Description of problem: after applying the last updates to a Fedora 31 host (actually 2 of them), my layer 2 vpn to a Ubiquiti USG4 stopped working. Downgrading to libreswan-3.29-1.fc31.x86_64 restored the functionality. Inspecting logs it appears to be looking in ipsec.nm-l2tp.secrets for credentials and not finding them.
I tried starting it both from the widget and from the cli (nmcli of course). I removed the password and preshared key hoping it would prompt me, but it did not. Tried --ask-pass with nmcli...that didn't work either.
I believe this is mostly a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1807024 and is in regards to libreswan >= 3.30 no longer built with DH2 (modp1024) support. With NetworkManager-l2tp, the PSK has to be entered in the IPsec settings dialog box, there is no other way to enter it. Instead of removing the password, you need to select "Request this password every time" which can be found in the far right of the password text entry box. Once you do that, the --ask-pass switch will prompt for the password on the terminal instead of bringing up a dialog box. I'm not sure what in the logs you are referencing that indicates ipsec.nm-l2tp.secrets doesn't have the credentials. Depending on the libreswan version, you might see a few "warning: could not open include filename: '/etc/ipsec.d/.conf'" messages, but you should also see 'loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"'. *** This bug has been marked as a duplicate of bug 1807024 ***