<div dir="ltr"><div dir="ltr">All,<div><br></div><div>I am having issues building a config for clients using network manager (testing with Ubuntu 18.04). This connection works from the CLI using this ipsec.conf: </div><div><br></div><div><i><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit">conn %default</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> </span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-SpellingError gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-repeat:repeat-x;background-position:0% 100%;background-image:url("data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==");border-bottom:1px solid transparent;background-color:inherit">ikelifetime</span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit">=60m</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> </span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-SpellingError gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-repeat:repeat-x;background-position:0% 100%;background-image:url("data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==");border-bottom:1px solid transparent;background-color:inherit">keylife</span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit">=20m</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> </span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-SpellingError gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-repeat:repeat-x;background-position:0% 100%;background-image:url("data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==");border-bottom:1px solid transparent;background-color:inherit">rekeymargin</span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit">=3m</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> </span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-SpellingError gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-repeat:repeat-x;background-position:0% 100%;background-image:url("data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==");border-bottom:1px solid transparent;background-color:inherit">keyingtries</span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit">=1</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> </span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-SpellingError gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-repeat:repeat-x;background-position:0% 100%;background-image:url("data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==");border-bottom:1px solid transparent;background-color:inherit">keyexchange</span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit">=ikev2</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> </span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-SpellingError gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-repeat:repeat-x;background-position:0% 100%;background-image:url("data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==");border-bottom:1px solid transparent;background-color:inherit">mobike</span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> = yes</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-EmptyTextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit">conn </span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-SpellingError gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-repeat:repeat-x;background-position:0% 100%;background-image:url("data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==");border-bottom:1px solid transparent;background-color:inherit">vpn</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> left=%any</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> </span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-SpellingError gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-repeat:repeat-x;background-position:0% 100%;background-image:url("data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==");border-bottom:1px solid transparent;background-color:inherit">leftsourceip</span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit">=%config</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> </span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-SpellingError gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-repeat:repeat-x;background-position:0% 100%;background-image:url("data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==");border-bottom:1px solid transparent;background-color:inherit">leftfirewall</span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit">=yes</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> </span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-SpellingError gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-repeat:repeat-x;background-position:0% 100%;background-image:url("data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==");border-bottom:1px solid transparent;background-color:inherit">leftauth</span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit">=eap</span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit">-mschapv2</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-EmptyTextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> right=<a href="http://vpn.company.com">vpn.company.com</a></span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> rightid=%<a href="http://vpn.company.com">vpn.company.com</a></span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> rightcert=Root-CA-2.crt</span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> </span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-SpellingError gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-repeat:repeat-x;background-position:0% 100%;background-image:url("data:image/gif;base64,R0lGODlhBQAEAJECAP////8AAAAAAAAAACH5BAEAAAIALAAAAAAFAAQAAAIIlGAXCCHrTCgAOw==");border-bottom:1px solid transparent;background-color:inherit">rightsubnet</span></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit">=<a href="http://0.0.0.0/0">0.0.0.0/0</a></span></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-EmptyTextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"></span><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"> </span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span><span class="gmail-TextRun gmail-SCXW57926713 gmail-BCX0" lang="EN-US" style="margin:0px;padding:0px;color:rgb(33,33,33);font-size:11pt;font-family:Calibri,Calibri_MSFontService,sans-serif;font-kerning:none;line-height:19.425px;font-variant-ligatures:none"><span