Unable to connect to L2TP VPN network with Fedora 29 The 2019 Stack Overflow Developer Survey Results Are InUnable to ssh with fedoraL2TP/IPSec PreShared Key VPNHow can I create a host to host IPsec VPN if my server has direct Internet access and no LAN?OpenSwan IPSec phase #2 complicationsL2TP over IPSec VPN with OpenSwan and XL2TPD can't connect, timeout on Centos 6l2tp vpn is disconnected after few minutesCannot connect to IPSEC/L2TP VPN Arch Linux/Windows 8FreeBSD L2TP VPN connection errorpfSense/strongSwan “deleting half open IKE_SA after timeout” - IPSec connection Android 4.4 to pfSense 2.2.1 failsUnable to connect to server through VPN L2TP
Pokemon Turn Based battle (Python)
Falsification in Math vs Science
How come people say “Would of”?
Looking for Correct Greek Translation for Heraclitus
Why didn't the Event Horizon Telescope team mention Sagittarius A*?
Which Sci-Fi work first showed weapon of galactic-scale mass destruction?
What does ひと匙 mean in this manga and has it been used colloquially?
What is the accessibility of a package's `Private` context variables?
What do hard-Brexiteers want with respect to the Irish border?
What is the meaning of Triage in Cybersec world?
Have you ever entered Singapore using a different passport or name?
Delete all lines which don't have n characters before delimiter
Button changing it's text & action. Good or terrible?
Is "plugging out" electronic devices an American expression?
How to support a colleague who finds meetings extremely tiring?
Am I thawing this London Broil safely?
When should I buy a clipper card after flying to OAK?
What do the Banks children have against barley water?
What did it mean to "align" a radio?
Why is the Constellation's nose gear so long?
Why do UK politicians seemingly ignore opinion polls on Brexit?
Are there incongruent pythagorean triangles with the same perimeter and same area?
"as much details as you can remember"
Is flight data recorder erased after every flight?
Unable to connect to L2TP VPN network with Fedora 29
The 2019 Stack Overflow Developer Survey Results Are InUnable to ssh with fedoraL2TP/IPSec PreShared Key VPNHow can I create a host to host IPsec VPN if my server has direct Internet access and no LAN?OpenSwan IPSec phase #2 complicationsL2TP over IPSec VPN with OpenSwan and XL2TPD can't connect, timeout on Centos 6l2tp vpn is disconnected after few minutesCannot connect to IPSEC/L2TP VPN Arch Linux/Windows 8FreeBSD L2TP VPN connection errorpfSense/strongSwan “deleting half open IKE_SA after timeout” - IPSec connection Android 4.4 to pfSense 2.2.1 failsUnable to connect to server through VPN L2TP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
0
I used to connect to my workplace's VPN network from my F29 laptop. Since last 3 days it has been unable to establish the connection, and so far I am unable to determine what is going wrong on my own. F29 does not report any problem in details. Simply tells me Activation of network connection failed.
Connection type: VPN with IPSec tunnel to L2TP host using PSK. No algorithm specified.
Things I tried:
- Re-creating the connection but it did not work.
- Was able to connect to the VPN in my Android phone from my home network and in my friend's mac from some other network.
- Able to ping the Gateway IP from my F29 (home network).
- Contacted my VPN admin and when I attempted to connect to VPN from F29, he notified me that he did not get any request at all.
- Not sure if this is relevant for the problem, but VPN services like PureVPN still works from F29.
Probably relevant logs:
System version: 5.0.5-200.fc29.x86_64
Using nmcli to list connections and get their UUID:
# nmcli con show
NAME UUID TYPE DEVICE
........................................................................
...............................redacted.................................
........................................................................
TigerIT f67aaed5-a0c3-454d-8c06-f7efcf03efe8 vpn --
The last line is the name of my VPN connection. When I try to connect to my VPN using nmcli, I get the following output:
# nmcli con up uuid f67aaed5-a0c3-454d-8c06-f7efcf03efe8
Error: Connection activation failed: Unknown reason
I looked up for such error, but so far could not find anything that works for me.
Output of journalctl -f when trying to connect:
(I redacted some pluto and network manager's dst logs to keep it a bit shorter)
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3635] audit: op="connection-activate" uuid="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" name="TigerIT" pid=1893 uid=1000 result="success"
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3673] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: Started the VPN service, PID 10846
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3748] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: Saw the service appear; activating connection
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3791] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN connection: (ConnectInteractive) reply received
Apr 10 21:52:18 hyperion nm-l2tp-service[10846]: Check port 1701
Apr 10 21:52:18 hyperion NetworkManager[1094]: Redirecting to: systemctl restart ipsec.service
Apr 10 21:52:18 hyperion systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Apr 10 21:52:18 hyperion pluto[10438]: shutting down
Apr 10 21:52:18 hyperion audit[10438]: CRYPTO_IPSEC_SA pid=10438 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=destroy conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=8, satype=ipsec-policy samode=transport cipher=none ksize=0 integ=none in-spi=0(0x00000000) out-spi=1365708687(0x1365708687) in-ipcomp=0(0x00000000) out-ipcomp=0(0x00000000) laddr=192.1 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:18 hyperion audit[10438]: CRYPTO_IKE_SA pid=10438 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=destroy direction=initiator conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=6 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha256 prf=sha256 pfs=MODP2048 laddr=192.168.0.101 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:18 hyperion pluto[10438]: forgetting secrets
Apr 10 21:52:18 hyperion whack[10860]: 002 shutting down
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8": deleting non-instance connection
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #8: deleting state (STATE_QUICK_I1) and NOT sending notification
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #6: deleting state (STATE_MAIN_I4) and sending notification
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo ::1:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo 127.0.0.1:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo 127.0.0.1:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface wlp0s20u2/wlp0s20u2 192.168.0.101:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface wlp0s20u2/wlp0s20u2 192.168.0.101:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface virbr0/virbr0 192.168.122.1:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface virbr0/virbr0 192.168.122.1:500
Apr 10 21:52:18 hyperion pluto[10438]: leak detective found no leaks
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 src=123.49.3.114 dst=192.168.0.101 spi=1365708687(0x51670f8f) res=1
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 src=123.49.3.114 dst=192.168.0.101 spi=3823187978(0xe3e1380a) res=1
Apr 10 21:52:18 hyperion ipsec[10863]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10865]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Apr 10 21:52:18 hyperion audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ipsec comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 21:52:18 hyperion systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Apr 10 21:52:18 hyperion addconn[10869]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10869]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion _stackmanager[10870]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10872]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion _stackmanager[10870]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10877]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion ipsec[11156]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[11158]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion ipsec[11156]: nflog ipsec capture disabled
...
