NetworkManager says “Activation of network connection failed” when trying to connect PPTP and l2TP
0
Here is my logs:
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Redirecting to: systemctl stop ipsec.service
Nov 28 12:30:07 MEHRDADSYS systemd: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 28 12:30:07 MEHRDADSYS whack: 002 shutting down
Nov 28 12:30:07 MEHRDADSYS systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Redirecting to: systemctl start ipsec.service
Nov 28 12:30:07 MEHRDADSYS dbus-daemon: dbus[796]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 28 12:30:07 MEHRDADSYS dbus[796]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 28 12:30:07 MEHRDADSYS systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS ipsec: nflog ipsec capture disabled
Nov 28 12:30:07 MEHRDADSYS dbus-daemon: dbus[796]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 28 12:30:07 MEHRDADSYS dbus[796]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 28 12:30:07 MEHRDADSYS systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 listening for IKE messages
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.177:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.177:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo ::1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e90a9f9f-5adb-4f38-9655-13612347df4b.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: debugging mode enabled
Nov 28 12:30:07 MEHRDADSYS NetworkManager: end of file /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Loading conn ad863ada-231b-4179-948d-42063a8291ba
Nov 28 12:30:07 MEHRDADSYS NetworkManager: starter: left is KH_DEFAULTROUTE
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" labeled_ipsec=0
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgdomain=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgbanner=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-in=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-out=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" vti_iface=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: opening file: /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 28 12:30:07 MEHRDADSYS NetworkManager: loading named conns: ad863ada-231b-4179-948d-42063a8291ba
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst via 172.30.12.1 dev wlp3s0 src table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: set nexthop: 172.30.12.1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.177 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.177 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.13.255 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.1 via dev wlp3s0 src 172.30.12.177 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: set addr: 172.30.12.177
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 "ad863ada-231b-4179-948d-42063a8291ba" #1: initiating Main Mode
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 104 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: initiate
Nov 28 12:30:08 MEHRDADSYS dbus-daemon: 'list' object has no attribute 'split'
Nov 28 12:30:08 MEHRDADSYS setroubleshoot: Plugin Exception restorecon_source
Nov 28 12:30:08 MEHRDADSYS setroubleshoot: SELinux is preventing /usr/bin/systemctl from read access on the directory journal. For complete SELinux messages. run sealert -l 3bb108a2-b0ed-40c3-928c-035ab49c8432
Nov 28 12:30:08 MEHRDADSYS python: SELinux is preventing /usr/bin/systemctl from read access on the directory journal.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that systemctl should be allowed read access on the journal directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep systemctl /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 28 12:30:08 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
Nov 28 12:30:08 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 1000ms for response
Nov 28 12:30:09 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 2000ms for response
Nov 28 12:30:11 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 4000ms for response
Nov 28 12:30:15 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 8000ms for response
Nov 28 12:30:17 MEHRDADSYS journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <info> [1511859617.9235] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <info> [1511859617.9305] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN service disappeared
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <warn> [1511859617.9327] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: failed to connect: 'Message did not receive a reply (timeout by message bus)'
Nov 28 12:30:18 MEHRDADSYS setroubleshoot: SELinux is preventing /usr/libexec/nm-l2tp-service from using the signull access on a process. For complete SELinux messages. run sealert -l 5e3bc0ea-8c25-4d72-8e96-c9116a34c7de
Nov 28 12:30:18 MEHRDADSYS python: SELinux is preventing /usr/libexec/nm-l2tp-service from using the signull access on a process.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that nm-l2tp-service should be allowed signull access on processes labeled ipsec_mgmt_t by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep nm-l2tp-service /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 28 12:30:23 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 16000ms for response
Nov 28 12:30:39 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 32000ms for response
Nov 28 12:31:11 MEHRDADSYS NetworkManager: 031 "ad863ada-231b-4179-948d-42063a8291ba" #1: max number of retransmissions (8) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKEv1 message
Nov 28 12:31:11 MEHRDADSYS NetworkManager: 000 "ad863ada-231b-4179-948d-42063a8291ba" #1: starting keying attempt 2 of an unlimited number, but releasing whack
update:
logs after disabling SELinux:
Nov 30 02:45:50 MEHRDADSYS systemd: Starting Hostname Service...
Nov 30 02:45:50 MEHRDADSYS dbus[786]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 30 02:45:50 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 30 02:45:50 MEHRDADSYS systemd: Started Hostname Service.
