L2TP VPN connection on Mageia 7.1 Plasma - how to setup?

L2TP VPN connection on Mageia 7.1 Plasma - how to setup?

Postby marcuskoze » Jun 17th, '20, 10:14

Hello,
I've come back to Mageia, as some other distros I've tried on my new laptop (Asus Vivobook 17 M712DA) would fail on boot when I unplug the charger... You guys are truly magical!

The issue I have is that I'm not so networking-savvy and I don't know how to setup a L2TP VPN connection to work, as we're working from home with this pandemic.

So, they gave me a Gateway address, a username, password and a shared key. Can someone please help me what I should install to successfuylly connect to the work network? The VPN manager from the "net_applet" has two options, Cisco concentrator and OpenVPN, but I don't see any L2TP options to configure there, perhaps they're named differently and I don't understand where to put the connection data that I have...

On the old windows laptop that I had from them it was pretty easy to set this up, but now that I have my own machine I'd very much prefer a Linux environment :)

NB: I did search the forums on the subject but from my efforts I could not find any satisfactory material...
If any other information is needed I'll gladly do my best to help you help me :)

Thank you in advance
Last edited by isadora on Jun 17th, '20, 10:42, edited 1 time in total.
Reason: Topic moved into appropriate sub-forum.
marcuskoze
 
Posts: 31
Joined: Jun 4th, '11, 16:24

Re: L2TP VPN connection on Mageia 7.1 Plasma - how to setup?

Postby doktor5000 » Jun 17th, '20, 17:51

I'd suggest to switch to networkmanager. I've described how to switch from Mageia's default net_applet to networkmanager here: viewtopic.php?f=25&t=5782
It also allows to create L2TP VPN connections.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 16080
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: L2TP VPN connection on Mageia 7.1 Plasma - how to setup?

Postby marcuskoze » Jun 17th, '20, 22:56

Hi Doktor, thank you for your time.
I´ve just switched to NetworkManager, I could connect to my wifi, I could configure the L2TP connection but when I try to connect to the VPN it immediatelly disconnects...
Digging for answers I´ve come accross a networking log monitor using ¨journalctl -f -u NetworkManager¨, here´s some output:

Code: Select all
Jun 17 23:44:07 localhost.localdomain nm-l2tp-service[10411]: Check port 1701
Jun 17 23:44:07 localhost.localdomain NetworkManager[994]: whack: is Pluto running?  connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
Jun 17 23:44:07 localhost.localdomain NetworkManager[994]: Redirecting to: systemctl restart ipsec.service
Jun 17 23:44:07 localhost.localdomain NetworkManager[994]: Job for ipsec.service failed because a fatal signal was delivered causing the control process to dump core.
Jun 17 23:44:07 localhost.localdomain NetworkManager[994]: See "systemctl status ipsec.service" and "journalctl -xe" for details.
Jun 17 23:44:07 localhost.localdomain NetworkManager[994]: <warn> {{REDACTED-STUFF}}: VPN connection: failed to connect: 'Could not restart the ipsec service.'
Jun 17 23:44:07 localhost.localdomain NetworkManager[994]: <info> {{REDACTED-STUFF}}: VPN plugin: state changed: stopped (6)
Jun 17 23:44:07 localhost.localdomain NetworkManager[994]: <info> {{REDACTED-STUFF}}: VPN service disappeared


I´ll keep digging, but I´m not sure what to do next, I´m not much in the know with all this...
marcuskoze
 
Posts: 31
Joined: Jun 4th, '11, 16:24

Re: L2TP VPN connection on Mageia 7.1 Plasma - how to setup?

Postby doktor5000 » Jun 17th, '20, 23:11

marcuskoze wrote:Jun 17 23:44:07 localhost.localdomain NetworkManager[994]: whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
Jun 17 23:44:07 localhost.localdomain NetworkManager[994]: Redirecting to: systemctl restart ipsec.service
Jun 17 23:44:07 localhost.localdomain NetworkManager[994]: Job for ipsec.service failed because a fatal signal was delivered causing the control process to dump core.
Jun 17 23:44:07 localhost.localdomain NetworkManager[994]: See "systemctl status ipsec.service" and "journalctl -xe" for details.


Please show the output as root of

Code: Select all
systemctl status ipsec.service networkmanager.service -al -n50
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 16080
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: L2TP VPN connection on Mageia 7.1 Plasma - how to setup?

