Cisco VPN does not work (connection hangs through vpnc) after upgaded to wily
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager-vpnc (Ubuntu) |
Confirmed
|
Medium
|
Unassigned |
Bug Description
I've used the same vpnc config (set up with network manager) since years, without issues. After upgraded to wily, it does not work anymore though. The VPN connection itself is established, however opening a web page just stalls. Using ssh through the VPN connection also work, but eg givin an 'ls' command hangs after some lines and the connection freezes. It seems, more than a few bytes sent through a connection over VPN hangs. I've tried to turn TCP ECN and window scaling (through the /proc interface) off, since in my experience, it caused problems with old firewalls etc. However it did not helped either with my current issue.
Using tcpdump to capture the network traffic (on interface tun0, I inspected the cap file with wireshark then) indicated "TCP Dup ACK" and "Server: TCP Previous segment not captured" and similar messages. The firewall behind the vpn termination is also Linux, it reported invalid state packets (so the connection tracking information is not NEW, ESTABLISHED or RELATED, but INVALID, which is dropped by the global policy, and I can't change that because of company level firewall policy).
From my experience I have the suspect that it can be some kind of MTU issue (my usual "hang on traffic" reaction is the checklist: TCP ecn, window scaling, banned related icmp messages, and the MTU issues), though it didn't required any "manual tuning" before previous ubuntu versions, and also I am not sure where I should modify something, what what it is ...
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: vpnc 0.5.3r550-2
ProcVersionSign
Uname: Linux 4.2.0-14-generic i686
ApportVersion: 2.19.1-0ubuntu2
Architecture: i386
CurrentDesktop: Unity
Date: Fri Oct 9 10:03:21 2015
InstallationDate: Installed on 2014-05-08 (519 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release i386 (20140417)
SourcePackage: vpnc
UpgradeStatus: Upgraded to wily on 2015-10-08 (0 days ago)
modified.
Changed in vpnc (Ubuntu): | |
status: | New → Incomplete |
status: | Incomplete → New |
Changed in network-manager-vpnc (Ubuntu): | |
importance: | Undecided → Medium |
It seems to be an MTU problem, indeed, as after this command:
ip li set mtu 1200 dev tun0
everything works again! I am just curious now: no modification on the VPN terminator/ network/ everything, the change was only at my side to upgrade to wily, and it worked out-of-the-box, without any workaround (like the command above) before the upgrade.