regression potential Split-tunnel drops inside traffic
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vpnc (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: vpnc
On clean installs of Ubuntu 8.10 and 9.04(@4/4/2009), while using same config and same destination ASA 5510, same tunnelgrp/config.. I am seeing split-tunnel traffic behavior differences.
Split-tunnel inside network using split-DNS = one more complication perhaps outside QA scope.
On 9.04, I get ping replies (icmp is passing) from short-name,FQDN and ip but browser will not load any inside/tunnel sites. Browser is otherwise 100%~not browser isolated issue. Same issue with RDP/3389 traffic. Seems like only ICMP making roundtrip others getting lost.
On 8.10, same home network src; same destination asa/grp - all perfectly working as expected.
I have modified route table, DHCP||DHCP-
This is my first Ubuntu bug report; I hope to have met basic posting requirements and adhered to general scientific principles. I am able to assist further and provide specific data where required.
In this sequence, we see sucesfull ping replies then an initial/first contact from .5 then it goes dark. This is reproducible; nmap, if run first, will find port 80 listening and then any requests will make it appear offline.
HERE IS CENTOS HOST 10.1.1.5:
kent@rambutan2:~$ ping 10.1.1.5
PING 10.1.1.5 (10.1.1.5) 56(84) bytes of data.
64 bytes from 10.1.1.5: icmp_seq=1 ttl=63 time=1782 ms
64 bytes from 10.1.1.5: icmp_seq=2 ttl=63 time=2570 ms
64 bytes from 10.1.1.5: icmp_seq=3 ttl=63 time=1956 ms
64 bytes from 10.1.1.5: icmp_seq=4 ttl=63 time=1658 ms
^C
--- 10.1.1.5 ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 4015ms
rtt min/avg/max/mdev = 1658.116/
kent@rambutan2:~$ wget http://
--2009-04-04 13:22:24-- http://
Connecting to 10.1.1.5:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: /twiki/
--2009-04-04 13:22:27-- http://
Connecting to 10.1.1.5:80... connected.
HTTP request sent, awaiting response... ^C
kent@rambutan2:~$ nmap -v -A 10.1.1.5
Starting Nmap 4.76 ( http://
Initiating Ping Scan at 13:23
Scanning 10.1.1.5 [1 port]
Completed Ping Scan at 13:23, 2.00s elapsed (1 total hosts)
Read data files from: /usr/share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.30 seconds
kent@rambutan2:~$ wget http://
--2009-04-04 13:23:50-- http://
Resolving www.cnn.com... 157.166.255.18
Connecting to www.cnn.
HTTP request sent, awaiting response... 200 OK
Length: 96260 (94K) [text/html]
Saving to: `index.html.1'
25% [========> ] 24,552 --.-K/s eta 20s ^C
kent@rambutan2:~$ nmap -v -A 10.1.1.5
Starting Nmap 4.76 ( http://
Initiating Ping Scan at 13:24
Scanning 10.1.1.5 [1 port]
Completed Ping Scan at 13:24, 2.00s elapsed (1 total hosts)
Read data files from: /usr/share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.44 seconds
HERE IS WINDOWS OS HOST:
kent@rambutan2:~$ ping 10.1.1.27
PING 10.1.1.27 (10.1.1.27) 56(84) bytes of data.
64 bytes from 10.1.1.27: icmp_seq=1 ttl=127 time=3361 ms
64 bytes from 10.1.1.27: icmp_seq=2 ttl=127 time=3032 ms
^C
--- 10.1.1.27 ping statistics ---
5 packets transmitted, 2 received, 60% packet loss, time 4017ms
rtt min/avg/max/mdev = 3032.119/
kent@rambutan2:~$ wget http://
--2009-04-04 13:30:50-- http://
Connecting to 10.1.1.27:80... connected.
HTTP request sent, awaiting response... ^C
kent@rambutan2:~$ ping 10.1.1.27
PING 10.1.1.27 (10.1.1.27) 56(84) bytes of data.
64 bytes from 10.1.1.27: icmp_seq=1 ttl=127 time=1436 ms
64 bytes from 10.1.1.27: icmp_seq=2 ttl=127 time=1506 ms
^C
--- 10.1.1.27 ping statistics ---
4 packets transmitted, 2 received, 50% packet loss, time 2999ms
rtt min/avg/max/mdev = 1436.969/
kent@rambutan2:~$ nmap -v -A 10.1.1.27
Starting Nmap 4.76 ( http://
Initiating Ping Scan at 13:31
Scanning 10.1.1.27 [1 port]
Completed Ping Scan at 13:31, 2.00s elapsed (1 total hosts)
Read data files from: /usr/share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.40 seconds
GENERAL INFO:
kent@rambutan2:~$ lsb_release -rd
Description: Ubuntu jaunty (development branch)
Release: 9.04
kent@rambutan2:~$ apt-cache policy vpnc
vpnc:
Installed: 0.5.3-1
Candidate: 0.5.3-1
Version table:
*** 0.5.3-1 0
500 http://
100 /var/lib/
kent@rambutan2:~$ apt-cache policy network-
network-
Installed: 0.7.1~20090213+
Candidate: 0.7.1~20090213+
Version table:
*** 0.7.1~20090213+
500 http://
100 /var/lib/
kent@rambutan2:~$