Network Manager L2TP+IPSEC with PSK fails to connect

Issues & Assistance Networking Support
1

Hello Garuda.

As the title says. The connection works with Win10 and Android.
Every forum search returns null resolutions.

Thanks.

Cool distro BTW. Hope to stick with it.

System:
Kernel: 6.0.12-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 12.2.0
parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
root=UUID=04f4a94a-60b5-424d-a5bc-8228bc0a1f76 rw rootflags=subvol=@
quiet quiet splash rd.udev.log_priority=3 vt.global_cursor_default=0
loglevel=3 ibt=off
Desktop: KDE Plasma v: 5.26.4 tk: Qt v: 5.15.7 info: latte-dock
wm: kwin_x11 vt: 1 dm: SDDM Distro: Garuda Linux base: Arch Linux
Machine:
Type: Desktop System: Gigabyte product: Z170X-UD3 v: N/A
serial: <superuser required>
Mobo: Gigabyte model: Z170X-UD3-CF v: x.x serial: <superuser required>
UEFI-[Legacy]: American Megatrends v: F23g date: 03/09/2018
CPU:
Info: model: Intel Core i7-6700K bits: 64 type: MT MCP arch: Skylake-S
gen: core 6 level: v3 note: check built: 2015 process: Intel 14nm family: 6
model-id: 0x5E (94) stepping: 3 microcode: 0xF0
Topology: cpus: 1x cores: 4 tpc: 2 threads: 8 smt: enabled cache:
L1: 256 KiB desc: d-4x32 KiB; i-4x32 KiB L2: 1024 KiB desc: 4x256 KiB
L3: 8 MiB desc: 1x8 MiB
Speed (MHz): avg: 4018 high: 4151 min/max: 800/4200 scaling:
driver: intel_pstate governor: performance cores: 1: 4000 2: 4000 3: 4151
4: 4000 5: 4000 6: 4000 7: 4000 8: 4000 bogomips: 63999
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
Vulnerabilities:
Type: itlb_multihit status: KVM: VMX disabled
Type: l1tf mitigation: PTE Inversion; VMX: conditional cache flushes, SMT
vulnerable
Type: mds mitigation: Clear CPU buffers; SMT vulnerable
Type: meltdown mitigation: PTI
Type: mmio_stale_data mitigation: Clear CPU buffers; SMT vulnerable
Type: retbleed mitigation: IBRS
Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via
prctl
Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer
sanitization
Type: spectre_v2 mitigation: IBRS, IBPB: conditional, RSB filling,
PBRSB-eIBRS: Not affected
Type: srbds mitigation: Microcode
Type: tsx_async_abort mitigation: TSX disabled
Graphics:
Device-1: Intel HD Graphics 530 vendor: Gigabyte driver: i915 v: kernel
arch: Gen-9 process: Intel 14n built: 2015-16 ports: active: none
empty: DP-1, HDMI-A-1, HDMI-A-2, HDMI-A-3 bus-ID: 00:02.0
chip-ID: 8086:1912 class-ID: 0380
Device-2: NVIDIA GP104 [GeForce GTX 1070] vendor: CardExpert
driver: nvidia v: 525.60.11 alternate: nouveau,nvidia_drm non-free: 525.xx+
status: current (as of 2022-12) arch: Pascal code: GP10x
process: TSMC 16nm built: 2016-21 pcie: gen: 3 speed: 8 GT/s lanes: 16
bus-ID: 01:00.0 chip-ID: 10de:1b81 class-ID: 0300
Display: x11 server: X.Org v: 21.1.5 with: Xwayland v: 22.1.6
compositor: kwin_x11 driver: X: loaded: modesetting,nvidia unloaded: nouveau
alternate: fbdev,intel,nv,vesa dri: iris gpu: i915,nvidia display-ID: :0
screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 33 s-size: 1478x831mm (58.19x32.72")
s-diag: 1696mm (66.76")
Monitor-1: HDMI-0 res: 1920x1080 hz: 60 dpi: 34
size: 1440x810mm (56.69x31.89") diag: 1652mm (65.05") modes: N/A
API: OpenGL v: 4.6.0 NVIDIA 525.60.11 renderer: NVIDIA GeForce GTX
1070/PCIe/SSE2 direct render: Yes
Audio:
Device-1: Intel 100 Series/C230 Series Family HD Audio vendor: Gigabyte
driver: snd_hda_intel v: kernel bus-ID: 00:1f.3 chip-ID: 8086:a170
class-ID: 0403
Device-2: NVIDIA GP104 High Definition Audio vendor: CardExpert
driver: snd_hda_intel v: kernel pcie: gen: 3 speed: 8 GT/s lanes: 16
bus-ID: 01:00.1 chip-ID: 10de:10f0 class-ID: 0403
Sound API: ALSA v: k6.0.12-zen1-1-zen running: yes
Sound Server-1: PulseAudio v: 16.1 running: no
Sound Server-2: PipeWire v: 0.3.63 running: yes
Network:
Device-1: Intel Ethernet I219-V vendor: Gigabyte driver: e1000e v: kernel
port: N/A bus-ID: 00:1f.6 chip-ID: 8086:15b8 class-ID: 0200
IF: enp0s31f6 state: up speed: 1000 Mbps duplex: full mac: <filter>
Bluetooth:
Device-1: Cambridge Silicon Radio Bluetooth Dongle (HCI mode) type: USB
driver: btusb v: 0.8 bus-ID: 1-7:3 chip-ID: 0a12:0001 class-ID: e001
Report: bt-adapter ID: hci0 rfk-id: 0 state: up address: <filter>
Drives:
Local Storage: total: 4.1 TiB used: 172.44 GiB (4.1%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Samsung
model: MZVLB1T0HALR-000L7 size: 953.87 GiB block-size: physical: 512 B
logical: 512 B speed: 31.6 Gb/s lanes: 4 type: SSD serial: <filter>
rev: 4L2QEXA7 temp: 17.9 C scheme: GPT
ID-2: /dev/sda maj-min: 8:0 vendor: Kingston model: SA400S37480G
size: 447.13 GiB block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s
type: SSD serial: <filter> rev: 0000 scheme: MBR
ID-3: /dev/sdb maj-min: 8:16 vendor: Toshiba model: HDWD120 size: 1.82 TiB
block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s type: HDD
rpm: 7200 serial: <filter> rev: ACF0 scheme: MBR
ID-4: /dev/sdc maj-min: 8:32 vendor: Crucial model: CT1000BX500SSD1
size: 931.51 GiB block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s
type: SSD serial: <filter> rev: 056 scheme: MBR
Partition:
ID-1: / raw-size: 931.51 GiB size: 931.51 GiB (100.00%)
used: 172.44 GiB (18.5%) fs: btrfs dev: /dev/sdc1 maj-min: 8:33
ID-2: /home raw-size: 931.51 GiB size: 931.51 GiB (100.00%)
used: 172.44 GiB (18.5%) fs: btrfs dev: /dev/sdc1 maj-min: 8:33
ID-3: /var/log raw-size: 931.51 GiB size: 931.51 GiB (100.00%)
used: 172.44 GiB (18.5%) fs: btrfs dev: /dev/sdc1 maj-min: 8:33
ID-4: /var/tmp raw-size: 931.51 GiB size: 931.51 GiB (100.00%)
used: 172.44 GiB (18.5%) fs: btrfs dev: /dev/sdc1 maj-min: 8:33
Swap:
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default)
ID-1: swap-1 type: zram size: 31.23 GiB used: 512 KiB (0.0%) priority: 100
dev: /dev/zram0
Sensors:
System Temperatures: cpu: 33.0 C mobo: N/A gpu: nvidia temp: 50 C
Fan Speeds (RPM): N/A gpu: nvidia fan: 0%
Info:
Processes: 257 Uptime: 10h 24m wakeups: 0 Memory: 31.23 GiB
used: 4.15 GiB (13.3%) Init: systemd v: 252 default: graphical
tool: systemctl Compilers: gcc: 12.2.0 Packages: pm: pacman pkgs: 1871
libs: 522 tools: octopi,pamac,paru Shell: fish v: 3.5.1 default: Bash
v: 5.1.16 running-in: yakuake inxi: 3.3.24
Garuda (2.6.10-1):
System install date:     2022-12-13
Last full system update: 2022-12-15
Is partially upgraded:   No
Relevant software:       NetworkManager
Windows dual boot:       <superuser required>
Snapshots:               Snapper
Failed units:
2

Hi there, welcome to the forum.
Please check if this helps:
https://wiki.archlinux.org/title/Openswan_L2TP/IPsec_VPN_client_setup

2 Likes
3

Thanks for the reply filo.

