L2TP IPSEC not working after upgrade from Ubuntu 20 to 22

Question

I had configured on Ubuntu20 which was working fine. Recently I upgraded the system to Ubuntu 22.04 but now I am unable to connect to the office vpn.

I am attaching the logs

journalctl -xe

May 03 12:59:27  pluto[20972]: adding interface wlp0s20f3/wlp0s20f3 192.168.0.108:4500
May 03 12:59:27  pluto[20972]: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
May 03 12:59:27  pluto[20972]: adding interface lo/lo 127.0.0.1:4500
May 03 12:59:27  pluto[20972]: adding interface lo/lo (esp-hw-offload not supported by kernel) [::1]:500
May 03 12:59:27  pluto[20972]: loading secrets from "/etc/ipsec.secrets"
May 03 12:59:27  pluto[20972]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
May 03 12:59:27  pluto[20972]: listening for IKE messages
May 03 12:59:27  NetworkManager[20983]: 002 listening for IKE messages
May 03 12:59:27  NetworkManager[20983]: 002 forgetting secrets
May 03 12:59:27  NetworkManager[20983]: 002 loading secrets from "/etc/ipsec.secrets"
May 03 12:59:27  NetworkManager[20983]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
May 03 12:59:27  pluto[20972]: forgetting secrets
May 03 12:59:27  pluto[20972]: loading secrets from "/etc/ipsec.secrets"
May 03 12:59:27  pluto[20972]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
May 03 12:59:27  NetworkManager[20989]: debugging mode enabled
May 03 12:59:27  NetworkManager[20989]: end of file /run/nm-l2tp-362cefc3-d0c3-40eb-8259-0d4ad4c16c58/ipsec.conf
May 03 12:59:27  NetworkManager[20989]: Loading conn 362cefc3-d0c3-40eb-8259-0d4ad4c16c58
May 03 12:59:27  NetworkManager[20989]: starter: left is KH_DEFAULTROUTE
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" modecfgdns=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" modecfgdomains=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" modecfgbanner=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" mark=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" mark-in=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" mark-out=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" vti_iface=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" redirect-to=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" accept-redirect-to=<unset>
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" esp=aes256-sha1,aes128-sha1,3des-sha1
May 03 12:59:27  NetworkManager[20989]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" ike=3des-sha1;modp1024
May 03 12:59:27  NetworkManager[20989]: opening file: /run/nm-l2tp-362cefc3-d0c3-40eb-8259-0d4ad4c16c58/ipsec.conf
May 03 12:59:27  NetworkManager[20989]: loading named conns: 362cefc3-d0c3-40eb-8259-0d4ad4c16c58
May 03 12:59:27  NetworkManager[20989]: seeking_src = 1, seeking_gateway = 1, has_peer = 1
May 03 12:59:27  NetworkManager[20989]: seeking_src = 0, seeking_gateway = 1, has_dst = 1
May 03 12:59:27  NetworkManager[20989]: dst  via 192.168.0.1 dev wlp0s20f3 src  table 254
May 03 12:59:27  NetworkManager[20989]: set nexthop: 192.168.0.1
May 03 12:59:27  NetworkManager[20989]: dst 169.254.0.0 via  dev wlp0s20f3 src  table 254
May 03 12:59:27  NetworkManager[20989]: dst 172.17.0.0 via  dev docker0 src 172.17.0.1 table 254
May 03 12:59:27  NetworkManager[20989]: dst 192.168.0.0 via  dev wlp0s20f3 src 192.168.0.108 table 254
May 03 12:59:27  NetworkManager[20989]: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: dst 172.17.0.1 via  dev docker0 src 172.17.0.1 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: dst 172.17.255.255 via  dev docker0 src 172.17.0.1 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: dst 192.168.0.108 via  dev wlp0s20f3 src 192.168.0.108 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: dst 192.168.0.255 via  dev wlp0s20f3 src 192.168.0.108 table 255 (ignored)
May 03 12:59:27  NetworkManager[20989]: seeking_src = 1, seeking_gateway = 0, has_peer = 1
May 03 12:59:27  NetworkManager[20989]: seeking_src = 1, seeking_gateway = 0, has_dst = 1
May 03 12:59:27  NetworkManager[20989]: dst 192.168.0.1 via  dev wlp0s20f3 src 192.168.0.108 table 254
May 03 12:59:27  NetworkManager[20989]: set addr: 192.168.0.108
May 03 12:59:27  NetworkManager[20989]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
May 03 12:59:27  pluto[20972]: Failed to add connection "362cefc3-d0c3-40eb-8259-0d4ad4c16c58": ike string error: IKE DH algorithm 'modp1024' is not supported
May 03 12:59:27  nm-l2tp-service[20671]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed`enter

