Configuring Meraki Client VPN on Linux Mint 19 (Network Manager)

You may also like...

13 Responses

  1. Ahmet Turk says:

    Thank your very much sir! It worked like a charm!

  2. Steve Swiss (acejavelin) says:

    This is great, thank you very much! BTW, to eliminate having to manually stop xl2tpd each boot, you can just disable the service with `sudo systemctl disable xl2tpd` and you won’t have to stop it each boot. The Meraki VPN does not use that service at all.

  3. Bobby Hines says:

    Exactly what I needed, worked perfectly. Excellent walkthrough.

  4. Vincent Brown says:

    This worked on Ubuntu 18.04.2 LTS. Thank you very much. This has been a real struggle for me. I sent this to a friend at Cisco to see if they could add this process to official documentation and get it supported.

  5. Christian says:

    Thanks! Didn’t need the extra plugins for Ubuntu 19.04 and I then scratched my head in Linux Mint 19.04 when the same procedure didn’t work there.

  6. Frank says:

    Thank your very much. It worked like a charm between my Linux Mint 19.1 notebook and MikroTik router.

  7. Alexey says:

    Thanks! WIth your help I was able to set VPN connection on Ubuntu 18.04 with i3wm!

  8. For anyone experiencing “PAP authentication failed” error in journalctl: make sure your Linux updates did not leave behind *.secrets file messing up with the auth. In my case, running sudo rm -f /etc/ipsec.d/nm-l2tp-ipsec*.secrets did the trick and connected successfully.

  9. Carlos Cervantes says:

    if looking to configue it using the CLI these lines worked for me

    for meraki (working jun 2020)

    $nmcli connection add connection.id [vpnName] con-name [vpnName] type VPN vpn-type l2tp ifname — connection.autoconnect no ipv4.method auto vpn.data “gateway = [ipv4/domain], ipsec-enabled = yes, ipsec-psk = [PSK], ipsec-ike = 3des-sha1-modp1024, ipsec-esp = 3des-sha1, mru = 1400, mtu = 1400, password-flags = 0, refuse-chap = yes, refuse-mschap = yes, refuse-mschapv2 = yes, refuse-eap = yes, user = [user], password-flags = 1”

    To show generated file:
    $ sudo nmcli c show id [vpnName]
    To start the VPN from cli:
    $ sudo nmcli c up [vpnName] –ask
    To stop the VPN from cli:
    $ sudo nmcli c down [vpnName]
    To change other settings
    $ sudo /etc/NetworkManager/system-connections/[vpnName]

    Credits to
    pajafumo
    Lkabo

  10. Carlos Cervantes says:

    also ran another issue where after trying to create the config using the CLI and failing, I was stuck in phase 1, from meraki’s event log I saw the “msg: invalid DH group 19.” I had to erase all of the following generated files that didn’t get deleted for one reason, From journarctl -f I was able to see an unknown error

    /etc/ipsec.d/nm-l2tp-ipsec-33a76ea6-0d47-46a5-8310-01a80de375db.secrets
    /etc/ipsec.d/nm-l2tp-ipsec-63c18717-e10e-4777-ba96-60bf94bb42c8.secrets
    /etc/ipsec.d/nm-l2tp-ipsec-8c0ee4b9-835c-4872-874f-a39d33fe68bd.secrets

  11. Carlos Cervantes says:

    if you want to delete the config that you have had created through cli
    to erase
    nmcli connection delete [vpnName]

Leave a Reply

%d bloggers like this: