#1007901 network-manager: L2TP-VPN doesn't work with network-manager version 1.36.2-1 (works with 1.34.0-1) #1007901
- Package:
- network-manager-l2tp
- Source:
- network-manager-l2tp
- Description:
- network management framework (L2TP plugin core)
- Submitter:
- Marcel Jira
- Date:
- 2022-04-22 02:15:03 UTC
- Severity:
- important
- Tags:
I used to connect to a VPN using network-manager-l2tp and network-manager-l2tp- gnome. The connection recently stopped working (see log below). A connection is established but terminates quickly after logging a series of "Received out of order control packet" messages. Also the connection is not usable (no ping to a machine in the vpn possible) in the short amount of time the connection is present. Downgrading the packages "libnm0" and "network-manager" to version 1.34.0-1 solves the problem and makes the VPN usable again. A similar problem was described at * https://forum.manjaro.org/t/stable-update-2022-03-14-kernels-kde-libreoffice- kodi-qt5-mozilla-networkmanager-pipewire/105493/53?page=3 A big shoutout to eggy and michaa7 in the German Debian forum who helped me find a temporary solution for the problem: https://debianforum.de/forum/viewtopic.php?t=183809 Log snippet of failing VPN connection: Mär 08 09:24:32 austernpilz-marcel charon[5989]: 01[ENC] parsed INFORMATIONAL_V1 request 2021249469 [ HASH N(DPD) ] Mär 08 09:24:32 austernpilz-marcel charon[5989]: 01[ENC] generating INFORMATIONAL_V1 request 356123565 [ HASH N(DPD_ACK) ] Mär 08 09:24:32 austernpilz-marcel charon[5989]: 01[NET] sending packet: from 192.168.0.180[4500] to <Public IP>[4500] (92 bytes) Mär 08 09:24:45 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: check_control: Received out of order control packet on tunnel 61041 (got 3, expected 4) Mär 08 09:24:45 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: handle_control: bad control packet! Mär 08 09:24:45 austernpilz-marcel charon[5989]: 07[NET] received packet: from <Public IP>[4500] to 192.168.0.180[4500] (84 bytes) Mär 08 09:24:45 austernpilz-marcel charon[5989]: 07[ENC] parsed INFORMATIONAL_V1 request 3124328840 [ HASH N(DPD) ] Mär 08 09:24:45 austernpilz-marcel charon[5989]: 07[ENC] generating INFORMATIONAL_V1 request 1656922586 [ HASH N(DPD_ACK) ] Mär 08 09:24:45 austernpilz-marcel charon[5989]: 07[NET] sending packet: from 192.168.0.180[4500] to <Public IP>[4500] (92 bytes) Mär 08 09:24:47 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: check_control: Received out of order control packet on tunnel 61041 (got 3, expected 4) Mär 08 09:24:47 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: handle_control: bad control packet! Mär 08 09:24:51 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: check_control: Received out of order control packet on tunnel 61041 (got 3, expected 4) Mär 08 09:24:51 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: handle_control: bad control packet! Mär 08 09:24:59 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: check_control: Received out of order control packet on tunnel 61041 (got 3, expected 4) Mär 08 09:24:59 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: handle_control: bad control packet! Mär 08 09:25:05 austernpilz-marcel charon[5989]: 11[IKE] sending keep alive to <Public IP>[4500] Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[NET] received packet: from <Public IP>[4500] to 192.168.0.180[4500] (84 bytes) Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[ENC] parsed INFORMATIONAL_V1 request 2249792635 [ HASH D ] Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[IKE] received DELETE for IKE_SA 016e39e7-c775-46be-85d3-215b15580b02[1] Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[IKE] deleting IKE_SA 016e39e7-c775-46be-85d3-215b15580b02[1] between 192.168.0.180[192.168.0.180]...<Public IP>[<Public IP>] Mär 08 09:25:06 austernpilz-marcel charon[5989]: 12[IKE] deleting IKE_SA 016e39e7-c775-46be-85d3-215b15580b02[1] between 192.168.0.180[192.168.0.180]...<Public IP>[<Public IP>] Mär 08 09:25:14 austernpilz-marcel NetworkManager[6024]: xl2tpd[6024]: Maximum retries exceeded for tunnel 62233. Closing.
Am 18.03.22 um 10:50 schrieb Marcel Jira:
As mentioned to the upstream NetworkManager 1.36.2 VPN routing bug: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/946 The routing issue when the "Use this connection only for resources on its network" IPv4 setting is enabled, no longer appears to occur with NetworkManager 1.37.2. As 1.37.2 is a developer release, I believe this issue will resolve itself once the Debian network-manager package is upgraded to whatever the next NetworkManager non-developer release will be.
Hi Marcel , I was about to close this still open bug (which was cloned from a bug that was closed), but decided to check the forum link you posted first : https://debianforum.de/forum/viewtopic.php?t=183809 and noticed you said there you were still having an issue with network-manager-l2tp and network-manager 1.36.4-2. Sorry to hear that network-manager 1.36.4-2 didn't solve your issue and wish I heard it here earlier. Unfortunately I'm not able to reproduce the bug with Debian Sid, but happy to look into it. I suspect it is an issue with strongswan, do you have the issue if you switch to libreswan? e.g. : sudo apt install libreswan To revert back to strongswan, issue: sudo apt install strongswan If it works with libreswan, I suspect the strongswan issue with network-manager version 1.36 is with one of its modules. Cheers, Doug
Hi Marcel , Actually you might be having an issue with your existing VPN network connection still having ipv4.ignore-auto-routes enabled, see: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/946#note_1350911 my previous suggestion of switching from strongswan to libreswan, may or may not help. I wasn't able to see the strongswan issues with network-manager >= 1.36 on Debian I saw with Arch Linux, but doesn't mean others wouldn't. Cheers, Doug