Nov 30 02:46:57 MEHRDADSYS obexd[4675]: OBEX daemon 5.23
Nov 30 02:48:46 MEHRDADSYS dbus[786]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Nov 30 02:48:46 MEHRDADSYS dbus-daemon: dbus[786]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Nov 30 02:48:46 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'org.freedesktop.problems'
Nov 30 02:48:46 MEHRDADSYS dbus[786]: [system] Successfully activated service 'org.freedesktop.problems'
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.5713] audit: op="connection-activate" uuid="ad863ada-231b-4179-948d-42063a8291ba" name="VPN 1" pid=2638 uid=1000 result="success"
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.5866] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: Started the VPN service, PID 4813
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.6180] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: Saw the service appear; activating connection
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.8160] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received
Nov 30 02:49:08 MEHRDADSYS journal: Check port 1701
Nov 30 02:49:08 MEHRDADSYS NetworkManager: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Nov 30 02:49:09 MEHRDADSYS NetworkManager: Redirecting to: systemctl stop ipsec.service
Nov 30 02:49:09 MEHRDADSYS systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 30 02:49:09 MEHRDADSYS kernel: sha512_ssse3: Using AVX optimized SHA-512 implementation
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: NET: Registered protocol family 15
Nov 30 02:49:09 MEHRDADSYS kernel: IPv4 over IPsec tunneling driver
Nov 30 02:49:09 MEHRDADSYS NetworkManager[936]: <info> [1511997549.9890] manager: (ip_vti0): new Generic device (/org/freedesktop/NetworkManager/Devices/6)
Nov 30 02:49:10 MEHRDADSYS NetworkManager: Redirecting to: systemctl start ipsec.service
Nov 30 02:49:10 MEHRDADSYS systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS ipsec: nflog ipsec capture disabled
Nov 30 02:49:11 MEHRDADSYS kernel: alg: No test for fips(ansi_cprng) (fips_ansi_cprng)
Nov 30 02:49:11 MEHRDADSYS systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 listening for IKE messages
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.192:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.192:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo ::1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e90a9f9f-5adb-4f38-9655-13612347df4b.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: debugging mode enabled
Nov 30 02:49:11 MEHRDADSYS NetworkManager: end of file /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 30 02:49:11 MEHRDADSYS NetworkManager: Loading conn ad863ada-231b-4179-948d-42063a8291ba
Nov 30 02:49:11 MEHRDADSYS NetworkManager: starter: left is KH_DEFAULTROUTE
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" labeled_ipsec=0
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgdomain=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgbanner=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-in=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-out=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" vti_iface=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: opening file: /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 30 02:49:11 MEHRDADSYS NetworkManager: loading named conns: ad863ada-231b-4179-948d-42063a8291ba
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst via 172.30.12.1 dev wlp3s0 src table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: set nexthop: 172.30.12.1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.192 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.192 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.13.255 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.1 via dev wlp3s0 src 172.30.12.192 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: set addr: 172.30.12.192
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 "ad863ada-231b-4179-948d-42063a8291ba" #1: initiating Main Mode
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 104 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: initiate
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
Nov 30 02:49:12 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 1000ms for response
Nov 30 02:49:13 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 2000ms for response
Nov 30 02:49:15 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 4000ms for response
Nov 30 02:49:19 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 8000ms for response
Nov 30 02:49:21 MEHRDADSYS journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <info> [1511997561.1745] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <info> [1511997561.1779] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN service disappeared
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <warn> [1511997561.1795] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: failed to connect: 'Message did not receive a reply (timeout by message bus)'
Nov 30 02:49:27 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 16000ms for response
Nov 30 02:49:30 MEHRDADSYS dbus[786]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Nov 30 02:49:30 MEHRDADSYS dbus-daemon: dbus[786]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Nov 30 02:49:30 MEHRDADSYS systemd: Starting Fingerprint Authentication Daemon...
Nov 30 02:49:30 MEHRDADSYS dbus[786]: [system] Successfully activated service 'net.reactivated.Fprint'
Nov 30 02:49:30 MEHRDADSYS systemd: Started Fingerprint Authentication Daemon.
Nov 30 02:49:30 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'net.reactivated.Fprint'
Nov 30 02:49:30 MEHRDADSYS fprintd: Launching FprintObject
Nov 30 02:49:30 MEHRDADSYS journal: D-Bus service launched with name: net.reactivated.Fprint
Nov 30 02:49:30 MEHRDADSYS journal: entering main loop
networking network-manager vpn
asked Nov 28 '17 at 9:06
mehrdadmehrdad
113
bumped to the homepage by Community♦ 48 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
0
Here is my logs:
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Redirecting to: systemctl stop ipsec.service
Nov 28 12:30:07 MEHRDADSYS systemd: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 28 12:30:07 MEHRDADSYS whack: 002 shutting down
Nov 28 12:30:07 MEHRDADSYS systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Redirecting to: systemctl start ipsec.service
Nov 28 12:30:07 MEHRDADSYS dbus-daemon: dbus[796]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 28 12:30:07 MEHRDADSYS dbus[796]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 28 12:30:07 MEHRDADSYS systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS ipsec: nflog ipsec capture disabled
Nov 28 12:30:07 MEHRDADSYS dbus-daemon: dbus[796]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 28 12:30:07 MEHRDADSYS dbus[796]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 28 12:30:07 MEHRDADSYS systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 listening for IKE messages
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.177:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.177:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo ::1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e90a9f9f-5adb-4f38-9655-13612347df4b.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: debugging mode enabled
Nov 28 12:30:07 MEHRDADSYS NetworkManager: end of file /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Loading conn ad863ada-231b-4179-948d-42063a8291ba
Nov 28 12:30:07 MEHRDADSYS NetworkManager: starter: left is KH_DEFAULTROUTE
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" labeled_ipsec=0
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgdomain=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgbanner=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-in=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-out=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" vti_iface=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: opening file: /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 28 12:30:07 MEHRDADSYS NetworkManager: loading named conns: ad863ada-231b-4179-948d-42063a8291ba
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst via 172.30.12.1 dev wlp3s0 src table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: set nexthop: 172.30.12.1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.177 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.177 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.13.255 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.1 via dev wlp3s0 src 172.30.12.177 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: set addr: 172.30.12.177
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 "ad863ada-231b-4179-948d-42063a8291ba" #1: initiating Main Mode
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 104 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: initiate
Nov 28 12:30:08 MEHRDADSYS dbus-daemon: 'list' object has no attribute 'split'
Nov 28 12:30:08 MEHRDADSYS setroubleshoot: Plugin Exception restorecon_source
Nov 28 12:30:08 MEHRDADSYS setroubleshoot: SELinux is preventing /usr/bin/systemctl from read access on the directory journal. For complete SELinux messages. run sealert -l 3bb108a2-b0ed-40c3-928c-035ab49c8432
Nov 28 12:30:08 MEHRDADSYS python: SELinux is preventing /usr/bin/systemctl from read access on the directory journal.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that systemctl should be allowed read access on the journal directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep systemctl /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 28 12:30:08 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
Nov 28 12:30:08 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 1000ms for response
Nov 28 12:30:09 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 2000ms for response
Nov 28 12:30:11 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 4000ms for response
Nov 28 12:30:15 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 8000ms for response
Nov 28 12:30:17 MEHRDADSYS journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <info> [1511859617.9235] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <info> [1511859617.9305] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN service disappeared
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <warn> [1511859617.9327] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: failed to connect: 'Message did not receive a reply (timeout by message bus)'
Nov 28 12:30:18 MEHRDADSYS setroubleshoot: SELinux is preventing /usr/libexec/nm-l2tp-service from using the signull access on a process. For complete SELinux messages. run sealert -l 5e3bc0ea-8c25-4d72-8e96-c9116a34c7de
Nov 28 12:30:18 MEHRDADSYS python: SELinux is preventing /usr/libexec/nm-l2tp-service from using the signull access on a process.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that nm-l2tp-service should be allowed signull access on processes labeled ipsec_mgmt_t by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep nm-l2tp-service /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 28 12:30:23 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 16000ms for response
Nov 28 12:30:39 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 32000ms for response
Nov 28 12:31:11 MEHRDADSYS NetworkManager: 031 "ad863ada-231b-4179-948d-42063a8291ba" #1: max number of retransmissions (8) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKEv1 message
Nov 28 12:31:11 MEHRDADSYS NetworkManager: 000 "ad863ada-231b-4179-948d-42063a8291ba" #1: starting keying attempt 2 of an unlimited number, but releasing whack
update:
logs after disabling SELinux:
Nov 30 02:45:50 MEHRDADSYS systemd: Starting Hostname Service...