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 listening for IKE messages
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:500 24
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:500 fd 24
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 forgetting secrets
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 loading secrets from "/etc/ipsec.secrets"
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:4500 23
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:4500 fd 23
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:500 22
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:500 fd 22
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface wlp0s20u2:4500 21
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface wlp0s20u2:4500 fd 21
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface wlp0s20u2:500 20
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface wlp0s20u2:500 fd 20
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface virbr0:4500 19
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface virbr0:4500 fd 19
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface virbr0:500 18
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface virbr0:500 fd 18
Apr 10 21:52:18 hyperion pluto[11167]: forgetting secrets
Apr 10 21:52:18 hyperion pluto[11167]: loading secrets from "/etc/ipsec.secrets"
Apr 10 21:52:18 hyperion pluto[11167]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 10 21:52:18 hyperion NetworkManager[1094]: debugging mode enabled
Apr 10 21:52:18 hyperion NetworkManager[1094]: end of file /var/run/nm-l2tp-f67aaed5-a0c3-454d-8c06-f7efcf03efe8/ipsec.conf
Apr 10 21:52:18 hyperion NetworkManager[1094]: Loading conn f67aaed5-a0c3-454d-8c06-f7efcf03efe8
Apr 10 21:52:18 hyperion NetworkManager[1094]: starter: left is KH_DEFAULTROUTE
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgdns=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgdomains=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgbanner=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark-in=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark-out=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" vti_iface=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: opening file: /var/run/nm-l2tp-f67aaed5-a0c3-454d-8c06-f7efcf03efe8/ipsec.conf
Apr 10 21:52:18 hyperion NetworkManager[1094]: loading named conns: f67aaed5-a0c3-454d-8c06-f7efcf03efe8
...
Apr 10 21:52:18 hyperion NetworkManager[1094]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Apr 10 21:52:18 hyperion pluto[11167]: added connection description "f67aaed5-a0c3-454d-8c06-f7efcf03efe8"
Apr 10 21:52:18 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: initiating Main Mode
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: initiating Main Mode
Apr 10 21:52:18 hyperion NetworkManager[1094]: 104 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: initiate
Apr 10 21:52:19 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:19 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:19 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:19 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:20 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:20 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:22 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Apr 10 21:52:22 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Apr 10 21:52:26 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Apr 10 21:52:26 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: WARNING: connection f67aaed5-a0c3-454d-8c06-f7efcf03efe8 PSK length of 12 bytes is too short for sha2_256 PRF in FIPS mode (16 bytes required)
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: WARNING: connection f67aaed5-a0c3-454d-8c06-f7efcf03efe8 PSK length of 12 bytes is too short for sha2_256 PRF in FIPS mode (16 bytes required)
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 10 21:52:27 hyperion NetworkManager[1094]: 106 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 10 21:52:27 hyperion NetworkManager[1094]: 108 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: Peer ID is ID_IPV4_ADDR: '123.49.3.114'
Apr 10 21:52:27 hyperion audit[11167]: CRYPTO_IKE_SA pid=11167 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=start direction=initiator conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=1 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha256 prf=sha256 pfs=MODP2048 laddr=192.168.0.101 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: Peer ID is ID_IPV4_ADDR: '123.49.3.114'
Apr 10 21:52:27 hyperion NetworkManager[1094]: 004 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I4: ISAKMP SA established auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using isakmp#1 msgid:21e48c60 proposal=defaults pfsgroup=MODP2048
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I4: ISAKMP SA established auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using isakmp#1 msgid:21e48c60 proposal=defaults pfsgroup=MODP2048
Apr 10 21:52:27 hyperion NetworkManager[1094]: 117 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: initiate
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=16
Apr 10 21:52:27 hyperion pluto[11167]: | ISAKMP Notification Payload
Apr 10 21:52:27 hyperion pluto[11167]: | 00 00 00 10 00 00 00 01 03 04 00 0e
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:27 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:28 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:28 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:28 hyperion nm-l2tp-service[10846]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Apr 10 21:52:28 hyperion NetworkManager[1094]: <info> [1554911548.9644] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN plugin: state changed: stopped (6)
Apr 10 21:52:28 hyperion NetworkManager[1094]: <info> [1554911548.9674] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN service disappeared
Apr 10 21:52:28 hyperion NetworkManager[1094]: <warn> [1554911548.9687] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Apr 10 21:52:29 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:29 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
...
I have checked the warnings, those seem to be harmless. I failed to understand why network manager is failing to maintain the connection.
How can I figure out what is going wrong and how can I fix it?
vpn fedora ipsec
asked 13 hours ago
Zobayer HasanZobayer Hasan
1034
New contributor
Zobayer Hasan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
0
I used to connect to my workplace's VPN network from my F29 laptop. Since last 3 days it has been unable to establish the connection, and so far I am unable to determine what is going wrong on my own. F29 does not report any problem in details. Simply tells me Activation of network connection failed.
