** Description changed: On freshly installed and fully updated Ubuntu 24.04.2 there is a regression that prevents VPN connections to Meraki MX firewalls using the following configuration (which worked perfectly in Ubuntu 22.04 and prior releases): https://community.meraki.com/t5/Security-SD-WAN/Guide-Client-VPN-on- Linux-Debian/m-p/72315 The pertinent error from the logs is: level=debug tunnel_name=t1 function=transport message=recv message_type=avpMsgTypeSli level=error tunnel_name=t1 message="bad control message" message_type=avpMsgTypeSli error="no specification for v2 message avpMsgTypeSli" The connection process shows: - 1. The IPsec tunnel establishes successfully 2. The L2TP tunnel starts to establish 3. Then there's a failure when receiving a "Set Link Info" (SLI) message from the Meraki server + 4. The local L2TP client doesn't understand this message type and disconnects. - The local L2TP client doesn't understand this message type and - disconnects + Important Behavior Pattern: + - Fresh Ubuntu 24.04.2 installations: VPN connections FAIL + - Fresh Debian 12 installations: VPN connections WORK + - Ubuntu 22.04 upgraded to 24.04.2: ONLY pre-existing VPN profiles continue to work + * Cannot create new profiles on upgraded systems + * Cannot recreate deleted profiles on upgraded systems - This appears to be a compatibility issue between the L2TP implementation - in fresh Ubuntu 24.04.2 and the Meraki MX firewall. Interestingly, this - same issue does not occur on fresh Debian 12 installs or on Ubuntu - 24.04.2 upgraded from Ubuntu 22.04. + This pattern creates a severe limitation requiring a cumbersome workaround: + 1. Install Ubuntu 22.04 + 2. Create VPN profile + 3. Upgrade to 24.04.2 + 4. Never delete the profile - The L2TP protocol implementation may have changed in Ubuntu 24.04.2 + Since fresh Debian 12 installations work correctly, this regression + appears specific to Ubuntu 24.04.2's implementation of the L2TP + protocol. - There might be a version mismatch between packages in fresh vs. upgraded - installations. - - Some configuration file or setting that handles these message types - properly might be preserved during upgrades but not set correctly in - fresh installations - - Since fresh Debian 12 installations are now working, this narrows down - the issue specifically to Ubuntu 24.04.2 fresh installations, which - should help in identifying and resolving the regression. + This appears to be a compatibility issue between the L2TP implementation in fresh Ubuntu 24.04.2 and the Meraki MX firewall. The following factors may be involved: + - The L2TP protocol implementation may have changed in Ubuntu 24.04.2 + - There might be a version mismatch between packages in fresh vs. upgraded installations + - Some configuration file or setting that handles these message types properly might be preserved during upgrades but not set correctly in fresh installations Workaround: sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp && sudo apt update && sudo apt install network-manager-l2tp network-manager-l2tp- gnome go-l2tp && sudo systemctl restart NetworkManager - After adding the repository above and replacing the packages from Ubunu + After adding the repository above and replacing the packages from Ubuntu 24.04.2 with the ones from this repository (and restarting NetworkManager), the previously failing VPN profile immediately begins to work as expected. This work-around was provided by Douglas Kosovic during this bug report: https://github.com/nm-l2tp/NetworkManager-l2tp/issues/237 ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: network-manager-l2tp-gnome 1.20.12-1build2 ProcVersionSignature: Ubuntu 6.11.0-21.21~24.04.1-generic 6.11.11 Uname: Linux 6.11.0-21-generic x86_64 ApportVersion: 2.28.1-0ubuntu3.5 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Apr 12 22:39:02 2025 InstallationDate: Installed on 2025-04-13 (0 days ago) InstallationMedia: Ubuntu 24.04.2 LTS "Noble Numbat" - Release amd64 (20250215) ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> SourcePackage: network-manager-l2tp UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107270 Title: Regression Preventing VPN to Meraki MX To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-l2tp/+bug/2107270/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
