VPN connection fails on 13.10 with "invalid VPN secrets" error

**pvictory5** · December 13th, 2013

After upgrading to Ubuntu 13.10 my VPN connection stated behaving erratically. I used to work ok in version 12.04, but after the upgrade I repeatedly get the "...invalid VPN secrets." error and the VPN fails to connect. I just have to retry 3 or 4 times in a row to get the VPN to connect successfully. This is without any changes to the VPN connection configuration or network manager restart.
Just try to connect over and over again until it goes through.
This is a daily occurrence.

It is getting tiresome to keep retrying until it connects. This worked like a charm before.

Since I don't have to actually change anything in the configuration to make it work (just be persistent and patient) it would seem something gets either cached or not released properly.

Also, is there a way to get the message to be more explicit as to what it failed?

Any help and ideas are welcomed!

**Gustav_Toppa** · February 26th, 2014

I feel for the OP, as this is an infamous error, apparently due to an as-yet unfixed Gnome bug, which is all over the web, but, which nobody seems to know exactly why it happens, nor, more importantly, how to debug.
Nobody even seems to know WHAT a VPN secret is, in the first place!

If it helps the OP, I've tried EVERYTHING that is suggested on the web, as people aimlessly tried various and sundry remedies, and documented them all over here this week:
Installing Ubuntu 13.10 client for free public person vpn server (VPN Reactor)

Note: Other very similar Ubuntu threads (most either wholly unanswered or filled with shots-in-the-dark) appear to be:

etc.

**dan84** · April 17th, 2014

this is the solution i used

As root edit /etc/NetworkManager/system-connections/vpn-connection-name and under [vpn], change the password flags line to:

password-flags=0

And add the following:
[vpn-secrets]
password=(your vpn password)

**Amorget** · April 20th, 2014

Originally Posted by dan84

this is the solution i used

As root edit /etc/NetworkManager/system-connections/vpn-connection-name and under [vpn], change the password flags line to:

password-flags=0

And add the following:
[vpn-secrets]
password=(your vpn password)

This worked for me, too

**hockeybum27** · May 29th, 2014

I tried the above, with the following results; it is probably important to note that this Cisco VPN connection uses Group authentication (in addition to the regular username and login)
I have an the following in my [vpn] section:

Code:

[vpn]
NAT Traversal Mode=cisco-udp
ipsec-secret-type=save
IPSec secret-flags=1
xauth-password-type=save
Vendor=cisco
Xauth username=**********
IPSec gateway=***.***.***.***
DPD idle timeout (our side)=90
IPSec ID=*****
Xauth password-flags=0
Perfect Forward Secrecy=server
IKE DH Group=dh2
Local Port=500

I tried setting the bolded entry above to 0, and also added the [vpn-secrets] section as described:

Code:

[vpn-secrets]
password=*********

but not only did that not work, it caused another entry to be added to the [vpn-secrets] section:

Code:

[vpn-secrets]
password=*********
Xauth password=*****

So:
1. Should I leave the first line (Xauth password-flags) alone, and add a NEW entry just called password-flags
2. Should I change my password entry in the [vpn-secrets] to Xauth password?

Thanks!

**landstander** · October 20th, 2014

The suggestion in post#3 did not work for me, and in fact non of the solutions that I've been able to find so far on the web (when searching for invalid VPN secrets) have worked to solve this problem.

Also, storing passwords in readable plain text files on your computer can be considered a blatant violation of best security practices. ...and I guess thats stated as if anything is really secure any more... *sigh* :/

[UPDATE:] The solution that worked for me.
I discovered that some of the characters I was using for the VPN password were causing this error. Specifically I believe it may have been the forward slash character "/" that may have been causing the issue. I suspect this may have been the problem as a similar problem was solved by removing that character from my password for an academic account. If nothing else works to solve this issue, change your password so that it doesn't use any special characters at all (see this comic strip for more info: http://www.xkcd.com/936/) and see if that helps. If that does the trick you could try adding back in one special character at a time until you get this error again, then just make a passphrase that doesn't use that character.
Here is an interesting passphrase generator: http://www.fourmilab.ch/javascrypt/pass_phrase.html, there are many other online. Try any search engine to find them but ixquick or duckduckgo seem to be popular choices for keeping your searches private.

Note: Since this problem is very wide spread and small groups of people are having success with various proposed solutions with no solution working for everyone, it is definitely possible that simply changing the password to a passphrase that doesn't use special characters will not solve the problem. In that case you are back to square one and will have to find one of the many other solutions posted that seem to be hit or miss for most people until you find one or some combination thereof that works for you, and if you do find a solution that works, please post it someplace.

**Arnold_Balliu** · May 26th, 2015

What worked for me is that I saw that I had this problem like this guy here:
http://askubuntu.com/questions/57915...untu-14-04-lts
Then I installed the software in the first and only answer (copy/paste).
Everything seemed to work fine.