Connection type: VPN with IPSec tunnel to L2TP host using PSK. No algorithm specified.
Things I tried:
- Re-creating the connection but it did not work.
- Was able to connect to the VPN in my Android phone from my home network and in my friend's mac from some other network.
- Able to ping the Gateway IP from my F29 (home network).
- Contacted my VPN admin and when I attempted to connect to VPN from F29, he notified me that he did not get any request at all.
- Not sure if this is relevant for the problem, but VPN services like PureVPN still works from F29.
Probably relevant logs:
System version: 5.0.5-200.fc29.x86_64
Using nmcli to list connections and get their UUID:
# nmcli con show
NAME UUID TYPE DEVICE
........................................................................
...............................redacted.................................
........................................................................
TigerIT f67aaed5-a0c3-454d-8c06-f7efcf03efe8 vpn --
The last line is the name of my VPN connection. When I try to connect to my VPN using nmcli, I get the following output:
# nmcli con up uuid f67aaed5-a0c3-454d-8c06-f7efcf03efe8
Error: Connection activation failed: Unknown reason
I looked up for such error, but so far could not find anything that works for me.
Output of journalctl -f when trying to connect:
(I redacted some pluto and network manager's dst logs to keep it a bit shorter)
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3635] audit: op="connection-activate" uuid="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" name="TigerIT" pid=1893 uid=1000 result="success"
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3673] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: Started the VPN service, PID 10846
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3748] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: Saw the service appear; activating connection
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3791] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN connection: (ConnectInteractive) reply received
Apr 10 21:52:18 hyperion nm-l2tp-service[10846]: Check port 1701
Apr 10 21:52:18 hyperion NetworkManager[1094]: Redirecting to: systemctl restart ipsec.service
Apr 10 21:52:18 hyperion systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Apr 10 21:52:18 hyperion pluto[10438]: shutting down
Apr 10 21:52:18 hyperion audit[10438]: CRYPTO_IPSEC_SA pid=10438 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=destroy conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=8, satype=ipsec-policy samode=transport cipher=none ksize=0 integ=none in-spi=0(0x00000000) out-spi=1365708687(0x1365708687) in-ipcomp=0(0x00000000) out-ipcomp=0(0x00000000) laddr=192.1 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:18 hyperion audit[10438]: CRYPTO_IKE_SA pid=10438 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=destroy direction=initiator conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=6 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha256 prf=sha256 pfs=MODP2048 laddr=192.168.0.101 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:18 hyperion pluto[10438]: forgetting secrets
Apr 10 21:52:18 hyperion whack[10860]: 002 shutting down
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8": deleting non-instance connection
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #8: deleting state (STATE_QUICK_I1) and NOT sending notification
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #6: deleting state (STATE_MAIN_I4) and sending notification
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo ::1:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo 127.0.0.1:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo 127.0.0.1:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface wlp0s20u2/wlp0s20u2 192.168.0.101:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface wlp0s20u2/wlp0s20u2 192.168.0.101:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface virbr0/virbr0 192.168.122.1:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface virbr0/virbr0 192.168.122.1:500
Apr 10 21:52:18 hyperion pluto[10438]: leak detective found no leaks
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 src=123.49.3.114 dst=192.168.0.101 spi=1365708687(0x51670f8f) res=1
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 src=123.49.3.114 dst=192.168.0.101 spi=3823187978(0xe3e1380a) res=1
Apr 10 21:52:18 hyperion ipsec[10863]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10865]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Apr 10 21:52:18 hyperion audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ipsec comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 21:52:18 hyperion systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Apr 10 21:52:18 hyperion addconn[10869]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10869]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion _stackmanager[10870]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10872]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion _stackmanager[10870]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10877]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion ipsec[11156]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[11158]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion ipsec[11156]: nflog ipsec capture disabled
...
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 listening for IKE messages
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:500 24
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:500 fd 24
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 forgetting secrets
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 loading secrets from "/etc/ipsec.secrets"
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:4500 23
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:4500 fd 23
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:500 22
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:500 fd 22
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface wlp0s20u2:4500 21
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface wlp0s20u2:4500 fd 21
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface wlp0s20u2:500 20
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface wlp0s20u2:500 fd 20
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface virbr0:4500 19
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface virbr0:4500 fd 19
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface virbr0:500 18
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface virbr0:500 fd 18
Apr 10 21:52:18 hyperion pluto[11167]: forgetting secrets
Apr 10 21:52:18 hyperion pluto[11167]: loading secrets from "/etc/ipsec.secrets"
Apr 10 21:52:18 hyperion pluto[11167]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 10 21:52:18 hyperion NetworkManager[1094]: debugging mode enabled
Apr 10 21:52:18 hyperion NetworkManager[1094]: end of file /var/run/nm-l2tp-f67aaed5-a0c3-454d-8c06-f7efcf03efe8/ipsec.conf
Apr 10 21:52:18 hyperion NetworkManager[1094]: Loading conn f67aaed5-a0c3-454d-8c06-f7efcf03efe8
Apr 10 21:52:18 hyperion NetworkManager[1094]: starter: left is KH_DEFAULTROUTE
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgdns=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgdomains=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgbanner=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark-in=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark-out=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" vti_iface=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: opening file: /var/run/nm-l2tp-f67aaed5-a0c3-454d-8c06-f7efcf03efe8/ipsec.conf
Apr 10 21:52:18 hyperion NetworkManager[1094]: loading named conns: f67aaed5-a0c3-454d-8c06-f7efcf03efe8
...
