EdgeRouter L2TP VPN does not work with updated systems

JaredBusch

Well shit maybe a problem with the kernel

The NetworkManager maintainer replies on the Ubiquiti forum post I made.
https://community.ubnt.com/t5/EdgeMAX/L2TP-unusable-on-Fedora/td-p/2254953

JaredBusch

Booted a VM to the Fedora 27 Workstation Live ISO.
Used dnf to installed L2TP and it worked perfectly.

The Live ISO uses kernel 4.13.9-300.

This confirm that kernel 4.14 and 4.15 are doing something wrong and are breaking IPsec.

dafyre

@jaredbusch said in EdgeRouter L2TP VPN does not work with updated systems:

Booted a VM to the Fedora 27 Workstation Live ISO.
Used dnf to installed L2TP and it worked perfectly.

The Live ISO uses kernel 4.13.9-300.

This confirm that kernel 4.14 and 4.15 are doing something wrong and are breaking IPsec.

You can block dnf from installing newer kernels until this is fixed if you need to.

JaredBusch

@dafyre said in EdgeRouter L2TP VPN does not work with updated systems:

@jaredbusch said in EdgeRouter L2TP VPN does not work with updated systems:

Booted a VM to the Fedora 27 Workstation Live ISO.
Used dnf to installed L2TP and it worked perfectly.

The Live ISO uses kernel 4.13.9-300.

This confirm that kernel 4.14 and 4.15 are doing something wrong and are breaking IPsec.

You can block dnf from installing newer kernels until this is fixed if you need to.

I've long been on a kernel newer than 4.13

dbeato

Was this the bug you were referring to?
https://bugzilla.redhat.com/show_bug.cgi?id=1526203
https://github.com/hwdsl2/setup-ipsec-vpn/issues/102
https://github.com/libreswan/libreswan/issues/140

JaredBusch

@dbeato I'm not referencing any bug.
I am telling you it does not work on 4.15. So whatever that bug was involved with is not resolved currently.

Additionally the NetworkManager maintainer stated in his post on the Ubiquiti community that it was broke in 4.15 also.

0_1519767547410_2f862170-b67f-4bfc-ad3c-dbdf621b8b3f-image.png

JaredBusch

@dbeato said in EdgeRouter L2TP VPN does not work with updated systems:

Was this the bug you were referring to?
https://bugzilla.redhat.com/show_bug.cgi?id=1526203
https://github.com/hwdsl2/setup-ipsec-vpn/issues/102
https://github.com/libreswan/libreswan/issues/140

Your first link is semi related.

I have no idea wtf you are trying to prove with the second link.

The third link is only tangently related, but a follow up post on that links to the actual kernel commits that are the problem. But I have no idea how to know what is what from that level of in depth detail.
https://patchwork.ozlabs.org/patch/838470/

dbeato

@jaredbusch said in EdgeRouter L2TP VPN does not work with updated systems:

@dbeato said in EdgeRouter L2TP VPN does not work with updated systems:

Was this the bug you were referring to?
https://bugzilla.redhat.com/show_bug.cgi?id=1526203
https://github.com/hwdsl2/setup-ipsec-vpn/issues/102
https://github.com/libreswan/libreswan/issues/140

Your first link is semi related.

I have no idea wtf you are trying to prove with the second link.

The third link is only tangently related, but a follow up post on that links to the actual kernel commits that are the problem. But I have no idea how to know what is what from that level of in depth detail.
https://patchwork.ozlabs.org/patch/838470/

The 2nd one deserved the WTF because is from 1/2017 so it is not related.

FATeknollogee

@JaredBusch Does your L2TP work in Fedora 28?

I'm on 4.17.7-200 & can't get L2TP working (from my desktop)
I spin up a W10 vm & no problem getting it work

JaredBusch

@fateknollogee said in EdgeRouter L2TP VPN does not work with updated systems:

@JaredBusch Does your L2TP work in Fedora 28?

I'm on 4.17.7-200 & can't get L2TP working (from my desktop)
I spin up a W10 vm & no problem getting it work

It was working on two months ago or so it was working last month I have not tried it in a few weeks

FATeknollogee

Did you use the Libreswan or Strongswan setting in your previous post?