syslogs

May  3 13:11:40  nm-l2tp-service[21869]: Check port 1701
May  3 13:11:40  nm-l2tp-service[21869]: Can't bind to port 1701
May  3 13:11:40  NetworkManager[21881]: Redirecting to: systemctl restart ipsec.service
May  3 13:11:40  systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
May  3 13:11:40  whack[21885]: 002 shutting down
May  3 13:11:40  systemd[1]: ipsec.service: Deactivated successfully.
May  3 13:11:40  systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
May  3 13:11:40  systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
May  3 13:11:40  ipsec[22159]: nflog ipsec capture disabled
May  3 13:11:40  systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
May  3 13:11:40  NetworkManager[22181]: 002 listening for IKE messages
May  3 13:11:40  NetworkManager[22181]: 002 forgetting secrets
May  3 13:11:40  NetworkManager[22181]: 002 loading secrets from "/etc/ipsec.secrets"
May  3 13:11:40  NetworkManager[22181]: 002 loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
May  3 13:11:41  NetworkManager[22187]: debugging mode enabled
May  3 13:11:41  NetworkManager[22187]: end of file /run/nm-l2tp-362cefc3-d0c3-40eb-8259-0d4ad4c16c58/ipsec.conf
May  3 13:11:41  NetworkManager[22187]: Loading conn 362cefc3-d0c3-40eb-8259-0d4ad4c16c58
May  3 13:11:41  NetworkManager[22187]: starter: left is KH_DEFAULTROUTE
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" modecfgdns=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" modecfgdomains=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" modecfgbanner=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" mark=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" mark-in=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" mark-out=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" vti_iface=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" redirect-to=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" accept-redirect-to=<unset>
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" esp=aes256-sha1,aes128-sha1,3des-sha1
May  3 13:11:41  NetworkManager[22187]: conn: "362cefc3-d0c3-40eb-8259-0d4ad4c16c58" ike=3des-sha1;modp1024
May  3 13:11:41  NetworkManager[22187]: opening file: /run/nm-l2tp-362cefc3-d0c3-40eb-8259-0d4ad4c16c58/ipsec.conf
May  3 13:11:41  NetworkManager[22187]: loading named conns: 362cefc3-d0c3-40eb-8259-0d4ad4c16c58
May  3 13:11:41  NetworkManager[22187]: seeking_src = 1, seeking_gateway = 1, has_peer = 1
May  3 13:11:41  NetworkManager[22187]: seeking_src = 0, seeking_gateway = 1, has_dst = 1
May  3 13:11:41  NetworkManager[22187]: dst  via 192.168.0.1 dev wlp0s20f3 src  table 254
May  3 13:11:41  NetworkManager[22187]: set nexthop: 192.168.0.1
May  3 13:11:41  NetworkManager[22187]: dst 169.254.0.0 via  dev wlp0s20f3 src  table 254
May  3 13:11:41  NetworkManager[22187]: dst 172.17.0.0 via  dev docker0 src 172.17.0.1 table 254
May  3 13:11:41  NetworkManager[22187]: dst 192.168.0.0 via  dev wlp0s20f3 src 192.168.0.108 table 254
May  3 13:11:41  NetworkManager[22187]: dst 127.0.0.0 via  dev lo src 127.0.0.1 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: dst 127.0.0.1 via  dev lo src 127.0.0.1 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: dst 127.255.255.255 via  dev lo src 127.0.0.1 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: dst 172.17.0.1 via  dev docker0 src 172.17.0.1 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: dst 172.17.255.255 via  dev docker0 src 172.17.0.1 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: dst 192.168.0.108 via  dev wlp0s20f3 src 192.168.0.108 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: dst 192.168.0.255 via  dev wlp0s20f3 src 192.168.0.108 table 255 (ignored)
May  3 13:11:41  NetworkManager[22187]: seeking_src = 1, seeking_gateway = 0, has_peer = 1
May  3 13:11:41  NetworkManager[22187]: seeking_src = 1, seeking_gateway = 0, has_dst = 1
May  3 13:11:41  NetworkManager[22187]: dst 192.168.0.1 via  dev wlp0s20f3 src 192.168.0.108 table 254
May  3 13:11:41  NetworkManager[22187]: set addr: 192.168.0.108
May  3 13:11:41  NetworkManager[22187]: seeking_src = 0, seeking_gateway = 0, has_peer = 1
May  3 13:11:41  nm-l2tp-service[21869]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
May  3 13:11:44  rtkit-daemon[1537]: Supervising 11 threads of 4 processes of 1 users.

I think the error is with Phase 1 Algorithm. I am not using Phase 2 Algorithm. Also i haven't changed the vpn configuration post upgrade

My xl2tpd version

$ apt list xl2tpd -a    
Listing... Done
xl2tpd/jammy-updates,now 1.3.16-1ubuntu0.1 amd64 [installed]
xl2tpd/jammy 1.3.16-1 amd64

I am new to this topic and need to connect to vpn for work. Any guidance will help.

I am trying to connect to sonicwall vpn if it helps

Answer 1

This is what I ended up doing. Long time ago but hope it helps

sudo apt-get install network-manager-l2tp sudo apt-get install network-manager-l2tp-gnome sudo service xl2tpd stop sudo update-rc.d xl2tpd disable

Answer 2

Regarding the following error:

pluto[20972]: Failed to add connection "362cefc3-d0c3-40eb-8259-0d4ad4c16c58":
              ike string error: IKE DH algorithm 'modp1024' is not supported

libreswan >= 3.30 is no longer built with USE_DH2=true (i.e. modp1024 support) by default as the Libreswan authors considered it too weak.

Few options if you definitely need modp1024 support:

• Switch from libreswan to strongswan by installing the strongswan package.
• I've temporarily put up an Ubuntu 22.04 libreswan package built with modp1024 support (USE_DH2=true) for Ubuntu 22.04 here:
  https://launchpad.net/~dkosovic/+archive/ubuntu/libreswan

If you don't need modp1024 support, delete whatever you put in the phase 1 & 2 entries and it will offer a combination of Win10 and macOS proposals minus modp1024.

Here are the changes between the stock libreswan 3.32-3 package that ships with Ubuntu 22.04 and the version I built :
diff from 3.32-3ubuntu3 (in Ubuntu) to 3.32-4~ubuntu22.04.1~ppa1.1 (701 bytes)