Apr 10 21:52:18 hyperion NetworkManager[1094]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Apr 10 21:52:18 hyperion pluto[11167]: added connection description "f67aaed5-a0c3-454d-8c06-f7efcf03efe8"
Apr 10 21:52:18 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: initiating Main Mode
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: initiating Main Mode
Apr 10 21:52:18 hyperion NetworkManager[1094]: 104 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: initiate
Apr 10 21:52:19 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:19 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:19 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:19 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:20 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:20 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:22 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Apr 10 21:52:22 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Apr 10 21:52:26 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Apr 10 21:52:26 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: WARNING: connection f67aaed5-a0c3-454d-8c06-f7efcf03efe8 PSK length of 12 bytes is too short for sha2_256 PRF in FIPS mode (16 bytes required)
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: WARNING: connection f67aaed5-a0c3-454d-8c06-f7efcf03efe8 PSK length of 12 bytes is too short for sha2_256 PRF in FIPS mode (16 bytes required)
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 10 21:52:27 hyperion NetworkManager[1094]: 106 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 10 21:52:27 hyperion NetworkManager[1094]: 108 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: Peer ID is ID_IPV4_ADDR: '123.49.3.114'
Apr 10 21:52:27 hyperion audit[11167]: CRYPTO_IKE_SA pid=11167 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=start direction=initiator conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=1 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha256 prf=sha256 pfs=MODP2048 laddr=192.168.0.101 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: Peer ID is ID_IPV4_ADDR: '123.49.3.114'
Apr 10 21:52:27 hyperion NetworkManager[1094]: 004 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I4: ISAKMP SA established auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using isakmp#1 msgid:21e48c60 proposal=defaults pfsgroup=MODP2048
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I4: ISAKMP SA established auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using isakmp#1 msgid:21e48c60 proposal=defaults pfsgroup=MODP2048
Apr 10 21:52:27 hyperion NetworkManager[1094]: 117 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: initiate
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=16
Apr 10 21:52:27 hyperion pluto[11167]: | ISAKMP Notification Payload
Apr 10 21:52:27 hyperion pluto[11167]: | 00 00 00 10 00 00 00 01 03 04 00 0e
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:27 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:28 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:28 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:28 hyperion nm-l2tp-service[10846]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Apr 10 21:52:28 hyperion NetworkManager[1094]: <info> [1554911548.9644] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN plugin: state changed: stopped (6)
Apr 10 21:52:28 hyperion NetworkManager[1094]: <info> [1554911548.9674] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN service disappeared
Apr 10 21:52:28 hyperion NetworkManager[1094]: <warn> [1554911548.9687] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Apr 10 21:52:29 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:29 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
...
I have checked the warnings, those seem to be harmless. I failed to understand why network manager is failing to maintain the connection.
How can I figure out what is going wrong and how can I fix it?
vpn fedora ipsec
asked 13 hours ago
Zobayer HasanZobayer Hasan
1034
New contributor
Zobayer Hasan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Your system is sending out packets but never hears a reply. Is your home router causing the problem? Is your country's government interfering with VPN connections? Have you tried to connect from a different location?
– Michael Hampton♦
11 hours ago
I checked my home router settings, all VPN related settings are enabled. My F29 laptop and my phone use the same wifi router. As I mentioned in the OP, I can connect to VPN from my phone. So my guess is, the router isn't the problem. As for the Govt thing, I don't really know, but this problem appeared recently.
– Zobayer Hasan
10 hours ago
add a comment |
0
0
0
I used to connect to my workplace's VPN network from my F29 laptop. Since last 3 days it has been unable to establish the connection, and so far I am unable to determine what is going wrong on my own. F29 does not report any problem in details. Simply tells me Activation of network connection failed.
Connection type: VPN with IPSec tunnel to L2TP host using PSK. No algorithm specified.
Things I tried:
- Re-creating the connection but it did not work.
- Was able to connect to the VPN in my Android phone from my home network and in my friend's mac from some other network.
- Able to ping the Gateway IP from my F29 (home network).
- Contacted my VPN admin and when I attempted to connect to VPN from F29, he notified me that he did not get any request at all.
- Not sure if this is relevant for the problem, but VPN services like PureVPN still works from F29.
Probably relevant logs:
System version: 5.0.5-200.fc29.x86_64
Using nmcli to list connections and get their UUID:
# nmcli con show
NAME UUID TYPE DEVICE
........................................................................
...............................redacted.................................
........................................................................
TigerIT f67aaed5-a0c3-454d-8c06-f7efcf03efe8 vpn --
The last line is the name of my VPN connection. When I try to connect to my VPN using nmcli, I get the following output:
# nmcli con up uuid f67aaed5-a0c3-454d-8c06-f7efcf03efe8
Error: Connection activation failed: Unknown reason
I looked up for such error, but so far could not find anything that works for me.
Output of journalctl -f when trying to connect:
(I redacted some pluto and network manager's dst logs to keep it a bit shorter)
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3635] audit: op="connection-activate" uuid="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" name="TigerIT" pid=1893 uid=1000 result="success"
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3673] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: Started the VPN service, PID 10846
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3748] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: Saw the service appear; activating connection
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3791] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN connection: (ConnectInteractive) reply received
Apr 10 21:52:18 hyperion nm-l2tp-service[10846]: Check port 1701
Apr 10 21:52:18 hyperion NetworkManager[1094]: Redirecting to: systemctl restart ipsec.service
Apr 10 21:52:18 hyperion systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Apr 10 21:52:18 hyperion pluto[10438]: shutting down
Apr 10 21:52:18 hyperion audit[10438]: CRYPTO_IPSEC_SA pid=10438 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=destroy conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=8, satype=ipsec-policy samode=transport cipher=none ksize=0 integ=none in-spi=0(0x00000000) out-spi=1365708687(0x1365708687) in-ipcomp=0(0x00000000) out-ipcomp=0(0x00000000) laddr=192.1 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:18 hyperion audit[10438]: CRYPTO_IKE_SA pid=10438 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=destroy direction=initiator conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=6 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha256 prf=sha256 pfs=MODP2048 laddr=192.168.0.101 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:18 hyperion pluto[10438]: forgetting secrets
Apr 10 21:52:18 hyperion whack[10860]: 002 shutting down
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8": deleting non-instance connection
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #8: deleting state (STATE_QUICK_I1) and NOT sending notification
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #6: deleting state (STATE_MAIN_I4) and sending notification
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo ::1:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo 127.0.0.1:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo 127.0.0.1:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface wlp0s20u2/wlp0s20u2 192.168.0.101:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface wlp0s20u2/wlp0s20u2 192.168.0.101:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface virbr0/virbr0 192.168.122.1:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface virbr0/virbr0 192.168.122.1:500
Apr 10 21:52:18 hyperion pluto[10438]: leak detective found no leaks
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 src=123.49.3.114 dst=192.168.0.101 spi=1365708687(0x51670f8f) res=1
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 src=123.49.3.114 dst=192.168.0.101 spi=3823187978(0xe3e1380a) res=1
Apr 10 21:52:18 hyperion ipsec[10863]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10865]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Apr 10 21:52:18 hyperion audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ipsec comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 21:52:18 hyperion systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Apr 10 21:52:18 hyperion addconn[10869]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10869]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion _stackmanager[10870]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10872]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion _stackmanager[10870]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10877]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion ipsec[11156]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[11158]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion ipsec[11156]: nflog ipsec capture disabled
...
