Join Log in
Score:0
Nick avatar Ubuntu

L2tp NM and ipsec configuration for ciphers

cn flag
Nick

Issue that I'm having is when I try to bring up vpn connection defined in ipsec.conf I get always get

parsed INFORMATIONAL_V1 request 2522689065 [ HASH N(NO_PROP) ] received NO_PROPOSAL_CHOSEN error notify

I tried various combinations for ike and esp but always getting the same error.

When I go thru NM, I didn't defined Phase 1 and Phase 2 everything is working, here is complete log:

Jun 17 16:04:41  NetworkManager[1206]: <info>  [1623938681.5398] audit: op="connection-activate" uuid="3458f727-9209-4a3f-a159-b70064570562" name="Cloud" pid=2775 uid=1000 result="success"
Jun 17 16:04:41  gnome-shell[1954]: JS ERROR: TypeError: item is undefined#012setActiveConnections/<@resource:///org/gnome/shell/ui/status/network.js:1523:17#012setActiveConnections@resource:///org/gnome/shell/ui/status/network.js:1520:24#012_syncVpnConnections@resource:///org/gnome/shell/ui/status/network.js:1867:26
Jun 17 16:04:41  NetworkManager[1206]: <info>  [1623938681.5445] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",0]: Started the VPN service, PID 152796
Jun 17 16:04:41  NetworkManager[1206]: <info>  [1623938681.5524] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",0]: Saw the service appear; activating connection
Jun 17 16:04:41  NetworkManager[1206]: <info>  [1623938681.6001] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",0]: VPN connection: (ConnectInteractive) reply received
Jun 17 16:04:41  nm-l2tp-service[152796]: Check port 1701
Jun 17 16:04:41  NetworkManager[152816]: Stopping strongSwan IPsec failed: starter is not running
Jun 17 16:04:43  NetworkManager[152813]: Starting strongSwan 5.8.2 IPsec [starter]...
Jun 17 16:04:43  NetworkManager[152813]: Loading config setup
Jun 17 16:04:43  NetworkManager[152813]: Loading conn '3458f727-9209-4a3f-a159-b70064570562'
Jun 17 16:04:43  charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, Linux 5.8.0-55-generic, x86_64)
Jun 17 16:04:43  charon: 00[CFG] PKCS11 module '<name>' lacks library path
Jun 17 16:04:43  charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jun 17 16:04:43  charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jun 17 16:04:43  charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jun 17 16:04:43  charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jun 17 16:04:43  charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jun 17 16:04:43  charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jun 17 16:04:43  charon: 00[CFG]   loaded IKE secret for %any
Jun 17 16:04:43  charon: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Jun 17 16:04:43  charon: 00[CFG]   loaded IKE secret for %any
Jun 17 16:04:43  charon: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru drbg curl attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters
Jun 17 16:04:43  charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Jun 17 16:04:43  charon: 00[JOB] spawning 16 worker threads
Jun 17 16:04:43  charon: 05[CFG] received stroke: add connection '3458f727-9209-4a3f-a159-b70064570562'
Jun 17 16:04:43  charon: 05[CFG] added configuration '3458f727-9209-4a3f-a159-b70064570562'
Jun 17 16:04:44  charon: 08[CFG] rereading secrets
Jun 17 16:04:44  charon: 08[CFG] loading secrets from '/etc/ipsec.secrets'
Jun 17 16:04:44  charon: 08[CFG]   loaded IKE secret for %any
Jun 17 16:04:44  charon: 08[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets'
Jun 17 16:04:44  charon: 08[CFG]   loaded IKE secret for %any
Jun 17 16:04:44  charon: 10[CFG] received stroke: initiate '3458f727-9209-4a3f-a159-b70064570562'
Jun 17 16:04:44  charon: 11[IKE] initiating Main Mode IKE_SA 3458f727-9209-4a3f-a159-b70064570562[1] to x.x.x.x
Jun 17 16:04:44  charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Jun 17 16:04:44  charon: 11[NET] sending packet: from 192.168.1.173[500] to x.x.x.x[500] (532 bytes)
Jun 17 16:04:44  charon: 12[NET] received packet: from x.x.x.x[500] to 192.168.1.173[500] (212 bytes)
Jun 17 16:04:44  charon: 12[ENC] parsed ID_PROT response 0 [ SA V V V V V V ]
Jun 17 16:04:44  charon: 12[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
Jun 17 16:04:44  charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
Jun 17 16:04:44  charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jun 17 16:04:44  charon: 12[IKE] received FRAGMENTATION vendor ID
