You are not logged in.

#1 2016-08-24 12:44:37

hiveNzin0
Member
Registered: 2011-10-02
Posts: 84

[SOLVED]networkmanager-openswan timed out, cannot connect

Hi,

I am trying to setup the networkmanager to connect to a VPN IP SEC. Until today, I only had to connect to VPN using OpenVPN so this is new.

Here is the information I've been given :

1) username
2) password for this username
3) an ip address of the VPN server
4) a password related to some kind of group
5) Phase 1 encryption : AES256

In network manager, I added a connection of type "IPsec based VPN (Openswan)" with the following info :

a) in General configuration : I checked "All users may connect to this network"
b) in VPN (openswan) :
- Connection name: EBRC
- Gateway : the ip address (see point 3 above)
- Group name: I put something random, is it supposed to match a configuration on their side ?
- User password : my user password (see point 2 above)
- Group password : the shared key by the group (see point 4 above)
- User name: my user name (see point 1 above)
- Phase1 algorithms: AES256
- Phase2 algorithsm: *blank*
- Domain: *blank*

When I try to connect, I get a message like "The connection attempt to the VPN timed out".
I tried to find the logs related to this connection so I did the following command in a terminal and tried to connect : tail -f /var/log/everything.log

Aug 24 14:41:12 arch ipsec__plutorun[9847]: Labelled IPsec not enabled; value 32001 ignored.
Aug 24 14:41:12 arch ipsec_setup[9852]: ...Openswan IPsec started
Aug 24 14:41:12 arch systemd[1]: Started Openswan daemon.
Aug 24 14:41:12 arch ipsec__plutorun[9847]: 002 adding connection: "L2TP-PSK"
Aug 24 14:41:12 arch ipsec__plutorun[9847]: 002 listening for IKE messages
Aug 24 14:41:12 arch ipsec__plutorun[9847]: 002 adding interface enp4s0/enp4s0 192.168.50.154:500 (AF_INET)
Aug 24 14:41:12 arch ipsec__plutorun[9847]: 002 adding interface enp4s0/enp4s0 192.168.50.154:4500
Aug 24 14:41:12 arch ipsec__plutorun[9847]: 002 adding interface lo/lo ::1:500 (AF_INET6)
Aug 24 14:41:12 arch ipsec__plutorun[9847]: 002 loading secrets from "/etc/ipsec.secrets"
Aug 24 14:41:12 arch ipsec__plutorun[9847]: 002 loaded private key for keyid: PPK_RSA:AQNm3LX4/
Aug 24 14:41:26 arch plasmashell[16514]: QDBusObjectPath: invalid path ""
Aug 24 14:41:26 arch NetworkManager[469]: <info>  [1472042486.4133] audit: op="connection-activate" uuid="f8a778bf-0f88-43c0-9a90-fbe5f7a990c7" name="EBRC" pid=16514 uid=1001 result="success"
Aug 24 14:41:26 arch NetworkManager[469]: <info>  [1472042486.4147] vpn-connection[0xb55d70,f8a778bf-0f88-43c0-9a90-fbe5f7a990c7,"EBRC",0]: Saw the service appear; activating connection
Aug 24 14:41:26 arch kde5-nm-connection-editor[17074]: plasma-nm: Item  "EBRC" : active connection state changed to  1
Aug 24 14:41:26 arch kdeinit5[823]: plasma-nm: virtual NMVariantMapMap SecretAgent::GetSecrets(const NMVariantMapMap&, const QDBusObjectPath&, const QString&, const QStringList&, uint)
Aug 24 14:41:26 arch kdeinit5[823]: plasma-nm: Path: "/org/freedesktop/NetworkManager/Settings/8"
