VPN - L2TP over IPSec connection












0















I'm using Ubuntu 18.10. VPN is working on Win10
I can't establish VPN with my MikroTik router.



I tried this phases algorithms, but It's not working with any of them.



1.



Phase1 aes-sha1
Phase2 aes-sha1


2.



Phase1 3des-sha1-modp1024
Phase2 3des-sha1


3.



Phase1 3des-sha1;modp1024
Phase2 3des-sha1


4.



Phase1 aes256-sha1-modp1536
Phase2 aes256-sha1


4) Is working with DraytekRouter.



I used sudo tail -f /var/log/syslog to get logs and I'm attaching it.
Can someone help me?



LOG:



Jan 21 11:21:20 11e dbus-daemon[1193]: [session uid=1000 pid=1193] Activating via systemd: service name='org.gnome.Terminal' unit='gnome-terminal-server.service' requested by ':1.88' (uid=1000 pid=3161 comm="/usr/bin/gnome-terminal.real --window " label="unconfined")
Jan 21 11:21:20 11e systemd[1125]: Starting GNOME Terminal Server...
Jan 21 11:21:20 11e dbus-daemon[1193]: [session uid=1000 pid=1193] Successfully activated service 'org.gnome.Terminal'
Jan 21 11:21:20 11e systemd[1125]: Started GNOME Terminal Server.
Jan 21 11:21:20 11e org.gnome.Shell.desktop[1565]: # watch_fast: "/org/gnome/terminal/legacy/" (establishing: 0, active: 0)
Jan 21 11:21:20 11e org.gnome.Shell.desktop[1565]: # unwatch_fast: "/org/gnome/terminal/legacy/" (active: 0, establishing: 1)
Jan 21 11:21:20 11e org.gnome.Shell.desktop[1565]: # watch_established: "/org/gnome/terminal/legacy/" (establishing: 0)
Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.3542] audit: op="connection-activate" uuid="33a76ea6-0d47-46a5-8310-01a80de375db" name="VPN" pid=1565 uid=1000 result="success"
Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.3729] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: Started the VPN service, PID 3194
Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.3941] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: Saw the service appear; activating connection
Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.7926] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN connection: (ConnectInteractive) reply received
Jan 21 11:21:34 11e nm-l2tp-service[3194]: Check port 1701
Jan 21 11:21:34 11e NetworkManager[939]: Stopping strongSwan IPsec failed: starter is not running
Jan 21 11:21:36 11e NetworkManager[939]: Starting strongSwan 5.6.3 IPsec [starter]...
Jan 21 11:21:36 11e NetworkManager[939]: Loading config setup
Jan 21 11:21:36 11e NetworkManager[939]: Loading conn '33a76ea6-0d47-46a5-8310-01a80de375db'
Jan 21 11:21:36 11e NetworkManager[939]: found netkey IPsec stack
Jan 21 11:21:36 11e charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.18.0-13-generic, x86_64)
Jan 21 11:21:36 11e charon: 00[CFG] PKCS11 module '<name>' lacks library path
Jan 21 11:21:37 11e charon: 00[CFG] disabling load-tester plugin, not configured
Jan 21 11:21:37 11e charon: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Jan 21 11:21:37 11e charon: 00[CFG] dnscert plugin is disabled
Jan 21 11:21:37 11e charon: 00[CFG] ipseckey plugin is disabled
Jan 21 11:21:37 11e charon: 00[CFG] attr-sql plugin: database URI not set
Jan 21 11:21:37 11e charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jan 21 11:21:37 11e charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jan 21 11:21:37 11e charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jan 21 11:21:37 11e charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jan 21 11:21:37 11e charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets'
Jan 21 11:21:37 11e charon: 00[CFG] loaded IKE secret for %any
Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets'
Jan 21 11:21:37 11e charon: 00[CFG] loaded IKE secret for %any
Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets'
Jan 21 11:21:37 11e charon: 00[CFG] loaded IKE secret for %any
Jan 21 11:21:37 11e charon: 00[CFG] sql plugin: database URI not set
Jan 21 11:21:37 11e charon: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Jan 21 11:21:37 11e charon: 00[CFG] eap-simaka-sql database URI missing
Jan 21 11:21:37 11e charon: 00[CFG] loaded 0 RADIUS server configurations
Jan 21 11:21:37 11e charon: 00[CFG] HA config misses local/remote address
Jan 21 11:21:37 11e charon: 00[CFG] no threshold configured for systime-fix, disabled
Jan 21 11:21:37 11e charon: 00[CFG] coupling file path unspecified
Jan 21 11:21:37 11e charon: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
Jan 21 11:21:37 11e charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Jan 21 11:21:37 11e charon: 00[JOB] spawning 16 worker threads
Jan 21 11:21:37 11e charon: 06[CFG] received stroke: add connection '33a76ea6-0d47-46a5-8310-01a80de375db'
Jan 21 11:21:37 11e charon: 06[CFG] a DH group is mandatory in IKE proposals
Jan 21 11:21:37 11e charon: 06[CFG] skipped invalid proposal string: aes-sha1
Jan 21 11:21:37 11e charon: 07[CFG] rereading secrets
Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets'
Jan 21 11:21:37 11e charon: 07[CFG] loaded IKE secret for %any
Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets'
Jan 21 11:21:37 11e charon: 07[CFG] loaded IKE secret for %any
Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets'
Jan 21 11:21:37 11e charon: 07[CFG] loaded IKE secret for %any
Jan 21 11:21:38 11e charon: 09[CFG] received stroke: initiate '33a76ea6-0d47-46a5-8310-01a80de375db'
Jan 21 11:21:38 11e charon: 09[CFG] no config named '33a76ea6-0d47-46a5-8310-01a80de375db'
Jan 21 11:21:38 11e NetworkManager[939]: no config named '33a76ea6-0d47-46a5-8310-01a80de375db'
Jan 21 11:21:38 11e NetworkManager[939]: Stopping strongSwan IPsec...
Jan 21 11:21:38 11e charon: 00[DMN] signal of type SIGINT received. Shutting down
Jan 21 11:21:38 11e nm-l2tp-service[3194]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Jan 21 11:21:38 11e NetworkManager[939]: <info> [1548066098.4190] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN plugin: state changed: stopped (6)
Jan 21 11:21:38 11e NetworkManager[939]: <info> [1548066098.4266] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN service disappeared
Jan 21 11:21:38 11e NetworkManager[939]: <warn> [1548066098.4286] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Jan 21 11:21:41 11e NetworkManager[939]: <info> [1548066101.4689] manager: NetworkManager state is now CONNECTED_SITE
Jan 21 11:21:41 11e whoopsie[1461]: [11:21:41] offline
Jan 21 11:21:41 11e dbus-daemon[907]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.16' (uid=0 pid=939 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
Jan 21 11:21:41 11e systemd[1]: Starting Network Manager Script Dispatcher Service...
Jan 21 11:21:41 11e dbus-daemon[907]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jan 21 11:21:41 11e systemd[1]: Started Network Manager Script Dispatcher Service.
Jan 21 11:21:41 11e nm-dispatcher: req:1 'connectivity-change': new request (1 scripts)
Jan 21 11:21:41 11e nm-dispatcher: req:1 'connectivity-change': start running ordered scripts...
Jan 21 11:21:42 11e NetworkManager[939]: <info> [1548066102.8242] manager: NetworkManager state is now CONNECTED_GLOBAL
Jan 21 11:21:42 11e nm-dispatcher: req:2 'connectivity-change': new request (1 scripts)
Jan 21 11:21:42 11e nm-dispatcher: req:2 'connectivity-change': start running ordered scripts...
Jan 21 11:21:42 11e whoopsie[1461]: [11:21:42] The default IPv4 route is: /org/freedesktop/NetworkManager/ActiveConnection/2
Jan 21 11:21:42 11e whoopsie[1461]: [11:21:42] Not a paid data plan: /org/freedesktop/NetworkManager/ActiveConnection/2
Jan 21 11:21:42 11e whoopsie[1461]: [11:21:42] Found usable connection: /org/freedesktop/NetworkManager/ActiveConnection/2
Jan 21 11:21:44 11e whoopsie[1461]: [11:21:44] online
Jan 21 11:21:44 11e PackageKit: get-updates transaction /353_bdeecdcb from uid 1000 finished with success after 1991ms
Jan 21 11:21:46 11e PackageKit: get-updates transaction /354_bebcbabc from uid 1000 finished with success after 1864ms
Jan 21 11:21:48 11e PackageKit: get-updates transaction /355_cbeeacae from uid 1000 finished with success after 1878ms
Jan 21 11:21:50 11e PackageKit: get-updates transaction /356_bbecbebe from uid 1000 finished with success after 1847ms
Jan 21 11:21:52 11e PackageKit: get-updates transaction /357_bebedaba from uid 1000 finished with success after 1877ms


