Ask Your Question
1

Can't connect with L2TP (Preshared Key)

asked 2017-02-23 09:44:35 -0500

IT_Master gravatar image

Hi,

I have Fedora 25 workstation which is installed on VMware. I have configured L2TP VPN protocol but can connect only without Preshared Key. But when I enter Preshared Key , it wont connect (everything is configured correctly).

Whats the problem?

edit retag flag offensive close merge delete

Comments

Fedora 25 is the client side? Are you using the networkmanager plugin? I think I'm having the same problem trying to connect to a Synology NAS with L2TP/IPsec vpn....

Gion86 gravatar imageGion86 ( 2017-03-13 16:45:15 -0500 )edit

Yes, all yes. How can we solve this issue?

IT_Master gravatar imageIT_Master ( 2017-03-16 13:10:08 -0500 )edit

I've tried to remove the preshared key on the client side, and disabled the firewall.. but this is what I get from the journactrl:

NetworkManager[1116]: <warn>  [] vpn-connection[0x5..,"IPSec",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'

among other messages...

With the preshare key I get a bunch of:

mar 17 19:17:19 latE7270 pluto[8076]: "nm-ipsec-l2tp-7454" #10: no acceptable Oakley Transform

The same on Archlinux with networkmanager.... everything works beautifully from a Android client...

Gion86 gravatar imageGion86 ( 2017-03-17 13:30:06 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-03-21 16:26:13 -0500

Gion86 gravatar image

Man I've managed to "fix" the issue, at least in my case. It's a configuration issue: I looked at the log with

journalctl -f -u NetworkManager

and found the line:

we require IKEv1 peer to have ID 'X.X.X.X', but peer declares '192.168.0.2'

where X.X.X.X is my server public IP. The IPSec client wants the server peer ID to be X.X.X.X but my server is not configured to have and ID, so it defaults to it's private IP address. I added the options on the server to have the ID, in ipsec.conf:

leftid=X.X.X.X

and it works.

But, even better, the best solution is to add the desired ID to the NetworkManager configuration on the client, in case you can't change the server config. There is the Gateway ID parameter, in IPSec setting. Put the server ID 192.168.0.2 and it works, in my case. Not sure it's the same problem in your case....

edit flag offensive delete link more

Comments

Forgot to mention, this bug is somehow related an I've found useful info: https://bugzilla.redhat.com/show_bug.cgi?id=1408616

Gion86 gravatar imageGion86 ( 2017-03-21 16:28:14 -0500 )edit

I tried with 192.168.0.2 but not working.

IT_Master gravatar imageIT_Master ( 2017-03-31 09:29:33 -0500 )edit

Is it the the ID that the peer declares?? Did you look in the log?

Gion86 gravatar imageGion86 ( 2017-04-03 15:37:30 -0500 )edit

Question Tools

2 followers

Stats

Asked: 2017-02-23 09:44:35 -0500

Seen: 3,167 times

Last updated: Feb 23 '17