vpnclient stops. But when mouse is moved , it restarts.

Installation, configuration and troubleshooting of the Cisco VPN Client on Linux systems

vpnclient stops. But when mouse is moved , it restarts.

Postby h13i32maru » Thu Jan 14, 2010 12:39 pm

I use vpnclient on Ubuntu8.10(kernel2.6.27.7) and KNOPPIX6.0.1(kernel2.6.28.4).

vpnclient often stops.

Code: Select all
vpnclient connect vpn
Cisco Systems VPN Client Version 4.8.02 (0030)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.28.4 #8 SMP PREEMPT Mon Feb 9 14:33:28 CET 2009 i686
Config file directory: /etc/opt/cisco-vpnclient

Initializing the VPN connection.
(vpnclient stops. after few seconds , vpnclient output error message)
The VPN sub-system is busy or has failed.

return code is 33. 33 is ERR_COMMUNICATION_TIMED_OUT(Interprocess communication timed out).
http://www.cisco.com/en/US/products/sw/ ... 5cfdd.html

I change PC , but vpnclient often stops.
I try "vpnclient_init restart" , but vpnclient often stops.
I try "ifconfig cipsec0 down" , but vpnclient often stops.

When I move the mouse while vpnclient stops , vpnclient restarts!!
I don't understand this behavior.

Does anyone understand the cause?
Please help me.

.pcf file
Code: Select all
[main]
Description=Cisco VPN Client
Host=10.0.0.1
SaveUserPassword=1
EnableBackup=0
BackupServer=
EnableLocalLAN=0
EnableNat=1
TuunelingMode=0
TCPTunnelingPort=
ForceKeepAlives=0
PeerTimeout=90
DHGroup=2

AuthType=1
GroupName=iTC
GroupPwd=psk
Username=user
UserPassword=pass


Log by ipseclog.
Code: Select all
Cisco Systems VPN Client Version 4.8.02 (0030)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.28.4 #8 SMP PREEMPT Mon Feb 9 14:33:28 CET 2009 i686
Config file directory: /etc/opt/cisco-vpnclient

1      19:14:11.580  01/14/2010  Sev=Warning/3   CLI/0x83900004
Unable to purge old log files. Function returned -1.

2      19:14:11.645  01/14/2010  Sev=Info/4   CVPND/0x4340001F
Privilege Separation: restoring MTU on primary interface.

3      19:14:11.646  01/14/2010  Sev=Debug/7   CM/0x43100033
Auto-initiation watch:  started

4      19:14:11.646  01/14/2010  Sev=Debug/7   CM/0x43100033
Auto-initiation watch:  interface change handler invoked

5      19:14:11.646  01/14/2010  Sev=Debug/7   CM/0x43100033
Auto-initiation watch:  auto-initiation is currently disabled

6      19:14:11.646  01/14/2010  Sev=Info/4   CVPND/0x4340000F
Started cvpnd:
Cisco Systems VPN Client Version 4.8.02 (0030)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.28.4 #8 SMP PREEMPT Mon Feb 9 14:33:28 CET 2009 i686

7      19:14:12.581  01/14/2010  Sev=Info/4   CLI/0x43900002
Started vpnclient:
Cisco Systems VPN Client Version 4.8.02 (0030)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.28.4 #8 SMP PREEMPT Mon Feb 9 14:33:28 CET 2009 i686

8      19:14:17.616  01/14/2010  Sev=Info/4   CM/0x43100002
Begin connection process

9      19:14:17.617  01/14/2010  Sev=Warning/2   CVPND/0x83400011
Error -28 sending packet. Dst Addr: 0xC0A800FF, Src Addr: 0xC0A80064 (DRVIFACE:1201).

10     19:14:17.663  01/14/2010  Sev=Debug/7   CM/0x43100033
Auto-initiation watch:  stopped

11     19:14:17.664  01/14/2010  Sev=Info/4   CM/0x43100004
Establish secure connection

12     19:14:17.664  01/14/2010  Sev=Info/4   CM/0x43100024
Attempt connection with server "10.0.0.1"

13     19:14:17.664  01/14/2010  Sev=Info/4   CVPND/0x43400019
Privilege Separation: binding to port: (0).

14     19:14:17.664  01/14/2010  Sev=Info/4   CVPND/0x43400019
Privilege Separation: binding to port: (0).

15     19:14:17.664  01/14/2010  Sev=Info/6   IKE/0x4300003B
Attempting to establish a connection with 10.0.0.1.

16     19:14:17.665  01/14/2010  Sev=Debug/9   IKE/0x43000091
Unable to acquire local IP address after 0 attempts (over 12 seconds), probably due to network socket failure.