class="gmail-NormalTextRun gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;background-color:inherit"> auto=add</span></span></i><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"><i> </i></span><br class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"></span></div><div><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre"><i><br></i></span></span></div><div><span class="gmail-LineBreakBlob gmail-BlobObject gmail-DragDrop gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;color:rgb(0,0,0);font-size:11pt;line-height:19.425px;font-family:Calibri,Calibri_MSFontService,sans-serif"><span class="gmail-SCXW57926713 gmail-BCX0" style="margin:0px;padding:0px;white-space:pre">What we found key was the leftauth method has to be eap-mschapv2. That doesn't seem to be avavailbe </span></span><span style="white-space:pre;color:rgb(0,0,0);font-family:Calibri,Calibri_MSFontService,sans-serif;font-size:11pt">in the network manager config. Here is a log of the failure. </span></div><div><span style="white-space:pre;color:rgb(0,0,0);font-family:Calibri,Calibri_MSFontService,sans-serif;font-size:11pt"><br></span></div><div><font color="#000000" face="Calibri, Calibri_MSFontService, sans-serif"><span style="font-size:14.6667px;white-space:pre">Apr 16 15:54:32 ubuntu-desktop charon-nm: 09[CFG] certificate status is good
Apr 16 15:54:32 ubuntu-desktop charon-nm: 09[CFG] reached self-signed root ca with a path length of 2
Apr 16 15:54:32 ubuntu-desktop charon-nm: 09[IKE] authentication of 'CN=<a href="http://vpn.company.com">vpn.company.com</a>' with RSA signature successful
Apr 16 15:54:32 ubuntu-desktop charon-nm: 09[IKE] server requested EAP_IDENTITY (id 0x1F), sending 'csherry'
Apr 16 15:54:32 ubuntu-desktop charon-nm: 09[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 09[NET] sending packet: from 192.168.1.125[39233] to y.y.y.y[4500] (96 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 01[NET] received packet: from y.y.y.y[4500] to 192.168.1.125[39233] (80 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 01[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/PEAP ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 01[IKE] server requested EAP_PEAP authentication (id 0x20)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 01[TLS] EAP_PEAP version is v0
Apr 16 15:54:32 ubuntu-desktop charon-nm: 01[ENC] generating IKE_AUTH request 3 [ EAP/RES/PEAP ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 01[NET] sending packet: from 192.168.1.125[39233] to y.y.y.y[4500] (256 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 13[NET] received packet: from y.y.y.y[4500] to 192.168.1.125[39233] (1568 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 13[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/PEAP ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 13[ENC] generating IKE_AUTH request 4 [ EAP/RES/PEAP ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 13[NET] sending packet: from 192.168.1.125[39233] to y.y.y.y[4500] (80 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 14[NET] received packet: from y.y.y.y[4500] to 192.168.1.125[39233] (1568 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 14[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/PEAP ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 14[ENC] generating IKE_AUTH request 5 [ EAP/RES/PEAP ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 14[NET] sending packet: from 192.168.1.125[39233] to y.y.y.y[4500] (80 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 08[NET] received packet: from y.y.y.y[4500] to 192.168.1.125[39233] (1568 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 08[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/PEAP ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 08[ENC] generating IKE_AUTH request 6 [ EAP/RES/PEAP ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 08[NET] sending packet: from 192.168.1.125[39233] to y.y.y.y[4500] (80 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 02[NET] received packet: from y.y.y.y[4500] to 192.168.1.125[39233] (1568 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 02[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/PEAP ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 02[ENC] generating IKE_AUTH request 7 [ EAP/RES/PEAP ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 02[NET] sending packet: from 192.168.1.125[39233] to y.y.y.y[4500] (80 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 06[NET] received packet: from y.y.y.y[4500] to 192.168.1.125[39233] (1520 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 06[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/PEAP ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 06[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Apr 16 15:54:32 ubuntu-desktop charon-nm: 06[TLS] server certificate does not match to 'CN=<a href="http://vpn.company.com">vpn.company.com</a>'
Apr 16 15:54:32 ubuntu-desktop charon-nm: 06[TLS] sending fatal TLS alert 'access denied'
Apr 16 15:54:32 ubuntu-desktop charon-nm: 06[ENC] generating IKE_AUTH request 8 [ EAP/RES/PEAP ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 06[NET] sending packet: from 192.168.1.125[39233] to y.y.y.y[4500] (96 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 16[NET] received packet: from y.y.y.y[4500] to 192.168.1.125[39233] (80 bytes)
Apr 16 15:54:32 ubuntu-desktop charon-nm: 16[ENC] parsed IKE_AUTH response 8 [ EAP/FAIL ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 16[IKE] received EAP_FAILURE, EAP authentication failed
Apr 16 15:54:32 ubuntu-desktop charon-nm: 16[ENC] generating INFORMATIONAL request 9 [ N(AUTH_FAILED) ]
Apr 16 15:54:32 ubuntu-desktop charon-nm: 16[NET] sending packet: from 192.168.1.125[39233] to y.y.y.y[4500] (80 bytes)</span></font><span style="white-space:pre;color:rgb(0,0,0);font-family:Calibri,Calibri_MSFontService,sans-serif;font-size:11pt">
</span></div><div><span style="white-space:pre;color:rgb(0,0,0);font-family:Calibri,Calibri_MSFontService,sans-serif;font-size:11pt"><br></span></div><div><span style="white-space:pre;color:rgb(0,0,0);font-family:Calibri,Calibri_MSFontService,sans-serif;font-size:11pt">Thanks in advance,</span></div><div><span style="white-space:pre;color:rgb(0,0,0);font-family:Calibri,Calibri_MSFontService,sans-serif;font-size:11pt">Chris.</span></div></div></div>