Aug 24 14:41:26 arch kdeinit5[823]: plasma-nm: Setting name: "vpn"
Aug 24 14:41:26 arch kdeinit5[823]: plasma-nm: Hints: ()
Aug 24 14:41:26 arch kdeinit5[823]: plasma-nm: Flags: 4
Aug 24 14:41:26 arch kde5-nm-connection-editor[17074]: plasma-nm: Item  "EBRC" : connection updated
Aug 24 14:41:26 arch kdeinit5[823]: plasma-nm: Unhandled VPN connection state change:  3
Aug 24 14:41:26 arch kde5-nm-connection-editor[17074]: plasma-nm: Item  "EBRC" : connection updated
Aug 24 14:41:26 arch kde5-nm-connection-editor[17074]: plasma-nm: Item  "EBRC" : connection updated
Aug 24 14:41:26 arch kde5-nm-connection-editor[17074]: plasma-nm: Item  "EBRC" : active connection changed to  1
Aug 24 14:41:26 arch kdeinit5[823]: networkmanager-qt: void NetworkManager::ActiveConnectionPrivate::propertiesChanged(const QVariantMap&) Unhandled property "VpnState"
Aug 24 14:41:26 arch kde5-nm-connection-editor[17074]: networkmanager-qt: void NetworkManager::ActiveConnectionPrivate::propertiesChanged(const QVariantMap&) Unhandled property "VpnState"
Aug 24 14:41:26 arch ipsec_setup[9895]: Stopping Openswan IPsec...
Aug 24 14:41:26 arch NetworkManager[469]: <27>Aug 24 14:41:26 ipsec_setup: Stopping Openswan IPsec...
Aug 24 14:41:26 arch plasmashell[16514]: networkmanager-qt: void NetworkManager::ActiveConnectionPrivate::propertiesChanged(const QVariantMap&) Unhandled property "VpnState"
Aug 24 14:41:26 arch ipsec_setup[9911]: Stopping Openswan IPsec...
Aug 24 14:41:26 arch ipsec[9906]: <27>Aug 24 14:41:26 ipsec_setup: Stopping Openswan IPsec...
Aug 24 14:41:26 arch ipsec_setup[9911]: rmmod: ERROR: Module xfrm_user is in use
Aug 24 14:41:26 arch ipsec[9906]: <27>Aug 24 14:41:26 ipsec_setup: rmmod: ERROR: Module xfrm_user is in use
Aug 24 14:41:27 arch kernel: NET: Unregistered protocol family 15
Aug 24 14:41:27 arch ipsec_setup[10001]: ...Openswan IPsec stopped
Aug 24 14:41:27 arch ipsec_setup[10012]: ...Openswan IPsec stopped
Aug 24 14:41:27 arch kernel: NET: Registered protocol family 15
Aug 24 14:41:27 arch NetworkManager[469]: <27>Aug 24 14:41:27 ipsec_setup: Starting Openswan IPsec U2.6.47/K4.7.1-1-ARCH...
Aug 24 14:41:27 arch ipsec_setup[10021]: Starting Openswan IPsec U2.6.47/K4.7.1-1-ARCH...
Aug 24 14:41:27 arch NetworkManager[469]: <info>  [1472042487.4655] vpn-connection[0xb55d70,f8a778bf-0f88-43c0-9a90-fbe5f7a990c7,"EBRC",0]: VPN plugin: state changed: starting (3)
Aug 24 14:41:27 arch ipsec_setup[10038]: Using NETKEY(XFRM) stack
Aug 24 14:41:27 arch systemd[1]: openswan.service: Service hold-off time over, scheduling restart.
Aug 24 14:41:27 arch systemd[1]: Stopped Openswan daemon.
Aug 24 14:41:27 arch systemd[1]: Starting Openswan daemon...
Aug 24 14:41:27 arch ipsec_setup[10101]: Openswan IPsec apparently already active, start aborted
Aug 24 14:41:27 arch ipsec[10051]: <27>Aug 24 14:41:27 ipsec_setup: Openswan IPsec apparently already active, start aborted
Aug 24 14:41:27 arch ipsec_setup[10121]: Stopping Openswan IPsec...
Aug 24 14:41:27 arch ipsec[10108]: <27>Aug 24 14:41:27 ipsec_setup: Stopping Openswan IPsec...
