registry team mailing list archive

Thread
Date
[Bug 479632] Re: VPN connection fails after one hour^H^H^H^H security-association idle-time expiry

To: registry@xxxxxxxxxxxxxxxxxxx
From: cashy <479632@xxxxxxxxxxxxxxxxxx>
Date: Wed, 25 Aug 2010 12:24:19 -0000
Reply-to: Bug 479632 <479632@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Hi,

I am not sure about having the same problem.
I have 10.04 official, fresh installation. My vpnc "disconnects" after about 16 minutes.

I tried various setups, tried Makovick-patches, and I reached the point,
where there are no error messages, everything seems to be okay, but the
other side of the vpn is not reachable... :(

With nm-applet:
Connection successful, got the login banner. Everíthing is okay, speed is right.
Syslog says: 
--
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  Starting VPN service 'org.freedesktop.NetworkManager.vpnc'...
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 9690
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  VPN service 'org.freedesktop.NetworkManager.vpnc' just appeared, activating connections
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  VPN plugin state changed: 1
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  VPN plugin state changed: 3
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  VPN connection 'WORK' (Connect) reply received.
Aug 25 14:09:40 cashy-laptop NetworkManager:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Aug 25 14:09:40 cashy-laptop kernel: [63073.336892] tun0: Disabled Privacy Extensions
Aug 25 14:09:40 cashy-laptop NetworkManager:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  VPN connection 'WORK' (IP Config Get) reply received.
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  VPN Gateway: xxx.xxx.xxx.xxx
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  Tunnel Device: tun0
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  Internal IP4 Address: 10.100.101.239
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  Internal IP4 Prefix: 24
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  Internal IP4 Point-to-Point Address: 10.100.101.239
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  Maximum Segment Size (MSS): 0
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  Static Route: 192.168.110.0/24   Next Hop: 192.168.110.0
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  Internal IP4 DNS: 84.2.44.1
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  Internal IP4 DNS: 84.2.46.1
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  DNS Domain: '(none)'
Aug 25 14:09:40 cashy-laptop NetworkManager: <info>  Login Banner:
---
And not so suddenly, after 16 minutes:
---
Aug 25 14:09:41 cashy-laptop NetworkManager: <info>  VPN connection WORK' (IP Config Get) complete.
Aug 25 14:09:41 cashy-laptop NetworkManager: <info>  Policy set 'Auto HOME' (wlan0) as default for routing and DNS.
Aug 25 14:09:41 cashy-laptop NetworkManager: <info>  VPN plugin state changed: 4
Aug 25 14:09:41 cashy-laptop nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.
---


With patched vpnc (vpnc-0.5.3r449) nearly the same:
Login, and login banner, counter starts to tick.
Ticks and ticks, but after 16 minutes ping works with 100% packet loss.

Earlier I tried vpnc-nortel (0.5.3) and the unpatched vpnc (vpnc-0.5.3r449). Brought the same. There was some error messages. 
First the "tun0: Disabled Privacy Extensions" informational, and when the connection begun to hang up, I got two kinds of error messages: "got late ike packet" and "got packet with wrong cookies". They came about 3-4 times, and then the connection completely stopped.

Here is the config file, which I tried:
--
IPSec ID WORKDOMAIN
IPSec secret WORKDOMAINPASSWORD
IPSec gateway xxx.xxx.xxx.xxx
Xauth username MYUSERNAME
Xauth password MYUSERPASSWORD
Domain WORKDOMAIN
IKE Authmode psk
Target Networks 192.168.110.0/24
DNSUpdate No
DPD Idle timeout (our side) 0
NAT Traversal Mode cisco-udp
#NAT Traversal Mode force-natt
Enable Single DES
Local Port 10000
---

Sorry about my "not-so-fluent" English.
Anybody can help?

-- 
VPN connection fails after one hour^H^H^H^H security-association idle-time  expiry
https://bugs.launchpad.net/bugs/479632
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Fedora.