Ubuntu
vpnc package

VPNC broken after gutsy upgrade

Bug #132044 reported by Oliver Wilson
4
Affects Status Importance Assigned to Milestone
vpnc (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: vpnc

Upgrading from Feisty to Gutsy has broken my Cisco VPN, but I'm not sure how to diagnose it.

Under Feisty, I could use either the command line "sudo vpnc" or use NetworkManager to connect to my company's network, and it worked fine. Apparently there's also an "official" Cisco client, but you need a kernel compiled before the fall of the Berlin Wall to make it work (ie RedHat).

When I say "the VPN worked fine", I mean:

-Requests to the corporate network were routed OK. I could:
  VNC to a desktop at work
  SMB onto a drive at work etc
-Requests to my local network were unaffected, I could still:
  see my router's webface
  SMB to my housemate's Windows box
-Requests for internet traffic were unaffected, I could
  receive web-pages via my home internet connection
  use messenger programs etc

Under Gutsy, the VPN appears to connect fine (it does not disconnect immediately, this is *not* a duplicate of 124238). However, nothing at all is accessible, neither the corporate network, nor the internet.

Without the VPN, NetworkManager (which I'm using for wireless roaming) creates a file that simply says:
search myHomeDomain
nameserver 192.168.2.1 (myHomeRouter)
That works fine, because the default route just goes straight to the router which gets name resolution etc from my ISP.

With the VPN connected however, I get a resolv.conf like this:
search myHomeDomain myCorporateDomain
nameserver corporateDNS1
nameserver corporateDNS2
This is useless, as I no longer can see the internet! So, I manually add "nameserver 192.168.2.1", and that works as a quick fix, but I didn't need to do that under Feisty - regression.

More importantly, the VPN doesn't work - despite the routing table being populated with a load of corporate internal IP addresses, I can't actually see any of them. They don't reply to pings, I can't SMB anything, yet the connection is alive, I see tun0 under ifconfig.

What information do I need to diagnose the problem?
Why did this work before, and not now?

BTW, before you ask,

"Why did he upgrade to an unstable release on a box needed for work?"
Because Evolution in Feisty is fundamentally broken - useless for accessing Exchange server. The latest Evolution is a *little* better (though still essentially useless for doing real work), but is not backported to Feisty. Doing a partial upgrade to Gutsy to get newer Evolution broke everything (Nautilus etc.) so I did a full dist-upgrade. Also it seemed an easier way to move from Beryl to CompizFusion.

Help!!

Revision history for this message
Wilbur Harvey (wilbur-harvey-spirentcom) wrote :

2007-Aug-19
I have all the current updates to Gusty and I am seeing the same thing.
I have no clue as to what is actually wrong.

There is no option to revert to an old version.

I don't know what these things from the change log really mean.

vpnc (0.4.0-3ubuntu1) gutsy; urgency=low

  * Merge from debian unstable, remaining changes:
    - Auth failed return code
    - Change the default for --dpd-idle from 300 to 0 (disables dpd).
    - Update maintainer field in debian/control
  * Dropped changes:
    - Dropped debian/patches/debian/patches/08_auth_failed_return_code.dpatch
    - Dropped 07_gcc_optimizations.dpatch, since vpnc is ok with GCC
    - Dropped 09_dpd_timer_disable.dpatch since it has been included in
      06_stolen_from_head.dpatch

 -- Luca Falavigna <email address hidden> Thu, 24 May 2007 10:20:09 +0100

vpnc (0.4.0-3) unstable; urgency=low

  * 06_stolen_from_head.dpatch: sync with SVN revision 174, including fixes
    for DPD (closes: #416180) and also most likely solves the keepalive
    problems (closes: #418906, reopen if not)
  * 04_debianitis.dpatch: ifconfig call with full path (closes: 423146)

 -- Eduard Bloch <email address hidden> Wed, 23 May 2007 22:45:46 +0200

vpnc (0.4.0-2ubuntu2) gutsy; urgency=low

  * Apply r170 from SVN trunk to help resolve immediate disconnections due to
    dead peer detection (dpd). Adds the --dpd-idle command line option which
    can be set to 0 to disable dead peer detection.
  * Change the default for --dpd-idle from 300 to 0 (disables dpd).
  * LP: #93413

 -- James Tait <email address hidden> Fri, 11 May 2007 21:34:52 +0100

Wilbur

Revision history for this message
Wilbur Harvey (wilbur-harvey-spirentcom) wrote :

I used synaptic to uninstall the vpnc for gusty, and then installed vpnc_0.3.3+SVN20051028-3ubuntu2_amd64.deb (my install is an AM64) and vpnc seems to work fine now.
Wilbur

Revision history for this message
none (ubuntu-bugs-nullinfinity-deactivatedaccount) wrote :

This looks like a duplicate of https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/124238/ but I'll leave it to someone else to mark it as such.

Revision history for this message
Andreas Oberritter (mtdcr) wrote :

The bug description does not match https://bugs.launchpad.net/bugs/124238 :

>Under Gutsy, the VPN appears to connect fine (it does not disconnect immediately, this is *not* a duplicate of 124238). However, nothing at all is accessible, neither the corporate network, nor the internet.

In fact, this report describes two different problems:
1.) DNS might be broken after connecting to the VPN using NetworkManager due to lack of configuration options.
2.) VPN hosts don't respond to pings.

The symptom of bug #124238 is (only on 64 bit archs) a segfault of vpnc during connect, resulting in no tun device and no routes to the VPN.

Revision history for this message
Swâmi Petaramesh (swami-petaramesh) wrote :

Upgrading from Feisty to Gutsy completely broke SSL on my system :-(((

- Apache SSL b0rked
- Postifx TLS b0rked
- Courier-IMAP-SSL b0rked

* Sh***t * My server is unusable :-(((

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.