I’m trying to connect to cisco l2tp/ipsec vpn with PSK and IKEv1 username/password.
According to this article, I’ve found that server supports following authentification methods:
SA=(Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800)
networkmanager-l2tp package. Tried both
libreswan (manually built with
USE_DH2=true as described in this patchnote).
.nmconnection file looks like this:
[connection] id=etis uuid=70147d0a-5d7f-467a-80ee-9048601960e1 type=vpn permissions=user:***:; [vpn] gateway=vpn.psu.ru ipsec-enabled=yes ipsec-esp=aes128-sha1,3des-md5 ipsec-ike=aes128-sha1-modp1024,3des-sha1-modp1024 ipsec-psk=*** password-flags=1 user=*** service-type=org.freedesktop.NetworkManager.l2tp
When I’m trying to connect I’m getting the following log:
From what I see, it seems like both ways
ipsec connection is being established successfully, but then this happens:
xl2tpd: Listening on IP address 0.0.0.0, port 1701 xl2tpd: Connecting to host 220.127.116.11, port 1701 xl2tpd: death_handler: Fatal signal 15 received
Strongswan log also has this suspicious message in between of the above:
charon: 01[NET] received packet: from 18.104.22.168 to 192.168.5.28 (164 bytes) charon: 01[IKE] received retransmit of response with ID 1610789051, but next request already sent
At this point I’ve depleted my google skills. If anybody could tell me where to go next or at least tell me if this problem is connected with
l2tp part of the equation, I would greately appreciate that.
Go to Source
Author: Denis Sheremet