enter image description here










share|improve this question





























    0















    I'm using Ubuntu 18.10. VPN is working on Win10
    I can't establish VPN with my MikroTik router.



    I tried this phases algorithms, but It's not working with any of them.



    1.



    Phase1 aes-sha1
    Phase2 aes-sha1


    2.



    Phase1 3des-sha1-modp1024
    Phase2 3des-sha1


    3.



    Phase1 3des-sha1;modp1024
    Phase2 3des-sha1


    4.



    Phase1 aes256-sha1-modp1536
    Phase2 aes256-sha1


    4) Is working with DraytekRouter.



    I used sudo tail -f /var/log/syslog to get logs and I'm attaching it.
    Can someone help me?



    LOG:



    Jan 21 11:21:20 11e dbus-daemon[1193]: [session uid=1000 pid=1193] Activating via systemd: service name='org.gnome.Terminal' unit='gnome-terminal-server.service' requested by ':1.88' (uid=1000 pid=3161 comm="/usr/bin/gnome-terminal.real --window " label="unconfined")
    Jan 21 11:21:20 11e systemd[1125]: Starting GNOME Terminal Server...
    Jan 21 11:21:20 11e dbus-daemon[1193]: [session uid=1000 pid=1193] Successfully activated service 'org.gnome.Terminal'
    Jan 21 11:21:20 11e systemd[1125]: Started GNOME Terminal Server.
    Jan 21 11:21:20 11e org.gnome.Shell.desktop[1565]: # watch_fast: "/org/gnome/terminal/legacy/" (establishing: 0, active: 0)
    Jan 21 11:21:20 11e org.gnome.Shell.desktop[1565]: # unwatch_fast: "/org/gnome/terminal/legacy/" (active: 0, establishing: 1)
    Jan 21 11:21:20 11e org.gnome.Shell.desktop[1565]: # watch_established: "/org/gnome/terminal/legacy/" (establishing: 0)
    Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.3542] audit: op="connection-activate" uuid="33a76ea6-0d47-46a5-8310-01a80de375db" name="VPN" pid=1565 uid=1000 result="success"
    Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.3729] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: Started the VPN service, PID 3194
    Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.3941] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: Saw the service appear; activating connection
    Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.7926] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN connection: (ConnectInteractive) reply received
    Jan 21 11:21:34 11e nm-l2tp-service[3194]: Check port 1701
    Jan 21 11:21:34 11e NetworkManager[939]: Stopping strongSwan IPsec failed: starter is not running
    Jan 21 11:21:36 11e NetworkManager[939]: Starting strongSwan 5.6.3 IPsec [starter]...
    Jan 21 11:21:36 11e NetworkManager[939]: Loading config setup
    Jan 21 11:21:36 11e NetworkManager[939]: Loading conn '33a76ea6-0d47-46a5-8310-01a80de375db'
    Jan 21 11:21:36 11e NetworkManager[939]: found netkey IPsec stack
    Jan 21 11:21:36 11e charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.18.0-13-generic, x86_64)
    Jan 21 11:21:36 11e charon: 00[CFG] PKCS11 module '<name>' lacks library path
    Jan 21 11:21:37 11e charon: 00[CFG] disabling load-tester plugin, not configured
    Jan 21 11:21:37 11e charon: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
    Jan 21 11:21:37 11e charon: 00[CFG] dnscert plugin is disabled
    Jan 21 11:21:37 11e charon: 00[CFG] ipseckey plugin is disabled
    Jan 21 11:21:37 11e charon: 00[CFG] attr-sql plugin: database URI not set
    Jan 21 11:21:37 11e charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
    Jan 21 11:21:37 11e charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
    Jan 21 11:21:37 11e charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
    Jan 21 11:21:37 11e charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
    Jan 21 11:21:37 11e charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
    Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
    Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets'
    Jan 21 11:21:37 11e charon: 00[CFG] loaded IKE secret for %any
    Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets'
    Jan 21 11:21:37 11e charon: 00[CFG] loaded IKE secret for %any
    Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets'
    Jan 21 11:21:37 11e charon: 00[CFG] loaded IKE secret for %any
    Jan 21 11:21:37 11e charon: 00[CFG] sql plugin: database URI not set
    Jan 21 11:21:37 11e charon: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
    Jan 21 11:21:37 11e charon: 00[CFG] eap-simaka-sql database URI missing
    Jan 21 11:21:37 11e charon: 00[CFG] loaded 0 RADIUS server configurations
    Jan 21 11:21:37 11e charon: 00[CFG] HA config misses local/remote address
    Jan 21 11:21:37 11e charon: 00[CFG] no threshold configured for systime-fix, disabled
