Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
VPN stopped working again... [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
RayDude
Veteran
Veteran


Joined: 29 May 2004
Posts: 1676
Location: San Jose, CA

PostPosted: Sun Jul 05, 2020 7:07 pm    Post subject: VPN stopped working again... [solved] Reply with quote

I am having memory leak issues in KDE and chrome and firefox crash. So I did an emerge --empty-tree @world to get all the packages fully updated with the latest everything (including gcc-9.3). I fleshed out a bunch of issues by doing that.

However, after doing this update, my work vpn stopped working. I really need this connection since I'm WFH for the last four months. I had to go into the kernel and painstakingly figure out how to enable NAT. It used to be enabled, but apparently things were changed in the config file. I thought that was the problem, but no, I still cannot connect.

When I try to connect these is the messages I get from /var/log/messages:

Code:
Jul  5 11:31:52 fire polkitd[1871]: Registered Authentication Agent for unix-process:8149:71909 (system bus name :1.89 [nmcli --ask connection up WTec-SJ], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8)
Jul  5 11:31:52 fire NetworkManager[1723]: <info>  [1593973912.8873] agent-manager: req[0x55a0ca0b3ec0, :1.89/nmcli-connect/1001]: agent registered
Jul  5 11:31:52 fire NetworkManager[1723]: <info>  [1593973912.8894] audit: op="connection-activate" uuid="036e057c-bc24-41f2-b70d-1cd698f60777" name="WTec-SJ" pid=8149 uid=1001 result="success"
Jul  5 11:31:52 fire NetworkManager[1723]: <info>  [1593973912.8924] vpn-connection[0x55a0ca076570,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",0]: Started the VPN service, PID 8156
Jul  5 11:31:52 fire NetworkManager[1723]: <info>  [1593973912.8976] vpn-connection[0x55a0ca076570,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",0]: Saw the service appear; activating connection
Jul  5 11:31:56 fire NetworkManager[1723]: <info>  [1593973916.3819] settings-connection[0x55a0c9f082a0,036e057c-bc24-41f2-b70d-1cd698f60777]: write: successfully updated (keyfile: update /etc/NetworkManager/system-connections/WTec-SJ.nmconnection (036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ")), connection was modified in the process
Jul  5 11:31:56 fire start-stop-daemon[8187]: Will stop PID 6789
Jul  5 11:31:56 fire /etc/init.d/ipsec[8187]: start-stop-daemon: no matching processes found
Jul  5 11:31:56 fire pluto[8488]: NSS DB directory: sql:/etc/ipsec.d
Jul  5 11:31:56 fire pluto[8488]: Initializing NSS
Jul  5 11:31:56 fire pluto[8488]: Opening NSS database "sql:/etc/ipsec.d" read-only
Jul  5 11:31:56 fire pluto[8488]: NSS crypto library initialized
Jul  5 11:31:56 fire pluto[8488]: FIPS Mode: NO
Jul  5 11:31:56 fire pluto[8488]: FIPS mode disabled for pluto daemon
Jul  5 11:31:56 fire pluto[8488]: FIPS HMAC integrity support [disabled]
Jul  5 11:31:56 fire pluto[8488]: libcap-ng support [enabled]
Jul  5 11:31:56 fire pluto[8488]: Linux audit support [disabled]
Jul  5 11:31:56 fire pluto[8488]: Starting Pluto (Libreswan Version 3.32 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SECCOMP LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS) LDAP(non-NSS)) pid:8488
Jul  5 11:31:56 fire pluto[8488]: core dump dir: /run/pluto
Jul  5 11:31:56 fire pluto[8488]: secrets file: /etc/ipsec.secrets
Jul  5 11:31:56 fire pluto[8488]: leak-detective disabled
Jul  5 11:31:56 fire pluto[8488]: NSS crypto [enabled]
Jul  5 11:31:56 fire pluto[8488]: XAUTH PAM support [enabled]
Jul  5 11:31:56 fire pluto[8488]: Initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Jul  5 11:31:56 fire pluto[8488]: NAT-Traversal support  [enabled]
Jul  5 11:31:56 fire pluto[8488]: Encryption algorithms:
Jul  5 11:31:56 fire pluto[8488]:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Jul  5 11:31:56 fire pluto[8488]:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Jul  5 11:31:56 fire pluto[8488]:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Jul  5 11:31:56 fire pluto[8488]:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Jul  5 11:31:56 fire pluto[8488]:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Jul  5 11:31:56 fire pluto[8488]:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Jul  5 11:31:56 fire pluto[8488]:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Jul  5 11:31:56 fire pluto[8488]:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Jul  5 11:31:56 fire pluto[8488]:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Jul  5 11:31:56 fire pluto[8488]:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Jul  5 11:31:56 fire pluto[8488]:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Jul  5 11:31:56 fire pluto[8488]:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Jul  5 11:31:56 fire pluto[8488]:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Jul  5 11:31:56 fire pluto[8488]:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Jul  5 11:31:56 fire pluto[8488]:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Jul  5 11:31:56 fire pluto[8488]:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Jul  5 11:31:56 fire pluto[8488]:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Jul  5 11:31:56 fire pluto[8488]: Hash algorithms:
Jul  5 11:31:56 fire pluto[8488]:   MD5                     IKEv1: IKE         IKEv2:                 