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 listening for IKE messages
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:500 24
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:500 fd 24
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 forgetting secrets
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 loading secrets from "/etc/ipsec.secrets"
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:4500 23
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:4500 fd 23
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:500 22
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:500 fd 22
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface wlp0s20u2:4500 21
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface wlp0s20u2:4500 fd 21
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface wlp0s20u2:500 20
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface wlp0s20u2:500 fd 20
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface virbr0:4500 19
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface virbr0:4500 fd 19
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface virbr0:500 18
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface virbr0:500 fd 18
Apr 10 21:52:18 hyperion pluto[11167]: forgetting secrets
Apr 10 21:52:18 hyperion pluto[11167]: loading secrets from "/etc/ipsec.secrets"
Apr 10 21:52:18 hyperion pluto[11167]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 10 21:52:18 hyperion NetworkManager[1094]: debugging mode enabled
Apr 10 21:52:18 hyperion NetworkManager[1094]: end of file /var/run/nm-l2tp-f67aaed5-a0c3-454d-8c06-f7efcf03efe8/ipsec.conf
Apr 10 21:52:18 hyperion NetworkManager[1094]: Loading conn f67aaed5-a0c3-454d-8c06-f7efcf03efe8
Apr 10 21:52:18 hyperion NetworkManager[1094]: starter: left is KH_DEFAULTROUTE
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgdns=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgdomains=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgbanner=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark-in=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark-out=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" vti_iface=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: opening file: /var/run/nm-l2tp-f67aaed5-a0c3-454d-8c06-f7efcf03efe8/ipsec.conf
Apr 10 21:52:18 hyperion NetworkManager[1094]: loading named conns: f67aaed5-a0c3-454d-8c06-f7efcf03efe8
...
Apr 10 21:52:18 hyperion NetworkManager[1094]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Apr 10 21:52:18 hyperion pluto[11167]: added connection description "f67aaed5-a0c3-454d-8c06-f7efcf03efe8"
Apr 10 21:52:18 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: initiating Main Mode
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: initiating Main Mode
Apr 10 21:52:18 hyperion NetworkManager[1094]: 104 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: initiate
Apr 10 21:52:19 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:19 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:19 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:19 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:20 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:20 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:22 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Apr 10 21:52:22 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Apr 10 21:52:26 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Apr 10 21:52:26 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: WARNING: connection f67aaed5-a0c3-454d-8c06-f7efcf03efe8 PSK length of 12 bytes is too short for sha2_256 PRF in FIPS mode (16 bytes required)
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: WARNING: connection f67aaed5-a0c3-454d-8c06-f7efcf03efe8 PSK length of 12 bytes is too short for sha2_256 PRF in FIPS mode (16 bytes required)
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 10 21:52:27 hyperion NetworkManager[1094]: 106 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 10 21:52:27 hyperion NetworkManager[1094]: 108 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: Peer ID is ID_IPV4_ADDR: '123.49.3.114'
Apr 10 21:52:27 hyperion audit[11167]: CRYPTO_IKE_SA pid=11167 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=start direction=initiator conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=1 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha256 prf=sha256 pfs=MODP2048 laddr=192.168.0.101 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: Peer ID is ID_IPV4_ADDR: '123.49.3.114'
Apr 10 21:52:27 hyperion NetworkManager[1094]: 004 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I4: ISAKMP SA established auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using isakmp#1 msgid:21e48c60 proposal=defaults pfsgroup=MODP2048
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I4: ISAKMP SA established auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using isakmp#1 msgid:21e48c60 proposal=defaults pfsgroup=MODP2048
Apr 10 21:52:27 hyperion NetworkManager[1094]: 117 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: initiate
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=16
Apr 10 21:52:27 hyperion pluto[11167]: | ISAKMP Notification Payload
Apr 10 21:52:27 hyperion pluto[11167]: | 00 00 00 10 00 00 00 01 03 04 00 0e
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:27 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:28 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:28 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:28 hyperion nm-l2tp-service[10846]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Apr 10 21:52:28 hyperion NetworkManager[1094]: <info> [1554911548.9644] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN plugin: state changed: stopped (6)
Apr 10 21:52:28 hyperion NetworkManager[1094]: <info> [1554911548.9674] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN service disappeared
Apr 10 21:52:28 hyperion NetworkManager[1094]: <warn> [1554911548.9687] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Apr 10 21:52:29 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:29 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
...
I have checked the warnings, those seem to be harmless. I failed to understand why network manager is failing to maintain the connection.
