FYI for those that are having problems with L2TP VPN connections to older gateways on Fedora 33. There were two things I needed to do in order for my vpn connection to work from a Fedora 33 workstation to a Ubiquit Unifi USG vpn gateway.
First I needed to add selinux labels to /var/lib/ipsec
# semanage fcontext --add --type ipsec_key_file_t '/var/lib/ipsec(/.*)?'
# restorecon -rv /var/lib/ipsec
Next, I needed to downgrade libreswan from 4.1 to 3.32.
# dnf downgrade libreswan
Make sure you add
exclude=libreswan to /etc/dnf/dnf.conf and reboot.
I am not sure if the downgrade means I still need to label /var/lib/ipsec, but that’s what worked for me.
I believe there are already bugs out on this for Fedora, but as far as I am aware, the problem is more that Ubiquiti isn’t likely to include a newer version of libreswan into their USG products considering it’s fairly dated hardware.
I figured I would share for those that are looking for a work-around. Not sure how long it will be valid, but for now, it seems to be what works for me. If I remember later, I’ll pull up the related bugs.