Nov 30 02:45:50 MEHRDADSYS dbus[786]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 30 02:45:50 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 30 02:45:50 MEHRDADSYS systemd: Started Hostname Service.
Nov 30 02:46:57 MEHRDADSYS obexd[4675]: OBEX daemon 5.23
Nov 30 02:48:46 MEHRDADSYS dbus[786]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Nov 30 02:48:46 MEHRDADSYS dbus-daemon: dbus[786]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Nov 30 02:48:46 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'org.freedesktop.problems'
Nov 30 02:48:46 MEHRDADSYS dbus[786]: [system] Successfully activated service 'org.freedesktop.problems'
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.5713] audit: op="connection-activate" uuid="ad863ada-231b-4179-948d-42063a8291ba" name="VPN 1" pid=2638 uid=1000 result="success"
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.5866] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: Started the VPN service, PID 4813
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.6180] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: Saw the service appear; activating connection
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.8160] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received
Nov 30 02:49:08 MEHRDADSYS journal: Check port 1701
Nov 30 02:49:08 MEHRDADSYS NetworkManager: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Nov 30 02:49:09 MEHRDADSYS NetworkManager: Redirecting to: systemctl stop ipsec.service
Nov 30 02:49:09 MEHRDADSYS systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 30 02:49:09 MEHRDADSYS kernel: sha512_ssse3: Using AVX optimized SHA-512 implementation
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: NET: Registered protocol family 15
Nov 30 02:49:09 MEHRDADSYS kernel: IPv4 over IPsec tunneling driver
Nov 30 02:49:09 MEHRDADSYS NetworkManager[936]: <info> [1511997549.9890] manager: (ip_vti0): new Generic device (/org/freedesktop/NetworkManager/Devices/6)
Nov 30 02:49:10 MEHRDADSYS NetworkManager: Redirecting to: systemctl start ipsec.service
Nov 30 02:49:10 MEHRDADSYS systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS ipsec: nflog ipsec capture disabled
Nov 30 02:49:11 MEHRDADSYS kernel: alg: No test for fips(ansi_cprng) (fips_ansi_cprng)
Nov 30 02:49:11 MEHRDADSYS systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 listening for IKE messages
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.192:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.192:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo ::1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e90a9f9f-5adb-4f38-9655-13612347df4b.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: debugging mode enabled
Nov 30 02:49:11 MEHRDADSYS NetworkManager: end of file /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 30 02:49:11 MEHRDADSYS NetworkManager: Loading conn ad863ada-231b-4179-948d-42063a8291ba
Nov 30 02:49:11 MEHRDADSYS NetworkManager: starter: left is KH_DEFAULTROUTE
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" labeled_ipsec=0
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgdomain=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgbanner=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-in=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-out=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" vti_iface=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: opening file: /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 30 02:49:11 MEHRDADSYS NetworkManager: loading named conns: ad863ada-231b-4179-948d-42063a8291ba
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst via 172.30.12.1 dev wlp3s0 src table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: set nexthop: 172.30.12.1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.192 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.192 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.13.255 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.1 via dev wlp3s0 src 172.30.12.192 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: set addr: 172.30.12.192
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 "ad863ada-231b-4179-948d-42063a8291ba" #1: initiating Main Mode
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 104 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: initiate
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
Nov 30 02:49:12 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 1000ms for response
Nov 30 02:49:13 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 2000ms for response
Nov 30 02:49:15 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 4000ms for response
Nov 30 02:49:19 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 8000ms for response
Nov 30 02:49:21 MEHRDADSYS journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <info> [1511997561.1745] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <info> [1511997561.1779] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN service disappeared
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <warn> [1511997561.1795] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: failed to connect: 'Message did not receive a reply (timeout by message bus)'
Nov 30 02:49:27 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 16000ms for response
Nov 30 02:49:30 MEHRDADSYS dbus[786]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Nov 30 02:49:30 MEHRDADSYS dbus-daemon: dbus[786]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Nov 30 02:49:30 MEHRDADSYS systemd: Starting Fingerprint Authentication Daemon...
Nov 30 02:49:30 MEHRDADSYS dbus[786]: [system] Successfully activated service 'net.reactivated.Fprint'
Nov 30 02:49:30 MEHRDADSYS systemd: Started Fingerprint Authentication Daemon.
Nov 30 02:49:30 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'net.reactivated.Fprint'
Nov 30 02:49:30 MEHRDADSYS fprintd: Launching FprintObject
Nov 30 02:49:30 MEHRDADSYS journal: D-Bus service launched with name: net.reactivated.Fprint
Nov 30 02:49:30 MEHRDADSYS journal: entering main loop
networking network-manager vpn
asked Nov 28 '17 at 9:06
mehrdadmehrdad
113
bumped to the homepage by Community♦ 48 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
this was for L2TP, when i try PPTP i see in logs that some times NetworkManager and ppdp says:"permission denied" or ""could not open..