Log by strace vpnclient
Code: Select all
(...snip...)
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(29746), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
fcntl64(3, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
setsockopt(3, SOL_SOCKET, SO_SNDBUF, [65536], 4) = 0
setsockopt(3, SOL_SOCKET, SO_RCVBUF, [65536], 4) = 0
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
send(3, "\0\0\245K\3\0\0\35\0\0\0\4\6\0\0\0"..., 16, 0) = 16
select(4, [3], NULL, NULL, {5, 0})      = 1 (in [3], left {4, 999994})
recv(3, "\0\0\245K\3\0\0\36\0\0\0\10"..., 12, 0) = 12
recv(3, "\0\0\0\0\6\0\0\0"..., 8, 0)    = 8
rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
rt_sigaction(SIGCHLD, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGTTIN, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGTTOU, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGHUP, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGINT, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGALRM, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGTERM, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGUSR1, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGUSR2, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGIO, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGPROF, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGVTALRM, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGSTKFLT, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGIO, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGPWR, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
rt_sigaction(SIGSYS, {0x8056c50, ~[RTMIN RT_1], SA_NOCLDSTOP}, NULL, 8) = 0
lstat64("/etc/opt/cisco-vpnclient", {st_mode=S_IFDIR|0755, st_size=80, ...}) = 0
lstat64("/etc/opt/cisco-vpnclient/Profiles/vpn.pcf", {st_mode=S_IFREG|0777, st_size=794, ...}) = 0
lstat64("/etc/opt/cisco-vpnclient/Profiles/vpn.pcf", {st_mode=S_IFREG|0777, st_size=794, ...}) = 0
open("/etc/opt/cisco-vpnclient/Profiles/vpn.pcf", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0777, st_size=794, ...}) = 0
close(4)                                = 0
lstat64("/etc/opt/cisco-vpnclient/Profiles/vpn.pcf", {st_mode=S_IFREG|0777, st_size=794, ...}) = 0
open("/etc/opt/cisco-vpnclient/Profiles/vpn.pcf", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0777, st_size=794, ...}) = 0
fcntl64(4, F_GETFL)                     = 0 (flags O_RDONLY)
fstat64(4, {st_mode=S_IFREG|0777, st_size=794, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ee5000
_llseek(4, 0, [0], SEEK_CUR)            = 0
read(4, "[main]\nDescription=Cisco VPN Clie"..., 4096) = 794
read(4, ""..., 4096)                    = 0
close(4)                                = 0
munmap(0xb7ee5000, 4096)                = 0
close(4)                                = -1 EBADF (Bad file descriptor)
send(3, "\0\0\245K\3\0\0\1\0\0\1\210iTC\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 404, 0) = 404
write(1, "Initializing the VPN connection."..., 32Initializing the VPN connection.) = 32
write(1, "\n"..., 1
)                    = 1
gettimeofday({1263353693, 356962}, {4294966756, 0}) = 0
time(NULL)                              = 1263353693
select(4, [3], NULL, NULL, {1, 0})      = 1 (in [3], left {0, 999994})
recv(3, "\0\0\245K\4\0\0\30\0\0\4\20"..., 12, 0) = 12
recv(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1040, 0) = 1040
gettimeofday({1263353693, 390298}, {4294966756, 0}) = 0
time(NULL)                              = 1263353693
select(4, [3], NULL, NULL, {1, 0})      = 0 (Timeout)
time(NULL)                              = 1263353694
gettimeofday({1263353694, 416962}, {4294966756, 0}) = 0
time(NULL)                              = 1263353694
select(4, [3], NULL, NULL, {1, 0})      = 0 (Timeout)
time(NULL)                              = 1263353695
gettimeofday({1263353695, 443630}, {4294966756, 0}) = 0
time(NULL)                              = 1263353695
select(4, [3], NULL, NULL, {1, 0})      = 0 (Timeout)
time(NULL)                              = 1263353696
gettimeofday({1263353696, 470295}, {4294966756, 0}) = 0
time(NULL)                              = 1263353696
select(4, [3], NULL, NULL, {1, 0})      = 0 (Timeout)
time(NULL)                              = 1263353697
gettimeofday({1263353697, 496961}, {4294966756, 0}) = 0
time(NULL)                              = 1263353697
select(4, [3], NULL, NULL, {1, 0})      = 0 (Timeout)
time(NULL)                              = 1263353698
gettimeofday({1263353698, 523628}, {4294966756, 0}) = 0
time(NULL)                              = 1263353698
select(4, [3], NULL, NULL, {1, 0})      = 0 (Timeout)
time(NULL)                              = 1263353699
gettimeofday({1263353699, 550294}, {4294966756, 0}) = 0
time(NULL)                              = 1263353699
select(4, [3], NULL, NULL, {1, 0})      = 0 (Timeout)
time(NULL)                              = 1263353700
gettimeofday({1263353700, 576959}, {4294966756, 0}) = 0
time(NULL)                              = 1263353700
select(4, [3], NULL, NULL, {1, 0})      = 0 (Timeout)
time(NULL)                              = 1263353701
gettimeofday({1263353701, 581638}, {4294966756, 0}) = 0
(...It repeats...)
h13i32maru
Private
Private
 
Posts: 2
Joined: Thu Jan 14, 2010 11:35 am

Re: vpnclient stops. But when mouse is moved , it restarts.

Postby h13i32maru » Mon Jan 18, 2010 10:42 am

I solved this problem.

Cisco VPN Client read /dev/random to get random value.
If entropy(/proc/sys/kernel/random/entropy_pool) is few , reading from /dev/random is blocked.
But /dev/urandom isn't blocked.

http://linux.die.net/man/4/random

I use /dev/urandom instead of /dev/random.

Code: Select all
mv /dev/random /dev/random.orig
ln -s /dev/urandom /dev/random
h13i32maru
Private
Private
 
Posts: 2
Joined: Thu Jan 14, 2010 11:35 am

Re: vpnclient stops. But when mouse is moved , it restarts.

Postby sokai » Thu Jan 21, 2010 12:55 pm

Thanks "h13i32maru" for your solution.

I think there is not enough entropy for generating randomness. The same thing happens to me connecting to the VPN server.
My 'solution' is forcing the system to 'generate' more entropy by moving the mouse (left and right; some seconds; fast). :)

It's a general solution speeding up processes that need more entropy.

Using /dev/urandom instead of /dev/random is a solution but the rendomness of that device generates less random (and is more insecure).

Best regards,
soaki
sokai
Private
Private
 
Posts: 2
Joined: Thu Oct 29, 2009 7:56 pm


Return to Cisco VPN Client on Linux systems

Who is online

Users browsing this forum: No registered users and 1 guest

cron