** Changed in: network-manager-l2tp (Ubuntu)
Status: New => Fix Committed
** Changed in: network-manager-l2tp (Ubuntu)
Assignee: (unassigned) => Douglas Kosovic (dkosovic)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Changed in: network-manager-l2tp (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2078529
Title:
L2TP/IPSec VPN stopped working after upgrade to Ubuntu
Forgot to mention, if you see the following in the logs:
pppd[]: Protocol-Reject for 'Compression Control Protocol' (0x80fd)
received
pppd[]: MPPE required but peer negotiation failed
Or some other MPPE protocol negotiation failed message, then disable
MPPE in the VPN connection's PP
As a few people pointed to this bug report, just a few comments.
The following error message in the logs in regard to the VPN server not
allowing the EAP authentication method to authenticate:
pppd[5258]: peer doesn't want to authenticate us with eap
Disabling EAP in the VPN connections PPP
appen within CCP and was fixed with the
version of network-manager-l2tp that shipped with Ubuntu 24.04.
MPPE generally only works with L2TP servers that don't use IPsec.
** Changed in: network-manager-l2tp (Ubuntu)
Assignee: (unassigned) => Douglas Kosovic (dkosovic)
** Change
Can you give the log output of the following?
journalctl --no-hostname _SYSTEMD_UNIT=NetworkManager.service +
_COMM=kl2tpd + SYSLOG_IDENTIFIER=pppd
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/208574
Upstream go-l2tp issue that's been resolved:
https://github.com/katalix/go-l2tp/issues/6
In the network-manager-l2tp PPA I've created a no-modification backport of
golang-github-katalix-go-l2tp-0.1.8-1 for Ubuntu 24.04 :
https://launchpad.net/~nm-l2tp/+archive/ubuntu/network-manager-l2tp
S
Regarding the original go-l2tp kl2tpd error:
level=error tunnel_name=t1 message="bad control message"
message_type=avpMsgTypeSli error="no specification for v2 message
avpMsgTypeSli"
Looks like the missing avpMsgTypeSli message_type was recently fixed with the
following commit that's in go-l2tp
I'm not sure why the user authentication is failing for you with
go-l2tp's kl2tpd, you could try disabling all of the authentication
methods in the PPP settings other than MSCHAPv2.
You could also try switching to xl2tpd and see if you have the same
problem, e.g.:
sudo apt install xl2tpd
su
I think this is a duplicate of the following, although the xl2tpd errors
manifest slightly differently :
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1951832
https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1968336
But as others have confirmed, Ubuntu 22.05's xl2tpd-1.3.16-1 is brok
For those using network-manager-l2tp, another workaround is to use
Katalix go-l2tp which is from the authors of the L2TP kernel modules
(which xl2tpd also happens to use).
With Networkmanager-l2tp >= 1.20.0, it has switched to kl2tpd as the
default L2TP daemon and falls back to xl2tpd if it can't
Nim's status change of no longer affects ppp I think was just a mistake
and rectified, but the rectification wasn't recorded in a new message.
This bug report no longer affects ppp >= 2.4.9, as it was fixed upstream
and is the reason the corresponding Debian bug was closed.
This SRU patch request
** Bug watch added: Debian Bug tracker #968040
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968040
** Also affects: ppp (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968040
Importance: Unknown
Status: Unknown
--
You received this bug notification because you
Public bug reported:
[Impact]
According to RFC2759, the format of PPP success packets is :
"S= M="
Recently Windows Server 2019 has started producing non-complaint PPP
success packets which have a space missing before the M= characters.
PPP based (e.g. PPTP, L2TP, etc) VPN clients connecting to
macOS already handles the missing space before M=, extract from :
https://opensource.apple.com/source/ppp/ppp-862.120.2/Helpers/pppd/chap_ms.c.auto.html
//we'll allow the missing-space case from the server, even though
//it's non-conforming to spec!
dbglog("Rcvd non-conform
** Changed in: network-manager-l2tp (Ubuntu)
Status: New => Invalid
** Changed in: network-manager-l2tp (Ubuntu)
Assignee: (unassigned) => Douglas Kosovic (dkosovic)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Did you install networkmanager-l2tp-gnome package which has the GNOME
L2TP VPN plug-in for the GNOME NetworkManager connection editor?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875784
Title:
Im
correction I meant network-manager-l2tp-gnome package
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875784
Title:
Impossible create or edit L2TP vpn, missing form
To manage notifications about thi
** Project changed: l2tp-ipsec-vpn => ubuntu
** Changed in: ubuntu
Status: New => Confirmed
** Package changed: ubuntu => network-manager-l2tp (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
Comment 6 and 7 in the upstream GNOME NetworkManager-pptp bug report :
https://bugzilla.gnome.org/show_bug.cgi?id=785771#c6
are relevant to this bug (but not the 'cp -a' issue).
