Project

General

Profile

Issue #3495

Updated by Tobias Brunner 5 months ago

I try to connect to my work vpn and have this issue with Ubuntu 20.04.
It's an IKEv2/EAP-mschapv2 server and I can't connect. Any idea why it's failing?

<pre>
Jun 25 14:24:36 ODIN2 NetworkManager[1190]: <info> [1593087876.9915] audit: op="connection-activate" uuid="89ea04e0-b3a4-45b2-83f0-a3cdfe607bf0" name="INHECO VPN" pid=6936 uid=1000 result="success"
Jun 25 14:24:36 ODIN2 gnome-shell[1623]: JS ERROR: TypeError: item is undefined#012setActiveConnections/<@resource:///org/gnome/shell/ui/status/network.js:1523:17#012setActiveConnections@resource:///org/gnome/shell/ui/status/network.js:1520:24#012_syncVpnConnections@resource:///org/gnome/shell/ui/status/network.js:1867:26
Jun 25 14:24:36 ODIN2 NetworkManager[1190]: <info> [1593087876.9929] vpn-connection[0x55f948224530,89ea04e0-b3a4-45b2-83f0-a3cdfe607bf0,"INHECO VPN",0]: Saw the service appear; activating connection
Jun 25 14:24:37 ODIN2 NetworkManager[1190]: <info> [1593087877.1054] vpn-connection[0x55f948224530,89ea04e0-b3a4-45b2-83f0-a3cdfe607bf0,"INHECO VPN",0]: VPN connection: (ConnectInteractive) reply received
Jun 25 14:24:37 ODIN2 charon-nm: 05[CFG] received initiate for NetworkManager connection INHECO VPN
Jun 25 14:24:37 ODIN2 charon-nm: 05[CFG] using CA certificate, gateway identity '217.6.192.10'
Jun 25 14:24:37 ODIN2 charon-nm: 05[IKE] initiating IKE_SA INHECO VPN[14] to 217.6.192.10
Jun 25 14:24:37 ODIN2 charon-nm: 05[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jun 25 14:24:37 ODIN2 charon-nm: 05[NET] sending packet: from 192.168.0.124[39926] to 217.6.192.10[500] (1128 bytes)
Jun 25 14:24:37 ODIN2 NetworkManager[1190]: <info> [1593087877.1077] vpn-connection[0x55f948224530,89ea04e0-b3a4-45b2-83f0-a3cdfe607bf0,"INHECO VPN",0]: VPN plugin: state changed: starting (3)
Jun 25 14:24:37 ODIN2 charon-nm: 14[NET] received packet: from 217.6.192.10[500] to 192.168.0.124[39926] (38 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 14[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Jun 25 14:24:37 ODIN2 charon-nm: 14[IKE] peer didn't accept DH group ECP_256, it requested MODP_2048
Jun 25 14:24:37 ODIN2 charon-nm: 14[IKE] initiating IKE_SA INHECO VPN[14] to 217.6.192.10
Jun 25 14:24:37 ODIN2 charon-nm: 14[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jun 25 14:24:37 ODIN2 charon-nm: 14[NET] sending packet: from 192.168.0.124[39926] to 217.6.192.10[500] (1320 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 07[NET] received packet: from 217.6.192.10[500] to 192.168.0.124[39926] (472 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 07[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
Jun 25 14:24:37 ODIN2 charon-nm: 07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Jun 25 14:24:37 ODIN2 charon-nm: 07[IKE] local host is behind NAT, sending keep alives
Jun 25 14:24:37 ODIN2 charon-nm: 07[IKE] sending cert request for "CN=INHECO GmbH CA"
Jun 25 14:24:37 ODIN2 charon-nm: 07[IKE] establishing CHILD_SA INHECO VPN{14}
Jun 25 14:24:37 ODIN2 charon-nm: 07[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Jun 25 14:24:37 ODIN2 charon-nm: 07[NET] sending packet: from 192.168.0.124[38151] to 217.6.192.10[4500] (368 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 16[NET] received packet: from 217.6.192.10[4500] to 192.168.0.124[38151] (1236 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 16[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Jun 25 14:24:37 ODIN2 charon-nm: 16[ENC] received fragment #1 of 2, waiting for complete IKE message
Jun 25 14:24:37 ODIN2 charon-nm: 15[NET] received packet: from 217.6.192.10[4500] to 192.168.0.124[38151] (868 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 15[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Jun 25 14:24:37 ODIN2 charon-nm: 15[ENC] received fragment #2 of 2, reassembled fragmented IKE message (2032 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 15[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Jun 25 14:24:37 ODIN2 charon-nm: 15[IKE] received end entity cert "C=DE, ST=Bayern, L=Martinsried, O=INHECO GmbH, OU=IT, CN=muc-fw3.inheco.com"
Jun 25 14:24:37 ODIN2 charon-nm: 15[CFG] using certificate "C=DE, ST=Bayern, L=Martinsried, O=INHECO GmbH, OU=IT, CN=muc-fw3.inheco.com"
Jun 25 14:24:37 ODIN2 charon-nm: 15[CFG] using trusted ca certificate "CN=INHECO GmbH CA"
Jun 25 14:24:37 ODIN2 charon-nm: 15[CFG] checking certificate status of "C=DE, ST=Bayern, L=Martinsried, O=INHECO GmbH, OU=IT, CN=muc-fw3.inheco.com"