    Jan 21 11:21:37 11e charon: 00[CFG] coupling file path unspecified
    Jan 21 11:21:37 11e charon: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
    Jan 21 11:21:37 11e charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
    Jan 21 11:21:37 11e charon: 00[JOB] spawning 16 worker threads
    Jan 21 11:21:37 11e charon: 06[CFG] received stroke: add connection '33a76ea6-0d47-46a5-8310-01a80de375db'
    Jan 21 11:21:37 11e charon: 06[CFG] a DH group is mandatory in IKE proposals
    Jan 21 11:21:37 11e charon: 06[CFG] skipped invalid proposal string: aes-sha1
    Jan 21 11:21:37 11e charon: 07[CFG] rereading secrets
    Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
    Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets'
    Jan 21 11:21:37 11e charon: 07[CFG] loaded IKE secret for %any
    Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets'
    Jan 21 11:21:37 11e charon: 07[CFG] loaded IKE secret for %any
    Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets'
    Jan 21 11:21:37 11e charon: 07[CFG] loaded IKE secret for %any
    Jan 21 11:21:38 11e charon: 09[CFG] received stroke: initiate '33a76ea6-0d47-46a5-8310-01a80de375db'
    Jan 21 11:21:38 11e charon: 09[CFG] no config named '33a76ea6-0d47-46a5-8310-01a80de375db'
    Jan 21 11:21:38 11e NetworkManager[939]: no config named '33a76ea6-0d47-46a5-8310-01a80de375db'
    Jan 21 11:21:38 11e NetworkManager[939]: Stopping strongSwan IPsec...
    Jan 21 11:21:38 11e charon: 00[DMN] signal of type SIGINT received. Shutting down
    Jan 21 11:21:38 11e nm-l2tp-service[3194]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
    Jan 21 11:21:38 11e NetworkManager[939]: <info> [1548066098.4190] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN plugin: state changed: stopped (6)
    Jan 21 11:21:38 11e NetworkManager[939]: <info> [1548066098.4266] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN service disappeared
    Jan 21 11:21:38 11e NetworkManager[939]: <warn> [1548066098.4286] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
    Jan 21 11:21:41 11e NetworkManager[939]: <info> [1548066101.4689] manager: NetworkManager state is now CONNECTED_SITE
    Jan 21 11:21:41 11e whoopsie[1461]: [11:21:41] offline
    Jan 21 11:21:41 11e dbus-daemon[907]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.16' (uid=0 pid=939 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
    Jan 21 11:21:41 11e systemd[1]: Starting Network Manager Script Dispatcher Service...
    Jan 21 11:21:41 11e dbus-daemon[907]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
    Jan 21 11:21:41 11e systemd[1]: Started Network Manager Script Dispatcher Service.
    Jan 21 11:21:41 11e nm-dispatcher: req:1 'connectivity-change': new request (1 scripts)
    Jan 21 11:21:41 11e nm-dispatcher: req:1 'connectivity-change': start running ordered scripts...
    Jan 21 11:21:42 11e NetworkManager[939]: <info> [1548066102.8242] manager: NetworkManager state is now CONNECTED_GLOBAL
    Jan 21 11:21:42 11e nm-dispatcher: req:2 'connectivity-change': new request (1 scripts)
    Jan 21 11:21:42 11e nm-dispatcher: req:2 'connectivity-change': start running ordered scripts...
    Jan 21 11:21:42 11e whoopsie[1461]: [11:21:42] The default IPv4 route is: /org/freedesktop/NetworkManager/ActiveConnection/2
    Jan 21 11:21:42 11e whoopsie[1461]: [11:21:42] Not a paid data plan: /org/freedesktop/NetworkManager/ActiveConnection/2
    Jan 21 11:21:42 11e whoopsie[1461]: [11:21:42] Found usable connection: /org/freedesktop/NetworkManager/ActiveConnection/2
    Jan 21 11:21:44 11e whoopsie[1461]: [11:21:44] online
    Jan 21 11:21:44 11e PackageKit: get-updates transaction /353_bdeecdcb from uid 1000 finished with success after 1991ms
    Jan 21 11:21:46 11e PackageKit: get-updates transaction /354_bebcbabc from uid 1000 finished with success after 1864ms
    Jan 21 11:21:48 11e PackageKit: get-updates transaction /355_cbeeacae from uid 1000 finished with success after 1878ms
    Jan 21 11:21:50 11e PackageKit: get-updates transaction /356_bbecbebe from uid 1000 finished with success after 1847ms
    Jan 21 11:21:52 11e PackageKit: get-updates transaction /357_bebedaba from uid 1000 finished with success after 1877ms


    enter image description here










    share|improve this question



























      0












      0








      0








      I'm using Ubuntu 18.10. VPN is working on Win10
      I can't establish VPN with my MikroTik router.



      I tried this phases algorithms, but It's not working with any of them.