As mentioned, the following exit in /etc/ppp/ip-up.d/000resolvconf when
the interface is managed by NM, seems the ri
I wasn't able to redirect the stderr from the following line in /etc/ppp
/ip-up.d/usepeerdns (probably because of something pppd is doing) :
cp -a "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"
So I modified the cp.c source from the coreutils package and redirected
stderr to a fil
Sorry ignore comment #16 as the following line in /etc/ppp/ip-
up.d/usepeerdns will exit because of the '#!/bin/sh -e' shebang
line:
cp -Lp "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"
So my original suggestion of replacing the following line:
cp -a "$REALRESOLVCONF" "$REALRES
Correction the following line in /etc/ppp/ip-up.d/usepeerdns
probably should be changed from :
cp -a "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"
to:
cp -Lp "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"
chmod 644 "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"
--
You re
I can confirm the issue is the following line in /etc/ppp/ip-
up.d/usepeerdns as previously mentioned :
cp -a "$REALRESOLVCONF" "$REALRESOLVCONF.pppd-backup.$PPP_IFACE"
The variable expansion of that line is :
cp -a /run/systemd/resolve/stub-resolv.conf
/run/systemd/resolve/stub-resolv.conf.
Hi Eric and Ćukasz,
I uninstalled existing xl2tpd from test PPA on xenial and bionic before
installing xl2tpd from respective proposed repository.
On xenial I installed and tested xl2tpd_1.3.6+dfsg-
4ubuntu0.16.04.2_amd64.deb and can confirm I'm able to establish
L2TP/IPsec VPN connection with fo
@Billy thanks for the Xenial xl2tpd test package.
I setup an Ubuntu 16.04.4 VM which came with kernel 4.13.0-36-generic
and did an apt update followed by an apt upgrade and it installed kernel
4.15.0-29-generic. I didn't know the proper way to downgrade to kernel
4.4, so manually downloaded and in
I can confirm I am able to establish a L2TP/IPsec connection with
xl2tpd_1.3.10-1+lp1760796_amd64.deb test package with Bionic's latest
4.15 kernel.
I'll need to bring up a VM for xenial, but happy to test with kernel 4.4
and 4.15 on xenial for any backport. The version of xl2tpd in xenial
updates
** Tags added: sts sts-sru-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1760796
Title:
kernel 4.15 breaks xl2tpd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubu
** Changed in: network-manager-l2tp (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1771223
Title:
Cannot connect to L2TP network
To manage notifications about
I'm guessing there is a firewall between the client and VPN server when
the client is in the outside world.
See the "Issue with not stopping system xl2tpd service" section in the
README.md file :
https://github.com/nm-l2tp/network-manager-l2tp/blob/nm-1-2/README.md
I'm guessing the firewall doe
See "Issue with VPN servers only proposing IPsec IKEv1 weak legacy
algorithms" in the README.md file:
https://github.com/nm-l2tp/network-manager-l2tp/blob/nm-1-2/README.md
I can confirm with the ike-scan.sh script mentioned in the README.md
file that the VPN server you are trying to connect to on
Can you confirm you are seeing the "udp_xmit failed ... with err=-1:No
such device" error ?
If you are, this is not a network-manager-l2tp bug, but a kernel 4.15
bug, I posted a xl2tpd bug report and workaround patch for Ubuntu
18.04's xl2tpd package almost a month before Bionic Beaver was release
** Changed in: network-manager-l2tp (Ubuntu)
Assignee: (unassigned) => Douglas Kosovic (dkosovic)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1771223
Title:
Cannot connect to L2TP netw
** Bug watch added: Red Hat Bugzilla #1562512
https://bugzilla.redhat.com/show_bug.cgi?id=1562512
** Also affects: xl2tpd (Fedora) via
https://bugzilla.redhat.com/show_bug.cgi?id=1562512
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a m
Public bug reported:
Kernel 4.15 breaks xl2tpd, please see following upstream issue for more details
:
https://github.com/xelerance/xl2tpd/issues/147
The following commit/patch fixes the issue:
https://github.com/xelerance/xl2tpd/commit/9c2cd4933478a83075df5b10f24af7589e90abc3.patch
As U
I just saw this bug report now while looking foranother xl2tpd bug.
You might have already worked it out by now, but in regards to the
xl2tpd max transmit and receive speeds, the default max is 10 Mbps.
See the xl2tpd.conf manpage for the 'tx bps' and 'rx bps' options to set
it higher.
--
You r
I suggest you file a Debian Request for Package (RFP) for
network-manager-libreswan :
https://wiki.debian.org/RFP
Once the package is in Debian Sid, it will automatically make its way to
Ubuntu.
Or if you are able to provide a package, an Intent to Package (ITP) :
https://wiki.debian.org/I
Marked as invalid as the VPN server is using an algorithm considered
broken by stronswan and workaround was provided.
** Changed in: network-manager-l2tp (Ubuntu)
Assignee: (unassigned) => Douglas Kosovic (dkosovic)
** Changed in: network-manager-l2tp (Ubuntu)
Status: New => I
>From the logs, it definitely isn't using IPsec XAuth.