– mehrdad
Nov 28 '17 at 9:11
add a comment |
0
0
0
Here is my logs:
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Redirecting to: systemctl stop ipsec.service
Nov 28 12:30:07 MEHRDADSYS systemd: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 28 12:30:07 MEHRDADSYS whack: 002 shutting down
Nov 28 12:30:07 MEHRDADSYS systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Redirecting to: systemctl start ipsec.service
Nov 28 12:30:07 MEHRDADSYS dbus-daemon: dbus[796]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 28 12:30:07 MEHRDADSYS dbus[796]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 28 12:30:07 MEHRDADSYS systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS ipsec: nflog ipsec capture disabled
Nov 28 12:30:07 MEHRDADSYS dbus-daemon: dbus[796]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 28 12:30:07 MEHRDADSYS dbus[796]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 28 12:30:07 MEHRDADSYS systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 listening for IKE messages
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.177:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.177:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo ::1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e90a9f9f-5adb-4f38-9655-13612347df4b.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: debugging mode enabled
Nov 28 12:30:07 MEHRDADSYS NetworkManager: end of file /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Loading conn ad863ada-231b-4179-948d-42063a8291ba
Nov 28 12:30:07 MEHRDADSYS NetworkManager: starter: left is KH_DEFAULTROUTE
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" labeled_ipsec=0
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgdomain=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgbanner=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-in=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-out=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" vti_iface=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: opening file: /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 28 12:30:07 MEHRDADSYS NetworkManager: loading named conns: ad863ada-231b-4179-948d-42063a8291ba
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst via 172.30.12.1 dev wlp3s0 src table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: set nexthop: 172.30.12.1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.177 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.177 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.13.255 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.1 via dev wlp3s0 src 172.30.12.177 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: set addr: 172.30.12.177
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 "ad863ada-231b-4179-948d-42063a8291ba" #1: initiating Main Mode
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 104 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: initiate
Nov 28 12:30:08 MEHRDADSYS dbus-daemon: 'list' object has no attribute 'split'
Nov 28 12:30:08 MEHRDADSYS setroubleshoot: Plugin Exception restorecon_source
Nov 28 12:30:08 MEHRDADSYS setroubleshoot: SELinux is preventing /usr/bin/systemctl from read access on the directory journal. For complete SELinux messages. run sealert -l 3bb108a2-b0ed-40c3-928c-035ab49c8432
Nov 28 12:30:08 MEHRDADSYS python: SELinux is preventing /usr/bin/systemctl from read access on the directory journal.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that systemctl should be allowed read access on the journal directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep systemctl /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 28 12:30:08 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
Nov 28 12:30:08 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 1000ms for response
Nov 28 12:30:09 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 2000ms for response
Nov 28 12:30:11 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 4000ms for response
Nov 28 12:30:15 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 8000ms for response
Nov 28 12:30:17 MEHRDADSYS journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <info> [1511859617.9235] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <info> [1511859617.9305] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN service disappeared
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <warn> [1511859617.9327] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: failed to connect: 'Message did not receive a reply (timeout by message bus)'
Nov 28 12:30:18 MEHRDADSYS setroubleshoot: SELinux is preventing /usr/libexec/nm-l2tp-service from using the signull access on a process. For complete SELinux messages. run sealert -l 5e3bc0ea-8c25-4d72-8e96-c9116a34c7de
Nov 28 12:30:18 MEHRDADSYS python: SELinux is preventing /usr/libexec/nm-l2tp-service from using the signull access on a process.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that nm-l2tp-service should be allowed signull access on processes labeled ipsec_mgmt_t by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep nm-l2tp-service /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 28 12:30:23 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 16000ms for response
Nov 28 12:30:39 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 32000ms for response
Nov 28 12:31:11 MEHRDADSYS NetworkManager: 031 "ad863ada-231b-4179-948d-42063a8291ba" #1: max number of retransmissions (8) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKEv1 message
Nov 28 12:31:11 MEHRDADSYS NetworkManager: 000 "ad863ada-231b-4179-948d-42063a8291ba" #1: starting keying attempt 2 of an unlimited number, but releasing whack
update:
logs after disabling SELinux:
Nov 30 02:45:50 MEHRDADSYS systemd: Starting Hostname Service...
Nov 30 02:45:50 MEHRDADSYS dbus[786]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 30 02:45:50 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 30 02:45:50 MEHRDADSYS systemd: Started Hostname Service.
Nov 30 02:46:57 MEHRDADSYS obexd[4675]: OBEX daemon 5.23
Nov 30 02:48:46 MEHRDADSYS dbus[786]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Nov 30 02:48:46 MEHRDADSYS dbus-daemon: dbus[786]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Nov 30 02:48:46 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'org.freedesktop.problems'
Nov 30 02:48:46 MEHRDADSYS dbus[786]: [system] Successfully activated service 'org.freedesktop.problems'
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.5713] audit: op="connection-activate" uuid="ad863ada-231b-4179-948d-42063a8291ba" name="VPN 1" pid=2638 uid=1000 result="success"
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.5866] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: Started the VPN service, PID 4813
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.6180] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: Saw the service appear; activating connection
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.8160] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received
Nov 30 02:49:08 MEHRDADSYS journal: Check port 1701
Nov 30 02:49:08 MEHRDADSYS NetworkManager: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Nov 30 02:49:09 MEHRDADSYS NetworkManager: Redirecting to: systemctl stop ipsec.service
Nov 30 02:49:09 MEHRDADSYS systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 30 02:49:09 MEHRDADSYS kernel: sha512_ssse3: Using AVX optimized SHA-512 implementation
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: NET: Registered protocol family 15
Nov 30 02:49:09 MEHRDADSYS kernel: IPv4 over IPsec tunneling driver
Nov 30 02:49:09 MEHRDADSYS NetworkManager[936]: <info> [1511997549.9890] manager: (ip_vti0): new Generic device (/org/freedesktop/NetworkManager/Devices/6)
Nov 30 02:49:10 MEHRDADSYS NetworkManager: Redirecting to: systemctl start ipsec.service
Nov 30 02:49:10 MEHRDADSYS systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS ipsec: nflog ipsec capture disabled
Nov 30 02:49:11 MEHRDADSYS kernel: alg: No test for fips(ansi_cprng) (fips_ansi_cprng)
Nov 30 02:49:11 MEHRDADSYS systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 listening for IKE messages
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.192:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.192:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo ::1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e90a9f9f-5adb-4f38-9655-13612347df4b.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: debugging mode enabled
Nov 30 02:49:11 MEHRDADSYS NetworkManager: end of file /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 30 02:49:11 MEHRDADSYS NetworkManager: Loading conn ad863ada-231b-4179-948d-42063a8291ba
Nov 30 02:49:11 MEHRDADSYS NetworkManager: starter: left is KH_DEFAULTROUTE
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" labeled_ipsec=0
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgdomain=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgbanner=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-in=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-out=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" vti_iface=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: opening file: /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 30 02:49:11 MEHRDADSYS NetworkManager: loading named conns: ad863ada-231b-4179-948d-42063a8291ba
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst via 172.30.12.1 dev wlp3s0 src table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: set nexthop: 172.30.12.1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.192 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.192 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.13.255 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.1 via dev wlp3s0 src 172.30.12.192 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: set addr: 172.30.12.192
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 "ad863ada-231b-4179-948d-42063a8291ba" #1: initiating Main Mode
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 104 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: initiate
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
Nov 30 02:49:12 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 1000ms for response
Nov 30 02:49:13 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 2000ms for response
Nov 30 02:49:15 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 4000ms for response
Nov 30 02:49:19 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 8000ms for response
Nov 30 02:49:21 MEHRDADSYS journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <info> [1511997561.1745] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <info> [1511997561.1779] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN service disappeared
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <warn> [1511997561.1795] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: failed to connect: 'Message did not receive a reply (timeout by message bus)'
Nov 30 02:49:27 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 16000ms for response
Nov 30 02:49:30 MEHRDADSYS dbus[786]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Nov 30 02:49:30 MEHRDADSYS dbus-daemon: dbus[786]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Nov 30 02:49:30 MEHRDADSYS systemd: Starting Fingerprint Authentication Daemon...