      1.



      Phase1 aes-sha1
      Phase2 aes-sha1


      2.



      Phase1 3des-sha1-modp1024
      Phase2 3des-sha1


      3.



      Phase1 3des-sha1;modp1024
      Phase2 3des-sha1


      4.



      Phase1 aes256-sha1-modp1536
      Phase2 aes256-sha1


      4) Is working with DraytekRouter.



      I used sudo tail -f /var/log/syslog to get logs and I'm attaching it.
      Can someone help me?



      LOG:



      Jan 21 11:21:20 11e dbus-daemon[1193]: [session uid=1000 pid=1193] Activating via systemd: service name='org.gnome.Terminal' unit='gnome-terminal-server.service' requested by ':1.88' (uid=1000 pid=3161 comm="/usr/bin/gnome-terminal.real --window " label="unconfined")
      Jan 21 11:21:20 11e systemd[1125]: Starting GNOME Terminal Server...
      Jan 21 11:21:20 11e dbus-daemon[1193]: [session uid=1000 pid=1193] Successfully activated service 'org.gnome.Terminal'
      Jan 21 11:21:20 11e systemd[1125]: Started GNOME Terminal Server.
      Jan 21 11:21:20 11e org.gnome.Shell.desktop[1565]: # watch_fast: "/org/gnome/terminal/legacy/" (establishing: 0, active: 0)
      Jan 21 11:21:20 11e org.gnome.Shell.desktop[1565]: # unwatch_fast: "/org/gnome/terminal/legacy/" (active: 0, establishing: 1)
      Jan 21 11:21:20 11e org.gnome.Shell.desktop[1565]: # watch_established: "/org/gnome/terminal/legacy/" (establishing: 0)
      Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.3542] audit: op="connection-activate" uuid="33a76ea6-0d47-46a5-8310-01a80de375db" name="VPN" pid=1565 uid=1000 result="success"
      Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.3729] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: Started the VPN service, PID 3194
      Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.3941] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: Saw the service appear; activating connection
      Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.7926] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN connection: (ConnectInteractive) reply received
      Jan 21 11:21:34 11e nm-l2tp-service[3194]: Check port 1701
      Jan 21 11:21:34 11e NetworkManager[939]: Stopping strongSwan IPsec failed: starter is not running
      Jan 21 11:21:36 11e NetworkManager[939]: Starting strongSwan 5.6.3 IPsec [starter]...
      Jan 21 11:21:36 11e NetworkManager[939]: Loading config setup
      Jan 21 11:21:36 11e NetworkManager[939]: Loading conn '33a76ea6-0d47-46a5-8310-01a80de375db'
      Jan 21 11:21:36 11e NetworkManager[939]: found netkey IPsec stack
      Jan 21 11:21:36 11e charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.18.0-13-generic, x86_64)
      Jan 21 11:21:36 11e charon: 00[CFG] PKCS11 module '<name>' lacks library path
      Jan 21 11:21:37 11e charon: 00[CFG] disabling load-tester plugin, not configured
      Jan 21 11:21:37 11e charon: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
      Jan 21 11:21:37 11e charon: 00[CFG] dnscert plugin is disabled
      Jan 21 11:21:37 11e charon: 00[CFG] ipseckey plugin is disabled
      Jan 21 11:21:37 11e charon: 00[CFG] attr-sql plugin: database URI not set
      Jan 21 11:21:37 11e charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
      Jan 21 11:21:37 11e charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
      Jan 21 11:21:37 11e charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
      Jan 21 11:21:37 11e charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
      Jan 21 11:21:37 11e charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
      Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
      Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets'
      Jan 21 11:21:37 11e charon: 00[CFG] loaded IKE secret for %any
      Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets'
      Jan 21 11:21:37 11e charon: 00[CFG] loaded IKE secret for %any
      Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets'
      Jan 21 11:21:37 11e charon: 00[CFG] loaded IKE secret for %any
      Jan 21 11:21:37 11e charon: 00[CFG] sql plugin: database URI not set
      Jan 21 11:21:37 11e charon: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
      Jan 21 11:21:37 11e charon: 00[CFG] eap-simaka-sql database URI missing
      Jan 21 11:21:37 11e charon: 00[CFG] loaded 0 RADIUS server configurations
      Jan 21 11:21:37 11e charon: 00[CFG] HA config misses local/remote address
      Jan 21 11:21:37 11e charon: 00[CFG] no threshold configured for systime-fix, disabled
      Jan 21 11:21:37 11e charon: 00[CFG] coupling file path unspecified
      Jan 21 11:21:37 11e charon: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
      Jan 21 11:21:37 11e charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
      Jan 21 11:21:37 11e charon: 00[JOB] spawning 16 worker threads
      Jan 21 11:21:37 11e charon: 06[CFG] received stroke: add connection '33a76ea6-0d47-46a5-8310-01a80de375db'
      Jan 21 11:21:37 11e charon: 06[CFG] a DH group is mandatory in IKE proposals
      Jan 21 11:21:37 11e charon: 06[CFG] skipped invalid proposal string: aes-sha1
      Jan 21 11:21:37 11e charon: 07[CFG] rereading secrets
      Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
      Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets'
      Jan 21 11:21:37 11e charon: 07[CFG] loaded IKE secret for %any
      Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets'
      Jan 21 11:21:37 11e charon: 07[CFG] loaded IKE secret for %any
      Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets'
      Jan 21 11:21:37 11e charon: 07[CFG] loaded IKE secret for %any
      Jan 21 11:21:38 11e charon: 09[CFG] received stroke: initiate '33a76ea6-0d47-46a5-8310-01a80de375db'
      Jan 21 11:21:38 11e charon: 09[CFG] no config named '33a76ea6-0d47-46a5-8310-01a80de375db'
      Jan 21 11:21:38 11e NetworkManager[939]: no config named '33a76ea6-0d47-46a5-8310-01a80de375db'
      Jan 21 11:21:38 11e NetworkManager[939]: Stopping strongSwan IPsec...
      Jan 21 11:21:38 11e charon: 00[DMN] signal of type SIGINT received. Shutting down
      Jan 21 11:21:38 11e nm-l2tp-service[3194]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
      Jan 21 11:21:38 11e NetworkManager[939]: <info> [1548066098.4190] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN plugin: state changed: stopped (6)
      Jan 21 11:21:38 11e NetworkManager[939]: <info> [1548066098.4266] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN service disappeared
      Jan 21 11:21:38 11e NetworkManager[939]: <warn> [1548066098.4286] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
      Jan 21 11:21:41 11e NetworkManager[939]: <info> [1548066101.4689] manager: NetworkManager state is now CONNECTED_SITE
      Jan 21 11:21:41 11e whoopsie[1461]: [11:21:41] offline
      Jan 21 11:21:41 11e dbus-daemon[907]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.16' (uid=0 pid=939 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
      Jan 21 11:21:41 11e systemd[1]: Starting Network Manager Script Dispatcher Service...
      Jan 21 11:21:41 11e dbus-daemon[907]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
      Jan 21 11:21:41 11e systemd[1]: Started Network Manager Script Dispatcher Service.
      Jan 21 11:21:41 11e nm-dispatcher: req:1 'connectivity-change': new request (1 scripts)
      Jan 21 11:21:41 11e nm-dispatcher: req:1 'connectivity-change': start running ordered scripts...
      Jan 21 11:21:42 11e NetworkManager[939]: <info> [1548066102.8242] manager: NetworkManager state is now CONNECTED_GLOBAL
      Jan 21 11:21:42 11e nm-dispatcher: req:2 'connectivity-change': new request (1 scripts)
      Jan 21 11:21:42 11e nm-dispatcher: req:2 'connectivity-change': start running ordered scripts...
      Jan 21 11:21:42 11e whoopsie[1461]: [11:21:42] The default IPv4 route is: /org/freedesktop/NetworkManager/ActiveConnection/2
      Jan 21 11:21:42 11e whoopsie[1461]: [11:21:42] Not a paid data plan: /org/freedesktop/NetworkManager/ActiveConnection/2
      Jan 21 11:21:42 11e whoopsie[1461]: [11:21:42] Found usable connection: /org/freedesktop/NetworkManager/ActiveConnection/2
      Jan 21 11:21:44 11e whoopsie[1461]: [11:21:44] online
      Jan 21 11:21:44 11e PackageKit: get-updates transaction /353_bdeecdcb from uid 1000 finished with success after 1991ms
      Jan 21 11:21:46 11e PackageKit: get-updates transaction /354_bebcbabc from uid 1000 finished with success after 1864ms
      Jan 21 11:21:48 11e PackageKit: get-updates transaction /355_cbeeacae from uid 1000 finished with success after 1878ms
      Jan 21 11:21:50 11e PackageKit: get-updates transaction /356_bbecbebe from uid 1000 finished with success after 1847ms
      Jan 21 11:21:52 11e PackageKit: get-updates transaction /357_bebedaba from uid 1000 finished with success after 1877ms


