1

I want to connect an Ubuntu client to a VPN server in l2tp/ipsec mode. I used l2tp-ipsec-vpn and network-manager-l2tp on Ubuntu 16 . in 2 cases I get this error : "vpn-connection failed to connect because VPN service fails to start" Also I used xl2tpd and strongswan and I get the same error Is there a stable package ( on Ubuntu ot or other distro ) ? If yes can you provide me a link for step by step configuration

test test
  • 11
  • 1
  • 4

1 Answers1

2

The two most likely issues users have with network-manager-l2tp :

  1. Using a VPN server that is using legacy IPsec IKEv1 ciphers that current stable releases of strongswan consider to be broken as they have been cracked:

See the 'IPsec IKEv1 ciphers' section on the following page on how to query your VPN server for a list of supported ciphers and how to specify legacy ciphers in the Phase 1 and Phase 2 algorithm text boxes of the advanced section of the IPsec dialog box.

-

  1. Issue with not stopping system xl2tpd service, see:

If you are having IPsec issues with strongswan and network-manger-l2tp, you could try installing and using libreswan instead with:

sudo apt install libreswan

Also have a look at the following page for other issues:

A backport of network-manager-l2tp packages from Debian Sid and Ubuntu 17.10 (Artful Aardvark) can be found here:

Douglas Kosovic
  • 711
  • 3
  • 6
  • The "other issues" were rather important for me (libreswan). Setting Phase 2 to `aes256-sha1,aes128-sha1,3des-sha1` worked. That info is buried in the page, so I'm adding it here for others/future self. – Jonathan Dickinson Nov 18 '20 at 20:49
  • `sudo systemctl stop xl2tpd && sudo systemctl disable xl2tpd` was also important *despite* the lack of the error message the README indicates. – Jonathan Dickinson Nov 18 '20 at 20:56
  • Ubuntu seems to be restarting xl2tpd on its own accord - despite disabling it. Another option is to edit `/etc/xl2tpd/xl2tpd.conf`, uncomment the `[global]` and `port` lines and set the port to something arbitrary (e.g. 17010) - that way it won't interfere with the client. – Jonathan Dickinson Nov 24 '20 at 21:13
  • Newer versions of network-manager-l2tp now use a combination of Phase 1 & 2 proposals from iOS and Win10 for its defaults, so in general you shouldn't need to set Phase 1 & 2 anymore. Ubuntu 18.04 has a really old version of network-manager-l2tp from 2017. I would recommend the newer network-manager-l2tp packages from https://launchpad.net/~nm-l2tp/+archive/ubuntu/network-manager-l2tp. There is no error message mentioned in the "Issue with not stopping system xl2tpd service" section of the README.md file, which error message are you saying it is indicating? – Douglas Kosovic Nov 25 '20 at 03:32
  • All my comments were required to get it working on Groovy. My second and third comments refer to "Issue with not stopping system xl2tpd service." On Groovy, stopping the service *does* work but disabling it has no effect. In addition, something (I am not sure what) restarts the service after some time, which will even terminate an active connection (after black-holing it for a few minutes). – Jonathan Dickinson Nov 30 '20 at 17:52