Jul  5 11:31:56 fire pluto[8488]:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Jul  5 11:31:56 fire pluto[8488]:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Jul  5 11:31:56 fire pluto[8488]:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Jul  5 11:31:56 fire pluto[8488]:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Jul  5 11:31:56 fire pluto[8488]: PRF algorithms:
Jul  5 11:31:56 fire pluto[8488]:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Jul  5 11:31:56 fire pluto[8488]:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Jul  5 11:31:56 fire pluto[8488]:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Jul  5 11:31:56 fire pluto[8488]:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Jul  5 11:31:56 fire pluto[8488]:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Jul  5 11:31:56 fire pluto[8488]:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Jul  5 11:31:56 fire pluto[8488]: Integrity algorithms:
Jul  5 11:31:56 fire pluto[8488]:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Jul  5 11:31:56 fire pluto[8488]:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Jul  5 11:31:56 fire pluto[8488]:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Jul  5 11:31:56 fire pluto[8488]:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Jul  5 11:31:56 fire pluto[8488]:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Jul  5 11:31:56 fire pluto[8488]:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH     
Jul  5 11:31:56 fire pluto[8488]:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Jul  5 11:31:56 fire pluto[8488]:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Jul  5 11:31:56 fire pluto[8488]:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Jul  5 11:31:56 fire pluto[8488]: DH algorithms:
Jul  5 11:31:56 fire pluto[8488]:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Jul  5 11:31:56 fire pluto[8488]:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Jul  5 11:31:56 fire pluto[8488]:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Jul  5 11:31:56 fire pluto[8488]:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Jul  5 11:31:56 fire pluto[8488]:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Jul  5 11:31:56 fire pluto[8488]:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Jul  5 11:31:56 fire pluto[8488]:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Jul  5 11:31:56 fire pluto[8488]:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Jul  5 11:31:56 fire pluto[8488]:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Jul  5 11:31:56 fire pluto[8488]:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Jul  5 11:31:56 fire pluto[8488]:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Jul  5 11:31:56 fire pluto[8488]: testing CAMELLIA_CBC:
Jul  5 11:31:56 fire pluto[8488]:   Camellia: 16 bytes with 128-bit key
Jul  5 11:31:56 fire pluto[8488]:   Camellia: 16 bytes with 128-bit key
Jul  5 11:31:56 fire pluto[8488]:   Camellia: 16 bytes with 256-bit key
Jul  5 11:31:56 fire pluto[8488]:   Camellia: 16 bytes with 256-bit key
Jul  5 11:31:56 fire pluto[8488]: testing AES_GCM_16:
Jul  5 11:31:56 fire pluto[8488]:   empty string
Jul  5 11:31:56 fire pluto[8488]: NSS: AEAD decryption using AES_GCM_16_128 and PK11_Decrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Jul  5 11:31:56 fire pluto[8488]: NSS: AEAD encryption using AES_GCM_16_128 and PK11_Encrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Jul  5 11:31:56 fire pluto[8488]:   one block
Jul  5 11:31:56 fire pluto[8488]: NSS: AEAD decryption using AES_GCM_16_128 and PK11_Decrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Jul  5 11:31:56 fire pluto[8488]: NSS: AEAD encryption using AES_GCM_16_128 and PK11_Encrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Jul  5 11:31:56 fire pluto[8488]:   two blocks
Jul  5 11:31:56 fire pluto[8488]: NSS: AEAD decryption using AES_GCM_16_128 and PK11_Decrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Jul  5 11:31:56 fire pluto[8488]: NSS: AEAD encryption using AES_GCM_16_128 and PK11_Encrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Jul  5 11:31:56 fire pluto[8488]:   two blocks with associated data
Jul  5 11:31:56 fire pluto[8488]: NSS: AEAD decryption using AES_GCM_16_128 and PK11_Decrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Jul  5 11:31:56 fire pluto[8488]: NSS: AEAD encryption using AES_GCM_16_128 and PK11_Encrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Jul  5 11:31:56 fire pluto[8488]: ABORT: ASSERTION FAILED: test_gcm_vectors(&ike_alg_encrypt_aes_gcm_16, aes_gcm_tests) (in test_ike_alg() at ike_alg_test.c:41)
Jul  5 11:32:01 fire NetworkManager[1723]: <info>  [1593973921.8873] vpn-connection[0x55a0ca076570,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",0]: VPN plugin: state changed: stopped (6)
Jul  5 11:32:01 fire NetworkManager[1723]: <info>  [1593973921.8893] vpn-connection[0x55a0ca076570,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",0]: VPN service disappeared
Jul  5 11:32:01 fire NetworkManager[1723]: <warn>  [1593973921.8901] vpn-connection[0x55a0ca076570,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Jul  5 11:32:01 fire polkitd[1871]: Unregistered Authentication Agent for unix-process:8149:71909 (system bus name :1.89, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) (disconnected from bus)