Nov 30 02:49:30 MEHRDADSYS dbus[786]: [system] Successfully activated service 'net.reactivated.Fprint'
Nov 30 02:49:30 MEHRDADSYS systemd: Started Fingerprint Authentication Daemon.
Nov 30 02:49:30 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'net.reactivated.Fprint'
Nov 30 02:49:30 MEHRDADSYS fprintd: Launching FprintObject
Nov 30 02:49:30 MEHRDADSYS journal: D-Bus service launched with name: net.reactivated.Fprint
Nov 30 02:49:30 MEHRDADSYS journal: entering main loop
networking network-manager vpn
asked Nov 28 '17 at 9:06
mehrdadmehrdad
113
Here is my logs:
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Redirecting to: systemctl stop ipsec.service
Nov 28 12:30:07 MEHRDADSYS systemd: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 28 12:30:07 MEHRDADSYS whack: 002 shutting down
Nov 28 12:30:07 MEHRDADSYS systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Redirecting to: systemctl start ipsec.service
Nov 28 12:30:07 MEHRDADSYS dbus-daemon: dbus[796]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 28 12:30:07 MEHRDADSYS dbus[796]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Nov 28 12:30:07 MEHRDADSYS systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 28 12:30:07 MEHRDADSYS ipsec: nflog ipsec capture disabled
Nov 28 12:30:07 MEHRDADSYS dbus-daemon: dbus[796]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 28 12:30:07 MEHRDADSYS dbus[796]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Nov 28 12:30:07 MEHRDADSYS systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 listening for IKE messages
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.177:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.177:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 adding interface lo/lo ::1:500
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e90a9f9f-5adb-4f38-9655-13612347df4b.secrets"
Nov 28 12:30:07 MEHRDADSYS NetworkManager: debugging mode enabled
Nov 28 12:30:07 MEHRDADSYS NetworkManager: end of file /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 28 12:30:07 MEHRDADSYS NetworkManager: Loading conn ad863ada-231b-4179-948d-42063a8291ba
Nov 28 12:30:07 MEHRDADSYS NetworkManager: starter: left is KH_DEFAULTROUTE
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" labeled_ipsec=0
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgdomain=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgbanner=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-in=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-out=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" vti_iface=(null)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: opening file: /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 28 12:30:07 MEHRDADSYS NetworkManager: loading named conns: ad863ada-231b-4179-948d-42063a8291ba
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst via 172.30.12.1 dev wlp3s0 src table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: set nexthop: 172.30.12.1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.177 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.177 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.13.255 via dev wlp3s0 src 172.30.12.177 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: dst 172.30.12.1 via dev wlp3s0 src 172.30.12.177 table 254
Nov 28 12:30:07 MEHRDADSYS NetworkManager: set addr: 172.30.12.177
Nov 28 12:30:07 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 002 "ad863ada-231b-4179-948d-42063a8291ba" #1: initiating Main Mode
Nov 28 12:30:07 MEHRDADSYS NetworkManager: 104 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: initiate
Nov 28 12:30:08 MEHRDADSYS dbus-daemon: 'list' object has no attribute 'split'
Nov 28 12:30:08 MEHRDADSYS setroubleshoot: Plugin Exception restorecon_source
Nov 28 12:30:08 MEHRDADSYS setroubleshoot: SELinux is preventing /usr/bin/systemctl from read access on the directory journal. For complete SELinux messages. run sealert -l 3bb108a2-b0ed-40c3-928c-035ab49c8432
Nov 28 12:30:08 MEHRDADSYS python: SELinux is preventing /usr/bin/systemctl from read access on the directory journal.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that systemctl should be allowed read access on the journal directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep systemctl /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 28 12:30:08 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
Nov 28 12:30:08 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 1000ms for response
Nov 28 12:30:09 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 2000ms for response
Nov 28 12:30:11 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 4000ms for response
Nov 28 12:30:15 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 8000ms for response
Nov 28 12:30:17 MEHRDADSYS journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <info> [1511859617.9235] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <info> [1511859617.9305] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN service disappeared
Nov 28 12:30:17 MEHRDADSYS NetworkManager[16815]: <warn> [1511859617.9327] vpn-connection[0x7fa000edf100,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: failed to connect: 'Message did not receive a reply (timeout by message bus)'
Nov 28 12:30:18 MEHRDADSYS setroubleshoot: SELinux is preventing /usr/libexec/nm-l2tp-service from using the signull access on a process. For complete SELinux messages. run sealert -l 5e3bc0ea-8c25-4d72-8e96-c9116a34c7de
Nov 28 12:30:18 MEHRDADSYS python: SELinux is preventing /usr/libexec/nm-l2tp-service from using the signull access on a process.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that nm-l2tp-service should be allowed signull access on processes labeled ipsec_mgmt_t by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# grep nm-l2tp-service /var/log/audit/audit.log | audit2allow -M mypol#012# semodule -i mypol.pp#012
Nov 28 12:30:23 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 16000ms for response
Nov 28 12:30:39 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 32000ms for response
Nov 28 12:31:11 MEHRDADSYS NetworkManager: 031 "ad863ada-231b-4179-948d-42063a8291ba" #1: max number of retransmissions (8) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKEv1 message
Nov 28 12:31:11 MEHRDADSYS NetworkManager: 000 "ad863ada-231b-4179-948d-42063a8291ba" #1: starting keying attempt 2 of an unlimited number, but releasing whack
update:
logs after disabling SELinux:
Nov 30 02:45:50 MEHRDADSYS systemd: Starting Hostname Service...