      enter image description here










      share|improve this question
















      I'm using Ubuntu 18.10. VPN is working on Win10
      I can't establish VPN with my MikroTik router.



      I tried this phases algorithms, but It's not working with any of them.



      1.



      Phase1 aes-sha1
      Phase2 aes-sha1


      2.



      Phase1 3des-sha1-modp1024
      Phase2 3des-sha1


      3.



      Phase1 3des-sha1;modp1024
      Phase2 3des-sha1


      4.



      Phase1 aes256-sha1-modp1536
      Phase2 aes256-sha1


      4) Is working with DraytekRouter.



      I used sudo tail -f /var/log/syslog to get logs and I'm attaching it.
      Can someone help me?



      LOG:



      Jan 21 11:21:20 11e dbus-daemon[1193]: [session uid=1000 pid=1193] Activating via systemd: service name='org.gnome.Terminal' unit='gnome-terminal-server.service' requested by ':1.88' (uid=1000 pid=3161 comm="/usr/bin/gnome-terminal.real --window " label="unconfined")
      Jan 21 11:21:20 11e systemd[1125]: Starting GNOME Terminal Server...
      Jan 21 11:21:20 11e dbus-daemon[1193]: [session uid=1000 pid=1193] Successfully activated service 'org.gnome.Terminal'
      Jan 21 11:21:20 11e systemd[1125]: Started GNOME Terminal Server.
      Jan 21 11:21:20 11e org.gnome.Shell.desktop[1565]: # watch_fast: "/org/gnome/terminal/legacy/" (establishing: 0, active: 0)
      Jan 21 11:21:20 11e org.gnome.Shell.desktop[1565]: # unwatch_fast: "/org/gnome/terminal/legacy/" (active: 0, establishing: 1)
      Jan 21 11:21:20 11e org.gnome.Shell.desktop[1565]: # watch_established: "/org/gnome/terminal/legacy/" (establishing: 0)
      Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.3542] audit: op="connection-activate" uuid="33a76ea6-0d47-46a5-8310-01a80de375db" name="VPN" pid=1565 uid=1000 result="success"
      Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.3729] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: Started the VPN service, PID 3194
      Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.3941] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: Saw the service appear; activating connection
      Jan 21 11:21:34 11e NetworkManager[939]: <info> [1548066094.7926] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN connection: (ConnectInteractive) reply received
      Jan 21 11:21:34 11e nm-l2tp-service[3194]: Check port 1701
      Jan 21 11:21:34 11e NetworkManager[939]: Stopping strongSwan IPsec failed: starter is not running
      Jan 21 11:21:36 11e NetworkManager[939]: Starting strongSwan 5.6.3 IPsec [starter]...
      Jan 21 11:21:36 11e NetworkManager[939]: Loading config setup
      Jan 21 11:21:36 11e NetworkManager[939]: Loading conn '33a76ea6-0d47-46a5-8310-01a80de375db'
      Jan 21 11:21:36 11e NetworkManager[939]: found netkey IPsec stack
      Jan 21 11:21:36 11e charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.18.0-13-generic, x86_64)
      Jan 21 11:21:36 11e charon: 00[CFG] PKCS11 module '<name>' lacks library path
      Jan 21 11:21:37 11e charon: 00[CFG] disabling load-tester plugin, not configured
      Jan 21 11:21:37 11e charon: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
      Jan 21 11:21:37 11e charon: 00[CFG] dnscert plugin is disabled
      Jan 21 11:21:37 11e charon: 00[CFG] ipseckey plugin is disabled
      Jan 21 11:21:37 11e charon: 00[CFG] attr-sql plugin: database URI not set
      Jan 21 11:21:37 11e charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
      Jan 21 11:21:37 11e charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
      Jan 21 11:21:37 11e charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
      Jan 21 11:21:37 11e charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
      Jan 21 11:21:37 11e charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
      Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
      Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets'
      Jan 21 11:21:37 11e charon: 00[CFG] loaded IKE secret for %any
      Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets'
      Jan 21 11:21:37 11e charon: 00[CFG] loaded IKE secret for %any
      Jan 21 11:21:37 11e charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets'
      Jan 21 11:21:37 11e charon: 00[CFG] loaded IKE secret for %any
      Jan 21 11:21:37 11e charon: 00[CFG] sql plugin: database URI not set
      Jan 21 11:21:37 11e charon: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
      Jan 21 11:21:37 11e charon: 00[CFG] eap-simaka-sql database URI missing
      Jan 21 11:21:37 11e charon: 00[CFG] loaded 0 RADIUS server configurations
      Jan 21 11:21:37 11e charon: 00[CFG] HA config misses local/remote address
      Jan 21 11:21:37 11e charon: 00[CFG] no threshold configured for systime-fix, disabled
      Jan 21 11:21:37 11e charon: 00[CFG] coupling file path unspecified
      Jan 21 11:21:37 11e charon: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
      Jan 21 11:21:37 11e charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