Aug 24 14:41:27 arch ipsec_setup[10021]: multiple default routes, using 192.168.50.1 on enp4s0
Aug 24 14:41:27 arch NetworkManager[469]: <27>Aug 24 14:41:27 ipsec_setup: multiple default routes, using 192.168.50.1 on enp4s0
Aug 24 14:41:28 arch ipsec__plutorun[10183]: adjusting ipsec.d to /etc/ipsec.d
Aug 24 14:41:28 arch pluto[10188]: adjusting ipsec.d to /etc/ipsec.d
Aug 24 14:41:28 arch pluto[10188]: Labelled IPsec not enabled; value 32001 ignored.
Aug 24 14:41:28 arch ipsec__plutorun[10183]: Labelled IPsec not enabled; value 32001 ignored.
Aug 24 14:41:28 arch ipsec_setup[10187]: ...Openswan IPsec started
Aug 24 14:41:28 arch ipsec__plutorun[10183]: 002 adding connection: "L2TP-PSK"
Aug 24 14:41:28 arch NetworkManager[469]: 002 adding connection: "f8a778bf-0f88-43c0-9a90-fbe5f7a990c7"
Aug 24 14:41:28 arch ipsec__plutorun[10183]: 002 listening for IKE messages
Aug 24 14:41:28 arch ipsec__plutorun[10183]: 002 adding interface enp4s0/enp4s0 192.168.50.154:500 (AF_INET)
Aug 24 14:41:28 arch ipsec__plutorun[10183]: 002 adding interface enp4s0/enp4s0 192.168.50.154:4500
Aug 24 14:41:28 arch ipsec__plutorun[10183]: 002 adding interface lo/lo ::1:500 (AF_INET6)
Aug 24 14:41:28 arch ipsec__plutorun[10183]: 002 loading secrets from "/etc/ipsec.secrets"
Aug 24 14:41:28 arch ipsec__plutorun[10183]: 002 loaded private key for keyid: PPK_RSA:AQNm3LX4/
Aug 24 14:41:28 arch NetworkManager[469]: 002 listening for IKE messages
Aug 24 14:41:28 arch NetworkManager[469]: 002 forgetting secrets
Aug 24 14:41:28 arch NetworkManager[469]: 002 loading secrets from "/etc/ipsec.secrets"
Aug 24 14:41:28 arch NetworkManager[469]: 002 loaded private key for keyid: PPK_RSA:AQNm3LX4/
Aug 24 14:41:28 arch ipsec_setup[10121]: rmmod: ERROR: Module xfrm_user is in use
Aug 24 14:41:28 arch ipsec[10108]: <27>Aug 24 14:41:28 ipsec_setup: rmmod: ERROR: Module xfrm_user is in use
Aug 24 14:41:28 arch kernel: NET: Unregistered protocol family 15
Aug 24 14:41:28 arch ipsec_setup[10294]: ...Openswan IPsec stopped
Aug 24 14:41:28 arch systemd[1]: Started Openswan daemon.
Aug 24 14:41:29 arch systemd[1]: openswan.service: Service hold-off time over, scheduling restart.
Aug 24 14:41:29 arch systemd[1]: Stopped Openswan daemon.
Aug 24 14:41:29 arch systemd[1]: Starting Openswan daemon...
Aug 24 14:41:29 arch kernel: NET: Registered protocol family 15
Aug 24 14:41:29 arch ipsec_setup[10315]: Starting Openswan IPsec U2.6.47/K4.7.1-1-ARCH...
Aug 24 14:41:29 arch ipsec[10297]: <27>Aug 24 14:41:29 ipsec_setup: Starting Openswan IPsec U2.6.47/K4.7.1-1-ARCH...
Aug 24 14:41:29 arch ipsec_setup[10334]: Using NETKEY(XFRM) stack
Aug 24 14:41:29 arch ipsec_setup[10315]: multiple default routes, using 192.168.50.1 on enp4s0
Aug 24 14:41:29 arch ipsec[10297]: <27>Aug 24 14:41:29 ipsec_setup: multiple default routes, using 192.168.50.1 on enp4s0
Aug 24 14:41:29 arch pluto[10440]: adjusting ipsec.d to /etc/ipsec.d
Aug 24 14:41:29 arch ipsec__plutorun[10435]: adjusting ipsec.d to /etc/ipsec.d
Aug 24 14:41:29 arch pluto[10440]: Labelled IPsec not enabled; value 32001 ignored.
Aug 24 14:41:29 arch systemd[1]: Started Openswan daemon.