I see the reams of errors, but I can't interpret them.

Here is a log from April that worked. I'm not sure why /var/log/messages doesn't have anything in between...

Code:
Apr  6 07:44:07 fire polkitd[1852]: Registered Authentication Agent for unix-process:20310:2817770 (system bus name :1.80 [nmcli --ask connection up WTec-SJ], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8)
Apr  6 07:44:07 fire NetworkManager[4927]: <info>  [1586184247.1799] agent-manager: req[0x7fcc8c0041b0, :1.80/nmcli-connect/1001]: agent registered
Apr  6 07:44:07 fire NetworkManager[4927]: <info>  [1586184247.1831] audit: op="connection-activate" uuid="036e057c-bc24-41f2-b70d-1cd698f60777" name="WTec-SJ" pid=20310 uid=1001 result="success"
Apr  6 07:44:07 fire NetworkManager[4927]: <info>  [1586184247.1858] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",0]: Started the VPN service, PID 20316
Apr  6 07:44:07 fire NetworkManager[4927]: <info>  [1586184247.1911] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",0]: Saw the service appear; activating connection
Apr  6 07:44:11 fire NetworkManager[4927]: <info>  [1586184251.1896] settings-connection[0x55561c3cb2a0,036e057c-bc24-41f2-b70d-1cd698f60777]: write: successfully updated (keyfile: update /etc/NetworkManager/system-connections/WTec-SJ.nmconnection (036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ")), connection was modified in the process
Apr  6 07:44:11 fire libipsecconf[20350]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr  6 07:44:11 fire start-stop-daemon[20352]: Will stop PID 5456
Apr  6 07:44:11 fire start-stop-daemon[20352]: Sending signal 15 to PID 5456
Apr  6 07:44:11 fire pluto[5456]: forgetting secrets
Apr  6 07:44:11 fire pluto[5456]: shutting down interface lo/lo ::1:500
Apr  6 07:44:11 fire pluto[5456]: shutting down interface lo/lo 127.0.0.1:4500
Apr  6 07:44:11 fire pluto[5456]: shutting down interface lo/lo 127.0.0.1:500
Apr  6 07:44:11 fire pluto[5456]: shutting down interface wlo1/wlo1 10.1.10.231:4500
Apr  6 07:44:11 fire pluto[5456]: shutting down interface wlo1/wlo1 10.1.10.231:500
Apr  6 07:44:11 fire libipsecconf[20355]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr  6 07:44:11 fire libipsecconf[20360]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr  6 07:44:11 fire libipsecconf[20366]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr  6 07:44:11 fire libipsecconf[20397]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr  6 07:44:11 fire libipsecconf[20402]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr  6 07:44:11 fire libipsecconf[20413]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr  6 07:44:11 fire libipsecconf[20418]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr  6 07:44:11 fire pluto[20569]: NSS DB directory: sql:/etc/ipsec.d
Apr  6 07:44:11 fire pluto[20569]: Initializing NSS
Apr  6 07:44:11 fire pluto[20569]: Opening NSS database "sql:/etc/ipsec.d" read-only
Apr  6 07:44:11 fire pluto[20569]: NSS initialized
Apr  6 07:44:11 fire pluto[20569]: NSS crypto library initialized
Apr  6 07:44:11 fire pluto[20569]: FIPS HMAC integrity support [disabled]
Apr  6 07:44:11 fire pluto[20569]: libcap-ng support [enabled]
Apr  6 07:44:11 fire pluto[20569]: Linux audit support [disabled]
Apr  6 07:44:11 fire pluto[20569]: Starting Pluto (Libreswan Version 3.29 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) SECCOMP LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS) LDAP(non-NSS)) pid:20569
Apr  6 07:44:11 fire pluto[20569]: core dump dir: /run/pluto
Apr  6 07:44:11 fire pluto[20569]: secrets file: /etc/ipsec.secrets
Apr  6 07:44:11 fire pluto[20569]: leak-detective disabled
Apr  6 07:44:11 fire pluto[20569]: NSS crypto [enabled]
Apr  6 07:44:11 fire pluto[20569]: XAUTH PAM support [enabled]
Apr  6 07:44:11 fire pluto[20569]: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Apr  6 07:44:11 fire pluto[20569]: NAT-Traversal support  [enabled]
Apr  6 07:44:11 fire pluto[20569]: Encryption algorithms:
