I have been trying to connect to my work VPN using NetworkManager-l2tp, NetworkManager-l2tp-gnome, both libreswan and strongswan versions of NetworkManager…
I have looked around, but I can not find a clear direction on how to debug this. I have used journalctl but that hasn’t been helpful for me in being able to resolve the problem.
All I have is the Gateway, my username and password, and the PSK. Is there something I’m missing? This seems pretty basic functionality and I’m a bit frustrated I can not seem to figure this out.
I spent some time figuring this out when I first switched to Fedora. If the connection still uses IKEv1 (typical if you are connecting a Windows Server that is handling the remote authentication), you must remove libreswan (sudo dnf remove libreswan) and make sure strongswan is installed (sudo dnf install strongswan).
Also, Fedora places a blacklist on the xl2tp module which prevents IKEv1 connections. You can remove this with these two commands:
sudo sed -e ‘/blacklist l2tp_netlink/s/^b/#b/g’ -i /etc/modprobe.d/l2tp_netlink-blacklist.conf
sudo sed -e ‘/blacklist l2tp_ppp/s/^b/#b/g’ -i /etc/modprobe.d/l2tp_ppp-blacklist.conf
After removing the blacklist and making sure strongswan is in use, reboot the system.
If you are connecting to a Windows Server, make sure under PPP Settings of the connection that you have MSCHAPv2 selected (depends on what they configured the server with, but it should be using v2).
I work at an MSP, and we have tons of older L2TP connections to clients, and this was how I finally got it working though it took me 3 days lol.
That is for Ubuntu, so on Fedora, I think you need to use a program called `strongswan` in place of `ipsec`. (e.g. `sudo strongswan restart` instead of `sudo ipsec restart`). Also the files `ipsec.conf` and `ipsec.secrets` live in `/etc/strongswan/` instead of just `/etc/` on Ubuntu.
If you get it working, it would be great if you could also do a writeup. I have to say, there is very little documentation about this kind of setup online.
I don’t have experience with the Meraki firewall, so you may end up having to play with the PPP settings. But that blacklist thing was definitely my issue for days because as soon as I removed that and rebooted, my L2TP with PSK connections worked without an issue.
I removed the backlisting and it seems the authentication step is my issue. It’s probably something stupid simple is my guess now (like maybe my password is wrong…, wouldn’t be the first time)
LCP terminated by peer (peer refused to authenticate)
EDIT:
I figured it out…
The GUI is buggy. You have to set up the configuration correctly the first time. the configuration file that it generates does not seem to get edited properly after the fact (This may not be true, but it made the difference for me).
Basically, If you have issues with the config, delete the config and redo it each time to be sure it gets created properly. I had the same configuration (didn’t work) but I had made a few attempts to mod it, then i redid the config with the changes i was certain would work, and sure enough, it worked.