Aug 24 14:41:29 arch ipsec__plutorun[10435]: Labelled IPsec not enabled; value 32001 ignored.
Aug 24 14:41:29 arch ipsec_setup[10439]: ...Openswan IPsec started
Aug 24 14:41:29 arch ipsec__plutorun[10435]: 002 adding connection: "L2TP-PSK"
Aug 24 14:41:29 arch ipsec__plutorun[10435]: 002 listening for IKE messages
Aug 24 14:41:29 arch ipsec__plutorun[10435]: 002 adding interface enp4s0/enp4s0 192.168.50.154:500 (AF_INET)
Aug 24 14:41:29 arch ipsec__plutorun[10435]: 002 adding interface enp4s0/enp4s0 192.168.50.154:4500
Aug 24 14:41:29 arch ipsec__plutorun[10435]: 002 adding interface lo/lo ::1:500 (AF_INET6)
Aug 24 14:41:29 arch ipsec__plutorun[10435]: 002 loading secrets from "/etc/ipsec.secrets"
Aug 24 14:41:29 arch ipsec__plutorun[10435]: 002 loaded private key for keyid: PPK_RSA:AQNm3LX4/
Aug 24 14:42:27 arch NetworkManager[469]: <warn>  [1472042547.6378] vpn-connection[0xb55d70,f8a778bf-0f88-43c0-9a90-fbe5f7a990c7,"EBRC",0]: VPN connection: connect timeout exceeded.
Aug 24 14:42:27 arch NetworkManager[469]: libnm-glib-Message: Connect timer expired, disconnecting.
Aug 24 14:42:27 arch kde5-nm-connection-editor[17074]: plasma-nm: Item  "EBRC" : active connection changed to  4
Aug 24 14:42:27 arch NetworkManager[469]: <info>  [1472042547.6403] vpn-connection[0xb55d70,f8a778bf-0f88-43c0-9a90-fbe5f7a990c7,"EBRC",0]: VPN plugin: state changed: stopping (5)
Aug 24 14:42:27 arch akonadi_maildispatcher_agent[1152]: "No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/NetworkManager/ActiveConnection/17"
Aug 24 14:42:27 arch akonadi_followupreminder_agent[1147]: "No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/NetworkManager/ActiveConnection/17"
Aug 24 14:42:27 arch akonadi_ical_resource[1148]: "No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/NetworkManager/ActiveConnection/17"
Aug 24 14:42:27 arch akonadi_notes_agent[1165]: "No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/NetworkManager/ActiveConnection/17"
Aug 24 14:42:27 arch akonadi_sendlater_agent[1166]: "No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/NetworkManager/ActiveConnection/17"
Aug 24 14:42:27 arch kdeinit5[823]: "No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/NetworkManager/ActiveConnection/17"
Aug 24 14:42:27 arch kdeinit5[823]: networkmanager-qt: void NetworkManager::ActiveConnectionPrivate::propertiesChanged(const QVariantMap&) Unhandled property "VpnState"
Aug 24 14:42:27 arch ipsec_setup[10493]: Stopping Openswan IPsec...
Aug 24 14:42:27 arch NetworkManager[469]: <27>Aug 24 14:42:27 ipsec_setup: Stopping Openswan IPsec...
Aug 24 14:42:27 arch kde5-nm-connection-editor[17074]: plasma-nm: Item  "EBRC" : connection updated
Aug 24 14:42:27 arch kde5-nm-connection-editor[17074]: networkmanager-qt: void NetworkManager::ActiveConnectionPrivate::propertiesChanged(const QVariantMap&) Unhandled property "VpnState"
Aug 24 14:42:27 arch kde5-nm-connection-editor[17074]: plasma-nm: Item  "EBRC" : active connection removed
Aug 24 14:42:27 arch ipsec_setup[10509]: Stopping Openswan IPsec...