Nov 30 02:45:50 MEHRDADSYS dbus[786]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 30 02:45:50 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'org.freedesktop.hostname1'
Nov 30 02:45:50 MEHRDADSYS systemd: Started Hostname Service.
Nov 30 02:46:57 MEHRDADSYS obexd[4675]: OBEX daemon 5.23
Nov 30 02:48:46 MEHRDADSYS dbus[786]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Nov 30 02:48:46 MEHRDADSYS dbus-daemon: dbus[786]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Nov 30 02:48:46 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'org.freedesktop.problems'
Nov 30 02:48:46 MEHRDADSYS dbus[786]: [system] Successfully activated service 'org.freedesktop.problems'
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.5713] audit: op="connection-activate" uuid="ad863ada-231b-4179-948d-42063a8291ba" name="VPN 1" pid=2638 uid=1000 result="success"
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.5866] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: Started the VPN service, PID 4813
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.6180] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: Saw the service appear; activating connection
Nov 30 02:49:08 MEHRDADSYS NetworkManager[936]: <info> [1511997548.8160] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received
Nov 30 02:49:08 MEHRDADSYS journal: Check port 1701
Nov 30 02:49:08 MEHRDADSYS NetworkManager: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Nov 30 02:49:09 MEHRDADSYS NetworkManager: Redirecting to: systemctl stop ipsec.service
Nov 30 02:49:09 MEHRDADSYS systemd: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 30 02:49:09 MEHRDADSYS kernel: sha512_ssse3: Using AVX optimized SHA-512 implementation
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:09 MEHRDADSYS kernel: NET: Registered protocol family 15
Nov 30 02:49:09 MEHRDADSYS kernel: IPv4 over IPsec tunneling driver
Nov 30 02:49:09 MEHRDADSYS NetworkManager[936]: <info> [1511997549.9890] manager: (ip_vti0): new Generic device (/org/freedesktop/NetworkManager/Devices/6)
Nov 30 02:49:10 MEHRDADSYS NetworkManager: Redirecting to: systemctl start ipsec.service
Nov 30 02:49:10 MEHRDADSYS systemd: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 or AES-NI instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS kernel: AVX2 instructions are not detected.
Nov 30 02:49:10 MEHRDADSYS ipsec: nflog ipsec capture disabled
Nov 30 02:49:11 MEHRDADSYS kernel: alg: No test for fips(ansi_cprng) (fips_ansi_cprng)
Nov 30 02:49:11 MEHRDADSYS systemd: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 listening for IKE messages
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface virbr0/virbr0 192.168.122.1:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.192:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface wlp3s0/wlp3s0 172.30.12.192:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo 127.0.0.1:4500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 adding interface lo/lo ::1:500
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 loading secrets from "/etc/ipsec.d/nm-l2tp-ipsec-e90a9f9f-5adb-4f38-9655-13612347df4b.secrets"
Nov 30 02:49:11 MEHRDADSYS NetworkManager: debugging mode enabled
Nov 30 02:49:11 MEHRDADSYS NetworkManager: end of file /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 30 02:49:11 MEHRDADSYS NetworkManager: Loading conn ad863ada-231b-4179-948d-42063a8291ba
Nov 30 02:49:11 MEHRDADSYS NetworkManager: starter: left is KH_DEFAULTROUTE
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" labeled_ipsec=0
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgdomain=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" modecfgbanner=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-in=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" mark-out=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: conn: "ad863ada-231b-4179-948d-42063a8291ba" vti_iface=(null)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: opening file: /var/run/nm-l2tp-ipsec-ad863ada-231b-4179-948d-42063a8291ba.conf
Nov 30 02:49:11 MEHRDADSYS NetworkManager: loading named conns: ad863ada-231b-4179-948d-42063a8291ba
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 1, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 1, has_dst = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst via 172.30.12.1 dev wlp3s0 src table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: set nexthop: 172.30.12.1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.192 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.0 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.0.0.1 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 127.255.255.255 via dev lo src 127.0.0.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.0 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.192 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.13.255 via dev wlp3s0 src 172.30.12.192 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.0 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.1 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 192.168.122.255 via dev virbr0 src 192.168.122.1 table 255 (ignored)
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 1, seeking_gateway = 0, has_dst = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: dst 172.30.12.1 via dev wlp3s0 src 172.30.12.192 table 254
Nov 30 02:49:11 MEHRDADSYS NetworkManager: set addr: 172.30.12.192
Nov 30 02:49:11 MEHRDADSYS NetworkManager: seeking_src = 0, seeking_gateway = 0, has_peer = 1
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 002 "ad863ada-231b-4179-948d-42063a8291ba" #1: initiating Main Mode
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 104 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: initiate
Nov 30 02:49:11 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 500ms for response
Nov 30 02:49:12 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 1000ms for response
Nov 30 02:49:13 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 2000ms for response
Nov 30 02:49:15 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 4000ms for response
Nov 30 02:49:19 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 8000ms for response
Nov 30 02:49:21 MEHRDADSYS journal: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <info> [1511997561.1745] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN plugin: state changed: stopped (6)
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <info> [1511997561.1779] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN service disappeared
Nov 30 02:49:21 MEHRDADSYS NetworkManager[936]: <warn> [1511997561.1795] vpn-connection[0x7f88a6b270d0,ad863ada-231b-4179-948d-42063a8291ba,"VPN 1",0]: VPN connection: failed to connect: 'Message did not receive a reply (timeout by message bus)'
Nov 30 02:49:27 MEHRDADSYS NetworkManager: 010 "ad863ada-231b-4179-948d-42063a8291ba" #1: STATE_MAIN_I1: retransmission; will wait 16000ms for response
Nov 30 02:49:30 MEHRDADSYS dbus[786]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Nov 30 02:49:30 MEHRDADSYS dbus-daemon: dbus[786]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Nov 30 02:49:30 MEHRDADSYS systemd: Starting Fingerprint Authentication Daemon...