Apr  6 07:44:11 fire pluto[20569]:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Apr  6 07:44:11 fire pluto[20569]:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Apr  6 07:44:11 fire pluto[20569]:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Apr  6 07:44:11 fire pluto[20569]:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Apr  6 07:44:11 fire pluto[20569]:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Apr  6 07:44:11 fire pluto[20569]:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Apr  6 07:44:11 fire pluto[20569]:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Apr  6 07:44:11 fire pluto[20569]:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Apr  6 07:44:11 fire pluto[20569]:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Apr  6 07:44:11 fire pluto[20569]:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Apr  6 07:44:11 fire pluto[20569]:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Apr  6 07:44:11 fire pluto[20569]:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Apr  6 07:44:11 fire pluto[20569]:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Apr  6 07:44:11 fire pluto[20569]:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Apr  6 07:44:11 fire pluto[20569]:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Apr  6 07:44:11 fire pluto[20569]:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Apr  6 07:44:11 fire pluto[20569]:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Apr  6 07:44:11 fire pluto[20569]: Hash algorithms:
Apr  6 07:44:11 fire pluto[20569]:   MD5                     IKEv1: IKE         IKEv2:                 
Apr  6 07:44:11 fire pluto[20569]:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Apr  6 07:44:11 fire pluto[20569]:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Apr  6 07:44:11 fire pluto[20569]:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Apr  6 07:44:11 fire pluto[20569]:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Apr  6 07:44:11 fire pluto[20569]: PRF algorithms:
Apr  6 07:44:11 fire pluto[20569]:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Apr  6 07:44:11 fire pluto[20569]:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Apr  6 07:44:11 fire pluto[20569]:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Apr  6 07:44:11 fire pluto[20569]:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Apr  6 07:44:11 fire pluto[20569]:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Apr  6 07:44:11 fire pluto[20569]:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Apr  6 07:44:11 fire pluto[20569]: Integrity algorithms:
Apr  6 07:44:11 fire pluto[20569]:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Apr  6 07:44:11 fire pluto[20569]:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Apr  6 07:44:11 fire pluto[20569]:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Apr  6 07:44:11 fire pluto[20569]:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Apr  6 07:44:11 fire pluto[20569]:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Apr  6 07:44:11 fire pluto[20569]:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH     
Apr  6 07:44:11 fire pluto[20569]:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Apr  6 07:44:11 fire pluto[20569]:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Apr  6 07:44:11 fire pluto[20569]:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Apr  6 07:44:11 fire pluto[20569]: DH algorithms:
Apr  6 07:44:11 fire pluto[20569]:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Apr  6 07:44:11 fire pluto[20569]:   MODP1024                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh2
Apr  6 07:44:11 fire pluto[20569]:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Apr  6 07:44:11 fire pluto[20569]:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Apr  6 07:44:11 fire pluto[20569]:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Apr  6 07:44:11 fire pluto[20569]:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Apr  6 07:44:11 fire pluto[20569]:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Apr  6 07:44:11 fire pluto[20569]:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Apr  6 07:44:11 fire pluto[20569]:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Apr  6 07:44:11 fire pluto[20569]:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Apr  6 07:44:11 fire pluto[20569]:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Apr  6 07:44:11 fire pluto[20569]:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Apr  6 07:44:11 fire pluto[20569]: 8 CPU cores online
Apr  6 07:44:11 fire pluto[20569]: starting up 7 crypto helpers
Apr  6 07:44:11 fire pluto[20569]: started thread for crypto helper 0
