Description of problem: After online upgrade via urpmi cli from 8 to 9, can't connect to l2tp w ipsec anymore. Version-Release number of selected component (if applicable): Mageia 9 How reproducible: Using mageia9+xfce and network manager for vpn connection. Steps to Reproduce: 1.Create connection to the l2tp server with ipsec. 2.Try to enable it. 3.Check logs. All i have: Aug 30 18:29:17 chaus-white NetworkManager[48467]: <info> [1693409357.6311] vpn[0xae6e80,67629c61-f5d3-4e2a-b926-94721eb2f33a,"RstmTest1"]: starting l2tp Aug 30 18:29:17 chaus-white NetworkManager[48467]: <info> [1693409357.6349] audit: op="connection-activate" uuid="67629c61-f5d3-4e2a-b926-94721eb2f33a" name="RstmTest1" pid=6094 uid=1000 result="success" Aug 30 18:29:18 chaus-white NetworkManager[48467]: <warn> [1693409358.1327] vpn[0xae6e80,67629c61-f5d3-4e2a-b926-94721eb2f33a,"RstmTest1"]: failed to connect: 'Neither Libreswan nor strongSwan were found.' System libraries: networkmanager-libreswan-1.2.16-2.mga9 xl2tpd-1.3.17-1.mga9 networkmanager-l2tp-1.8.8-1.mga9 libreswan-4.11-1.mga9 Also i was tried to reinstall it to the strongswan - same result. And new connection creation also doesn't help.
It looks like when strongswan and libreswan is installed network manager prefer libreswan. So ipsec --version command shows libreswan. So after i have deleted libreswan from the machine it started to use strongswan, Maybe this one helps to solve problem with libreswan: https://www.reddit.com/r/Fedora/comments/y43c4x/problem_with_l2tp_vpn_after_upgrading_to_fedora_37/ Atleast it is doing something, but still not working for my setup with strongswan.
Well, it looks like if someone needs temporary fix asap for libreswan like i do: Edit with root privileges: /usr/sbin/ipsec Find string: echo "Libreswan ${IPSEC_VERSION}" Change it to: echo "Linux Libreswan ${IPSEC_VERSION}" Save file. Now your system will connect fine like mageia 8 do. But please some of the developers take a look for the proper fix of it.
I have changed only one string number 563. There was a couple more, but you don't need to change it.
Thank you for this helpful report. Can you say whether your temporary fix comment 2 is also effective if you use strongswan (rather than libreswan)? /usr/sbin/ipsec comes from libreswan. The Fedora reference talks about downgrading libreswan from 4.8 to 4.7, we are long past that. Assigning to Stig for libreswan, but you may want to pass this elsewhere. CC'ing DavidG for strongswan, since that did not work either.
Source RPM: (none) => libreswan-4.11-1.mga9.src.rpm, strongswanAssignee: bugsquad => smelrorSummary: l2tp w ipsec isn't work after the upgrade => l2tp w ipsec isn't work after the upgrade to M9, looks like a libreswan problemCC: (none) => geiger.david68210
It's networkmanager-l2tp that needs this backported: https://github.com/nm-l2tp/NetworkManager-l2tp/commit/3c6ccfe331e65c7af8be4df78cac67c030e96958
Source RPM: libreswan-4.11-1.mga9.src.rpm, strongswan => networkmanager-l2tp
(In reply to Lewis Smith from comment #4) > Thank you for this helpful report. > > Can you say whether your temporary fix comment 2 is also effective if you > use strongswan (rather than libreswan)? > /usr/sbin/ipsec comes from libreswan. > There is no any /usr/sbin/ipsec for strongswan as far as i can see. At least network manager stops complaining about is it found or not. I can't provide if there is a problem for strongswan with this fix, as i can't connect to my vpn servers with it out of the box even before fix. It looks like it might takes a lot more time to get why it doesn't work for my infrustructure, as all i get after tons of logs with strongswan: IPsec SA: unsupported mode So as a first time fix it would be nice to get libreswan running with networkmanager-l2tp.
(In reply to mesb mesb from comment #2) > Well, it looks like if someone needs temporary fix asap for libreswan like i > do: > > Edit with root privileges: /usr/sbin/ipsec > Find string: echo "Libreswan ${IPSEC_VERSION}" > Change it to: echo "Linux Libreswan ${IPSEC_VERSION}" > Save file. > > Now your system will connect fine like mageia 8 do. > > But please some of the developers take a look for the proper fix of it. revert your change, and try this package: http://ftp.free.fr/mirrors/mageia.org/people/tmb/9/32211/x86_64/networkmanager-l2tp-1.8.8-1.1.mga9.x86_64.rpm
(In reply to Thomas Backlund from comment #7) > > revert your change, and try this package: > > http://ftp.free.fr/mirrors/mageia.org/people/tmb/9/32211/x86_64/ > networkmanager-l2tp-1.8.8-1.1.mga9.x86_64.rpm Done. Works just fine for my usecase for libreswan. Is there anything else i can check?
(In reply to mesb mesb from comment #8) > (In reply to Thomas Backlund from comment #7) > > > > revert your change, and try this package: > > > > http://ftp.free.fr/mirrors/mageia.org/people/tmb/9/32211/x86_64/ > > networkmanager-l2tp-1.8.8-1.1.mga9.x86_64.rpm > > Done. > Works just fine for my usecase for libreswan. Great, thanks for confirming. > > Is there anything else i can check? I'll submit it as an official update
Assigning to QA, This fixes networkmanager-l2tp to work with libreswan >= 4.9 in mageia 9 This will also affect mga8 soon as it will get libreswan 4.12 as part of a security update in bug 31865 Mga8: SRPM: networkmanager-l2tp-1.8.2-1.1.mga8.src.rpm i586: networkmanager-l2tp-1.8.2-1.1.mga8.i586.rpm x86_64: networkmanager-l2tp-1.8.2-1.1.mga8.x86_64.rpm Mga9: SRPM: networkmanager-l2tp-1.8.8-1.1.mga9.src.rpm i586: networkmanager-l2tp-1.8.8-1.1.mga9.i586.rpm x86_64: networkmanager-l2tp-1.8.8-1.1.mga9.x86_64.rpm
Whiteboard: (none) => MGA8TOOAssignee: smelror => qa-bugs
Blocks: (none) => 31865
MGA8-64 Xfce on Acer Aspire 5253 No installation issues Have been struggling to be able to start the wifi from the nmcli command, but gave up. Displaying the devices and not-active connections all work OK. Leaving fot others to complete the test.
CC: (none) => herman.viaene