with a bit of googling I think it is supposed to be the following:

pppd: sent [PAP AuthReq id=0x1 user="*user*" password=<hidden>]
pppd: rcvd [PAP AuthAck id=0x1 ""]
pppd: PAP authentication succeeded

and something similar for failure, but you are not even getting that. I don't know if it is something to do with DUO MFA requiring something different with PPP during auth.

Hopefully you might have more luck with the newer ppp package and rebuilt NetworkManager-l2tp

Last edited by dkosovic (2021-05-07 23:44:35)

Offline

#20 2021-05-09 14:02:20

dkosovic
Member
Registered: 2017-12-16
Posts: 21

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

I was just looking at the following DUO L2TP/IPsec docs :
   https://duo.com/docs/cisco-ipsec

It says it has to be PAP.

It also says you may add a comma (",") to the end of your password and append a Duo factor option.

Log in using a passcode generated with Duo Mobile :
username: bob
password: hunter2,123456

Log in with Duo push notification (which is probably the default if not specified) :
username: bob
password: hunter2,push

Although my workplace doesn't use Duo with L2TP/IPsec, we do use Duo and in some cases the passcode works, but the push notification doesn't due to timeout related issues. You might have more like with the passcode just to confirm if it works.

Offline

#21 2021-05-12 02:55:14

svalee
Member
Registered: 2019-01-20
Posts: 41
Website

Re: [SOLVED] Networkmanager-l2tp over ipsec can't connect to the vpn

Thank you dkosovic, I don't have enough words to express how grateful I am.

I was finally able to solve my problem with your help.

I think the main issue was that my duo account was deactivated and before it was activated I changed too many things and some were changed mindlessly, which of course is completely my fault and should have been avoided.

At some point, I decided to just try a fresh install on another PC and it worked, I then returned to my laptop, cleaned everything up and everything worked there as well. I think my auth failure was due to strongswan being inactive. God only knows why it was inactive, but yeah.

Anyway, sorry that I took so much of your time and thank you for staying up until the end of this journey.

Offline

Board footer

Powered by FluxBB