VPN difference between 16.04 and 18.04

Question

I have 2 PCs which I want to connect to a L2TP/IPSec VPN, one of them runs Ubuntu 16.04 and it works fine. The other one runs 18.04 and it can't connect to the server, although the settings are exactly the same. I compared every detail in the settings between the two computers. I even exported the settings on the working one and imported them on the other one, but it still doesn't work. On a Windows computer and on my Android phone it is also working.

So I'm wondering what's the difference between the VPN software on 16.04 and 18.04. Can anyone help me with that?

I already tried installing Libreswan, stopping xl2tpd and deleting the secrets file as suggested on these pages, but my problem still persists:

• l2tp/ipsec problem
• The existing answers for connecting VPN using L2TP VPN on Ubuntu 16.04 did not work. I get VPN connection failed error. I tried many suggestions on AU

Answer 1

I assume that you are using default Ubuntu. The problem could be, that Network Manager has not all plugins. In 16.04 there is no default Network Manager L2TP/IPsec plugin. It was first introduced in 17.04. So you have somehow installed L2TP/IPsec plugin or you are using other third-party software than Network Manager.

So try to install this third-party software. Or in 18.04 for Network-Manager there is L2TP/IPsec plugin.

You can install them with this terminal command:

sudo apt install network-manager-l2tp network-manager-l2tp-gnome

Next reboot your 18.04 PC and try again. If it fails, post your logs from log viewer when you are trying to establish VPN connection.

Answer 2

I would recommend using network-manager-l2tp 1.2.16 from the following PPA, which is a backport from Debian Sid:

• https://launchpad.net/~nm-l2tp/+archive/ubuntu/network-manager-l2tp

For backwards compatibility with most L2TP/IPsec VPN servers out there, network-manager-l2tp 1.2.16 no longer uses the strongSwan or libreswan default set of allowed algorithms, instead algorithms that are a merge of Windows 10 and macOS/iOS/iPadOS L2TP/IPsec clients' IKEv1 proposals are used instead for the default. The weakest proposals that were not common to both Win10 and iOS were dropped, but all of the strongest ones were kept.

More info in the "IPsec IKEv1 weak legacy algorithms and backwards compatibility" section near the end of the README.md file :

• https://github.com/nm-l2tp/NetworkManager-l2tp/blob/nm-1-2/README.md

The version of strongSwan that shipped with Ubuntu 18.04 dropped all algorithms it considers broken from its default set of allowed algorithms, while the version that shipped with Ubuntu 16.04 still has most of them.

Answer 3

Another alternative that worked in my case is to use the command-line Cisco client VPNC.

I was connecting to the L2TP/IPsec VPN of my organization on Ubuntu 18.04, and other methods such as installing network manager plugins didn't work. Hope it might work for you as well.

1. Install: sudo apt install vpnc
2. Configure: Edit the /etc/vpnc/default.conf
3. Connect: sudo vpnc --local-port 0
4. Disconnect: sudo vpnc-disconnect

For configuration:

IPSec gateway <gateway> 
IPSec ID <group-id>
IPSec secret <group-psk>
IKE Authmode hybrid
Xauth username <username>
Xauth password <password>

Points to note:

• I made up the IPSec ID and commented out the IKE Authmode as it is by default, and it still works.
• To connect, just sudo vpnc or sudo vpnc-connect may work, but the port binding error may occur.

Here is a page for reference: https://www.lullabot.com/articles/using-vpnc-as-a-command-line-vpn-client