      Jan 21 11:21:37 11e charon: 00[JOB] spawning 16 worker threads
      Jan 21 11:21:37 11e charon: 06[CFG] received stroke: add connection '33a76ea6-0d47-46a5-8310-01a80de375db'
      Jan 21 11:21:37 11e charon: 06[CFG] a DH group is mandatory in IKE proposals
      Jan 21 11:21:37 11e charon: 06[CFG] skipped invalid proposal string: aes-sha1
      Jan 21 11:21:37 11e charon: 07[CFG] rereading secrets
      Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
      Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets'
      Jan 21 11:21:37 11e charon: 07[CFG] loaded IKE secret for %any
      Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets'
      Jan 21 11:21:37 11e charon: 07[CFG] loaded IKE secret for %any
      Jan 21 11:21:37 11e charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets'
      Jan 21 11:21:37 11e charon: 07[CFG] loaded IKE secret for %any
      Jan 21 11:21:38 11e charon: 09[CFG] received stroke: initiate '33a76ea6-0d47-46a5-8310-01a80de375db'
      Jan 21 11:21:38 11e charon: 09[CFG] no config named '33a76ea6-0d47-46a5-8310-01a80de375db'
      Jan 21 11:21:38 11e NetworkManager[939]: no config named '33a76ea6-0d47-46a5-8310-01a80de375db'
      Jan 21 11:21:38 11e NetworkManager[939]: Stopping strongSwan IPsec...
      Jan 21 11:21:38 11e charon: 00[DMN] signal of type SIGINT received. Shutting down
      Jan 21 11:21:38 11e nm-l2tp-service[3194]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
      Jan 21 11:21:38 11e NetworkManager[939]: <info> [1548066098.4190] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN plugin: state changed: stopped (6)
      Jan 21 11:21:38 11e NetworkManager[939]: <info> [1548066098.4266] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN service disappeared
      Jan 21 11:21:38 11e NetworkManager[939]: <warn> [1548066098.4286] vpn-connection[0x55e2429c4330,33a76ea6-0d47-46a5-8310-01a80de375db,"VPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
      Jan 21 11:21:41 11e NetworkManager[939]: <info> [1548066101.4689] manager: NetworkManager state is now CONNECTED_SITE
      Jan 21 11:21:41 11e whoopsie[1461]: [11:21:41] offline
      Jan 21 11:21:41 11e dbus-daemon[907]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.16' (uid=0 pid=939 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
      Jan 21 11:21:41 11e systemd[1]: Starting Network Manager Script Dispatcher Service...
      Jan 21 11:21:41 11e dbus-daemon[907]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
      Jan 21 11:21:41 11e systemd[1]: Started Network Manager Script Dispatcher Service.
      Jan 21 11:21:41 11e nm-dispatcher: req:1 'connectivity-change': new request (1 scripts)
      Jan 21 11:21:41 11e nm-dispatcher: req:1 'connectivity-change': start running ordered scripts...
      Jan 21 11:21:42 11e NetworkManager[939]: <info> [1548066102.8242] manager: NetworkManager state is now CONNECTED_GLOBAL
      Jan 21 11:21:42 11e nm-dispatcher: req:2 'connectivity-change': new request (1 scripts)
      Jan 21 11:21:42 11e nm-dispatcher: req:2 'connectivity-change': start running ordered scripts...
      Jan 21 11:21:42 11e whoopsie[1461]: [11:21:42] The default IPv4 route is: /org/freedesktop/NetworkManager/ActiveConnection/2
      Jan 21 11:21:42 11e whoopsie[1461]: [11:21:42] Not a paid data plan: /org/freedesktop/NetworkManager/ActiveConnection/2
      Jan 21 11:21:42 11e whoopsie[1461]: [11:21:42] Found usable connection: /org/freedesktop/NetworkManager/ActiveConnection/2
      Jan 21 11:21:44 11e whoopsie[1461]: [11:21:44] online
      Jan 21 11:21:44 11e PackageKit: get-updates transaction /353_bdeecdcb from uid 1000 finished with success after 1991ms
      Jan 21 11:21:46 11e PackageKit: get-updates transaction /354_bebcbabc from uid 1000 finished with success after 1864ms
      Jan 21 11:21:48 11e PackageKit: get-updates transaction /355_cbeeacae from uid 1000 finished with success after 1878ms
      Jan 21 11:21:50 11e PackageKit: get-updates transaction /356_bbecbebe from uid 1000 finished with success after 1847ms
      Jan 21 11:21:52 11e PackageKit: get-updates transaction /357_bebedaba from uid 1000 finished with success after 1877ms


      enter image description here







      vpn






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 21 at 11:22









      pomsky

      31.2k1194127




      31.2k1194127










      asked Jan 21 at 11:05









      jarzabek_waclawjarzabek_waclaw

      1




      1






















          1 Answer
          1






          active

          oldest

          votes


















          0














          I would recommend deleting the following generated files that didn't get deleted for one reason or another:



          /etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets
          /etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets
          /etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets


          The error message says you didn't specify a DH group for phase 1.