Postby marcuskoze » Jun 17th, '20, 23:28

Here it is:

Code: Select all
● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
   Loaded: loaded (/usr/lib/systemd/system/ipsec.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:ipsec(8)
           man:pluto(8)
           man:ipsec.conf(5)

● NetworkManager.service - Network Manager
   Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-06-18 00:22:17 EEST; 4min 31s ago
     Docs: man:NetworkManager(8)
 Main PID: 1004 (NetworkManager)
    Tasks: 3 (limit: 4915)
   Memory: 17.0M
   CGroup: /system.slice/NetworkManager.service
           └─1004 /usr/sbin/NetworkManager --no-daemon

Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.6461] policy: auto-activating connection 'UPC8CA2548' (d9da044c-0806-467b-9e7a-56f87764cc79)
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.6474] device (wlp1s0): Activation: starting connection 'UPC8CA2548' (d9da044c-0806-467b-9e7a-56f87764cc79)
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.6478] device (wlp1s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.6484] manager: NetworkManager state is now CONNECTING
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.6507] device (wlp1s0): set-hw-addr: reset MAC address to E4:AA:EA:68:41:F5 (preserve)
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.8058] device (wlp1s0): supplicant interface state: inactive -> disabled
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.8066] device (wlp1s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.8073] device (wlp1s0): Activation: (wifi) access point 'UPC8CA2548' has security, but secrets are required.
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.8074] device (wlp1s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.8079] sup-iface[0x1c8b060,wlp1s0]: wps: type pbc start...
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.8132] device (wlp1s0): supplicant interface state: disabled -> inactive
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.8502] device (wlp1s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.8511] device (wlp1s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.9481] device (wlp1s0): Activation: (wifi) connection 'UPC8CA2548' has security, and secrets exist.  No new secrets needed.
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.9484] Config: added 'ssid' value 'UPC8CA2548'
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.9484] Config: added 'scan_ssid' value '1'
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.9484] Config: added 'bgscan' value 'simple:30:-80:86400'
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.9485] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256'
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.9485] Config: added 'auth_alg' value 'OPEN'
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.9486] Config: added 'psk' value '<hidden>'
Jun 18 00:22:54 nixbook NetworkManager[1004]: <info>  [1592429001.9509] device (wlp1s0): supplicant interface state: inactive -> scanning
Jun 18 00:22:58 nixbook NetworkManager[1004]: <info>  [1592429005.7310] device (wlp1s0): supplicant interface state: scanning -> authenticating
Jun 18 00:22:58 nixbook NetworkManager[1004]: <info>  [1592429005.7523] device (wlp1s0): supplicant interface state: authenticating -> associating
Jun 18 00:22:58 nixbook NetworkManager[1004]: <info>  [1592429005.9526] device (wlp1s0): supplicant interface state: associating -> 4-way handshake
Jun 18 00:22:58 nixbook NetworkManager[1004]: <info>  [1592429005.9796] device (wlp1s0): supplicant interface state: 4-way handshake -> completed
Jun 18 00:22:58 nixbook NetworkManager[1004]: <info>  [1592429005.9796] device (wlp1s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "UPC8CA2548"
Jun 18 00:22:58 nixbook NetworkManager[1004]: <info>  [1592429005.9799] device (wlp1s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
Jun 18 00:22:58 nixbook NetworkManager[1004]: <info>  [1592429005.9806] dhcp4 (wlp1s0): activation: beginning transaction (timeout in 45 seconds)
Jun 18 00:22:59 nixbook NetworkManager[1004]: <info>  [1592429006.0274] dhcp4 (wlp1s0):   address 192.168.0.213
Jun 18 00:22:59 nixbook NetworkManager[1004]: <info>  [1592429006.0275] dhcp4 (wlp1s0):   plen 24
Jun 18 00:22:59 nixbook NetworkManager[1004]: <info>  [1592429006.0275] dhcp4 (wlp1s0):   expires in 3600 seconds (at 1592432606)
Jun 18 00:22:59 nixbook NetworkManager[1004]: <info>  [1592429006.0276] dhcp4 (wlp1s0):   nameserver '192.168.0.1'
Jun 18 00:22:59 nixbook NetworkManager[1004]: <info>  [1592429006.0276] dhcp4 (wlp1s0):   domain name 'home'
Jun 18 00:22:59 nixbook NetworkManager[1004]: <info>  [1592429006.0276] dhcp4 (wlp1s0):   hostname 'nixbook'
Jun 18 00:22:59 nixbook NetworkManager[1004]: <info>  [1592429006.0276] dhcp4 (wlp1s0):   router 192.168.0.1
Jun 18 00:22:59 nixbook NetworkManager[1004]: <info>  [1592429006.0281] dhcp4 (wlp1s0): state changed unknown -> bound
Jun 18 00:22:59 nixbook NetworkManager[1004]: <info>  [1592429006.0306] device (wlp1s0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
marcuskoze
 
Posts: 31
Joined: Jun 4th, '11, 16:24

Re: L2TP VPN connection on Mageia 7.1 Plasma - how to setup?

Postby doktor5000 » Jun 17th, '20, 23:54

Hmmm, does not seem like ipsec.service has ever been started ... Can you try

Code: Select all
systemctl start ipsec.service
systemctl status ipsec.service -al -n50
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 16080
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: L2TP VPN connection on Mageia 7.1 Plasma - how to setup?

