Can't connect

Installation, configuration and troubleshooting of the Cisco VPN Client on Linux systems

Can't connect

Postby rbuick » Thu Jan 03, 2008 1:35 pm

I'm running 2.6.23.9-85.fc8 on a 64bit host and using vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz with x86_64 patch. Also on 2.6.23.8-34.fc7 32bit host using vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz

When I attempt to connect, the client runs through all the available vpn connections, contacting the gateway and then 'locally terminates'.
An fc4 system I have that uses an earlier client connects strait away.

Using tcpdump I get the following output on the 64bit system and similar on the 32bit fc7 system, when logged in as non root:

15:06:18.882048 IP 192.168.0.132.32816 > uk-vpn-3000.***.com.29747: UDP, length 16
15:06:18.892624 IP 192.168.0.132.32816 > uk-vpn-3000.***.com.isakmp: isakmp: phase 1 I agg
15:06:19.057194 IP uk-vpn-3000.***.com.isakmp > 192.168.0.132.isakmp: isakmp: phase 1 R agg
15:06:19.057269 IP 192.168.0.132 > uk-vpn-3000.***.com: ICMP 192.168.0.132 udp port isakmp unreachable, length 484

I tried running as root (even though I did chmod 4111 /opt/cisco-vpnclient/bin/cvpnd ) and it worked sometimes on the 64bit system, but has now stopped after a reboot on the 64bit system; the fc7 system ran ok as root but has just refused to come up in X after a reboot - possibly unrelated.

Thanks for your help.
rbuick
Private
Private
 
Posts: 4
Joined: Thu Jan 03, 2008 1:03 pm

Re: Can't connect

Postby tuxx-home.at » Thu Jan 03, 2008 2:21 pm

Is it possible that after creating the tunnel, your internet connection gets dropped, e.g. caused by the parameter "EnableLocalLan=0" in your VPN profile?
Are you using the same pcf file on the old FC4 system as you're using on your newer systems?
User avatar
tuxx-home.at
Supreme Commander
Supreme Commander
 
Posts: 2199
Joined: Mon Jan 01, 2007 12:51 pm
Location: Vassach - Austria - Europe

Re: Can't connect

Postby rbuick » Thu Jan 03, 2008 11:26 pm

EnableLocalLAN=1
and the fc4 pcf file is exactly the same as the ones used on fc7 and fc8 boxes
rbuick
Private
Private
 
Posts: 4
Joined: Thu Jan 03, 2008 1:03 pm

Re: Can't connect

Postby tuxx-home.at » Mon Jan 14, 2008 9:41 am

Could you please post the outputs of `route -n` before and after you established the VPN connection?
User avatar
tuxx-home.at
Supreme Commander
Supreme Commander
 
Posts: 2199
Joined: Mon Jan 01, 2007 12:51 pm
Location: Vassach - Austria - Europe

Re: Can't connect

Postby rbuick » Fri Feb 15, 2008 10:21 pm

Before during and after on the FC8 box, plus it doesn't connect.
route -n gives
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.0.129 0.0.0.0 UG 0 0 0 eth0

The FC4 box before connecting to the vpn is:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.0.129 0.0.0.0 UG 0 0 0 eth0

but when it has connected it has the following:

Destination Gateway Genmask Flags Metric Ref Use Iface
###.18.1.12 192.168.0.129 255.255.255.255 UGH 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
###.150.0.0 0.0.0.0 255.255.0.0 U 0 0 0 cipsec0
0.0.0.0 ###.150.116.97 0.0.0.0 UG 0 0 0 cipsec0
rbuick
Private
Private
 
Posts: 4
Joined: Thu Jan 03, 2008 1:03 pm

Re: Can't connect

Postby tuxx-home.at » Sun Mar 23, 2008 11:36 am

Sorry for not answering earlier. Before trying to dig in deeper into this issue I have to ask if it's still relevant for you or if you've already fixed it somehow?
User avatar
tuxx-home.at
Supreme Commander
Supreme Commander
 
Posts: 2199
Joined: Mon Jan 01, 2007 12:51 pm
Location: Vassach - Austria - Europe

Re: Can't connect

Postby rbuick » Wed Apr 02, 2008 7:30 pm

It is still broken, even though I've updated to the latest FC8 kernel. 2.6.24.3-50.fc8 #1 SMP Thu Mar 20 13:39:08 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux.

Thanks
rbuick
Private
Private
 
Posts: 4
Joined: Thu Jan 03, 2008 1:03 pm

Re: Can't connect

Postby tesla » Mon Jun 23, 2008 2:51 pm

I have this very same problem!

I unpacked the source, patched and built, and even checked that I had ia-32 libs installed. The PCF I am using works fine on another machine :x

Code: Select all
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.24-16-generic #1 SMP Thu Apr 10 12:47:45 UTC 2008 x86_64
Config file directory: /etc/opt/cisco-vpnclient

Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
tesla
Private
Private
 
Posts: 1
Joined: Mon Jun 23, 2008 2:47 pm

Re: Can't connect

Postby gregnolle » Sat Jul 26, 2008 5:58 pm

Did anyone manage to solve this problem? I'm having exactly the same issue. The PCF that I'm using works fine with the Mac client.
gregnolle
Private
Private
 
Posts: 2
Joined: Sat Jul 26, 2008 5:23 pm

Re: Can't connect

Postby gregnolle » Tue Aug 05, 2008 11:08 pm

Anyone? I've tried the latest version (4.8.02) and that has the same problem for me.
gregnolle
Private
Private
 
Posts: 2
Joined: Sat Jul 26, 2008 5:23 pm

Re: Can't connect

Postby saleem » Tue Sep 01, 2009 5:04 am

Cisco vpn rewrites the /etc/resolv.conf files. Therefore you cannot connect.

A temporary solution which I am using is as follow.
Go to net work manager and unlock it,
In the DNS tab add the ip address of your name server / gateway etc.
Then point the curser at other numbers which cisco vpn has written it,
Do not close the network manager.
You will be able to connect.
I
saleem
Private
Private
 
Posts: 2
Joined: Tue Sep 01, 2009 4:49 am

Re: Can't connect

Postby ivailo » Sat Oct 10, 2009 8:12 am

I experienced the same problem. Checked the server and found the client requests were coming too late (after about 2 min) and at that time the client had errored out already.
I'm running openSuSE 11.1 with 2.6.27.29 kernel. Reading this thread, the previous message made me looking at my /etc/resolv.conf and found that on my system it was auto generated by netconfig and did not matter since my DNS merge policy as set (in /etc/sysconfig/network/config through NETCONFIG_DNS_POLICY) was set to "auto". Be disabling it (setting to "") the vpnclient connected right away every time.
ivailo
Private
Private
 
Posts: 1
Joined: Sat Oct 10, 2009 7:49 am


Return to Cisco VPN Client on Linux systems

Who is online

Users browsing this forum: No registered users and 3 guests

cron