Nov 30 02:49:30 MEHRDADSYS dbus[786]: [system] Successfully activated service 'net.reactivated.Fprint'
Nov 30 02:49:30 MEHRDADSYS systemd: Started Fingerprint Authentication Daemon.
Nov 30 02:49:30 MEHRDADSYS dbus-daemon: dbus[786]: [system] Successfully activated service 'net.reactivated.Fprint'
Nov 30 02:49:30 MEHRDADSYS fprintd: Launching FprintObject
Nov 30 02:49:30 MEHRDADSYS journal: D-Bus service launched with name: net.reactivated.Fprint
Nov 30 02:49:30 MEHRDADSYS journal: entering main loop
networking network-manager vpn
networking network-manager vpn
asked Nov 28 '17 at 9:06
mehrdadmehrdad
113
asked Nov 28 '17 at 9:06
mehrdadmehrdad
113
edited Nov 29 '17 at 23:22
mehrdad
asked Nov 28 '17 at 9:06
mehrdadmehrdad
113
asked Nov 28 '17 at 9:06
mehrdadmehrdad
113
asked Nov 28 '17 at 9:06
mehrdadmehrdad
113
113
bumped to the homepage by Community♦ 48 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 48 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
this was for L2TP, when i try PPTP i see in logs that some times NetworkManager and ppdp says:"permission denied" or ""could not open..
– mehrdad
Nov 28 '17 at 9:11
add a comment |
this was for L2TP, when i try PPTP i see in logs that some times NetworkManager and ppdp says:"permission denied" or ""could not open..
– mehrdad
Nov 28 '17 at 9:11
this was for L2TP, when i try PPTP i see in logs that some times NetworkManager and ppdp says:"permission denied" or ""could not open..
– mehrdad
Nov 28 '17 at 9:11
this was for L2TP, when i try PPTP i see in logs that some times NetworkManager and ppdp says:"permission denied" or ""could not open..
– mehrdad
Nov 28 '17 at 9:11
add a comment |
1 Answer
1
active
oldest
votes
0
I think the issue is SELinux, I don't think there are any SELinux policies for strongswan, xl2tpd, pptpd, etc on Ubuntu.
Ubuntu normally uses AppArmor instead of SELinux and the appropriate AppArmor profiles are in place.
Update:
The current issue is that your VPN server is using algorithyms that libreswan (and strongswan) consider old and broken, see:
- https://github.com/nm-l2tp/network-manager-l2tp#vpn-servers-using-ipsec-ikev1-broken-algorithms
The correct fix is to reconfigure the VPN server to user stronger algorithms.
But you can find workaround examples on that page for VPN servers that are using the 3DES, SHA1 and MODP1024 broken algorithms.
You can use the ike-scan.sh script on the following page to query the VPN server for the algorithms it supports:
- https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues#querying-vpn-server-for-its-supported-ipsec-ikev1-algorithms
answered Nov 28 '17 at 14:07
Douglas KosovicDouglas Kosovic
33614
i suspected that it is SELinux too so I disabled it BUT this only fixed PPTP, L2TP is not working! I can connect L2TP with my phone, tablet and windows but in linux centos i can not:(
– mehrdad
Nov 28 '17 at 23:15
Can you provide the log output ?
– Douglas Kosovic
Nov 29 '17 at 13:23
sure, i updated question.
– mehrdad
Nov 29 '17 at 23:21
i am looking forward to your answer, thank you very much!
– mehrdad
Nov 29 '17 at 23:59
I've edited and updated my answer above. Sorry for not responding earlier, been away.
– Douglas Kosovic
Dec 9 '17 at 7:31
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f981015%2fnetworkmanager-says-activation-of-network-connection-failed-when-trying-to-con%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
I think the issue is SELinux, I don't think there are any SELinux policies for strongswan, xl2tpd, pptpd, etc on Ubuntu.
Ubuntu normally uses AppArmor instead of SELinux and the appropriate AppArmor profiles are in place.
Update:
The current issue is that your VPN server is using algorithyms that libreswan (and strongswan) consider old and broken, see:
- https://github.com/nm-l2tp/network-manager-l2tp#vpn-servers-using-ipsec-ikev1-broken-algorithms
The correct fix is to reconfigure the VPN server to user stronger algorithms.
But you can find workaround examples on that page for VPN servers that are using the 3DES, SHA1 and MODP1024 broken algorithms.
You can use the ike-scan.sh script on the following page to query the VPN server for the algorithms it supports:
- https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues#querying-vpn-server-for-its-supported-ipsec-ikev1-algorithms
answered Nov 28 '17 at 14:07
Douglas KosovicDouglas Kosovic
33614
i suspected that it is SELinux too so I disabled it BUT this only fixed PPTP, L2TP is not working! I can connect L2TP with my phone, tablet and windows but in linux centos i can not:(
– mehrdad
Nov 28 '17 at 23:15
Can you provide the log output ?
– Douglas Kosovic
Nov 29 '17 at 13:23
sure, i updated question.
– mehrdad
Nov 29 '17 at 23:21
i am looking forward to your answer, thank you very much!
– mehrdad
Nov 29 '17 at 23:59
I've edited and updated my answer above. Sorry for not responding earlier, been away.
– Douglas Kosovic
Dec 9 '17 at 7:31
add a comment |
0
I think the issue is SELinux, I don't think there are any SELinux policies for strongswan, xl2tpd, pptpd, etc on Ubuntu.
Ubuntu normally uses AppArmor instead of SELinux and the appropriate AppArmor profiles are in place.
Update:
The current issue is that your VPN server is using algorithyms that libreswan (and strongswan) consider old and broken, see:
- https://github.com/nm-l2tp/network-manager-l2tp#vpn-servers-using-ipsec-ikev1-broken-algorithms
The correct fix is to reconfigure the VPN server to user stronger algorithms.