Aug 24 14:42:27 arch ipsec[10504]: <27>Aug 24 14:42:27 ipsec_setup: Stopping Openswan IPsec...
Aug 24 14:42:27 arch plasmashell[16514]: Currrent active notifications: QHash()
Aug 24 14:42:27 arch plasmashell[16514]: Guessing partOf as: 0
Aug 24 14:42:27 arch plasmashell[16514]:  New Notification:  "EBRC" "The connection attempt to the VPN service timed out." -1 & Part of: 0
Aug 24 14:42:27 arch plasmashell[16514]: networkmanager-qt: void NetworkManager::ActiveConnectionPrivate::propertiesChanged(const QVariantMap&) Unhandled property "VpnState"
Aug 24 14:42:28 arch ipsec_setup[10509]: rmmod: ERROR: Module xfrm_user is in use
Aug 24 14:42:28 arch ipsec[10504]: <27>Aug 24 14:42:28 ipsec_setup: rmmod: ERROR: Module xfrm_user is in use
Aug 24 14:42:28 arch kernel: NET: Unregistered protocol family 15
Aug 24 14:42:28 arch ipsec_setup[10612]: ...Openswan IPsec stopped
Aug 24 14:42:28 arch ipsec_setup[10623]: ...Openswan IPsec stopped
Aug 24 14:42:28 arch NetworkManager[469]: <info>  [1472042548.6661] vpn-connection[0xb55d70,f8a778bf-0f88-43c0-9a90-fbe5f7a990c7,"EBRC",0]: VPN plugin: state changed: stopped (6)
Aug 24 14:42:28 arch kde5-nm-connection-editor[17074]: plasma-nm: Item  "EBRC" : connection updated
Aug 24 14:42:28 arch systemd[1]: openswan.service: Service hold-off time over, scheduling restart.
Aug 24 14:42:28 arch systemd[1]: Stopped Openswan daemon.
Aug 24 14:42:28 arch systemd[1]: Starting Openswan daemon...
Aug 24 14:42:28 arch kernel: NET: Registered protocol family 15
Aug 24 14:42:28 arch ipsec_setup[10644]: Starting Openswan IPsec U2.6.47/K4.7.1-1-ARCH...
Aug 24 14:42:28 arch ipsec[10624]: <27>Aug 24 14:42:28 ipsec_setup: Starting Openswan IPsec U2.6.47/K4.7.1-1-ARCH...
Aug 24 14:42:28 arch ipsec_setup[10663]: Using NETKEY(XFRM) stack
Aug 24 14:42:29 arch ipsec_setup[10644]: multiple default routes, using 192.168.50.1 on enp4s0
Aug 24 14:42:29 arch ipsec[10624]: <27>Aug 24 14:42:29 ipsec_setup: multiple default routes, using 192.168.50.1 on enp4s0
Aug 24 14:42:29 arch ipsec__plutorun[10757]: adjusting ipsec.d to /etc/ipsec.d
Aug 24 14:42:29 arch pluto[10762]: adjusting ipsec.d to /etc/ipsec.d
Aug 24 14:42:29 arch pluto[10762]: Labelled IPsec not enabled; value 32001 ignored.
Aug 24 14:42:29 arch ipsec__plutorun[10757]: Labelled IPsec not enabled; value 32001 ignored.
Aug 24 14:42:29 arch ipsec_setup[10761]: ...Openswan IPsec started
Aug 24 14:42:29 arch systemd[1]: Started Openswan daemon.
Aug 24 14:42:29 arch ipsec__plutorun[10757]: 002 adding connection: "L2TP-PSK"
Aug 24 14:42:29 arch ipsec__plutorun[10757]: 002 listening for IKE messages
Aug 24 14:42:29 arch ipsec__plutorun[10757]: 002 adding interface enp4s0/enp4s0 192.168.50.154:500 (AF_INET)
Aug 24 14:42:29 arch ipsec__plutorun[10757]: 002 adding interface enp4s0/enp4s0 192.168.50.154:4500
Aug 24 14:42:29 arch ipsec__plutorun[10757]: 002 adding interface lo/lo ::1:500 (AF_INET6)
Aug 24 14:42:29 arch ipsec__plutorun[10757]: 002 loading secrets from "/etc/ipsec.secrets"
Aug 24 14:42:29 arch ipsec__plutorun[10757]: 002 loaded private key for keyid: PPK_RSA:AQNm3LX4/

Any idea of what I am doing wrong ? I first tried to use the networkmanager (networkmanager-openswan in AUR) and now I am reading the documentation here https://wiki.archlinux.org/index.php/Op … ient_setup hoping there is another way to connect.

Thank you.

edit : I tried to follow this tutorial (for fedora though) and I still have the same problem of timeout : https://www.moucha.cc/charon/l2tpipsec- … on-fedora/

does anybody know what this means : "Remind: if you successfully reached this point you have the tunnel only and you need to add your routes manually to access the networks behind the tunnel!" it is written at the bottom of the tutorial.

I also deleted openswam to install libreswam and networkmanager-libreswam but nothing changes, I still have the same problem.

I am looking for any help : either the configuration, a link to a blog, some tips to help me find why there is a timeout like which logs or more debug, ... anything really.

edit 2 : I found how to add route here https://wiki.archlinux.org/index.php/Op … the_tunnel but I don't have a valid tunnel I think. I have this with ip link :
4: ip_vti0@NONE: <NOARP> mtu 1332 qdisc noop state DOWN mode DEFAULT group default qlen 1
    link/ipip 0.0.0.0 brd 0.0.0.0

and this doesn't seem to be valid

Thank you.

Last edited by hiveNzin0 (2016-08-25 07:28:29)

Offline

#2 2016-08-25 07:33:04

hiveNzin0
Member
Registered: 2011-10-02
Posts: 84

Re: [SOLVED]networkmanager-openswan timed out, cannot connect

I didn't use libreswan/openswan or something like that. I created a connection of type "vpnc", I edited the advanced settings to be "DH Group 5" in IKE DH Group and Perfect Forward Secrecy. Apparently, those settings are the ones the server is using so it might be different for you.
Once I did that, I tried to connect and it failed. I checked /var/log/everything.log and found this :

"Aug 25 08:27:47 arch NetworkManager[496]: vpnc: vpnc.c:1206: lifetime_ike_process: Assertion `a->next->type == IKE_ATTRIB_LIFE_DURATION' failed."

After some googling, I could find a solution here : http://rolandtapken.de/blog/2015-06/how … sing-linux

This is for Ubuntu but you can do something like that with ABS on arch. I created a patch that I apply during the makepkg and then it worked.

(Just in case the blog is down one day, you need to comment out the following line in vpnc.c : assert(a->next->type == IKE_ATTRIB_LIFE_DURATION); -> /* assert(a->next->type == IKE_ATTRIB_LIFE_DURATION); */)

This doesn't seem to be a bug with vpnc but more with forticlient things.

Hope this helps.

Offline

Board footer

Powered by FluxBB