Jun 25 14:24:37 ODIN2 charon-nm: 15[CFG] fetching crl from 'ldap:///CN=INHECO%20GmbH%20CA,CN=philotes,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=inheco,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint' ...
Jun 25 14:24:37 ODIN2 charon-nm: 15[LIB] LDAP bind to 'ldap:///CN=INHECO%20GmbH%20CA,CN=philotes,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=inheco,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint' failed: Can't contact LDAP server
Jun 25 14:24:37 ODIN2 charon-nm: 15[CFG] crl fetching failed
Jun 25 14:24:37 ODIN2 charon-nm: 15[CFG] certificate status is not available
Jun 25 14:24:37 ODIN2 charon-nm: 15[CFG] reached self-signed root ca with a path length of 0
Jun 25 14:24:37 ODIN2 charon-nm: 15[IKE] authentication of 'muc-fw3.inheco.com' with RSA_EMSA_PKCS1_SHA2_256 successful
Jun 25 14:24:37 ODIN2 charon-nm: 15[IKE] server requested EAP_IDENTITY (id 0x00), sending 'inheco\FOrtner'
Jun 25 14:24:37 ODIN2 charon-nm: 15[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
Jun 25 14:24:37 ODIN2 charon-nm: 15[NET] sending packet: from 192.168.0.124[38151] to 217.6.192.10[4500] (96 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 09[NET] received packet: from 217.6.192.10[4500] to 192.168.0.124[38151] (80 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 09[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/PEAP ]
Jun 25 14:24:37 ODIN2 charon-nm: 09[IKE] server requested EAP_PEAP authentication (id 0x01)
Jun 25 14:24:37 ODIN2 charon-nm: 09[TLS] EAP_PEAP version is v0
Jun 25 14:24:37 ODIN2 charon-nm: 09[ENC] generating IKE_AUTH request 3 [ EAP/RES/PEAP ]
Jun 25 14:24:37 ODIN2 charon-nm: 09[NET] sending packet: from 192.168.0.124[38151] to 217.6.192.10[4500] (272 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 08[NET] received packet: from 217.6.192.10[4500] to 192.168.0.124[38151] (1236 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 08[ENC] parsed IKE_AUTH response 3 [ EF(1/2) ]
Jun 25 14:24:37 ODIN2 charon-nm: 08[ENC] received fragment #1 of 2, waiting for complete IKE message
Jun 25 14:24:37 ODIN2 charon-nm: 10[NET] received packet: from 217.6.192.10[4500] to 192.168.0.124[38151] (404 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 10[ENC] parsed IKE_AUTH response 3 [ EF(2/2) ]
Jun 25 14:24:37 ODIN2 charon-nm: 10[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1568 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 10[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/PEAP ]
Jun 25 14:24:37 ODIN2 charon-nm: 10[ENC] generating IKE_AUTH request 4 [ EAP/RES/PEAP ]
Jun 25 14:24:37 ODIN2 charon-nm: 10[NET] sending packet: from 192.168.0.124[38151] to 217.6.192.10[4500] (80 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 11[NET] received packet: from 217.6.192.10[4500] to 192.168.0.124[38151] (576 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 11[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/PEAP ]
Jun 25 14:24:37 ODIN2 charon-nm: 11[TLS] negotiated TLS 1.0 using suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Jun 25 14:24:37 ODIN2 charon-nm: 11[TLS] server certificate does not match to 'muc-fw3.inheco.com'
Jun 25 14:24:37 ODIN2 charon-nm: 11[TLS] sending fatal TLS alert 'access denied'
Jun 25 14:24:37 ODIN2 charon-nm: 11[ENC] generating IKE_AUTH request 5 [ EAP/RES/PEAP ]
Jun 25 14:24:37 ODIN2 charon-nm: 11[NET] sending packet: from 192.168.0.124[38151] to 217.6.192.10[4500] (96 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 13[NET] received packet: from 217.6.192.10[4500] to 192.168.0.124[38151] (80 bytes)
Jun 25 14:24:37 ODIN2 charon-nm: 13[ENC] parsed IKE_AUTH response 5 [ EAP/FAIL ]
Jun 25 14:24:37 ODIN2 charon-nm: 13[IKE] received EAP_FAILURE, EAP authentication failed
Jun 25 14:24:37 ODIN2 charon-nm: 13[ENC] generating INFORMATIONAL request 6 [ N(AUTH_FAILED) ]
Jun 25 14:24:37 ODIN2 charon-nm: 13[NET] sending packet: from 192.168.0.124[38151] to 217.6.192.10[4500] (80 bytes)
Jun 25 14:24:37 ODIN2 NetworkManager[1190]: <warn> [1593087877.2086] vpn-connection[0x55f948224530,89ea04e0-b3a4-45b2-83f0-a3cdfe607bf0,"INHECO VPN",0]: VPN plugin: failed: connect-failed (1)
Jun 25 14:24:37 ODIN2 NetworkManager[1190]: <warn> [1593087877.2087] vpn-connection[0x55f948224530,89ea04e0-b3a4-45b2-83f0-a3cdfe607bf0,"INHECO VPN",0]: VPN plugin: failed: connect-failed (1)
Jun 25 14:24:37 ODIN2 NetworkManager[1190]: <info> [1593087877.2087] vpn-connection[0x55f948224530,89ea04e0-b3a4-45b2-83f0-a3cdfe607bf0,"INHECO VPN",0]: VPN plugin: state changed: stopping (5)
Jun 25 14:24:37 ODIN2 NetworkManager[1190]: <info> [1593087877.2088] vpn-connection[0x55f948224530,89ea04e0-b3a4-45b2-83f0-a3cdfe607bf0,"INHECO VPN",0]: VPN plugin: state changed: stopped (6)
</pre>

Back