How can I figure out what is going wrong and how can I fix it?
vpn fedora ipsec
asked 13 hours ago
Zobayer HasanZobayer Hasan
1034
New contributor
Zobayer Hasan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I used to connect to my workplace's VPN network from my F29 laptop. Since last 3 days it has been unable to establish the connection, and so far I am unable to determine what is going wrong on my own. F29 does not report any problem in details. Simply tells me Activation of network connection failed.
Connection type: VPN with IPSec tunnel to L2TP host using PSK. No algorithm specified.
Things I tried:
- Re-creating the connection but it did not work.
- Was able to connect to the VPN in my Android phone from my home network and in my friend's mac from some other network.
- Able to ping the Gateway IP from my F29 (home network).
- Contacted my VPN admin and when I attempted to connect to VPN from F29, he notified me that he did not get any request at all.
- Not sure if this is relevant for the problem, but VPN services like PureVPN still works from F29.
Probably relevant logs:
System version: 5.0.5-200.fc29.x86_64
Using nmcli to list connections and get their UUID:
# nmcli con show
NAME UUID TYPE DEVICE
........................................................................
...............................redacted.................................
........................................................................
TigerIT f67aaed5-a0c3-454d-8c06-f7efcf03efe8 vpn --
The last line is the name of my VPN connection. When I try to connect to my VPN using nmcli, I get the following output:
# nmcli con up uuid f67aaed5-a0c3-454d-8c06-f7efcf03efe8
Error: Connection activation failed: Unknown reason
I looked up for such error, but so far could not find anything that works for me.
Output of journalctl -f when trying to connect:
(I redacted some pluto and network manager's dst logs to keep it a bit shorter)
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3635] audit: op="connection-activate" uuid="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" name="TigerIT" pid=1893 uid=1000 result="success"
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3673] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: Started the VPN service, PID 10846
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3748] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: Saw the service appear; activating connection
Apr 10 21:52:18 hyperion NetworkManager[1094]: <info> [1554911538.3791] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN connection: (ConnectInteractive) reply received
Apr 10 21:52:18 hyperion nm-l2tp-service[10846]: Check port 1701
Apr 10 21:52:18 hyperion NetworkManager[1094]: Redirecting to: systemctl restart ipsec.service
Apr 10 21:52:18 hyperion systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Apr 10 21:52:18 hyperion pluto[10438]: shutting down
Apr 10 21:52:18 hyperion audit[10438]: CRYPTO_IPSEC_SA pid=10438 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=destroy conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=8, satype=ipsec-policy samode=transport cipher=none ksize=0 integ=none in-spi=0(0x00000000) out-spi=1365708687(0x1365708687) in-ipcomp=0(0x00000000) out-ipcomp=0(0x00000000) laddr=192.1 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:18 hyperion audit[10438]: CRYPTO_IKE_SA pid=10438 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=destroy direction=initiator conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=6 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha256 prf=sha256 pfs=MODP2048 laddr=192.168.0.101 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:18 hyperion pluto[10438]: forgetting secrets
Apr 10 21:52:18 hyperion whack[10860]: 002 shutting down
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8": deleting non-instance connection
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #8: deleting state (STATE_QUICK_I1) and NOT sending notification
Apr 10 21:52:18 hyperion pluto[10438]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #6: deleting state (STATE_MAIN_I4) and sending notification
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo ::1:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo 127.0.0.1:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface lo/lo 127.0.0.1:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface wlp0s20u2/wlp0s20u2 192.168.0.101:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface wlp0s20u2/wlp0s20u2 192.168.0.101:500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface virbr0/virbr0 192.168.122.1:4500
Apr 10 21:52:18 hyperion pluto[10438]: shutting down interface virbr0/virbr0 192.168.122.1:500
Apr 10 21:52:18 hyperion pluto[10438]: leak detective found no leaks
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 res=1 src=0000:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=0 dst=0000:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=0
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 src=123.49.3.114 dst=192.168.0.101 spi=1365708687(0x51670f8f) res=1
Apr 10 21:52:18 hyperion audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 subj=system_u:system_r:ifconfig_t:s0 src=123.49.3.114 dst=192.168.0.101 spi=3823187978(0xe3e1380a) res=1
Apr 10 21:52:18 hyperion ipsec[10863]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10865]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Apr 10 21:52:18 hyperion audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=ipsec comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 21:52:18 hyperion systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Apr 10 21:52:18 hyperion addconn[10869]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10869]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion _stackmanager[10870]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10872]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion _stackmanager[10870]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[10877]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion ipsec[11156]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion libipsecconf[11158]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr 10 21:52:18 hyperion ipsec[11156]: nflog ipsec capture disabled
...
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 listening for IKE messages
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:500 24
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:500 fd 24
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 forgetting secrets
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 loading secrets from "/etc/ipsec.secrets"
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:4500 23
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:4500 fd 23
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface lo:500 22
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface lo:500 fd 22
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface wlp0s20u2:4500 21
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface wlp0s20u2:4500 fd 21
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface wlp0s20u2:500 20
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface wlp0s20u2:500 fd 20
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface virbr0:4500 19
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface virbr0:4500 fd 19
Apr 10 21:52:18 hyperion pluto[11167]: | refresh. setup callback for interface virbr0:500 18
Apr 10 21:52:18 hyperion pluto[11167]: | setup callback for interface virbr0:500 fd 18
Apr 10 21:52:18 hyperion pluto[11167]: forgetting secrets
Apr 10 21:52:18 hyperion pluto[11167]: loading secrets from "/etc/ipsec.secrets"
Apr 10 21:52:18 hyperion pluto[11167]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr 10 21:52:18 hyperion NetworkManager[1094]: debugging mode enabled
Apr 10 21:52:18 hyperion NetworkManager[1094]: end of file /var/run/nm-l2tp-f67aaed5-a0c3-454d-8c06-f7efcf03efe8/ipsec.conf
Apr 10 21:52:18 hyperion NetworkManager[1094]: Loading conn f67aaed5-a0c3-454d-8c06-f7efcf03efe8
Apr 10 21:52:18 hyperion NetworkManager[1094]: starter: left is KH_DEFAULTROUTE
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgdns=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgdomains=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" modecfgbanner=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark-in=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" mark-out=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: conn: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" vti_iface=<unset>
Apr 10 21:52:18 hyperion NetworkManager[1094]: opening file: /var/run/nm-l2tp-f67aaed5-a0c3-454d-8c06-f7efcf03efe8/ipsec.conf
Apr 10 21:52:18 hyperion NetworkManager[1094]: loading named conns: f67aaed5-a0c3-454d-8c06-f7efcf03efe8
...