Jun 17 16:04:44  charon: 12[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Jun 17 16:04:44  charon: 12[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Jun 17 16:04:44  charon: 12[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
Jun 17 16:04:44  charon: 12[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jun 17 16:04:44  charon: 12[NET] sending packet: from 192.168.1.173[500] to x.x.x.x[500] (212 bytes)
Jun 17 16:04:44  charon: 13[NET] received packet: from x.x.x.x[500] to 192.168.1.173[500] (228 bytes)
Jun 17 16:04:44  charon: 13[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 17 16:04:44  charon: 13[IKE] local host is behind NAT, sending keep alives
Jun 17 16:04:44  charon: 13[IKE] remote host is behind NAT
Jun 17 16:04:44  charon: 13[ENC] generating ID_PROT request 0 [ ID HASH ]
Jun 17 16:04:44  charon: 13[NET] sending packet: from 192.168.1.173[4500] to x.x.x.x[4500] (76 bytes)
Jun 17 16:04:45  charon: 14[NET] received packet: from x.x.x.x[4500] to 192.168.1.173[4500] (76 bytes)
Jun 17 16:04:45  charon: 14[ENC] parsed ID_PROT response 0 [ ID HASH ]
Jun 17 16:04:45  charon: 14[IKE] IKE_SA 3458f727-9209-4a3f-a159-b70064570562[1] established between 192.168.1.173[192.168.1.173]...x.x.x.x[10.91.22.5]
Jun 17 16:04:45  charon: 14[IKE] scheduling reauthentication in 10049s
Jun 17 16:04:45  charon: 14[IKE] maximum IKE_SA lifetime 10589s
Jun 17 16:04:45  charon: 14[ENC] generating QUICK_MODE request 3470620571 [ HASH SA No ID ID NAT-OA NAT-OA ]
Jun 17 16:04:45  charon: 14[NET] sending packet: from 192.168.1.173[4500] to x.x.x.x[4500] (252 bytes)
Jun 17 16:04:45  charon: 01[NET] received packet: from x.x.x.x[4500] to 192.168.1.173[4500] (220 bytes)
Jun 17 16:04:45  charon: 01[ENC] parsed QUICK_MODE response 3470620571 [ HASH SA No ID ID NAT-OA NAT-OA ]
Jun 17 16:04:45  charon: 01[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Jun 17 16:04:45  charon: 01[IKE] CHILD_SA 3458f727-9209-4a3f-a159-b70064570562{1} established with SPIs c4945a7f_i 594d91c0_o and TS 192.168.1.173/32[udp/l2f] === x.x.x.x/32[udp/l2f]
Jun 17 16:04:45  charon: 01[ENC] generating QUICK_MODE request 3470620571 [ HASH ]
Jun 17 16:04:45  charon: 01[NET] sending packet: from 192.168.1.173[4500] to x.x.x.x[4500] (60 bytes)
Jun 17 16:04:45  NetworkManager[152854]: initiating Main Mode IKE_SA 3458f727-9209-4a3f-a159-b70064570562[1] to x.x.x.x
Jun 17 16:04:45  NetworkManager[152854]: generating ID_PROT request 0 [ SA V V V V V ]
Jun 17 16:04:45  NetworkManager[152854]: sending packet: from 192.168.1.173[500] to x.x.x.x[500] (532 bytes)
Jun 17 16:04:45  NetworkManager[152854]: received packet: from x.x.x.x[500] to 192.168.1.173[500] (212 bytes)
Jun 17 16:04:45  NetworkManager[152854]: parsed ID_PROT response 0 [ SA V V V V V V ]
Jun 17 16:04:45  NetworkManager[152854]: received MS NT5 ISAKMPOAKLEY vendor ID
Jun 17 16:04:45  NetworkManager[152854]: received NAT-T (RFC 3947) vendor ID
Jun 17 16:04:45  NetworkManager[152854]: received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jun 17 16:04:45  NetworkManager[152854]: received FRAGMENTATION vendor ID
Jun 17 16:04:45  NetworkManager[152854]: received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Jun 17 16:04:45  NetworkManager[152854]: received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
Jun 17 16:04:45  NetworkManager[152854]: selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384
Jun 17 16:04:45  NetworkManager[152854]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jun 17 16:04:45  NetworkManager[152854]: sending packet: from 192.168.1.173[500] to x.x.x.x[500] (212 bytes)
Jun 17 16:04:45  NetworkManager[152854]: received packet: from x.x.x.x[500] to 192.168.1.173[500] (228 bytes)
Jun 17 16:04:45  NetworkManager[152854]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jun 17 16:04:45  NetworkManager[152854]: local host is behind NAT, sending keep alives
Jun 17 16:04:45  NetworkManager[152854]: remote host is behind NAT
Jun 17 16:04:45  NetworkManager[152854]: generating ID_PROT request 0 [ ID HASH ]
Jun 17 16:04:45  NetworkManager[152854]: sending packet: from 192.168.1.173[4500] to x.x.x.x[4500] (76 bytes)
Jun 17 16:04:45  NetworkManager[152854]: received packet: from x.x.x.x[4500] to 192.168.1.173[4500] (76 bytes)
Jun 17 16:04:45  NetworkManager[152854]: parsed ID_PROT response 0 [ ID HASH ]
