Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1692739 - L2TP tunnel will not go up anymore
Summary: L2TP tunnel will not go up anymore
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager-l2tp
Version: 29
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Douglas Kosovic
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-26 10:34 UTC by Ivo Sarak
Modified: 2019-03-26 22:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-26 22:10:35 UTC


Attachments (Terms of Use)

Description Ivo Sarak 2019-03-26 10:34:50 UTC
Description of problem:
Update to NetworkManager-l2tp-1.2.12-1.fc29.x86_64 broke L2TP tunnels.


Version-Release number of selected component (if applicable):
NetworkManager-l2tp-1.2.12-1.fc29.x86_64


How reproducible:
Always

Steps to Reproduce:
1. Update to NetworkManager-l2tp-1.2.12-1.fc29.x86_64
2. Try to start L2TP tunnel


Actual results:
sudo journalctl -f -u NetworkManager  has one suspicious error message among other not so problematic ones:

nm-l2tp-service[12057]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed


Expected results:
Tunnel up and running.

Additional info:
Previous version of the NetworkManager-l2tp did work just fine.

Comment 1 Douglas Kosovic 2019-03-26 11:11:54 UTC
Could you try re-saving the VPN connection with nm-connection-editor (except if you are using KDE, use its editor), you don't need to change anything except perhaps temporarily so that the save button is not grayed out.

If it still doesn't work, you might also need to restart GNOME shell which is easiest to do by logging out and logging in of your desktop environment.

Comment 2 Ivo Sarak 2019-03-26 12:23:37 UTC
Opened the VPN profile, saved and tried to connect - same results, nothing different to report.

Comment 3 Douglas Kosovic 2019-03-26 13:17:54 UTC
In the logs, is xl2tpd is started at all? If xl2tpd was started, it means the Libreswan IPsec connection went up (it first tries to establish the IPsec connection with Libreswan, then the L2TP connection with xl2tpd).

One significant change between the latest version of NetworkManager-l2tp and the previous version is that PFS (Perfect Forward Secrecy) is not disabled (which is the default behaviour of Libreswan), you may need to click the new "Disable PFS" tick box in the IPsec settings if your VPN server doesn't use PFS.

If clicking the "Disable PFS" doesn't help, I would like to see the Libreswan logs (assuming the IPsec connection isn't established).

Comment 4 Ivo Sarak 2019-03-26 18:46:08 UTC
xl2tpd is not being started or I am just unable to detect it:
   7083 pts/2    S+     0:00 sudo journalctl -f -u NetworkManager
   7085 pts/2    S+     0:00 journalctl -f -u NetworkManager
   7419 ?        Ssl    0:00 /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork
   7433 ?        S      0:00 /usr/libexec/ipsec/whack --ctlsocket /run/pluto/pluto.ctl --name da3193dd-8332-4f82-8ff8-b2d6dc930de6 --init
   7590 ?        Ssl    0:01 /usr/libexec/packagekitd
   7623 pts/1    R+     0:00 ps ax

Comment 5 Ivo Sarak 2019-03-26 18:46:31 UTC
xl2tpd is not being started or I am just unable to detect it:
   7083 pts/2    S+     0:00 sudo journalctl -f -u NetworkManager
   7085 pts/2    S+     0:00 journalctl -f -u NetworkManager
   7419 ?        Ssl    0:00 /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork
   7433 ?        S      0:00 /usr/libexec/ipsec/whack --ctlsocket /run/pluto/pluto.ctl --name da3193dd-8332-4f82-8ff8-b2d6dc930de6 --init
   7590 ?        Ssl    0:01 /usr/libexec/packagekitd
   7623 pts/1    R+     0:00 ps ax

Comment 6 Ivo Sarak 2019-03-26 18:48:25 UTC
But PFS disabling did to the trick.

Thanks.


Note You need to log in before you can comment on or make changes to this bug.