Apr 10 21:52:18 hyperion NetworkManager[1094]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Apr 10 21:52:18 hyperion pluto[11167]: added connection description "f67aaed5-a0c3-454d-8c06-f7efcf03efe8"
Apr 10 21:52:18 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: initiating Main Mode
Apr 10 21:52:18 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: initiating Main Mode
Apr 10 21:52:18 hyperion NetworkManager[1094]: 104 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: initiate
Apr 10 21:52:19 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:19 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:19 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:19 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:20 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:20 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:22 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Apr 10 21:52:22 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 4 seconds for response
Apr 10 21:52:26 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Apr 10 21:52:26 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I1: retransmission; will wait 8 seconds for response
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: WARNING: connection f67aaed5-a0c3-454d-8c06-f7efcf03efe8 PSK length of 12 bytes is too short for sha2_256 PRF in FIPS mode (16 bytes required)
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: WARNING: connection f67aaed5-a0c3-454d-8c06-f7efcf03efe8 PSK length of 12 bytes is too short for sha2_256 PRF in FIPS mode (16 bytes required)
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 10 21:52:27 hyperion NetworkManager[1094]: 106 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 10 21:52:27 hyperion NetworkManager[1094]: 108 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: Peer ID is ID_IPV4_ADDR: '123.49.3.114'
Apr 10 21:52:27 hyperion audit[11167]: CRYPTO_IKE_SA pid=11167 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:ipsec_t:s0 msg='op=start direction=initiator conn-name="f67aaed5-a0c3-454d-8c06-f7efcf03efe8" connstate=1 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha256 prf=sha256 pfs=MODP2048 laddr=192.168.0.101 exe="/usr/libexec/ipsec/pluto" hostname=? addr=123.49.3.114 terminal=? res=success'
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: Peer ID is ID_IPV4_ADDR: '123.49.3.114'
Apr 10 21:52:27 hyperion NetworkManager[1094]: 004 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I4: ISAKMP SA established auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048
Apr 10 21:52:27 hyperion NetworkManager[1094]: 002 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using isakmp#1 msgid:21e48c60 proposal=defaults pfsgroup=MODP2048
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: STATE_MAIN_I4: ISAKMP SA established auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using isakmp#1 msgid:21e48c60 proposal=defaults pfsgroup=MODP2048
Apr 10 21:52:27 hyperion NetworkManager[1094]: 117 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: initiate
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=16
Apr 10 21:52:27 hyperion pluto[11167]: | ISAKMP Notification Payload
Apr 10 21:52:27 hyperion pluto[11167]: | 00 00 00 10 00 00 00 01 03 04 00 0e
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #1: received and ignored notification payload: NO_PROPOSAL_CHOSEN
Apr 10 21:52:27 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:27 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr 10 21:52:28 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:28 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response
Apr 10 21:52:28 hyperion nm-l2tp-service[10846]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Apr 10 21:52:28 hyperion NetworkManager[1094]: <info> [1554911548.9644] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN plugin: state changed: stopped (6)
Apr 10 21:52:28 hyperion NetworkManager[1094]: <info> [1554911548.9674] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN service disappeared
Apr 10 21:52:28 hyperion NetworkManager[1094]: <warn> [1554911548.9687] vpn-connection[0x55af17c044f0,f67aaed5-a0c3-454d-8c06-f7efcf03efe8,"TigerIT",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Apr 10 21:52:29 hyperion pluto[11167]: "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
Apr 10 21:52:29 hyperion NetworkManager[1094]: 010 "f67aaed5-a0c3-454d-8c06-f7efcf03efe8" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response
...
I have checked the warnings, those seem to be harmless. I failed to understand why network manager is failing to maintain the connection.
How can I figure out what is going wrong and how can I fix it?
vpn fedora ipsec
vpn fedora ipsec
asked 13 hours ago
Zobayer HasanZobayer Hasan
1034
New contributor
Zobayer Hasan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 13 hours ago
Zobayer HasanZobayer Hasan
1034
New contributor
Zobayer Hasan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 12 hours ago
Zobayer Hasan
asked 13 hours ago
Zobayer HasanZobayer Hasan
1034
New contributor
Zobayer Hasan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 13 hours ago
Zobayer HasanZobayer Hasan
1034
asked 13 hours ago
Zobayer HasanZobayer Hasan
1034
1034
New contributor
Zobayer Hasan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Zobayer Hasan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Zobayer Hasan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Your system is sending out packets but never hears a reply. Is your home router causing the problem? Is your country's government interfering with VPN connections? Have you tried to connect from a different location?
– Michael Hampton♦
11 hours ago
I checked my home router settings, all VPN related settings are enabled. My F29 laptop and my phone use the same wifi router. As I mentioned in the OP, I can connect to VPN from my phone. So my guess is, the router isn't the problem. As for the Govt thing, I don't really know, but this problem appeared recently.
– Zobayer Hasan
10 hours ago
add a comment |
1
Your system is sending out packets but never hears a reply. Is your home router causing the problem? Is your country's government interfering with VPN connections? Have you tried to connect from a different location?
