No default internet traffic after connecting to VPN
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vpnc (Ubuntu) |
Invalid
|
Medium
|
Unassigned |
Bug Description
I am connecting to my office VPN using the Network Manager applet's VPN connection. I am not sure which VPN tool is being used, because to get VPN working right, I had to install, vpnc, network-
Now if I login to the VPN using my company's profile .pcf file, it logs in correctly and I am able to use the office network correctly. But the default internet traffic gets disconnected and I can't surf the web while connected to office.
Upon digging I found that even the default traffic is trying to go through the VPN tunnel.
I wish someone could help me with this and have the following information for you:
A. Before connecting to VPN:
$ cat /etc/resolv.conf
# generated by NetworkManager, do not edit!
nameserver 192.168.1.1
$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
$ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:16:36:74:57:8E
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:142850 errors:0 dropped:0 overruns:0 frame:0
TX packets:142033 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:97208755 (92.7 MiB) TX bytes:18752118 (17.8 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:491 errors:0 dropped:0 overruns:0 frame:0
TX packets:491 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:55830 (54.5 KiB) TX bytes:55830 (54.5 KiB)
wlan0 Link encap:Ethernet HWaddr 00:14:A5:C3:F0:2F
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
B. After connecting to the VPN:
$ cat /etc/resolv.conf
# generated by NetworkManager, do not edit!
search amd.com
nameserver 165.204.25.14
nameserver 163.181.1.2
$ netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
203.101.113.70 castun.amd.com 255.255.255.255 UGH 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
default * 0.0.0.0 U 0 0 0 tun0
$ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:16:36:74:57:8E
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:143049 errors:0 dropped:0 overruns:0 frame:0
TX packets:142271 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:97292723 (92.7 MiB) TX bytes:18796205 (17.9 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:495 errors:0 dropped:0 overruns:0 frame:0
TX packets:495 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:57082 (55.7 KiB) TX bytes:57082 (55.7 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-
inet addr:165.204.27.133 P-t-P:165.
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1412 Metric:1
RX packets:54 errors:0 dropped:0 overruns:0 frame:0
TX packets:116 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:6797 (6.6 KiB) TX bytes:17461 (17.0 KiB)
wlan0 Link encap:Ethernet HWaddr 00:14:A5:C3:F0:2F
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
If I try to add another default gateway by using the command
$ sudo route add default gw 192.168.1.1
I can't get any output for `netstat -r` - it hangs. Instead:
$ netstat -r -n
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
203.101.113.70 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
At this stage, searching for a general web address keeps the browser simply waiting for response and eventually gives up.
I am exasperated at this stage and don't understand too much of all these network configuration commands. It would be great if something could be done for semi-n00bs like me, who would prefer using software for the sake of getting other work done, rather than trying to debug or program as a passion.
In my last attempt, I made a back-up copy of the vpnc-script in the /etc/vpnc directory and found that it actually deletes my existing default gateways and sets up a new gateway. To solve this, I tried to comment out those two lines from the shell procedure I find there:
set_default_
$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_
### $IPROUTE route $route_syntax_del default
### $IPROUTE route add default dev "$TUNDEV"
$IPROUTE route flush cache
}
This function is called in the do_connect procedure in this script and I thought that this should fix it. But it does not help at all.
Now if some software programmer interested in fixing this asks me to provide more information, I would request him to actually help me through a Remote Desktop or some chat. I can't be knowing all Linux internals - I use Ubuntu because it helps my research. And it is my research that I want to spend time on rather than this kind of debugging. I have done my share of debugging and by all standards this is the most logical thing a person could do. If further there are hidden scripts and config files, that should be the software programmer's trouble. If you need some specific information from a particular file, please tell me the path of the file and not some funny name of the thing you want.
Thanks for taking the time to report this bug and helping to make Ubuntu better. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.