Unable to connect L2TP IPSec VPN from ubuntu 16.04 [duplicate]

I found the solution in developer's repository.

https://github.com/nm-l2tp/network-manager-l2tp/issues/38#issuecomment-303052751

Version 1.2.6 no longer overrides the default IPsec ciphers and I suspect your VPN server is using a legacy cipher newer strongSwan versions consider to be broken.

See the user specified IPsec cipher suites section in the README.md file on how to supplement the strongSwan default ciphers with your own :

https://github.com/nm-l2tp/network-manager-l2tp#user-specified-ipsec-ikev1-cipher-suites

I would recommend installing the ike-scan package to check what ciphers your VPN server is advertising it supports, e.g. :

$ sudo systemctl stop strongswan  
$ sudo ike-scan 123.54.76.9  
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
123.54.76.9   Main Mode Handshake returned HDR=(CKY-R=5735eb949670e5dd) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
Ending ike-scan 1.9: 1 hosts scanned in 0.263 seconds (3.80 hosts/sec).  1 returned handshake; 0 returned notify

So with this example where a broken 3DES cipher is advertised, in the advanced section of the IPsec dialog box for version 1.2.6, add the following:

Phase1 Algorithms : 3des-sha1-modp1024
Phase2 Algorithms : 3des-sha1

After all steps try you L2TP connnection, it must be established.

Unable to connect L2TP IPSec VPN from ubuntu 16.04 [duplicate]

Related

Recent Posts