          From the screenshot, it does not say what the AES key size is (unless aes is an alias for aes128) nor what the Diffie Hellman (DH) group is.



          Run the ike-scan.sh script from the following page to help determine what you need for Phase 1 :




          • https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues


          issue something like the following:



          sudo ipsec stop
          chmod a+rx ./ike-scan.sh
          sudo ./ike-scan.sh 10.10.10.250 | grep SA=


          Then lets us know what the output is.



          You may need to put an exclmation mark (!) at the end of phase 1 and 2.



          The list of strongswan algorithms can be found here:




          • https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites






          share|improve this answer


























          • I can't delete files because there is no such file or directory. This script just did nothing...

            – jarzabek_waclaw
            Jan 22 at 5:22













          • You need to be root to delete the files and for the wildcard expansion. e.g. sudo su - root followed by rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets

            – Douglas Kosovic
            Jan 22 at 6:09













          • You definitely installed the ike-scan package that the script uses?

            – Douglas Kosovic
            Jan 22 at 6:11











          • Just doing an educated guess based on the screenshot, for phase 1 aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! might work and similarly for phase 2 aes128-sha1!

            – Douglas Kosovic
            Jan 22 at 6:28











          • Ok, so... Every time I use sudo su - root rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets I can once connect to MikroTik VPN. If I want to reconnect i have to use command again. And round and round... I also changed phase 1 and 2 for aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! aes128-sha1! Yes, I installed ike-scan ike-scan is already the newest version (1.9.4-1ubuntu2). It's just fresh ubuntu instalation... Also, I still can't connect to some VPN's e.g. made on VyOS.

            – jarzabek_waclaw
            Jan 23 at 21:37











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1111615%2fvpn-l2tp-over-ipsec-connection%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          I would recommend deleting the following generated files that didn't get deleted for one reason or another:



          /etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets
          /etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets
          /etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets


          The error message says you didn't specify a DH group for phase 1.



          From the screenshot, it does not say what the AES key size is (unless aes is an alias for aes128) nor what the Diffie Hellman (DH) group is.



          Run the ike-scan.sh script from the following page to help determine what you need for Phase 1 :




          • https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues


          issue something like the following:



          sudo ipsec stop
          chmod a+rx ./ike-scan.sh
          sudo ./ike-scan.sh 10.10.10.250 | grep SA=


          Then lets us know what the output is.



          You may need to put an exclmation mark (!) at the end of phase 1 and 2.



          The list of strongswan algorithms can be found here:




          • https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites






          share|improve this answer


























          • I can't delete files because there is no such file or directory. This script just did nothing...

            – jarzabek_waclaw
            Jan 22 at 5:22













          • You need to be root to delete the files and for the wildcard expansion. e.g. sudo su - root followed by rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets

            – Douglas Kosovic
            Jan 22 at 6:09













          • You definitely installed the ike-scan package that the script uses?

            – Douglas Kosovic
            Jan 22 at 6:11











          • Just doing an educated guess based on the screenshot, for phase 1 aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! might work and similarly for phase 2 aes128-sha1!

            – Douglas Kosovic
            Jan 22 at 6:28











          • Ok, so... Every time I use sudo su - root rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets I can once connect to MikroTik VPN. If I want to reconnect i have to use command again. And round and round... I also changed phase 1 and 2 for aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! aes128-sha1! Yes, I installed ike-scan ike-scan is already the newest version (1.9.4-1ubuntu2). It's just fresh ubuntu instalation... Also, I still can't connect to some VPN's e.g. made on VyOS.

            – jarzabek_waclaw
            Jan 23 at 21:37
















          0














          I would recommend deleting the following generated files that didn't get deleted for one reason or another:



          /etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets
          /etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets
          /etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets


          The error message says you didn't specify a DH group for phase 1.



          From the screenshot, it does not say what the AES key size is (unless aes is an alias for aes128) nor what the Diffie Hellman (DH) group is.



          Run the ike-scan.sh script from the following page to help determine what you need for Phase 1 :




          • https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues


          issue something like the following:



          sudo ipsec stop
          chmod a+rx ./ike-scan.sh
          sudo ./ike-scan.sh 10.10.10.250 | grep SA=


          Then lets us know what the output is.



          You may need to put an exclmation mark (!) at the end of phase 1 and 2.



          The list of strongswan algorithms can be found here:




          • https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites






          share|improve this answer


























          • I can't delete files because there is no such file or directory. This script just did nothing...

            – jarzabek_waclaw
            Jan 22 at 5:22













          • You need to be root to delete the files and for the wildcard expansion. e.g. sudo su - root followed by rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets

            – Douglas Kosovic
            Jan 22 at 6:09













          • You definitely installed the ike-scan package that the script uses?

            – Douglas Kosovic
            Jan 22 at 6:11











          • Just doing an educated guess based on the screenshot, for phase 1 aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! might work and similarly for phase 2 aes128-sha1!

            – Douglas Kosovic
            Jan 22 at 6:28











          • Ok, so... Every time I use sudo su - root rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets I can once connect to MikroTik VPN. If I want to reconnect i have to use command again. And round and round... I also changed phase 1 and 2 for aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! aes128-sha1! Yes, I installed ike-scan ike-scan is already the newest version (1.9.4-1ubuntu2). It's just fresh ubuntu instalation... Also, I still can't connect to some VPN's e.g. made on VyOS.

