VPN IPSEC PSK NO_PROPOSAL_CHOSEN





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







0















In Ubuntu 18.10, I'm trying to set-up a L2TP VPN connection with a WatchGuard server using PSK with SHA1-AES 256bit DH group 2 for Phase 1 and ESP-AES-SHA1 group 1 for Phase 2.



I tried with both Strongswan and Libreswan but always get a NO_PROPOSAL_CHOSEN error, no matter which algorithms I choose in ipsec.conf or in GNOME network manager. Relevant files are shown below. What do you suggest?



ipsec.conf



conn vpn
authby=secret
left=%defaultroute
leftxauthclient=yes
leftmodecfgclient=yes
leftxauthusername=[MY USERNAME]
modecfgpull=yes
right=[SERVER IP]
rightxauthserver=yes
rightmodecfgserver=yes
rekey=no
auto=add
ike_frag=no
ike=aes256-sha-modp2048
esp=aes-sha1-modp1024


ipsec.secrets



[MY SERVER IP] %any : PSK "[MY PSK]"
@[MY USERNAME] : XAUTH "[MY PASSWORD]"


edit new ipsec.conf:



conn myvpn
ikelifetime=8h
keylife=20m
rekeymargin=3m
keyingtries=3
keyexchange=ikev1
authby=psk
left=%defaultroute
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=[SERVER_IP]
dpdtimeout=120
dpdaction=clear
rekey=yes
ike=aes256-sha1-modp1024!
esp=aes256-sha1-modp768!


launching ipsec -up myvpn gives:



initiating Main Mode IKE_SA myvpn[1] to [SERVER_IP]
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (180 bytes)
received packet: from [SERVER_IP][500] to 192.168.1.6[500] (136 bytes)
parsed ID_PROT response 0 [ SA V V V ]
received XAuth vendor ID
received draft-ietf-ipsec-nat-t-ike-02n vendor ID
received DPD vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (244 bytes)
received packet: from [SERVER_IP][500] to 192.168.1.6[500] (220 bytes)
parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (108 bytes)
received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IKE_SA myvpn[1] established between 192.168.1.6[192.168.1.6]...[SERVER_IP][SERVER_IP]
scheduling reauthentication in 28591s
maximum IKE_SA lifetime 28771s
generating QUICK_MODE request 3496213378 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (300 bytes)
received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
parsed INFORMATIONAL_V1 request 2157690019 [ HASH N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN error notify
establishing connection 'myvpn' failed


edit
xl2tpd.conf



[lac myvpn]
lns = [SERVER_IP]
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes


/etc/ppp/options.l2tpd.client



ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-chap
noccp
noauth
mtu 1280
mru 1280
noipdefault
defaultroute
usepeerdns
connect-delay 5000
name [MY USERNAME]
password [MY PASSWORD]


Trying with network manager returns:



nm-l2tp-service[17266]: xl2tpd started with pid 17340
NetworkManager[1137]: xl2tpd[17340]: Not looking for kernel SAref support.
NetworkManager[1137]: xl2tpd[17340]: Using l2tp kernel support.
NetworkManager[1137]: xl2tpd[17340]: xl2tpd version xl2tpd-1.3.12 started on Ing PID:17340
NetworkManager[1137]: xl2tpd[17340]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
NetworkManager[1137]: xl2tpd[17340]: Forked by Scott Balmos and David Stipp, (C) 2001
NetworkManager[1137]: xl2tpd[17340]: Inherited by Jeff McAdams, (C) 2002
NetworkManager[1137]: xl2tpd[17340]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
NetworkManager[1137]: xl2tpd[17340]: Listening on IP address 0.0.0.0, port 1701
NetworkManager[1137]: xl2tpd[17340]: Connecting to host [SERVER_IP], port 1701
NetworkManager[1137]: <info> [1541422442.3462] vpn-connection[0x55a9be8bc370,c657e7cd-7120-40b6-936c-969ca917c53c,"VPN 1",0]: VPN plugin: state changed: starting (3)
NetworkManager[1137]: xl2tpd[17340]: Connection established to [SERVER_IP], 1701. Local: 62148, Remote: 1 (ref=0/0).
NetworkManager[1137]: xl2tpd[17340]: Calling on tunnel 62148
NetworkManager[1137]: xl2tpd[17340]: Call established with [SERVER_IP], Local: 47419, Remote: 1, Serial: 1 (ref=0/0)
NetworkManager[1137]: xl2tpd[17340]: start_pppd: I'm running:
NetworkManager[1137]: xl2tpd[17340]: "/usr/sbin/pppd"
NetworkManager[1137]: xl2tpd[17340]: "plugin"
NetworkManager[1137]: xl2tpd[17340]: "pppol2tp.so"
NetworkManager[1137]: xl2tpd[17340]: "pppol2tp"
NetworkManager[1137]: xl2tpd[17340]: "7"
NetworkManager[1137]: xl2tpd[17340]: "passive"
NetworkManager[1137]: xl2tpd[17340]: "nodetach"
NetworkManager[1137]: xl2tpd[17340]: ":"
NetworkManager[1137]: xl2tpd[17340]: "file"
NetworkManager[1137]: xl2tpd[17340]: "/run/nm-l2tp-ppp-options-c657e7cd-7120-40b6-936c-969ca917c53c"
pppd[17341]: Plugin pppol2tp.so loaded.
pppd[17341]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
pppd[17341]: pppd 2.4.7 started by root, uid 0
pppd[17341]: Using interface ppp0
pppd[17341]: Connect: ppp0 <-->
pppd[17341]: Overriding mtu 1500 to 1400
pppd[17341]: Overriding mru 1500 to mtu value 1400
NetworkManager[1137]: <info> [1541422442.4026] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/19)
systemd-udevd[17344]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
NetworkManager[1137]: <info> [1541422442.4117] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
NetworkManager[1137]: <info> [1541422442.4117] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
NetworkManager[1137]: xl2tpd[17340]: check_control: Received out of order control packet on tunnel 1 (got 1, expected 2)
NetworkManager[1137]: xl2tpd[17340]: handle_packet: bad control packet!









share|improve this question































    0















    In Ubuntu 18.10, I'm trying to set-up a L2TP VPN connection with a WatchGuard server using PSK with SHA1-AES 256bit DH group 2 for Phase 1 and ESP-AES-SHA1 group 1 for Phase 2.



    I tried with both Strongswan and Libreswan but always get a NO_PROPOSAL_CHOSEN error, no matter which algorithms I choose in ipsec.conf or in GNOME network manager. Relevant files are shown below. What do you suggest?



    ipsec.conf



    conn vpn
    authby=secret
    left=%defaultroute
    leftxauthclient=yes
    leftmodecfgclient=yes
    leftxauthusername=[MY USERNAME]
    modecfgpull=yes
    right=[SERVER IP]
    rightxauthserver=yes
    rightmodecfgserver=yes
    rekey=no
    auto=add
    ike_frag=no
    ike=aes256-sha-modp2048
    esp=aes-sha1-modp1024


    ipsec.secrets



    [MY SERVER IP] %any : PSK "[MY PSK]"
    @[MY USERNAME] : XAUTH "[MY PASSWORD]"


    edit new ipsec.conf:



    conn myvpn
    ikelifetime=8h
    keylife=20m
    rekeymargin=3m
    keyingtries=3
    keyexchange=ikev1
    authby=psk
    left=%defaultroute
    auto=add
    authby=secret
    type=transport
    leftprotoport=17/1701
    rightprotoport=17/1701
    right=[SERVER_IP]
    dpdtimeout=120
    dpdaction=clear
    rekey=yes
    ike=aes256-sha1-modp1024!
    esp=aes256-sha1-modp768!


    launching ipsec -up myvpn gives:



    initiating Main Mode IKE_SA myvpn[1] to [SERVER_IP]
    generating ID_PROT request 0 [ SA V V V V V ]
    sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (180 bytes)
    received packet: from [SERVER_IP][500] to 192.168.1.6[500] (136 bytes)
    parsed ID_PROT response 0 [ SA V V V ]
    received XAuth vendor ID
    received draft-ietf-ipsec-nat-t-ike-02n vendor ID
    received DPD vendor ID
    generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
    sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (244 bytes)
    received packet: from [SERVER_IP][500] to 192.168.1.6[500] (220 bytes)
    parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
    local host is behind NAT, sending keep alives
    generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
    sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (108 bytes)
    received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
    parsed ID_PROT response 0 [ ID HASH ]
    IKE_SA myvpn[1] established between 192.168.1.6[192.168.1.6]...[SERVER_IP][SERVER_IP]
    scheduling reauthentication in 28591s
    maximum IKE_SA lifetime 28771s
    generating QUICK_MODE request 3496213378 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
    sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (300 bytes)
    received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
    parsed INFORMATIONAL_V1 request 2157690019 [ HASH N(NO_PROP) ]
    received NO_PROPOSAL_CHOSEN error notify
    establishing connection 'myvpn' failed


    edit
    xl2tpd.conf



    [lac myvpn]
    lns = [SERVER_IP]
    ppp debug = yes
    pppoptfile = /etc/ppp/options.l2tpd.client
    length bit = yes