The "NO_PROPOSAL_CHOSEN error" means your VPN server is using a legacy
encryption algorithm that strongswan considers broken as it is old and
weak, it is most likely 3DES :
https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuite
Group Name is for IPsec Extended authentication (XAuth).
Xauth support was never implemented in network-manager-l2tp and it
doesn't make sense as XAuth doesn't use L2TP, so Group Name was removed
from the IPsec configuration dialog box.
So a summary for the differences in the two VPN connections
network-manager-l2tp 1.2.6-2 was accepted into Debian sid :
https://tracker.debian.org/pkg/network-manager-l2tp
The Debian package was automatically added to Ubuntu artful (17.10).
I've requested an Ubuntu backport of network-manager-l2tp from artful to
xenial (16.04) which includes intermedi
Hi Brian,
I tested xl2tpd_1.3.6+dfsg-4ubuntu0.16.04.1_amd64.deb on xenial with
NetworkManager-l2tp and I'm no longer able to reproduce the xl2tpd
segmentation fault, nor is there any orphaned pppd process (which used
to happen after the parent xl2tpd process crashed)
Similarly with xl2tpd_1.3.6+d
There is now a new PPA, network-manager-l2tp 1.2.4 for 17.04 (zesty), 16.10
(yakkety) and 16.04 (xenial) packages can be found here:
https://launchpad.net/~nm-l2tp/+archive/ubuntu/network-manager-l2tp
strongswan stable release updates for yakkety and xenial which fix the
aforementioned AppArm
I can confirm NetworkManager-l2tp is working fine with the following
yakkety-proposed packages:
strongswan_5.3.5-1ubuntu4.1_all
strongswan-charon_5.3.5-1ubuntu4.1_amd64
strongswan-libcharon_5.3.5-1ubuntu4.1_amd64
strongswan-starter_5.3.5-1ubuntu4.1_amd64
libstrongswan_5.3.5-1ubuntu4.1_am
As far as NetworkManager-l2tp is concerned, I can confirm the strongswan
5.3.5-1ubuntu3.1 xenial-proposed package worked fine for me.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1587886
Title:
str
AppArmor is a Linux kernel security module that allows administrators to
restrict programs' capabilities with per-program profiles.
Disabling the charon and stroke Apparmor profiles is just a workaround
that removes the restrictions including the issue you having.
The other option is to edit the
Sorry I gave bad advice, Apparmor complain mode won't help, it was the
attach_disconnected in the patch which fixes the issue.
Simplest solution without patching is to disable the charon and stroke Apparmor
profiles as mentioned on:
https://github.com/nm-l2tp/network-manager-l2tp/wiki
--
You
If you are using network-manager-l2tp, the Apparmor strongswan issue is listed
in the known issues on the Wiki:
https://github.com/nm-l2tp/network-manager-l2tp/wiki
The patch just puts the AppArmor profiles for charon and stroke into
complain mode. The same can be achieved with the following co
I've posted a summary of current NetworkManager-l2tp known issues and
workarounds for Ubuntu and Debian here :
https://github.com/nm-l2tp/network-manager-l2tp/issues/12
I haven't created a new network-manager-l2tp PPA because because of the
strongSwan AppArmor name space issue involving Network
Sorry, you are correct, I had forgotten I had changed to "complain" a
while back for the two profiles to help with debugging.
On a clean Ubuntu 16.04 install, I can confirm with just
flags=(attach_disconnected) for the two profiles, things work as
expected.
--
You received this bug notification
Somehow forgot the attachment, find attached.
** Patch added: "/etc/apparmor.d/usr.lib.ipsec.* patch"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1587886/+attachment/4690136/+files/usr.lib.ipsec.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs
I wasn't able to reproduce issue from the command-line with
NetworkManager-l2tp, it only happens after NetworkManager-l2tp restarts
strongSwan under NetworkManager.
Turns out it is the same NetworkManager issue as the following :
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1244157/c
Doesn't appear to matter if bare metal PC or VM.
So far haven't been able to reproduce 'ipsec status' issue other than
using network-manager-l2tp, but need to do more comprehensive command-
line tests that mimics better what network-manager-l2tp is doing.
--
You received this bug notification be
Hi Simon,
UEFI Lenovo desktop PC is what I'm running Xenial on.
I'm the new maintainer for network-manager-l2tp VPN plugin for NetworkManger :
https://github.com/nm-l2tp/network-manager-l2tp
I started an IPSec/L2TP connection using network-manager-l2tp before
issuing the 'sudo ipsec status'.
Public bug reported:
$ lsb_release -rd
Description:Ubuntu 16.04 LTS
Release:16.04
$ apt-cache policy strongswan
strongswan:
Installed: 5.3.5-1ubuntu3
Candidate: 5.3.5-1ubuntu3
Version table:
*** 5.3.5-1ubuntu3 500
500 http://au.archive.ubuntu.com/ubuntu xenial/main amd6
55 matches
Mail list logo