Apr  6 07:44:11 fire pluto[20569]: started thread for crypto helper 1
Apr  6 07:44:11 fire pluto[20569]: started thread for crypto helper 2
Apr  6 07:44:11 fire pluto[20569]: started thread for crypto helper 3
Apr  6 07:44:11 fire pluto[20569]: started thread for crypto helper 4
Apr  6 07:44:11 fire pluto[20569]: started thread for crypto helper 5
Apr  6 07:44:11 fire pluto[20569]: started thread for crypto helper 6
Apr  6 07:44:11 fire pluto[20569]: Using Linux XFRM/NETKEY IPsec interface code on 5.5.10-gentoo
Apr  6 07:44:11 fire pluto[20569]: listening for IKE messages
Apr  6 07:44:11 fire pluto[20569]: Kernel supports NIC esp-hw-offload
Apr  6 07:44:11 fire pluto[20569]: adding interface wlo1/wlo1 (esp-hw-offload=no) 10.1.10.231:500
Apr  6 07:44:11 fire pluto[20569]: adding interface wlo1/wlo1 10.1.10.231:4500
Apr  6 07:44:11 fire pluto[20569]: Kernel supports NIC esp-hw-offload
Apr  6 07:44:11 fire pluto[20569]: adding interface lo/lo (esp-hw-offload=no) 127.0.0.1:500
Apr  6 07:44:11 fire pluto[20569]: adding interface lo/lo 127.0.0.1:4500
Apr  6 07:44:11 fire pluto[20569]: Kernel supports NIC esp-hw-offload
Apr  6 07:44:11 fire pluto[20569]: adding interface lo/lo (esp-hw-offload=no) ::1:500
Apr  6 07:44:11 fire pluto[20569]: loading secrets from "/etc/ipsec.secrets"
Apr  6 07:44:11 fire pluto[20569]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr  6 07:44:11 fire libipsecconf[20588]: warning: could not open include filename: '/etc/ipsec.d/*.conf'
Apr  6 07:44:11 fire pluto[20569]: listening for IKE messages
Apr  6 07:44:11 fire pluto[20569]: forgetting secrets
Apr  6 07:44:11 fire pluto[20569]: loading secrets from "/etc/ipsec.secrets"
Apr  6 07:44:11 fire pluto[20569]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
Apr  6 07:44:11 fire pluto[20569]: added connection description "036e057c-bc24-41f2-b70d-1cd698f60777"
Apr  6 07:44:11 fire pluto[20569]: "036e057c-bc24-41f2-b70d-1cd698f60777" #1: initiating Main Mode
Apr  6 07:44:11 fire pluto[20569]: "036e057c-bc24-41f2-b70d-1cd698f60777" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr  6 07:44:12 fire pluto[20569]: "036e057c-bc24-41f2-b70d-1cd698f60777" #1: STATE_MAIN_I2: retransmission; will wait 0.5 seconds for response
Apr  6 07:44:12 fire pluto[20569]: "036e057c-bc24-41f2-b70d-1cd698f60777" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr  6 07:44:12 fire pluto[20569]: "036e057c-bc24-41f2-b70d-1cd698f60777" #1: Peer ID is ID_IPV4_ADDR: 'XX.XX.XX.XX'
Apr  6 07:44:12 fire pluto[20569]: "036e057c-bc24-41f2-b70d-1cd698f60777" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
Apr  6 07:44:12 fire pluto[20569]: "036e057c-bc24-41f2-b70d-1cd698f60777" #2: initiating Quick Mode PSK+ENCRYPT+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:302b35d5 proposal=AES_CBC_256-HMAC_SHA1_96, AES_CBC_128-HMAC_SHA1_96, 3DES_CBC-HMAC_SHA1_96 pfsgroup=MODP2048}
Apr  6 07:44:12 fire pluto[20569]: "036e057c-bc24-41f2-b70d-1cd698f60777" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response
Apr  6 07:44:13 fire pluto[20569]: "036e057c-bc24-41f2-b70d-1cd698f60777" #2: NAT-Traversal: received 2 NAT-OA. Ignored because peer is not NATed
Apr  6 07:44:13 fire pluto[20569]: "036e057c-bc24-41f2-b70d-1cd698f60777" #2: our client subnet returned doesn't match my proposal - us: 10.1.10.231/32 vs them: 73.223.221.237/32
Apr  6 07:44:13 fire pluto[20569]: "036e057c-bc24-41f2-b70d-1cd698f60777" #2: Allowing questionable proposal anyway [ALLOW_MICROSOFT_BAD_PROPOSAL]
Apr  6 07:44:13 fire pluto[20569]: "036e057c-bc24-41f2-b70d-1cd698f60777" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0xcdb40627 <0x290e04a0 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=XX.XX.XX.XX:4500 DPD=passive}
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.4832] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",0]: VPN plugin: state changed: starting (3)
Apr  6 07:44:13 fire pppd[20606]: Plugin /usr/lib64/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
Apr  6 07:44:13 fire pppd[20606]: pppd 2.4.8 started by XXXXXXX, uid 0
Apr  6 07:44:13 fire pppd[20606]: Using interface ppp0
Apr  6 07:44:13 fire pppd[20606]: Connect: ppp0 <--> /dev/pts/28
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.5356] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/8)
Apr  6 07:44:13 fire pppd[20606]: CHAP authentication succeeded