    /etc/ppp/options.l2tpd.client



    ipcp-accept-local
    ipcp-accept-remote
    refuse-eap
    require-chap
    noccp
    noauth
    mtu 1280
    mru 1280
    noipdefault
    defaultroute
    usepeerdns
    connect-delay 5000
    name [MY USERNAME]
    password [MY PASSWORD]


    Trying with network manager returns:



    nm-l2tp-service[17266]: xl2tpd started with pid 17340
    NetworkManager[1137]: xl2tpd[17340]: Not looking for kernel SAref support.
    NetworkManager[1137]: xl2tpd[17340]: Using l2tp kernel support.
    NetworkManager[1137]: xl2tpd[17340]: xl2tpd version xl2tpd-1.3.12 started on Ing PID:17340
    NetworkManager[1137]: xl2tpd[17340]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
    NetworkManager[1137]: xl2tpd[17340]: Forked by Scott Balmos and David Stipp, (C) 2001
    NetworkManager[1137]: xl2tpd[17340]: Inherited by Jeff McAdams, (C) 2002
    NetworkManager[1137]: xl2tpd[17340]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
    NetworkManager[1137]: xl2tpd[17340]: Listening on IP address 0.0.0.0, port 1701
    NetworkManager[1137]: xl2tpd[17340]: Connecting to host [SERVER_IP], port 1701
    NetworkManager[1137]: <info> [1541422442.3462] vpn-connection[0x55a9be8bc370,c657e7cd-7120-40b6-936c-969ca917c53c,"VPN 1",0]: VPN plugin: state changed: starting (3)
    NetworkManager[1137]: xl2tpd[17340]: Connection established to [SERVER_IP], 1701. Local: 62148, Remote: 1 (ref=0/0).
    NetworkManager[1137]: xl2tpd[17340]: Calling on tunnel 62148
    NetworkManager[1137]: xl2tpd[17340]: Call established with [SERVER_IP], Local: 47419, Remote: 1, Serial: 1 (ref=0/0)
    NetworkManager[1137]: xl2tpd[17340]: start_pppd: I'm running:
    NetworkManager[1137]: xl2tpd[17340]: "/usr/sbin/pppd"
    NetworkManager[1137]: xl2tpd[17340]: "plugin"
    NetworkManager[1137]: xl2tpd[17340]: "pppol2tp.so"
    NetworkManager[1137]: xl2tpd[17340]: "pppol2tp"
    NetworkManager[1137]: xl2tpd[17340]: "7"
    NetworkManager[1137]: xl2tpd[17340]: "passive"
    NetworkManager[1137]: xl2tpd[17340]: "nodetach"
    NetworkManager[1137]: xl2tpd[17340]: ":"
    NetworkManager[1137]: xl2tpd[17340]: "file"
    NetworkManager[1137]: xl2tpd[17340]: "/run/nm-l2tp-ppp-options-c657e7cd-7120-40b6-936c-969ca917c53c"
    pppd[17341]: Plugin pppol2tp.so loaded.
    pppd[17341]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
    pppd[17341]: pppd 2.4.7 started by root, uid 0
    pppd[17341]: Using interface ppp0
    pppd[17341]: Connect: ppp0 <-->
    pppd[17341]: Overriding mtu 1500 to 1400
    pppd[17341]: Overriding mru 1500 to mtu value 1400
    NetworkManager[1137]: <info> [1541422442.4026] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/19)
    systemd-udevd[17344]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
    NetworkManager[1137]: <info> [1541422442.4117] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
    NetworkManager[1137]: <info> [1541422442.4117] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
    NetworkManager[1137]: xl2tpd[17340]: check_control: Received out of order control packet on tunnel 1 (got 1, expected 2)
    NetworkManager[1137]: xl2tpd[17340]: handle_packet: bad control packet!









    share|improve this question



























      0












      0








      0








      In Ubuntu 18.10, I'm trying to set-up a L2TP VPN connection with a WatchGuard server using PSK with SHA1-AES 256bit DH group 2 for Phase 1 and ESP-AES-SHA1 group 1 for Phase 2.



      I tried with both Strongswan and Libreswan but always get a NO_PROPOSAL_CHOSEN error, no matter which algorithms I choose in ipsec.conf or in GNOME network manager. Relevant files are shown below. What do you suggest?



      ipsec.conf



      conn vpn
      authby=secret
      left=%defaultroute
      leftxauthclient=yes
      leftmodecfgclient=yes
      leftxauthusername=[MY USERNAME]
      modecfgpull=yes
      right=[SERVER IP]
      rightxauthserver=yes
      rightmodecfgserver=yes
      rekey=no
      auto=add
      ike_frag=no
      ike=aes256-sha-modp2048
      esp=aes-sha1-modp1024


      ipsec.secrets



      [MY SERVER IP] %any : PSK "[MY PSK]"
      @[MY USERNAME] : XAUTH "[MY PASSWORD]"


      edit new ipsec.conf:



      conn myvpn
      ikelifetime=8h
      keylife=20m
      rekeymargin=3m
      keyingtries=3
      keyexchange=ikev1
      authby=psk
      left=%defaultroute
      auto=add
      authby=secret
      type=transport
      leftprotoport=17/1701
      rightprotoport=17/1701
      right=[SERVER_IP]
      dpdtimeout=120
      dpdaction=clear
      rekey=yes
      ike=aes256-sha1-modp1024!
      esp=aes256-sha1-modp768!


      launching ipsec -up myvpn gives:



      initiating Main Mode IKE_SA myvpn[1] to [SERVER_IP]
      generating ID_PROT request 0 [ SA V V V V V ]
      sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (180 bytes)
      received packet: from [SERVER_IP][500] to 192.168.1.6[500] (136 bytes)
      parsed ID_PROT response 0 [ SA V V V ]
      received XAuth vendor ID
      received draft-ietf-ipsec-nat-t-ike-02n vendor ID
      received DPD vendor ID
      generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
      sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (244 bytes)
      received packet: from [SERVER_IP][500] to 192.168.1.6[500] (220 bytes)
      parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
      local host is behind NAT, sending keep alives
      generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
      sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (108 bytes)
      received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
      parsed ID_PROT response 0 [ ID HASH ]
      IKE_SA myvpn[1] established between 192.168.1.6[192.168.1.6]...[SERVER_IP][SERVER_IP]
      scheduling reauthentication in 28591s
      maximum IKE_SA lifetime 28771s
      generating QUICK_MODE request 3496213378 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
      sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (300 bytes)
      received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
      parsed INFORMATIONAL_V1 request 2157690019 [ HASH N(NO_PROP) ]
      received NO_PROPOSAL_CHOSEN error notify
      establishing connection 'myvpn' failed


      edit
      xl2tpd.conf



      [lac myvpn]
      lns = [SERVER_IP]
      ppp debug = yes
      pppoptfile = /etc/ppp/options.l2tpd.client
      length bit = yes


      /etc/ppp/options.l2tpd.client



      ipcp-accept-local
      ipcp-accept-remote
      refuse-eap
      require-chap
      noccp
      noauth
      mtu 1280
      mru 1280
      noipdefault
      defaultroute
      usepeerdns
      connect-delay 5000
      name [MY USERNAME]
      password [MY PASSWORD]


      Trying with network manager returns:



      nm-l2tp-service[17266]: xl2tpd started with pid 17340
      NetworkManager[1137]: xl2tpd[17340]: Not looking for kernel SAref support.
      NetworkManager[1137]: xl2tpd[17340]: Using l2tp kernel support.
      NetworkManager[1137]: xl2tpd[17340]: xl2tpd version xl2tpd-1.3.12 started on Ing PID:17340
      NetworkManager[1137]: xl2tpd[17340]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
      NetworkManager[1137]: xl2tpd[17340]: Forked by Scott Balmos and David Stipp, (C) 2001
      NetworkManager[1137]: xl2tpd[17340]: Inherited by Jeff McAdams, (C) 2002
      NetworkManager[1137]: xl2tpd[17340]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
      NetworkManager[1137]: xl2tpd[17340]: Listening on IP address 0.0.0.0, port 1701
      NetworkManager[1137]: xl2tpd[17340]: Connecting to host [SERVER_IP], port 1701
      NetworkManager[1137]: <info> [1541422442.3462] vpn-connection[0x55a9be8bc370,c657e7cd-7120-40b6-936c-969ca917c53c,"VPN 1",0]: VPN plugin: state changed: starting (3)
      NetworkManager[1137]: xl2tpd[17340]: Connection established to [SERVER_IP], 1701. Local: 62148, Remote: 1 (ref=0/0).
      NetworkManager[1137]: xl2tpd[17340]: Calling on tunnel 62148
      NetworkManager[1137]: xl2tpd[17340]: Call established with [SERVER_IP], Local: 47419, Remote: 1, Serial: 1 (ref=0/0)
      NetworkManager[1137]: xl2tpd[17340]: start_pppd: I'm running:
      NetworkManager[1137]: xl2tpd[17340]: "/usr/sbin/pppd"
      NetworkManager[1137]: xl2tpd[17340]: "plugin"
      NetworkManager[1137]: xl2tpd[17340]: "pppol2tp.so"
      NetworkManager[1137]: xl2tpd[17340]: "pppol2tp"
      NetworkManager[1137]: xl2tpd[17340]: "7"
      NetworkManager[1137]: xl2tpd[17340]: "passive"
      NetworkManager[1137]: xl2tpd[17340]: "nodetach"
      NetworkManager[1137]: xl2tpd[17340]: ":"
      NetworkManager[1137]: xl2tpd[17340]: "file"
      NetworkManager[1137]: xl2tpd[17340]: "/run/nm-l2tp-ppp-options-c657e7cd-7120-40b6-936c-969ca917c53c"
      pppd[17341]: Plugin pppol2tp.so loaded.
      pppd[17341]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
      pppd[17341]: pppd 2.4.7 started by root, uid 0
      pppd[17341]: Using interface ppp0
      pppd[17341]: Connect: ppp0 <-->
      pppd[17341]: Overriding mtu 1500 to 1400
      pppd[17341]: Overriding mru 1500 to mtu value 1400
      NetworkManager[1137]: <info> [1541422442.4026] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/19)
      systemd-udevd[17344]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
      NetworkManager[1137]: <info> [1541422442.4117] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
      NetworkManager[1137]: <info> [1541422442.4117] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
      NetworkManager[1137]: xl2tpd[17340]: check_control: Received out of order control packet on tunnel 1 (got 1, expected 2)
      NetworkManager[1137]: xl2tpd[17340]: handle_packet: bad control packet!









      share|improve this question
















      In Ubuntu 18.10, I'm trying to set-up a L2TP VPN connection with a WatchGuard server using PSK with SHA1-AES 256bit DH group 2 for Phase 1 and ESP-AES-SHA1 group 1 for Phase 2.



      I tried with both Strongswan and Libreswan but always get a NO_PROPOSAL_CHOSEN error, no matter which algorithms I choose in ipsec.conf or in GNOME network manager. Relevant files are shown below. What do you suggest?



      ipsec.conf



      conn vpn
      authby=secret
      left=%defaultroute
      leftxauthclient=yes
      leftmodecfgclient=yes
      leftxauthusername=[MY USERNAME]
      modecfgpull=yes
      right=[SERVER IP]
      rightxauthserver=yes
      rightmodecfgserver=yes
      rekey=no
      auto=add
      ike_frag=no
      ike=aes256-sha-modp2048
      esp=aes-sha1-modp1024


      ipsec.secrets



      [MY SERVER IP] %any : PSK "[MY PSK]"
      @[MY USERNAME] : XAUTH "[MY PASSWORD]"


      edit new ipsec.conf:



      conn myvpn
      ikelifetime=8h
      keylife=20m
      rekeymargin=3m
      keyingtries=3
      keyexchange=ikev1
      authby=psk
      left=%defaultroute
      auto=add
      authby=secret
      type=transport
      leftprotoport=17/1701
      rightprotoport=17/1701
      right=[SERVER_IP]
      dpdtimeout=120
      dpdaction=clear
      rekey=yes
      ike=aes256-sha1-modp1024!
      esp=aes256-sha1-modp768!


      launching ipsec -up myvpn gives:



      initiating Main Mode IKE_SA myvpn[1] to [SERVER_IP]
      generating ID_PROT request 0 [ SA V V V V V ]
      sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (180 bytes)
      received packet: from [SERVER_IP][500] to 192.168.1.6[500] (136 bytes)
      parsed ID_PROT response 0 [ SA V V V ]
      received XAuth vendor ID
      received draft-ietf-ipsec-nat-t-ike-02n vendor ID
      received DPD vendor ID
      generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
      sending packet: from 192.168.1.6[500] to [SERVER_IP][500] (244 bytes)
      received packet: from [SERVER_IP][500] to 192.168.1.6[500] (220 bytes)
      parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
      local host is behind NAT, sending keep alives
      generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
      sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (108 bytes)
      received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
      parsed ID_PROT response 0 [ ID HASH ]
      IKE_SA myvpn[1] established between 192.168.1.6[192.168.1.6]...[SERVER_IP][SERVER_IP]
      scheduling reauthentication in 28591s
      maximum IKE_SA lifetime 28771s
      generating QUICK_MODE request 3496213378 [ HASH SA No KE ID ID NAT-OA NAT-OA ]
      sending packet: from 192.168.1.6[4500] to [SERVER_IP][4500] (300 bytes)
      received packet: from [SERVER_IP][4500] to 192.168.1.6[4500] (76 bytes)
      parsed INFORMATIONAL_V1 request 2157690019 [ HASH N(NO_PROP) ]
      received NO_PROPOSAL_CHOSEN error notify
      establishing connection 'myvpn' failed


      edit
      xl2tpd.conf



      [lac myvpn]
      lns = [SERVER_IP]
      ppp debug = yes
      pppoptfile = /etc/ppp/options.l2tpd.client
      length bit = yes


      /etc/ppp/options.l2tpd.client



      ipcp-accept-local
      ipcp-accept-remote
      refuse-eap
      require-chap
      noccp
      noauth
      mtu 1280
      mru 1280
      noipdefault
      defaultroute
      usepeerdns
      connect-delay 5000
      name [MY USERNAME]
      password [MY PASSWORD]


      Trying with network manager returns:



      nm-l2tp-service[17266]: xl2tpd started with pid 17340
      NetworkManager[1137]: xl2tpd[17340]: Not looking for kernel SAref support.
      NetworkManager[1137]: xl2tpd[17340]: Using l2tp kernel support.
      NetworkManager[1137]: xl2tpd[17340]: xl2tpd version xl2tpd-1.3.12 started on Ing PID:17340
      NetworkManager[1137]: xl2tpd[17340]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
      NetworkManager[1137]: xl2tpd[17340]: Forked by Scott Balmos and David Stipp, (C) 2001
      NetworkManager[1137]: xl2tpd[17340]: Inherited by Jeff McAdams, (C) 2002
      NetworkManager[1137]: xl2tpd[17340]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
      NetworkManager[1137]: xl2tpd[17340]: Listening on IP address 0.0.0.0, port 1701
      NetworkManager[1137]: xl2tpd[17340]: Connecting to host [SERVER_IP], port 1701
      NetworkManager[1137]: <info> [1541422442.3462] vpn-connection[0x55a9be8bc370,c657e7cd-7120-40b6-936c-969ca917c53c,"VPN 1",0]: VPN plugin: state changed: starting (3)
      NetworkManager[1137]: xl2tpd[17340]: Connection established to [SERVER_IP], 1701. Local: 62148, Remote: 1 (ref=0/0).
      NetworkManager[1137]: xl2tpd[17340]: Calling on tunnel 62148
      NetworkManager[1137]: xl2tpd[17340]: Call established with [SERVER_IP], Local: 47419, Remote: 1, Serial: 1 (ref=0/0)
      NetworkManager[1137]: xl2tpd[17340]: start_pppd: I'm running:
      NetworkManager[1137]: xl2tpd[17340]: "/usr/sbin/pppd"
      NetworkManager[1137]: xl2tpd[17340]: "plugin"
      NetworkManager[1137]: xl2tpd[17340]: "pppol2tp.so"
      NetworkManager[1137]: xl2tpd[17340]: "pppol2tp"
      NetworkManager[1137]: xl2tpd[17340]: "7"
      NetworkManager[1137]: xl2tpd[17340]: "passive"
      NetworkManager[1137]: xl2tpd[17340]: "nodetach"
      NetworkManager[1137]: xl2tpd[17340]: ":"
      NetworkManager[1137]: xl2tpd[17340]: "file"
      NetworkManager[1137]: xl2tpd[17340]: "/run/nm-l2tp-ppp-options-c657e7cd-7120-40b6-936c-969ca917c53c"
      pppd[17341]: Plugin pppol2tp.so loaded.
      pppd[17341]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
      pppd[17341]: pppd 2.4.7 started by root, uid 0
      pppd[17341]: Using interface ppp0
      pppd[17341]: Connect: ppp0 <-->
      pppd[17341]: Overriding mtu 1500 to 1400
      pppd[17341]: Overriding mru 1500 to mtu value 1400
      NetworkManager[1137]: <info> [1541422442.4026] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/19)
      systemd-udevd[17344]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
      NetworkManager[1137]: <info> [1541422442.4117] devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
      NetworkManager[1137]: <info> [1541422442.4117] device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
      NetworkManager[1137]: xl2tpd[17340]: check_control: Received out of order control packet on tunnel 1 (got 1, expected 2)
      NetworkManager[1137]: xl2tpd[17340]: handle_packet: bad control packet!






      networking network-manager vpn 18.10






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 5 '18 at 13:02







      Adriano Di Cara

















      asked Nov 1 '18 at 12:44









      Adriano Di CaraAdriano Di Cara

      34




      34






















          1 Answer
          1






          active

          oldest

          votes


















          0














          Your ipsec.conf seems to be for IPsec IKEv1 XAuth, not for L2TP/IPsec, but you mentioned L2TP. What kind of VPN service is the WatchGuard server offering?



          If you are using strongswan I would try adding an exclamation mark (!) to the end, also your esp syntax was wrong. Try offering the following proposals in the ipsec.conf file and see if the VPN server is happy :




          • ike=aes256-sha1-modp2048!

          • esp=aes-sha1!






          share|improve this answer
























          • aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites

            – Douglas Kosovic
            Nov 3 '18 at 7:37











          • I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?

            – Adriano Di Cara
            Nov 4 '18 at 11:52













          • L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!

            – Douglas Kosovic
            Nov 5 '18 at 6:22













          • Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launching echo "c myvpn" > /var/run/xl2tpd/l2tp-control doesn't make available the ppp0 device I expect.

            – Adriano Di Cara
            Nov 5 '18 at 9:40













          • Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2

            – Douglas Kosovic
            Nov 5 '18 at 12:45












          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1089199%2fvpn-ipsec-psk-no-proposal-chosen%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          Your ipsec.conf seems to be for IPsec IKEv1 XAuth, not for L2TP/IPsec, but you mentioned L2TP. What kind of VPN service is the WatchGuard server offering?



          If you are using strongswan I would try adding an exclamation mark (!) to the end, also your esp syntax was wrong. Try offering the following proposals in the ipsec.conf file and see if the VPN server is happy :




          • ike=aes256-sha1-modp2048!

          • esp=aes-sha1!






          share|improve this answer
























          • aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites

            – Douglas Kosovic
            Nov 3 '18 at 7:37











          • I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?

            – Adriano Di Cara
            Nov 4 '18 at 11:52













          • L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!

            – Douglas Kosovic
            Nov 5 '18 at 6:22













          • Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launching echo "c myvpn" > /var/run/xl2tpd/l2tp-control doesn't make available the ppp0 device I expect.

            – Adriano Di Cara
            Nov 5 '18 at 9:40













          • Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2

            – Douglas Kosovic
            Nov 5 '18 at 12:45
















          0














          Your ipsec.conf seems to be for IPsec IKEv1 XAuth, not for L2TP/IPsec, but you mentioned L2TP. What kind of VPN service is the WatchGuard server offering?



          If you are using strongswan I would try adding an exclamation mark (!) to the end, also your esp syntax was wrong. Try offering the following proposals in the ipsec.conf file and see if the VPN server is happy :




          • ike=aes256-sha1-modp2048!

          • esp=aes-sha1!






          share|improve this answer
























          • aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites

            – Douglas Kosovic
            Nov 3 '18 at 7:37











          • I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?

            – Adriano Di Cara
            Nov 4 '18 at 11:52













          • L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!

            – Douglas Kosovic
            Nov 5 '18 at 6:22













          • Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launching echo "c myvpn" > /var/run/xl2tpd/l2tp-control doesn't make available the ppp0 device I expect.

            – Adriano Di Cara
            Nov 5 '18 at 9:40













          • Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2

            – Douglas Kosovic
            Nov 5 '18 at 12:45














          0












          0








          0







          Your ipsec.conf seems to be for IPsec IKEv1 XAuth, not for L2TP/IPsec, but you mentioned L2TP. What kind of VPN service is the WatchGuard server offering?



          If you are using strongswan I would try adding an exclamation mark (!) to the end, also your esp syntax was wrong. Try offering the following proposals in the ipsec.conf file and see if the VPN server is happy :




          • ike=aes256-sha1-modp2048!

          • esp=aes-sha1!






          share|improve this answer













          Your ipsec.conf seems to be for IPsec IKEv1 XAuth, not for L2TP/IPsec, but you mentioned L2TP. What kind of VPN service is the WatchGuard server offering?



          If you are using strongswan I would try adding an exclamation mark (!) to the end, also your esp syntax was wrong. Try offering the following proposals in the ipsec.conf file and see if the VPN server is happy :




          • ike=aes256-sha1-modp2048!

          • esp=aes-sha1!







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 3 '18 at 7:29









          Douglas KosovicDouglas Kosovic

          36114




          36114













          • aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites

            – Douglas Kosovic
            Nov 3 '18 at 7:37











          • I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?

            – Adriano Di Cara
            Nov 4 '18 at 11:52













          • L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!

            – Douglas Kosovic
            Nov 5 '18 at 6:22













          • Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launching echo "c myvpn" > /var/run/xl2tpd/l2tp-control doesn't make available the ppp0 device I expect.

            – Adriano Di Cara
            Nov 5 '18 at 9:40













          • Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2

            – Douglas Kosovic
            Nov 5 '18 at 12:45



















          • aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites

            – Douglas Kosovic
            Nov 3 '18 at 7:37











          • I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?

            – Adriano Di Cara
            Nov 4 '18 at 11:52













          • L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!

            – Douglas Kosovic
            Nov 5 '18 at 6:22













          • Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launching echo "c myvpn" > /var/run/xl2tpd/l2tp-control doesn't make available the ppp0 device I expect.

            – Adriano Di Cara
            Nov 5 '18 at 9:40













          • Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2

            – Douglas Kosovic
            Nov 5 '18 at 12:45

















          aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites

          – Douglas Kosovic
          Nov 3 '18 at 7:37





          aes is an alias for aes128, so I don't know for the Phase 2 or esp line if it should be esp=aes256-sha1! as it is odd to use a different number of bits between phase 1 & 2. See the following page for the encryption algorithm keywords wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites

          – Douglas Kosovic
          Nov 3 '18 at 7:37













          I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?

          – Adriano Di Cara
          Nov 4 '18 at 11:52







          I'm totally sure the server is offering L2TP with those algorithms. Following various guides i edited ipsec.conf as shown in my edited question. Still getting the same error... What's the difference between a IKEv1 and a L2TP configuration in ipsec.conf?

          – Adriano Di Cara
          Nov 4 '18 at 11:52















          L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!

          – Douglas Kosovic
          Nov 5 '18 at 6:22







          L2TP/IPsec is also IKEv1, but uses L2TP (or more precisely PPP) for the user authentication, while IPsec XAuth does the user authentication by itself and doesn't need L2TP. For a L2TP ipsec.conf you would normally find leftprotoport and rightprotoport=udp/L2TP (or =17/1701 if you prefer numerical values like your example), there is no XAuth, there are also config files for xl2tpd and pppd. From the logs IKE Phase 1 has been established, but ESP Quick Mode is failing. I would recommend using esp=aes256-sha1! as it is usually esp=encryption-integrity!

          – Douglas Kosovic
          Nov 5 '18 at 6:22















          Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launching echo "c myvpn" > /var/run/xl2tpd/l2tp-control doesn't make available the ppp0 device I expect.

          – Adriano Di Cara
          Nov 5 '18 at 9:40







          Connection successful using esp=aes256-sha1! Thank you very much! The problem is now with xl2tpd, launching echo "c myvpn" > /var/run/xl2tpd/l2tp-control doesn't make available the ppp0 device I expect.

          – Adriano Di Cara
          Nov 5 '18 at 9:40















          Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2

          – Douglas Kosovic
          Nov 5 '18 at 12:45





          Or you could use network-manager-l2tp and in the IPsec config dialog box enter aes256-sha1-modp1024! for phase 1 and aes256-sha1! for phase 2. If you do use network-manager-l2tp, you might need to stop the system xl2tpd service, see the README.md file for issue with not stopping system xl2tpd service github.com/nm-l2tp/network-manager-l2tp/tree/nm-1-2

          – Douglas Kosovic
          Nov 5 '18 at 12:45


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1089199%2fvpn-ipsec-psk-no-proposal-chosen%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          GameSpot

          日野市

          Tu-95轟炸機