With some recent updates to the Ubiquiti firmware, it seems that the restrictive algorithms list, in the IPsec config, are no longer required. Now, you can use the "Prevalent Algortihms" button, in NetworkManager, and the connection works.
For documentation purposes, the algorithms in the dialog are:
Phase 1 Algorithms: aes256-sha2_256-modp2048,aes256-sha2_256-modp1536,aes256-sha2_256-modp1024,aes256-sha1-modp2048,aes256-sha1-modp1536,aes256-sha1-modp1024,aes256-sha1-ecp_384,aes128-sha1-modp1024,aes128-sha1-ecp_256,3des-sha1-modp2048,3des-sha1-modp1024
Phase 2 Algorithms: aes256-sha1,aes128-sha1,3des-sha1
[ORIGINAL POST]
I've been using Ubiquiti network gear at home, for a few years now, and I really love it. The combination of strong hardware and really good after-sale support, and quick security updates is still really compelling. I especially like that I can run the management interface on a Raspberry Pi, in a container, for extreme ease of maintenance.
About 4 years ago, an attacker managed to exploit my old firewall (a Netgear router/firewall of some unmemorable type) and caused a significant amount of cleanup work, for me. After that experience, I decided that my old method of remote access (SSH on a high port) wasn't going to continue to work. After some research and testing, I settled on Ubiquiti, with the UniFi Security Gateway, for my access control device. For most purposes, it has been excellent, even reporting detailed statistics on all associated connections. The one issue that I had was in getting VPN access working. My Windows and Mac (very few!) clients were easy to setup, based on the guide here, and iOS and Android were similarly easy.
Fedora (my choice for general desktop use) was a different matter. I spent quite a few hours in trying to troubleshoot why the VPN wouldn't associate, giving up in disgust each time. I truly do not enjoy troubleshooting VPN connections, and this was just one more reminder why. Just today, though, I finally figured out the solution.
I am using Fedora 30, and the default GNOME desktop. Here are the steps that I took to get the software installed. I chose strongswan, based on the recommendations here.
$ sudo dnf install strongswan
$ sudo dnf search l2tp
$ sudo dnf install NetworkManager-l2tp-gnome
$ sudo dnf remove libreswan
Once that was complete, I configured the VPN connection, from the GUI. My final config looks like this:
With those settings, especially the "Phase1" and "Phase2" algorithms, everything works great.