Apr  6 07:44:13 fire pppd[20606]: local  IP address 192.168.100.1
Apr  6 07:44:13 fire pppd[20606]: remote IP address 10.255.255.0
Apr  6 07:44:13 fire pppd[20606]: primary   DNS address 192.168.2.40
Apr  6 07:44:13 fire pppd[20606]: secondary DNS address 192.168.2.1
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6511] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6550] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external')
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6662] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",0]: VPN connection: (IP4 Config Get) reply received from old-style plugin
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6678] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: Data: VPN Gateway: XX.XX.XX.XX
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6678] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: Data: Tunnel Device: "ppp0"
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6678] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: Data: IPv4 configuration:
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6679] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: Data:   Internal Address: 192.168.100.1
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6679] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: Data:   Internal Prefix: 32
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6679] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: Data:   Internal Point-to-Point Address: 10.255.255.0
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6679] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: Data:   Static Route: 0.0.0.0/0   Next Hop: 0.0.0.0
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6680] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: Data:   Static Route: 10.255.255.0/32   Next Hop: 0.0.0.0
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6680] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: Data:   Internal DNS: 192.168.2.40
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6680] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: Data:   Internal DNS: 192.168.2.1
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6680] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: Data:   DNS Domain: '(none)'
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6681] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: Data: No IPv6 configuration
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6684] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: VPN plugin: state changed: started (4)
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6711] vpn-connection[0x55561c51e2b0,036e057c-bc24-41f2-b70d-1cd698f60777,"WTec-SJ",8:(ppp0)]: VPN connection: (IP Config Get) complete
Apr  6 07:44:13 fire NetworkManager[4927]: <info>  [1586184253.6815] policy: set 'WTec-SJ' (ppp0) as default for IPv4 routing and DNS
Apr  6 07:44:13 fire dbus-daemon[1779]: [system] Activating service name='org.freedesktop.nm_dispatcher' requested by ':1.64' (uid=0 pid=4927 comm="/usr/sbin/NetworkManager --pid-file /run/NetworkMa") (using servicehelper)
Apr  6 07:44:13 fire polkitd[1852]: Unregistered Authentication Agent for unix-process:20310:2817770 (system bus name :1.80, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.utf8) (disconnected from bus)
Apr  6 07:44:13 fire dbus-daemon[1779]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'


I double checked the l2tp configuration. It's okay.

If anyone has any ideas how to debug this, any help would be appreciated.
_________________
Some day there will only be free software.


Last edited by RayDude on Mon Jul 06, 2020 4:22 pm; edited 1 time in total
Back to top
View user's profile Send private message
RayDude
Veteran
Veteran


Joined: 29 May 2004
Posts: 1676
Location: San Jose, CA

PostPosted: Mon Jul 06, 2020 4:21 pm    Post subject: Reply with quote

The package NSS changed and caused a bug? to surface in Libreswan.

The fix is to move to the latest unstable version of Libreswan.

Code:
echo net-vpn/libreswan >> /etc/portage/package.accept_keywords/libreswan
emerge -q libreswan


You can read more about this here: https://bugs.mageia.org/show_bug.cgi?id=26716
_________________
Some day there will only be free software.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum