L2TP/IPSec VPN connection on Ubuntu 17.10 — Connection failed: Activation of network connection failed
Despite considering all the following posts, [1] L2TP IPsec VPN client on Ubuntu 14.10 [2] How to connect to L2TP over IPSec VPN? [3] How to connect to L2TP over IPSec VPN? [4] l2tp/ipsec problem [5] Can´t connect VPN using network-manager-l2tp [6] L2TP/IPsec NetworkManager plugin using only username, password and PSK I have been unable to set up a connection to my university’s VPN. Although strongswan and network-manager-l2tp are running, and all data (gateway/vpn ip, username, password, pre-shared key, phase1 & phase2 algorithms) are entered, I get the error message that the «Connection failed: Activation of network connection failed.» What am I missing? EDIT 1: ike-scan
terminal output:
130.82.18.20 Main Mode Handshake returned HDR=(CKY-R=e8f536147acee1d4) SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) VID=4048b7d56ebce88525e7de7f00d6c2d3c0000000 (IKE Fragmentation)
Thus, I have set the «Advanced Options»-Tab to:
Phase 1 = 3des-sha1-modp1024
Phase 2 = 3des-sha1
[no UDP encapsulation] system xl2tpd Stopping the system xl2tpd in the terminal hasn’t helped either.
2 Answers 2
I assume you are using network-manager-l2tp-1.2.8 and network-manager-l2tp-gnome-1.2.8 packages that are available in the default Ubuntu 17.10 repository.
Have you tried stopping and disabling the system xl2tpd ? More details in the README.md file :
What is the output of running ike-scan.sh script against your university’s VPN server? You can find more details on the following page:
After seeing the output of ike-scan.sh I can advise what the phase1 & phase2 algorithms should be.
Also from the README.md file, you could look at the journalctl —boot output to help with the debugging, alternatively after issuing the following, try performing a VPN connection, which will then result in debugging info going to the terminal :
sudo killall -TERM nm-l2tp-service sudo /usr/lib/NetworkManager/nm-l2tp-service --debug Failed to Connect to PPTP VPN Server on Ubuntu
I am trying to connect to a PPTP VPN server. The same config works fine in Windows but fails in Ubuntu 12.10. It must be some configuration issue.
sudo pptpsetup --create MYVPN --server xxx.xxx.xxx.xxx --username username --password password $ sudo pppd call MYVPN updetach Using interface ppp1 Connect: ppp1 /dev/pts/2 LCP: timeout sending Config-Requests Connection terminated. Modem hangup tail -n 30 /var/log/syslog | grep -i ppp Mar 18 06:33:08 tp pppd[5082]: pppd 2.4.5 started by root, uid 0 Mar 18 06:33:08 tp pppd[5082]: Using interface ppp1 Mar 18 06:33:08 tp pppd[5082]: Connect: ppp1 /dev/pts/2 Mar 18 06:33:08 tp NetworkManager[988]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp1, iface: ppp1) Mar 18 06:33:08 tp NetworkManager[988]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp1, iface: ppp1): no ifupdown configuration found. Mar 18 06:33:08 tp NetworkManager[988]: /sys/devices/virtual/net/ppp1: couldn't determine device driver; ignoring. Mar 18 06:34:18 tp pppd[5082]: LCP: timeout sending Config-Requests Mar 18 06:34:18 tp pppd[5082]: Connection terminated. Mar 18 06:34:18 tp NetworkManager[988]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp1, iface: ppp1) Mar 18 06:34:18 tp pppd[5082]: Modem hangup Mar 18 06:34:18 tp pptp[5084]: anon warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log Mar 18 06:34:18 tp pppd[5082]: Exit. Why is it not connecting? It works fine from Windows, so it must be something with Ubuntu 12.10 settings. EDIT:
sudo pppd call MYVPN debug dump logfd 2 updetach pppd options in effect: debug # (from command line) updetach # (from command line) logfd 2 # (from command line) dump # (from command line) noauth # (from /etc/ppp/peers/MYVPN) name username # (from /etc/ppp/peers/MYVPN) remotename MYVPN # (from /etc/ppp/peers/MYVPN) # (from /etc/ppp/peers/MYVPN) pty pptp xxx.xxx.xxx.xxx --nolaunchpppd # (from /etc/ppp/peers/MYVPN) crtscts # (from /etc/ppp/options) # (from /etc/ppp/options) asyncmap 0 # (from /etc/ppp/options) lcp-echo-failure 4 # (from /etc/ppp/options) lcp-echo-interval 30 # (from /etc/ppp/options) hide-password # (from /etc/ppp/options) ipparam MYVPN # (from /etc/ppp/peers/MYVPN) nobsdcomp # (from /etc/ppp/peers/MYVPN) nodeflate # (from /etc/ppp/peers/MYVPN) noipx # (from /etc/ppp/options) using channel 27 Using interface ppp1 Connect: ppp1 /dev/pts/2 sent [LCP ConfReq ] sent [LCP ConfReq ] sent [LCP ConfReq ] rcvd [LCP ConfReq < 17 04 01 00>] sent [LCP ConfRej < 17 04 01 00>] rcvd [LCP ConfReq < 17 04 01 00>] sent [LCP ConfRej < 17 04 01 00>] sent [LCP ConfReq ] sent [LCP ConfReq ] sent [LCP ConfReq ] rcvd [LCP ConfAck ] sent [LCP ConfReq ] rcvd [LCP ConfReq < 17 04 01 00>] sent [LCP ConfRej < 17 04 01 00>] sent [LCP ConfReq ] rcvd [LCP ConfReq ] sent [LCP ConfAck ] sent [LCP ConfReq ] sent [LCP ConfReq ] sent [LCP ConfReq ] sent [LCP ConfReq ] rcvd [LCP ConfReq ] sent [LCP ConfAck ] sent [LCP ConfReq ] sent [LCP ConfReq ] sent [LCP ConfReq ] sent [LCP ConfReq ] rcvd [LCP ConfReq ] sent [LCP ConfAck ] LCP: timeout sending Config-Requests Connection terminated. Modem hangup Waiting for 1 child processes. script pptp xxx.xxx.xx.xxx --nolaunchpppd, pid 6815 Script pptp xxx.xxx.xx.xxx --nolaunchpppd finished (pid 6815), status = 0x0 How can I troubleshoot «VPN Connection Failed»?
Is there anyway to get an error log for a failed VPN connection attempt? All I get is this notification and I have no idea where to go from there.
7 Answers 7
Log is written to /var/log/syslog .
Open gnome-terminal and do sudo tail -f /var/log/syslog
This will follow the file (prints to terminal new log messages).
Now try to connect to the vpn, the messages then will start showing in the terminal.
When you are done following the log just click Ctrl+c to quit tail.
One can add markers to the log by opening another terminal and doing something like that:
logger «. Starting VPN. «
thank you. my username / password were incorrect but all I got was «connection timed out». the logs told me everything I needed to know!
The new (systemd-)variant to get the logs is
journalctl -u NetworkManager.service Not only it is a variant, but it includes more information. Only thanks to looking via journalctl , I was able to find an issue with Window VPN. pppd[15094]: MS-CHAP authentication failed: E=649 No dialin permission
In Fedora and other systemd distro’s that do not have /var/log/syslog, the VPN logs can be accessed with «sudo journalctl -f»
I’d suggest that that isn’t really relevant as this is «askubuntu», but Ubuntu is migrating to systemd, too, and while they’ll probably always have /var/log/syslog (its existence is independent of systemd, and I doubt Fedora used it before systemd), journalctl is always the correct way to view the log on systemd.
What kind of VPN are you trying to establish?
Is it PPTP (Microsoft proprietary) or Cisco-compatible ?
The easiest way would be for you to run pptp (for PPTP) or vpnc (for Cisco) from a console and see the possible errors interactively.
I think that vpnc is quite straight forward, you just need to type in the necessary info (gateway ip, group name/pass, user name/pass).
I haven’t actually used a PPTP VPN, but some info about setting it up can be found here at cyberciti