Jun 17 16:04:45  NetworkManager[152854]: IKE_SA 3458f727-9209-4a3f-a159-b70064570562[1] established between 192.168.1.173[192.168.1.173]...x.x.x.x[10.91.22.5]
Jun 17 16:04:45  NetworkManager[152854]: scheduling reauthentication in 10049s
Jun 17 16:04:45  NetworkManager[152854]: maximum IKE_SA lifetime 10589s
Jun 17 16:04:45  NetworkManager[152854]: generating QUICK_MODE request 3470620571 [ HASH SA No ID ID NAT-OA NAT-OA ]
Jun 17 16:04:45  NetworkManager[152854]: sending packet: from 192.168.1.173[4500] to x.x.x.x[4500] (252 bytes)
Jun 17 16:04:45  NetworkManager[152854]: received packet: from x.x.x.x[4500] to 192.168.1.173[4500] (220 bytes)
Jun 17 16:04:45  NetworkManager[152854]: parsed QUICK_MODE response 3470620571 [ HASH SA No ID ID NAT-OA NAT-OA ]
Jun 17 16:04:45  NetworkManager[152854]: selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Jun 17 16:04:45  NetworkManager[152854]: CHILD_SA 3458f727-9209-4a3f-a159-b70064570562{1} established with SPIs c4945a7f_i 594d91c0_o and TS 192.168.1.173/32[udp/l2f] === x.x.x.x/32[udp/l2f]
Jun 17 16:04:45  NetworkManager[152854]: connection '3458f727-9209-4a3f-a159-b70064570562' established successfully
Jun 17 16:04:45  charon: 15[NET] received packet: from x.x.x.x[4500] to 192.168.1.173[4500] (76 bytes)
Jun 17 16:04:45  charon: 15[ENC] parsed QUICK_MODE response 3470620571 [ HASH N(INIT_CONTACT) ]
Jun 17 16:04:45  charon: 15[IKE] ignoring fourth Quick Mode message
Jun 17 16:04:45  nm-l2tp-service[152796]: xl2tpd started with pid 152860
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: Not looking for kernel SAref support.
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: Using l2tp kernel support.
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: xl2tpd version xl2tpd-1.3.12 started on  PID:152860
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: Forked by Scott Balmos and David Stipp, (C) 2001
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: Inherited by Jeff McAdams, (C) 2002
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: Listening on IP address 0.0.0.0, port 1701
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: Connecting to host x.x.x.x, port 1701
Jun 17 16:04:45  NetworkManager[1206]: <info>  [1623938685.3988] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",0]: VPN plugin: state changed: starting (3)
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: Connection established to x.x.x.x, 1701.  Local: 13197, Remote: 19 (ref=0/0).
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: Calling on tunnel 13197
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: Call established with x.x.x.x, Local: 42841, Remote: 1, Serial: 1 (ref=0/0)
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: start_pppd: I'm running:
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: "/usr/sbin/pppd"
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: "plugin"
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: "pppol2tp.so"
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: "pppol2tp"
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: "7"
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: "passive"
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: "nodetach"
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: ":"
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: "file"
Jun 17 16:04:45  NetworkManager[152860]: xl2tpd[152860]: "/run/nm-l2tp-3458f727-9209-4a3f-a159-b70064570562/ppp-options"
Jun 17 16:04:45  pppd[152861]: Plugin pppol2tp.so loaded.
Jun 17 16:04:45  pppd[152861]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded.
Jun 17 16:04:45  pppd[152861]: pppd 2.4.7 started by root, uid 0
Jun 17 16:04:45  pppd[152861]: Using interface ppp0
Jun 17 16:04:45  pppd[152861]: Connect: ppp0 <--> 
Jun 17 16:04:45  pppd[152861]: Overriding mtu 1500 to 1400
Jun 17 16:04:45  pppd[152861]: Overriding mru 1500 to mtu value 1400
Jun 17 16:04:45  NetworkManager[1206]: <info>  [1623938685.6526] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/40)
Jun 17 16:04:45  systemd-udevd[152866]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Jun 17 16:04:46  pppd[152861]: CHAP authentication succeeded
Jun 17 16:04:46  charon: 09[KNL] 10.10.10.6 appeared on ppp0
Jun 17 16:04:46  charon-nm: 09[KNL] 10.10.10.6 appeared on ppp0
Jun 17 16:04:46  charon-nm: 11[KNL] 10.10.10.6 disappeared from ppp0
Jun 17 16:04:46  charon: 12[KNL] 10.10.10.6 disappeared from ppp0
Jun 17 16:04:46  charon: 14[KNL] 10.10.10.6 appeared on ppp0
Jun 17 16:04:46  charon-nm: 06[KNL] 10.10.10.6 appeared on ppp0
Jun 17 16:04:46  charon: 01[KNL] interface ppp0 activated
Jun 17 16:04:46  charon-nm: 14[KNL] interface ppp0 activated
Jun 17 16:04:46  pppd[152861]: local  IP address 10.10.10.6
Jun 17 16:04:46  pppd[152861]: remote IP address 10.10.10.1
Jun 17 16:04:46  pppd[152861]: primary   DNS address 10.91.22.2
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6166] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6188] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external')
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6238] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",0]: VPN connection: (IP4 Config Get) reply received from old-style plugin
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6243] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data: VPN Gateway: x.x.x.x
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6243] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data: Tunnel Device: "ppp0"
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6243] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data: IPv4 configuration:
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6243] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data:   Internal Address: 10.10.10.6
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6243] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data:   Internal Prefix: 32
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6243] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data:   Internal Point-to-Point Address: 10.10.10.1
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6243] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data:   Static Route: 10.0.0.151/32   Next Hop: 10.91.22.5
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6243] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data:   Static Route: 10.210.22.42/32   Next Hop: 10.91.22.5
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6243] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data:   Static Route: 192.168.1.5/32   Next Hop: 10.91.22.5
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6243] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data:   Static Route: 10.10.10.1/32   Next Hop: 0.0.0.0
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6244] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data:   Internal DNS: 10.91.22.2
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6244] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data:   DNS Domain: '(none)'
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6244] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: Data: No IPv6 configuration
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6244] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: VPN plugin: state changed: started (4)
Jun 17 16:04:46  NetworkManager[1206]: <info>  [1623938686.6253] vpn-connection[0x56098444e6e0,3458f727-9209-4a3f-a159-b70064570562,"Cloud",40:(ppp0)]: VPN connection: (IP Config Get) complete
Jun 17 16:04:46  dbus-daemon[1203]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.9' (uid=0 pid=1206 comm="/usr/sbin/NetworkManager --no-daemon " label="unconfined")
Jun 17 16:04:46  systemd[1]: Starting Network Manager Script Dispatcher Service...
Jun 17 16:04:46  dbus-daemon[1203]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jun 17 16:04:46  systemd[1]: Started Network Manager Script Dispatcher Service.
Jun 17 16:04:46  charon-nm: 15[IKE] installed bypass policy for 10.10.10.1/32
Jun 17 16:04:46  charon-nm: 15[IKE] installed bypass policy for 10.91.22.5/32
Jun 17 16:04:46  charon-nm: 15[IKE] installed bypass policy for 192.168.1.1/32

Here is ipsec.conf:

conn myvpn1
    keyexchange=ikev1
    ike=aes128-sha1-modp1024,3des-sha1-modp1024!
    esp=aes128-sha1-modp1024,3des-sha1-modp1024!
    #ike=aes256-sha1-modp1024!
    #esp=aes256-sha1!
    left=%defaultroute
    auto=add
    authby=secret
    type=transport
    leftprotoport=17/1701
    rightprotoport=17/1701
    right=public_ip
    rightid=x.x.x.x

Can someone please assist what should I put for ike and esp if you compare with NM log?

148
0 + 0
vpn
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.