Tried up to #2.3 but that's as far as I go. I don't want to brick my new install again on day three.
VPN is not "bleeding edge" technology therefore it should work out of the box on everything.

Not worth the headache. I'll just boot to windows AGAIN if I need my work PC. Been doing it
for 27 years now. Linux just does not want to ever grow up. :frowning:

I know it's totally different, but OpenVPN to home Router from work PC connects flawlessly.
(Garuda on VBox no less)

Cheers.

4

As the saying goes, “you can lead a horse to water but you cannot make them drink.” :smirk:

“Not ‘bleeding edge’” is a heck of an understatement for L2TP; it’s over twenty years old at this point. Getting outdated technology like this working properly can be tricky because no one is working on improving the stack anymore–the development community has moved on.

Do you have to use L2TP for some reason? Not only does it appear to be somewhat clunky to configure, but compared to some of the more modern VPN standards it is considered slow and unreliable.

There are all-GUI OpenVPN options that would give you the “out of the box” experience you are after, or Tailscale is shockingly simple to set up…heck, even manually configuring WireGuard peers looks simpler than the L2TP/IPsec document Filo linked.

If by “grow up” you mean “set up your computer and configure your programs so you don’t have to do anything”, then yes: Linux can be considered one of the Lost Boys. Some of us are drawn to Linux because we can set up and configure things ourselves.

Perhaps it is for the best you’ve decided to give up and go back to Windows to resolve your issue. However, if you change your mind and would like some help figuring out how to get your VPN configured, a good place to start would be adding more information to the thread (your configs, what you have tried, what is happening besides “fails to connect”). So far all we know is it doesn’t “work out of the box”. :wink:

8 Likes
5

I mark-it-solved ! :slight_smile:

2 Likes
6

Hey Bluish, thanks for the read.

I'm stuck with L2TP at work because that is what the whole corp uses. They aint gonna change it for my pretty hazel eyes.

I'm all for fixing things myself and have no problem tinkering with things, in fact I enjoy it. But this issue is one that I feel I shouldn't have to waste my time on. Especially how everything else did "just work" right out of the box. For this I am greatfull. Linux should be at a point were we can just install it and enjoy.

Sure, have distro's that you need to code from boot, for those into that kind of thing, but a polished, modern distro should have everyday tools working correctly. VPN is one of them.

If this is, however, really old and defunkt technology then just remove it completely from the options. If it's in there people would expect it to work.

And don't get me wrong, I'm almost certain this is not a Garuda issue. I'm willing to bet it's broke on Manjaro as well.

Anyways, I was tired when I made the post. Maybe I'll give the rest of the solution a spin sometime. I'm busy trying to get my Steam library running first.

Work can wait.. :wink:

1 Like
7

Did you talk about

?

Open issue there, to remove it.

8

Please don’t follow the above instructions for setting up NetworkManager-l2tp as they don’t work, it is also very confusing as NetworkManager-l2tp hasn’t used openswan in over 6 years. Whatever you do, do not start the strongswan service like that page suggests as it will break NetworkManager-l2tp. The following is an example of someone who followed that page and couldn’t get NetworkManager-l2tp to work until they stopped the strongswan service:

I would recommend running the following command to see what the logs say is the issue as per the README.md file:

sudo journalctl --no-hostname _SYSTEMD_UNIT=NetworkManager.service + SYSLOG_IDENTIFIER=pppd

If you have NetworkManager-l2tp issues, I recommend posting the log file to the NetworkManager-l2tp issues page (maybe obfuscate any the IP address you don’t want to make public) :
Issues ¡ nm-l2tp/NetworkManager-l2tp (github.com)

9

No, Im running KDE Dragonized Gaming Edition.

10

Thx Mate! Will give it a try.

11

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.