Occasionally I work from home, and access to certain development resources is restricted to either the office IP or the use of a secure VPN. Since everyone uses Macs or Windows at the office there are no manuals or guides to set it up on linux, so I had to figure stuff out myself.
First of all, Ubuntu doesn’t have L2TP support out of the box currently, but luckily Ask Ubuntu has plenty of questions on the topic. Apparently L2TP was removed at 16.04 for some dependency reason, and replaced with a package called StrongSwan. Luckily it’s in the main repository, so it can be installed without much hassle. (However, I tried it on 18.04 and I was unable to add a VPN as the Save/Apply button simply wouldn’t work.)
However, I went another route (that I found before I saw that answer about StrongSwan), using network-manager-l2tp (which was deprecated for its dependency on OpenSwan, but is still in universe) and network-manager-l2tp-gnome (as pointed out in a comment). It added the Layer 2 Tunneling Protocol option to the network settings all right.
I added the VPN, set the server’s IP and my credentials. It still wouldn’t work. The config manuals for Mac I was given didn’t have any other steps so I was kinda running out of ideas.
The key was that I had to set the Phase 1 and 2 encryption methods (which were empty by default) in the IPSec Settings panel of the VPN’s settings. I hoped that it’d infer the encryption methods by some protocol magic if the fields were empty, but that wasn’t the case.
3DES-SHA1 is apparently common
A poor soul on Ask Ubuntu had even worse luck than me and setting the encryptions didn’t work for them – but in their question they posted their settings, using 3DES-SHA1. I’m not a crypto guy so I don’t know which algo is strong or weak. 3DES-SHA1 is apparently the default for Windows systems, but the RFC doesn’t mention that and both 3DES and SHA1 are far from ideal. It’s still a good bet to try first.
Whatever the algo you need to use for your VPN, you can’t seem to rely on the system to figure it out. Considering it appears to be a necessary setting it’s weird that it’s hidden so deep in the advanced options, but be sure to set them (and correctly).
Thank you very much for your post, I was having problems configuring a VPN in Ubuntu 18.04 that worked fine in Ubuntu 16.04, and the problem was I had to set the Phase 1 and 2 algorithms, which were not needed in 16.04.
I’ve tried several methods indicated online, to find that none of them work. I’ve tried all that you link above. It’ hard to tell, but it may be in the indicator app itself, because turning off Enable Networking has no effect, and Connection Information never finds connection information.
This is ridiculous on the part of Ubuntu. If I had known that was the case I would not have performed the upgrade. VPN is a critical feature for those of us in IT, and just dropping it for months borders on the irresponsible…
If it’s mission critical for you then it might even worth a complete reinstall of the OS. I definitely could get it working on a fresh 18.04 install just now.