[SOLVED] Fedora 26

vwtech · 09-15-2017, 06:06 PM

About 10 days ago my L2tp VPN was working without issue.
Now I just get - "Connection fail" notification from Gnome.

Results from #sudo ipsec verify

PHP Code:



Verifying installed system and configuration files 
 
Version check and ipsec on-path                       [OK] 
Libreswan 3.21 (netkey) on 4.12.12-300.fc26.x86_64 
Checking for IPsec support in kernel                  [OK] 
 NETKEY: Testing XFRM related proc values 
         ICMP default/send_redirects                  [OK] 
         ICMP default/accept_redirects                [OK] 
         XFRM larval drop                             [OK] 
Pluto ipsec.conf syntax                               [OK] 
Two or more interfaces found, checking IP forwarding    [OK] 
Checking rp_filter                                    [OK] 
Checking that pluto is running                        [OK] 
 Pluto listening for IKE on udp 500                   [OK] 
 Pluto listening for IKE/NAT-T on udp 4500            [OK] 
 Pluto ipsec.secret syntax                            [OK] 
Checking 'ip' command                                 [OK] 
Checking 'iptables' command                           [OK] 
Checking 'prelink' command does not interfere with FIPS    [OK] 
Checking for obsolete ipsec.conf options              [OK]

Only thing worth noting in /var/log/pluto.log

PHP Code:



Sep 15 01:44:12: | ISAKMP Notification Payload 
Sep 15 01:44:12: |   00 00 00 1c  00 00 00 01  01 10 00 0e 
Sep 15 01:44:12: "0b1d16dd-599f-4e3c-a322-258733d8e5e8" #11: received and ignored informational message 
Sep 15 01:44:43: "0b1d16dd-599f-4e3c-a322-258733d8e5e8" #11: max number of retransmissions (8) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKEv1 message 
Sep 15 01:44:43: "0b1d16dd-599f-4e3c-a322-258733d8e5e8" #11: starting keying attempt 12 of an unlimited number 
Sep 15 01:44:43: "0b1d16dd-599f-4e3c-a322-258733d8e5e8" #12: initiating Main Mode to replace #11 
Sep 15 01:44:43: "0b1d16dd-599f-4e3c-a322-258733d8e5e8" #11: deleting state (STATE_MAIN_I1) 
Sep 15 01:44:44: "0b1d16dd-599f-4e3c-a322-258733d8e5e8" #12: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=28

Any help would be appreciated.

John VV · 09-16-2017, 09:58 AM

this is fedora so there ARE bugs

find a fix and submit a bugreport

this IS LIFE with fedora , bugs do get into the release updates

it is possible that some update messed things up

have you reinstalled "NetworkManager-l2tp" ?

and WHAT repos are installed ?
please post the output of

Code:

su -
dnf repolist all

vwtech · 09-16-2017, 05:43 PM

I have using Fedora for some years now and somehow I didn't upgrade my test system and test VPN before updating my main laptop.
Fedora 26 is my daily for all my work. I've had VPN stop on me in Fedora 26 and if was a bug in a package with I was able to downgrade and continue about my marry way.
This is more than likely the same type of issue.

Running kernel: 4.12.12-300.fc26.x86_64
I did reinstall the NetworkManager-l2tp before posting.

These are the repo's I have installed:

PHP Code:



repo id                     repo name                                     status 
*fedora                     Fedora 26 - x86_64                            53,912 
fedora-cisco-openh264       Fedora 26 openh264 (From Cisco) - x86_64           7 
google-chrome               google-chrome                                      3 
*rpmfusion-free             RPM Fusion for Fedora 26 - Free                  536 
*rpmfusion-free-updates     RPM Fusion for Fedora 26 - Free - Updates        102 
*rpmfusion-nonfree          RPM Fusion for Fedora 26 - Nonfree               202 
*rpmfusion-nonfree-updates  RPM Fusion for Fedora 26 - Nonfree - Updates      12 
skype-stable                skype (stable)                                     2 
*updates                    Fedora 26 - x86_64 - Updates                   8,060 
virtualbox                  Fedora 26 - x86_64 - VirtualBox                   10

These are current packages related to NetworkManager:

PHP Code:



NetworkManager.x86_64                      1:1.8.2-1.fc26              @updates  
NetworkManager-adsl.x86_64                 1:1.8.2-1.fc26              @updates  
NetworkManager-bluetooth.x86_64            1:1.8.2-1.fc26              @updates  
NetworkManager-config-connectivity-fedora.noarch 
NetworkManager-glib.x86_64                 1:1.8.2-1.fc26              @updates  
NetworkManager-l2tp.x86_64                 1.2.8-1.fc26                @updates  
NetworkManager-l2tp-gnome.x86_64           1.2.8-1.fc26                @updates  
NetworkManager-libnm.x86_64                1:1.8.2-1.fc26              @updates  
NetworkManager-openconnect.x86_64          1.2.4-4.fc26                @fedora   
NetworkManager-openvpn.x86_64              1:1.2.10-1.fc26             @fedora   
NetworkManager-openvpn-gnome.x86_64        1:1.2.10-1.fc26             @fedora   
NetworkManager-pptp.x86_64                 1:1.2.4-2.fc26              @fedora   
NetworkManager-pptp-gnome.x86_64           1:1.2.4-2.fc26              @fedora   
NetworkManager-strongswan.x86_64           1.4.0-3.fc26                @fedora   
NetworkManager-strongswan-gnome.x86_64     1.4.0-3.fc26                @fedora   
NetworkManager-team.x86_64                 1:1.8.2-1.fc26              @updates  
NetworkManager-vpnc.x86_64                 1:1.2.4-2.fc26              @fedora   
NetworkManager-vpnc-gnome.x86_64           1:1.2.4-2.fc26              @fedora   
NetworkManager-wifi.x86_64                 1:1.8.2-1.fc26              @updates  
NetworkManager-wwan.x86_64                 1:1.8.2-1.fc26              @updates

vwtech · 09-18-2017, 08:26 PM

Yes; I was able to fix the issue by downgrading libreswan:
libreswan.x86_64 3.21-1.fc26 @updates (Doesn't work - https://bugzilla.redhat.com/show_bug.cgi?id=1486604)
libreswan.x86_64 3.18-1.fc26 @fedora (Stable)

Problem Packages:
Since I've spent a larger amount of time troubleshooting this issue so I'm going to submit my very first bug report to Fedora (after maintenance-see attachment).
I tested too different systems to confirm the issue and "bug", so yes - I'm very happy about getting it working.

The following line was added to /etc/dnf/dnf.conf in order to guard myself against running updates and braking it. I'll test future updates of those for sure.
excludepkgs=libreswan