– Michael Hampton♦
11 hours ago
I checked my home router settings, all VPN related settings are enabled. My F29 laptop and my phone use the same wifi router. As I mentioned in the OP, I can connect to VPN from my phone. So my guess is, the router isn't the problem. As for the Govt thing, I don't really know, but this problem appeared recently.
– Zobayer Hasan
10 hours ago
1
1
Your system is sending out packets but never hears a reply. Is your home router causing the problem? Is your country's government interfering with VPN connections? Have you tried to connect from a different location?
– Michael Hampton♦
11 hours ago
Your system is sending out packets but never hears a reply. Is your home router causing the problem? Is your country's government interfering with VPN connections? Have you tried to connect from a different location?
– Michael Hampton♦
11 hours ago
I checked my home router settings, all VPN related settings are enabled. My F29 laptop and my phone use the same wifi router. As I mentioned in the OP, I can connect to VPN from my phone. So my guess is, the router isn't the problem. As for the Govt thing, I don't really know, but this problem appeared recently.
– Zobayer Hasan
10 hours ago
I checked my home router settings, all VPN related settings are enabled. My F29 laptop and my phone use the same wifi router. As I mentioned in the OP, I can connect to VPN from my phone. So my guess is, the router isn't the problem. As for the Govt thing, I don't really know, but this problem appeared recently.
– Zobayer Hasan
10 hours ago
add a comment |
1 Answer
1
active
oldest
votes
2
Regarding the "ignoring informational payload NO_PROPOSAL_CHOSEN" error, see the libreswan FAQ for reasons why :
- https://libreswan.org/wiki/FAQ
In the IPsec settings dialog box, try clicking "Disable PFS", this option was added to NetworkManager-l2tp-1.2.12 and was previously disabled. Sounds like your workplace VPN server might not support Perfect Forward Secrecy.
answered 6 hours ago
Douglas KosovicDouglas Kosovic
1361
Great! I did not notice that change. Disabling PFS fixed the issue.
– Zobayer Hasan
1 hour ago
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Zobayer Hasan is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f962464%2funable-to-connect-to-l2tp-vpn-network-with-fedora-29%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
2
Regarding the "ignoring informational payload NO_PROPOSAL_CHOSEN" error, see the libreswan FAQ for reasons why :
- https://libreswan.org/wiki/FAQ
In the IPsec settings dialog box, try clicking "Disable PFS", this option was added to NetworkManager-l2tp-1.2.12 and was previously disabled. Sounds like your workplace VPN server might not support Perfect Forward Secrecy.
answered 6 hours ago
Douglas KosovicDouglas Kosovic
1361
Great! I did not notice that change. Disabling PFS fixed the issue.
– Zobayer Hasan
1 hour ago
add a comment |
2
Regarding the "ignoring informational payload NO_PROPOSAL_CHOSEN" error, see the libreswan FAQ for reasons why :
- https://libreswan.org/wiki/FAQ
In the IPsec settings dialog box, try clicking "Disable PFS", this option was added to NetworkManager-l2tp-1.2.12 and was previously disabled. Sounds like your workplace VPN server might not support Perfect Forward Secrecy.
answered 6 hours ago
Douglas KosovicDouglas Kosovic
1361
Great! I did not notice that change. Disabling PFS fixed the issue.
– Zobayer Hasan
1 hour ago
add a comment |
2
2
2
Regarding the "ignoring informational payload NO_PROPOSAL_CHOSEN" error, see the libreswan FAQ for reasons why :
- https://libreswan.org/wiki/FAQ
In the IPsec settings dialog box, try clicking "Disable PFS", this option was added to NetworkManager-l2tp-1.2.12 and was previously disabled. Sounds like your workplace VPN server might not support Perfect Forward Secrecy.
answered 6 hours ago
Douglas KosovicDouglas Kosovic
1361
Regarding the "ignoring informational payload NO_PROPOSAL_CHOSEN" error, see the libreswan FAQ for reasons why :
- https://libreswan.org/wiki/FAQ
In the IPsec settings dialog box, try clicking "Disable PFS", this option was added to NetworkManager-l2tp-1.2.12 and was previously disabled. Sounds like your workplace VPN server might not support Perfect Forward Secrecy.
answered 6 hours ago
Douglas KosovicDouglas Kosovic
1361
answered 6 hours ago
Douglas KosovicDouglas Kosovic
1361
answered 6 hours ago
Douglas KosovicDouglas Kosovic
1361
answered 6 hours ago
Douglas KosovicDouglas Kosovic
1361
1361
Great! I did not notice that change. Disabling PFS fixed the issue.
– Zobayer Hasan
1 hour ago
add a comment |
Great! I did not notice that change. Disabling PFS fixed the issue.
– Zobayer Hasan
1 hour ago
Great! I did not notice that change. Disabling PFS fixed the issue.
– Zobayer Hasan
1 hour ago
Great! I did not notice that change. Disabling PFS fixed the issue.
– Zobayer Hasan
1 hour ago
add a comment |
Zobayer Hasan is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
Zobayer Hasan is a new contributor. Be nice, and check out our Code of Conduct.
Zobayer Hasan is a new contributor. Be nice, and check out our Code of Conduct.
Zobayer Hasan is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f962464%2funable-to-connect-to-l2tp-vpn-network-with-fedora-29%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Your system is sending out packets but never hears a reply. Is your home router causing the problem? Is your country's government interfering with VPN connections? Have you tried to connect from a different location?
– Michael Hampton♦
11 hours ago
I checked my home router settings, all VPN related settings are enabled. My F29 laptop and my phone use the same wifi router. As I mentioned in the OP, I can connect to VPN from my phone. So my guess is, the router isn't the problem. As for the Govt thing, I don't really know, but this problem appeared recently.
– Zobayer Hasan
10 hours ago