After upgrading to F43 I am unable to connect to VPN (l2tp).
This is the journalctl output:
[1762371988.9269] vpn[xyz,“xyz”]: dbus: failure: connect-failed (1)
Packages are installed, tried creating the VPN connection again but the result is the same. Would appreciate any help. Thank you.
Do you have something like
Nov 07 12:24:01 fedora nm-openvpn[83419]: OpenSSL: error:0A000086:SSL routines::certificate verify failed:
Nov 07 12:24:01 fedora nm-openvpn[83419]: TLS_ERROR: BIO read tls_read_plaintext error
Nov 07 12:24:01 fedora nm-openvpn[83419]: TLS Error: TLS object -> incoming plaintext read error
Nov 07 12:24:01 fedora nm-openvpn[83419]: TLS Error: TLS handshake failed
Nov 07 12:24:01 fedora nm-openvpn[83419]: SIGUSR1[soft,tls-error] received, process restarting
Nov 07 12:24:08 fedora nm-openvpn-service[83404]: Connect timer expired, disconnecting.
INn logs? It seesm that something with certificates went wild
See the following SELinux policy issue which has a workaround for the kl2tpd permission issue:
https://bugzilla.redhat.com/show_bug.cgi?id=2407022#c6
Along with a SELinux workaround or disabling, will also need to remove the Blacklisting of L2TP kernel modules which can be achieved with:
sudo sed -e '/blacklist l2tp_netlink/s/^b/#b/g' -i /etc/modprobe.d/l2tp_netlink-blacklist.conf
sudo sed -e '/blacklist l2tp_ppp/s/^b/#b/g' -i /etc/modprobe.d/l2tp_ppp-blacklist.conf
IKEv1 is deprecated and disabled by default with Libreswan >= 5.0, so if you are using Libreswan, will also need to re-enable IKEv1 which can be achieved with:
sudo sed -e 's/#ikev1-policy=.*/ikev1-policy=accept/' -i /etc/ipsec.conf