            – jarzabek_waclaw
            Jan 23 at 21:37














          0












          0








          0







          I would recommend deleting the following generated files that didn't get deleted for one reason or another:



          /etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets
          /etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets
          /etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets


          The error message says you didn't specify a DH group for phase 1.



          From the screenshot, it does not say what the AES key size is (unless aes is an alias for aes128) nor what the Diffie Hellman (DH) group is.



          Run the ike-scan.sh script from the following page to help determine what you need for Phase 1 :




          • https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues


          issue something like the following:



          sudo ipsec stop
          chmod a+rx ./ike-scan.sh
          sudo ./ike-scan.sh 10.10.10.250 | grep SA=


          Then lets us know what the output is.



          You may need to put an exclmation mark (!) at the end of phase 1 and 2.



          The list of strongswan algorithms can be found here:




          • https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites






          share|improve this answer















          I would recommend deleting the following generated files that didn't get deleted for one reason or another:



          /etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets
          /etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets
          /etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets


          The error message says you didn't specify a DH group for phase 1.



          From the screenshot, it does not say what the AES key size is (unless aes is an alias for aes128) nor what the Diffie Hellman (DH) group is.



          Run the ike-scan.sh script from the following page to help determine what you need for Phase 1 :




          • https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues


          issue something like the following:



          sudo ipsec stop
          chmod a+rx ./ike-scan.sh
          sudo ./ike-scan.sh 10.10.10.250 | grep SA=


          Then lets us know what the output is.



          You may need to put an exclmation mark (!) at the end of phase 1 and 2.



          The list of strongswan algorithms can be found here:




          • https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jan 23 at 3:26

























          answered Jan 21 at 11:26









          Douglas KosovicDouglas Kosovic

          33614




          33614













          • I can't delete files because there is no such file or directory. This script just did nothing...

            – jarzabek_waclaw
            Jan 22 at 5:22













          • You need to be root to delete the files and for the wildcard expansion. e.g. sudo su - root followed by rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets

            – Douglas Kosovic
            Jan 22 at 6:09













          • You definitely installed the ike-scan package that the script uses?

            – Douglas Kosovic
            Jan 22 at 6:11











          • Just doing an educated guess based on the screenshot, for phase 1 aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! might work and similarly for phase 2 aes128-sha1!

            – Douglas Kosovic
            Jan 22 at 6:28











          • Ok, so... Every time I use sudo su - root rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets I can once connect to MikroTik VPN. If I want to reconnect i have to use command again. And round and round... I also changed phase 1 and 2 for aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! aes128-sha1! Yes, I installed ike-scan ike-scan is already the newest version (1.9.4-1ubuntu2). It's just fresh ubuntu instalation... Also, I still can't connect to some VPN's e.g. made on VyOS.

            – jarzabek_waclaw
            Jan 23 at 21:37



















          • I can't delete files because there is no such file or directory. This script just did nothing...

            – jarzabek_waclaw
            Jan 22 at 5:22













          • You need to be root to delete the files and for the wildcard expansion. e.g. sudo su - root followed by rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets

            – Douglas Kosovic
            Jan 22 at 6:09













          • You definitely installed the ike-scan package that the script uses?

            – Douglas Kosovic
            Jan 22 at 6:11











          • Just doing an educated guess based on the screenshot, for phase 1 aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! might work and similarly for phase 2 aes128-sha1!

            – Douglas Kosovic
            Jan 22 at 6:28











          • Ok, so... Every time I use sudo su - root rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets I can once connect to MikroTik VPN. If I want to reconnect i have to use command again. And round and round... I also changed phase 1 and 2 for aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! aes128-sha1! Yes, I installed ike-scan ike-scan is already the newest version (1.9.4-1ubuntu2). It's just fresh ubuntu instalation... Also, I still can't connect to some VPN's e.g. made on VyOS.

            – jarzabek_waclaw
            Jan 23 at 21:37

















          I can't delete files because there is no such file or directory. This script just did nothing...

          – jarzabek_waclaw
          Jan 22 at 5:22







          I can't delete files because there is no such file or directory. This script just did nothing...

          – jarzabek_waclaw
          Jan 22 at 5:22















          You need to be root to delete the files and for the wildcard expansion. e.g. sudo su - root followed by rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets

          – Douglas Kosovic
          Jan 22 at 6:09







          You need to be root to delete the files and for the wildcard expansion. e.g. sudo su - root followed by rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets

          – Douglas Kosovic
          Jan 22 at 6:09















          You definitely installed the ike-scan package that the script uses?

          – Douglas Kosovic
          Jan 22 at 6:11





          You definitely installed the ike-scan package that the script uses?

          – Douglas Kosovic
          Jan 22 at 6:11













          Just doing an educated guess based on the screenshot, for phase 1 aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! might work and similarly for phase 2 aes128-sha1!

          – Douglas Kosovic
          Jan 22 at 6:28





          Just doing an educated guess based on the screenshot, for phase 1 aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! might work and similarly for phase 2 aes128-sha1!

          – Douglas Kosovic
          Jan 22 at 6:28













          Ok, so... Every time I use sudo su - root rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets I can once connect to MikroTik VPN. If I want to reconnect i have to use command again. And round and round... I also changed phase 1 and 2 for aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! aes128-sha1! Yes, I installed ike-scan ike-scan is already the newest version (1.9.4-1ubuntu2). It's just fresh ubuntu instalation... Also, I still can't connect to some VPN's e.g. made on VyOS.

          – jarzabek_waclaw
          Jan 23 at 21:37





          Ok, so... Every time I use sudo su - root rm -f /etc/ipsec.d/nm-l2tp-ipsec-*.secrets I can once connect to MikroTik VPN. If I want to reconnect i have to use command again. And round and round... I also changed phase 1 and 2 for aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048! aes128-sha1! Yes, I installed ike-scan ike-scan is already the newest version (1.9.4-1ubuntu2). It's just fresh ubuntu instalation... Also, I still can't connect to some VPN's e.g. made on VyOS.

          – jarzabek_waclaw
          Jan 23 at 21:37


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1111615%2fvpn-l2tp-over-ipsec-connection%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Human spaceflight

          Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

          張江高科駅