Xerus - missing L2TP plugin for Network-Manager?

16.04 openvpn

On my Windows 7 box, I used Cisco AnyConnect to remote into my workplace network. Now playing wih Xerus. I set up an L2TP VPN connection using nmcli, but not much luck activating it:

root@hannahdesktop:~# nmcli connection up work-VPN Error: Connection activation failed: The VPN service 'org.freedesktop.NetworkManager.l2tp' was not installed.

I can't seem to find the package that supposedly contains it. Installing xl2tpd and strongswan was not helpful. Below is the full list of Network-Manager plugins at my disposal:

root@hannahdesktop:~# apt-cache search network-manager
network-manager - network management framework (daemon and userspace tools)
network-manager-dev - network management framework (development files)
network-manager-gnome - network management framework (GNOME frontend)
network-manager-pptp - network management framework (PPTP plugin core)
network-manager-pptp-gnome - network management framework (PPTP plugin GNOME GUI)
network-manager-iodine - network management framework (iodine plugin core)
network-manager-iodine-gnome - network management framework (iodine plugin GNOME GUI)
network-manager-openconnect - network management framework (OpenConnect plugin)
network-manager-openconnect-gnome - network management framework (OpenConnect plugin GNOME GUI)
network-manager-openvpn - network management framework (OpenVPN plugin core)
network-manager-openvpn-gnome - network management framework (OpenVPN plugin GNOME GUI)
network-manager-ssh - network management framework (SSH plugin core)
network-manager-ssh-gnome - network management framework (SSH plugin GNOME GUI)
network-manager-strongswan - network management framework (strongSwan plugin)
network-manager-vpnc - network management framework (VPNC plugin core)
network-manager-vpnc-gnome - network management framework (VPNC plugin GNOME GUI)
mate-gnome-main-menu-applet - GNOME start menu applet for MATE
strongswan-nm - strongSwan plugin to interact with NetworkManager

I tried installing third-party VPN clients and setting them up instead of Network-Manager, but the two I tested (Ike and another one) were VERY verbose when it comes to security settings. All I have is the vpn server address, my username, password and NT domain. I'm happy to try another client if Network-Manager doesn't support L2TP anymore, but might need an ELI5 manual. Any tips would be appreciated


Solution 1:

Not sure if people are still interested 6 months after this question was asked, but I think I have a solution. This worked for me on Kubuntu 16.10.

Compiling

As user563731 mentioned, the network-manager-l2tp plugin is not available in the Ubuntu or Debian repositories, and must be compiled from source.

  1. Install the required packages to compile:

    sudo apt install git intltool libtool network-manager-dev libnm-util-dev libnm-glib-dev libnm-glib-vpn-dev libnm-gtk-dev libnm-dev libnma-dev ppp-dev libdbus-glib-1-dev libsecret-1-dev libgtk-3-dev libglib2.0-dev xl2tpd strongswan

  2. Download the source code from the network-manager-l2tp GitHub repository and change into the newly created directory: 

    git clone https://github.com/nm-l2tp/network-manager-l2tp.git
cd network-manager-l2tp

  3. Run the autogen.sh script downloaded from the repository:

    ./autogen.sh

  4. Configure the compile options as specified for Debian/Ubuntu in the README file:

    ./configure \
--disable-static --prefix=/usr \
--sysconfdir=/etc --libdir=/usr/lib/x86_64-linux-gnu \
--libexecdir=/usr/lib/NetworkManager \
--localstatedir=/var \
--with-pppd-plugin-dir=/usr/lib/pppd/2.4.7

  5. Compile with make. This may take some time:

    make

  6. Copy the produced files to the proper locations. As far as I can tell, only 4 files need to be copied, despite the massive amount the make process created:

    cp nm-l2tp-service.name /usr/lib/NetworkManager/VPN/
cp nm-l2tp-service.conf /etc/dbus-1/system.d/
cp src/nm-l2tp-service /usr/lib/NetworkManager/
cp src/.libs/nm-l2tp-pppd-plugin.so /usr/lib/pppd/2.4.7/

Additional workarounds & troubleshooting

I'm only listing the problems I experienced. For additional troubleshooting, make sure to review the links in the "Sources" section below.

AppArmor denies access to charon or stroke

When you connect, you may see errors in /var/log/syslog along the lines of "apparmor DENIED /usr/lib/ipsec/charon" or "reading from socket failed: Permission denied". The workaround for this is to disable AppArmor profiles for charon and stroke:

sudo ln -s /etc/apparmor.d/usr.lib.ipsec.charon /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.charon
sudo ln -s /etc/apparmor.d/usr.lib.ipsec.stroke /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/usr.lib.ipsec.stroke

Port 1701 is busy, use ephemeral

This error appearing in /var/log/syslog is indicative of xl2tpd already running. Make sure the daemon isn't running: 

systemctl stop xl2tpd

Then disable it to make sure it doesn't start again on the next reboot:

systemctl disable xl2tpd

The network-manager-l2tp plugin likes to start and stop this daemon on demand, so it's best to leave it disabled.

Minor problems that I encountered that I don't have solutions for, but aren't too horrible to live with

  • For the duration of the time the VPN is connected, /var/log/syslog is flooded with "xl2tpd: network_thread: unable to find call or tunnel to handle packet." I don't know what this means or how to fix it.
  • When the VPN is disconnected, it leaves behind a "ppp0" network interface. When re-connected, it creates a new "ppp1" network interface. It seems to do this indefinitely and does not remove any of them until you reboot.
  • Remote DNS servers on the other side of the VPN tunnel are not automatically assigned. I have to manually add my DNS settings to the "IPv4" tab in the connection settings.

Sources

  • Steps 1, 6, and AppArmor workaround: https://github.com/nm-l2tp/network-manager-l2tp/issues/12
  • Steps 3 through 5: https://github.com/nm-l2tp/network-manager-l2tp/blob/master/README.md

Solution 2:

You can use

sudo add-apt-repository ppa:nm-l2tp/network-manager-l2tp  
sudo apt-get update  
sudo apt-get install network-manager-l2tp

To install the network manager l2tp that supports L2TP for ubuntu 16.04

Walkthrough for building from source: http://blog.z-proj.com/enabling-l2tp-over-ipsec-on-ubuntu-16-04/

Solution 3:

NetworkManager-l2tp is a VPN plugin for NetworkManager 1.2 which provides support for L2TP and L2TP/IPsec (i.e. L2TP over IPsec) connections.

For the moment, you need to build network-manager-l2tp from source code, see:

  • https://github.com/nm-l2tp/network-manager-l2tp
  • https://github.com/nm-l2tp/network-manager-l2tp/issues/12

Related

No access to Samba shares
notify-osd replaced with dunst after switching back to unity from i3wm
How do I use MAAS to prepare to install OpenStack?
How to update Qt from 5.5.1 to 5.9.5 on Ubuntu 16.04
DisplayLink USB 3.0 Not working on Ubuntu 14.04LTS
How can I get the A2DP output option and the input working again?
Why do none of my local servers resolve?
What's ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES with CocoaPods, Swift 3 and Xcode 8
Is there any reason to use C instead of C++ for embedded development? [closed]
Send Outlook Email Via Python?
Remove println() for release version iOS Swift
'Failed to unlink socket file" error in MongoDB 3.0