But you can find workaround examples on that page for VPN servers that are using the 3DES, SHA1 and MODP1024 broken algorithms.
You can use the ike-scan.sh script on the following page to query the VPN server for the algorithms it supports:
- https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues#querying-vpn-server-for-its-supported-ipsec-ikev1-algorithms
answered Nov 28 '17 at 14:07
Douglas KosovicDouglas Kosovic
33614
i suspected that it is SELinux too so I disabled it BUT this only fixed PPTP, L2TP is not working! I can connect L2TP with my phone, tablet and windows but in linux centos i can not:(
– mehrdad
Nov 28 '17 at 23:15
Can you provide the log output ?
– Douglas Kosovic
Nov 29 '17 at 13:23
sure, i updated question.
– mehrdad
Nov 29 '17 at 23:21
i am looking forward to your answer, thank you very much!
– mehrdad
Nov 29 '17 at 23:59
I've edited and updated my answer above. Sorry for not responding earlier, been away.
– Douglas Kosovic
Dec 9 '17 at 7:31
add a comment |
0
0
0
I think the issue is SELinux, I don't think there are any SELinux policies for strongswan, xl2tpd, pptpd, etc on Ubuntu.
Ubuntu normally uses AppArmor instead of SELinux and the appropriate AppArmor profiles are in place.
Update:
The current issue is that your VPN server is using algorithyms that libreswan (and strongswan) consider old and broken, see:
- https://github.com/nm-l2tp/network-manager-l2tp#vpn-servers-using-ipsec-ikev1-broken-algorithms
The correct fix is to reconfigure the VPN server to user stronger algorithms.
But you can find workaround examples on that page for VPN servers that are using the 3DES, SHA1 and MODP1024 broken algorithms.
You can use the ike-scan.sh script on the following page to query the VPN server for the algorithms it supports:
- https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues#querying-vpn-server-for-its-supported-ipsec-ikev1-algorithms
answered Nov 28 '17 at 14:07
Douglas KosovicDouglas Kosovic
33614
I think the issue is SELinux, I don't think there are any SELinux policies for strongswan, xl2tpd, pptpd, etc on Ubuntu.
Ubuntu normally uses AppArmor instead of SELinux and the appropriate AppArmor profiles are in place.
Update:
The current issue is that your VPN server is using algorithyms that libreswan (and strongswan) consider old and broken, see:
- https://github.com/nm-l2tp/network-manager-l2tp#vpn-servers-using-ipsec-ikev1-broken-algorithms
The correct fix is to reconfigure the VPN server to user stronger algorithms.
But you can find workaround examples on that page for VPN servers that are using the 3DES, SHA1 and MODP1024 broken algorithms.
You can use the ike-scan.sh script on the following page to query the VPN server for the algorithms it supports:
- https://github.com/nm-l2tp/network-manager-l2tp/wiki/Known-Issues#querying-vpn-server-for-its-supported-ipsec-ikev1-algorithms
answered Nov 28 '17 at 14:07
Douglas KosovicDouglas Kosovic
33614
edited Dec 9 '17 at 7:29
answered Nov 28 '17 at 14:07
Douglas KosovicDouglas Kosovic
33614
answered Nov 28 '17 at 14:07
Douglas KosovicDouglas Kosovic
33614
answered Nov 28 '17 at 14:07
Douglas KosovicDouglas Kosovic
33614
33614
i suspected that it is SELinux too so I disabled it BUT this only fixed PPTP, L2TP is not working! I can connect L2TP with my phone, tablet and windows but in linux centos i can not:(
– mehrdad
Nov 28 '17 at 23:15
Can you provide the log output ?
– Douglas Kosovic
Nov 29 '17 at 13:23
sure, i updated question.
– mehrdad
Nov 29 '17 at 23:21
i am looking forward to your answer, thank you very much!
– mehrdad
Nov 29 '17 at 23:59
I've edited and updated my answer above. Sorry for not responding earlier, been away.
– Douglas Kosovic
Dec 9 '17 at 7:31
add a comment |
i suspected that it is SELinux too so I disabled it BUT this only fixed PPTP, L2TP is not working! I can connect L2TP with my phone, tablet and windows but in linux centos i can not:(
– mehrdad
Nov 28 '17 at 23:15
Can you provide the log output ?
– Douglas Kosovic
Nov 29 '17 at 13:23
sure, i updated question.
– mehrdad
Nov 29 '17 at 23:21
i am looking forward to your answer, thank you very much!
– mehrdad
Nov 29 '17 at 23:59
I've edited and updated my answer above. Sorry for not responding earlier, been away.
– Douglas Kosovic
Dec 9 '17 at 7:31
i suspected that it is SELinux too so I disabled it BUT this only fixed PPTP, L2TP is not working! I can connect L2TP with my phone, tablet and windows but in linux centos i can not:(
– mehrdad
Nov 28 '17 at 23:15
i suspected that it is SELinux too so I disabled it BUT this only fixed PPTP, L2TP is not working! I can connect L2TP with my phone, tablet and windows but in linux centos i can not:(
– mehrdad
Nov 28 '17 at 23:15
Can you provide the log output ?
– Douglas Kosovic
Nov 29 '17 at 13:23
Can you provide the log output ?
– Douglas Kosovic
Nov 29 '17 at 13:23
sure, i updated question.
– mehrdad
Nov 29 '17 at 23:21
sure, i updated question.
– mehrdad
Nov 29 '17 at 23:21
i am looking forward to your answer, thank you very much!
– mehrdad
Nov 29 '17 at 23:59
i am looking forward to your answer, thank you very much!
– mehrdad
Nov 29 '17 at 23:59
I've edited and updated my answer above. Sorry for not responding earlier, been away.
– Douglas Kosovic
Dec 9 '17 at 7:31
I've edited and updated my answer above. Sorry for not responding earlier, been away.
– Douglas Kosovic
Dec 9 '17 at 7:31
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f981015%2fnetworkmanager-says-activation-of-network-connection-failed-when-trying-to-con%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
this was for L2TP, when i try PPTP i see in logs that some times NetworkManager and ppdp says:"permission denied" or ""could not open..
– mehrdad
Nov 28 '17 at 9:11