l2tp/ipsec unable to connect on linux

I’m trying to connect to cisco l2tp/ipsec vpn with PSK and IKEv1 username/password.

According to this article, I’ve found that server supports following authentification methods:

SA=(Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800)
SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800)
SA=(Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800)
SA=(Enc=AES KeyLength=256 Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800)

I’m using networkmanager-l2tp package. Tried both openswan and libreswan (manually built with USE_DH2=true as described in this patchnote).

My .nmconnection file looks like this:

[connection]
id=etis
uuid=70147d0a-5d7f-467a-80ee-9048601960e1
type=vpn
permissions=user:***:;

[vpn]
gateway=vpn.psu.ru
ipsec-enabled=yes
ipsec-esp=aes128-sha1,3des-md5
ipsec-ike=aes128-sha1-modp1024,3des-sha1-modp1024
ipsec-psk=***
password-flags=1
user=***
service-type=org.freedesktop.NetworkManager.l2tp

When I’m trying to connect I’m getting the following log:

log using strongswan

log using libreswan with USE_DH2=true

From what I see, it seems like both ways ipsec connection is being established successfully, but then this happens:

xl2tpd[106869]: Listening on IP address 0.0.0.0, port 1701
xl2tpd[106869]: Connecting to host 212.192.80.206, port 1701
xl2tpd[106869]: death_handler: Fatal signal 15 received

Strongswan log also has this suspicious message in between of the above:

charon[78694]: 01[NET] received packet: from 212.192.80.206[4500] to 192.168.5.28[4500] (164 bytes)
charon[78694]: 01[IKE] received retransmit of response with ID 1610789051, but next request already sent

At this point I’ve depleted my google skills. If anybody could tell me where to go next or at least tell me if this problem is connected with ipsec or l2tp part of the equation, I would greately appreciate that.

Go to Source
Author: Denis Sheremet