[strongSwan] Problem connecting to L2TP/IPSec VPN

Jonas Koperdraat jonas at jonaskoperdraat.nl
Tue Oct 16 22:16:37 CEST 2018


Hello there,

I'm having trouble connecting to my company's VPN from my Linux laptop. I
have spent quite some time trying to figure out what might be causing this
problem, but frankly my knowledge on the subject is limited, so I'm hoping
someone here might be able to help me in the right direction. Any help
would be greatly appreciated!

My campany uses an L2TP VPN with en IPSec tunnel. Using the same
credentials as I'm using on my laptop, I am able to connect to the network
from my mobile phone funning Android Oreo, without any problems, but from
my laptop I am unable to connect.

I am running Ubuntu 18.04.1 LTS.

jonas at Jonas-XPS13:~$ uname -a
Linux Jonas-XPS13 4.15.0-1018-oem #21-Ubuntu SMP Tue Aug 28 14:12:47 UTC
2018 x86_64 x86_64 x86_64 GNU/Linux

Following these instructions, I added the L2TP network manager to Gnome:
https://medium.com/@hkdb/ubuntu-16-04-connecting-to-l2tp-over-ipsec-via-network-manager-204b5d475721

However, I wasn't able to connect. This stackoverflow question/answer
(among others) mentioned that I might have to specify phase 1 and phase 2
algorithms:
https://askubuntu.com/questions/904217/unable-to-connect-l2tp-ipsec-vpn-from-ubuntu-16-04

I ran an ike-scan, from which I concluded that the VPN indeed uses old
algorithms, so I added 3des-sha1-modp1024! and 3des-sha1! as phase 1 and
phase 2 algorithms. For good measure I added the exclamation marks, as some
solutions mentioned that might be required.

jonas at Jonas-XPS13:~$ sudo ike-scan -v office.********.nl
DEBUG: pkt len=336 bytes, bandwidth=56000 bps, int=52000 us
Starting ike-scan 1.9.4 with 1 hosts (
http://www.nta-monitor.com/tools/ike-scan/)
87.213.34.174 Main Mode Handshake returned HDR=(CKY-R=254e5ebbbb17c30a)
SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds
LifeDuration=28800) VID=5b362bc820f60007 (SonicWall-7)

Ending ike-scan 1.9.4: 1 hosts scanned in 0.060 seconds (16.70 hosts/sec).
1 returned handshake; 0 returned notify

Unfortunately, even though that seemed to be the solution for the majority
of the problems I encountered online, I am still unable to connect. Below
are links to pastebins with relevant information:

Logging of a connection attempt: https://pastebin.com/cEwMQjjC
/etc/strongswan.conf: https://pastebin.com/LppKLiqw
/etc/strongswan.d/charon.conf https://pastebin.com/9ecW0LXJ

Kind regards and thanks in advance,

Jonas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181016/a2ad4507/attachment.html>


More information about the Users mailing list