Postby marcuskoze » Jun 17th, '20, 23:58

Code: Select all
[root@nixbook marcel]# systemctl start ipsec.service
Job for ipsec.service failed because a fatal signal was delivered causing the control process to dump core.
See "systemctl status ipsec.service" and "journalctl -xe" for details.


Code: Select all
[root@nixbook marcel]# systemctl status ipsec.service -al -n50
● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
   Loaded: loaded (/usr/lib/systemd/system/ipsec.service; disabled; vendor preset: disabled)
   Active: failed (Result: core-dump) since Thu 2020-06-18 00:56:30 EEST; 24s ago
     Docs: man:ipsec(8)
           man:pluto(8)
           man:ipsec.conf(5)
  Process: 26229 ExecStartPre=/usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig (code=exited, status=0/SUCCESS)
  Process: 26230 ExecStartPre=/usr/libexec/ipsec/_stackmanager start (code=exited, status=0/SUCCESS)
  Process: 26495 ExecStartPre=/usr/sbin/ipsec --checknss (code=exited, status=0/SUCCESS)
  Process: 26496 ExecStartPre=/usr/sbin/ipsec --checknflog (code=exited, status=0/SUCCESS)
  Process: 26507 ExecStart=/usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork (code=dumped, signal=ABRT)
  Process: 26510 ExecStopPost=/sbin/ip xfrm policy flush (code=exited, status=0/SUCCESS)
  Process: 26511 ExecStopPost=/sbin/ip xfrm state flush (code=exited, status=0/SUCCESS)
  Process: 26512 ExecStopPost=/usr/sbin/ipsec --stopnflog (code=exited, status=0/SUCCESS)
 Main PID: 26507 (code=dumped, signal=ABRT)

Jun 18 00:56:30 nixbook systemd[1]: ipsec.service: Scheduled restart job, restart counter is at 5.
Jun 18 00:56:30 nixbook systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Jun 18 00:56:30 nixbook systemd[1]: ipsec.service: Start request repeated too quickly.
Jun 18 00:56:30 nixbook systemd[1]: ipsec.service: Failed with result 'core-dump'.
Jun 18 00:56:30 nixbook systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.

marcuskoze
 
Posts: 31
Joined: Jun 4th, '11, 16:24

Re: L2TP VPN connection on Mageia 7.1 Plasma - how to setup?

Postby doktor5000 » Jun 18th, '20, 00:14

marcuskoze wrote: Process: 26507 ExecStart=/usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork (code=dumped, signal=ABRT)

From reading other reports, that might be an issue with the config. You might have to recheck that.
For some setup and debugging hints, see e.g. https://www.reddit.com/r/archlinux/comm ... _vpn_l2tp/
or maybe https://lists.libreswan.org/pipermail/s ... 00037.html or https://swan.libreswan.narkive.com/9SA2 ... ng-systemd
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 16080
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: L2TP VPN connection on Mageia 7.1 Plasma - how to setup?

Postby jiml8 » Jun 22nd, '20, 05:32

You probably should be running strongswan or openswan if you are using ipsec, and if you are using L2TP over ipsec from Linux...well...good luck with that. I think L2TP for what is essentially a base station is a very curious VPN choice, particularly if you have ipsec running as well.

Without going into it too much, I have implemented that type of setup in a commercial environment, and I don't like it at all. It seems that Microsoft and Apple don't agree on a particular algorithm that implements a checksum within the ipsec header when L2TP is used, and the result is that there are serious incompatibilities in various versions of L2TP servers. I wound up making kernel mods in our product to ignore that checksum in order to work around this issue.

To put it simply, if your company's L2TP installation works with Windows, it might not work at all with Linux. I'm far enough down the road from that work that I don't recall exactly what works with what, though I do recall that imac and iphone worked pretty easily with our system without the mods, while android and Linux wouldn't connect no matter what.

In all seriousness (and the mods are free to remove this section of the post if you think it is inappropriate advertisement) since the pandemic began we have been working to roll out a new version of our product that is specifically intended to solve your company's exact problem. Check this out: https://www.youtube.com/watch?v=MT7uUNw ... e=youtu.be
jiml8
 
Posts: 1126
Joined: Jul 7th, '13, 18:09

Re: L2TP VPN connection on Mageia 7.1 Plasma - how to setup?

Postby marcuskoze » Jun 22nd, '20, 15:08

Thank you for your input, greatly appreciated! I've had to use a temporary (hopefully) windows installation out of desperation, but I'll give your suggestions a try. I'd very much prefer a Linux environment for work/development
Last edited by doktor5000 on Jun 22nd, '20, 15:51, edited 1 time in total.
Reason: removed fullquote
marcuskoze
 
Posts: 31
Joined: Jun 4th, '11, 16:24


Return to Networking

Who is online

Users browsing this forum: No registered users and 1 guest