Ubuntu
vpnc package

vpnc disconnects after a few seconds

Bug #206673 reported by DevenPhillips
42
This bug affects 3 people
Affects Status Importance Assigned to Milestone
vpnc (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

In Hardy Herron Beta1 - vpnc disconnects after a short period due to dead peer detection and the option to disable dead peer detection has been removed since Gutsy. This was discusses and repaired in Feisty with Bug #93413. Same indications and same log entries.

Mar 25 12:37:41 toshiba vpnc[18024]: connection terminated by dead peer detection
Mar 25 12:43:59 toshiba vpnc[18676]: connection terminated by dead peer detection
Mar 25 13:02:18 toshiba vpnc[20157]: connection terminated by dead peer detection
Mar 25 13:08:12 toshiba vpnc[20803]: connection terminated by dead peer detection
Mar 25 13:23:17 toshiba vpnc[21859]: connection terminated by dead peer detection
Mar 25 12:43:59 toshiba vpnc[18676]: connection terminated by dead peer detection
Mar 25 13:02:18 toshiba vpnc[20157]: connection terminated by dead peer detection
Mar 25 13:08:12 toshiba vpnc[20803]: connection terminated by dead peer detection
Mar 25 13:23:17 toshiba vpnc[21859]: connection terminated by dead peer detection

There MUST be an option to disable dead peer detection.

Revision history for this message
DevenPhillips (deven-phillips) wrote :

Additionally, I tried to the option from Feisty to disable dead peer detection and it is not an accepted option in the Hardy version of vpnc.

Revision history for this message
amiga1200 (westers) wrote :

I'm getting the same error with AMD64. VPNC worked greate under Gusty. My connections drop after 5 minutes.

Mar 30 19:39:39 bender123 vpnc[7902]: connection terminated by dead peer detection

Revision history for this message
Chris Brotherton (protonchris) wrote :

The previous vpnc version (vpnc_0.4.0-3ubuntu2) included a patch (06_stolen_from_head.dpatch) that set the dead peer detection idle time (dpd-idle) to 0 instead of the shipped default of 300.

Revision history for this message
Chris Brotherton (protonchris) wrote :

I have a new vpnc package available on my ppa:

http://launchpadlibrarian.net/13410511/vpnc_0.5.1r275-1ubuntu1%7Eppa1_i386.deb
http://launchpadlibrarian.net/13410502/vpnc_0.5.1r275-1ubuntu1%7Eppa1_amd64.deb

The new package has the default dead peer detection idle time set to zero (the current default setting in gusty). Please install and test.

Revision history for this message
elventear (elventear) wrote :

I have the same problem. My connection dies ever 10 minutes, sharp. I bring it back with a supervising daemon but every 10 minutes it'd die.

I installed the deb provided and it seems that my connection has been up for 20 minutes non-stop. So far the problem seems to have been fixed.

Revision history for this message
Matt Pitts (matt-gopitts) wrote :

This has definitely resurfaced as an issue in Hardy (official release).

I to have installed the packages posted by Chris and my VPN has been running rock-solid as it did in Gusty after the same fix was released.

Thanks Chris!

Revision history for this message
Fernando Ipar (fipar) wrote :

I had the same issue in Hardy w/amd64.

I installed the packages posted by Chris and everything's working great now.

Thanks a lot!!

Revision history for this message
Thorne Huw Lawler (thorin) wrote :

Same problem emerged when I upgraded Gusty->Hardy and it appears to be fixed now that I have applied Chris's deb. MAAAaarvellous!

Revision history for this message
nightelf (night-elf-18) wrote :

Nothing changed i still have the same problem

Revision history for this message
levmatta (levmatta) wrote :

I have this problem also, please help.

Revision history for this message
Marc Luethi (netztier) wrote :

Installing Chris' .debs (https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/206673/comments/4 , see above) did help with Hardy on my HP Compaq 6910p.

I am now running network-manager-vpnc with his version of vpnc underneath, and the VPN connection to my PIX501 (which does not support DPD) stays up perfectly.

thanks a lot!

Revision history for this message
Mariusz Stankiewicz (discobean) wrote :

Chris' deb package worked for me

Revision history for this message
PoojaC20 (pooja) wrote :

The new package worked for me on Lenovo 3000 G510.

Revision history for this message
mjk (mjk-emmjaykay) wrote :
Download full text (5.7 KiB)

I used Chris's deb package and it is much better now. Ubuntu 8.04 on VMware Fusion. It drops out after an hour which is certainly than a minute. :)

From /var/log/syslog
Jul 13 22:22:44 work vpnc[23446]: connection terminated by peer
Jul 13 22:22:45 work dhclient: DHCPREQUEST of <null address> on eth0 to 192.168.23.254 port 67
Jul 13 22:22:45 work dhclient: DHCPACK of 192.168.23.129 from 192.168.23.254
Jul 13 22:22:45 work NetworkManager: <info> DHCP daemon state is now 3 (renew) for interface eth0
Jul 13 22:22:45 work dhclient: bound to 192.168.23.129 -- renewal in 862 seconds.
Jul 13 22:23:52 work kernel: [51580.301176] tun0: Disabled Privacy Extensions
Jul 13 22:24:13 work vpnc[24927]: packet too short from 216.31.250.90
Jul 13 22:24:53 work last message repeated 2 times
Jul 13 22:25:53 work last message repeated 3 times
Jul 13 22:26:53 work last message repeated 3 times
Jul 13 22:27:53 work last message repeated 3 times
Jul 13 22:28:53 work last message repeated 3 times
Jul 13 22:29:53 work last message repeated 3 times
Jul 13 22:30:53 work last message repeated 3 times
Jul 13 22:31:53 work last message repeated 3 times
Jul 13 22:32:53 work last message repeated 3 times
Jul 13 22:33:53 work last message repeated 3 times
Jul 13 22:34:53 work last message repeated 3 times
Jul 13 22:35:53 work last message repeated 3 times
Jul 13 22:36:53 work last message repeated 3 times
Jul 13 22:37:07 work dhclient: DHCPREQUEST of <null address> on eth0 to 192.168.23.254 port 67
Jul 13 22:37:07 work dhclient: DHCPACK of 192.168.23.129 from 192.168.23.254
Jul 13 22:37:07 work NetworkManager: <info> DHCP daemon state is now 3 (renew) for interface eth0
Jul 13 22:37:07 work dhclient: bound to 192.168.23.129 -- renewal in 779 seconds.
Jul 13 22:37:13 work vpnc[24927]: packet too short from 216.31.250.90
Jul 13 22:37:53 work last message repeated 2 times
Jul 13 22:38:53 work last message repeated 3 times
Jul 13 22:39:53 work last message repeated 3 times
Jul 13 22:40:53 work last message repeated 3 times
Jul 13 22:41:53 work last message repeated 3 times
Jul 13 22:42:53 work last message repeated 3 times
Jul 13 22:43:53 work last message repeated 3 times
Jul 13 22:44:53 work last message repeated 3 times
Jul 13 22:45:53 work last message repeated 3 times
Jul 13 22:46:53 work last message repeated 3 times
Jul 13 22:47:53 work last message repeated 3 times
Jul 13 22:48:53 work last message repeated 3 times
Jul 13 22:49:53 work last message repeated 3 times
Jul 13 22:50:05 work dhclient: DHCPREQUEST of <null address> on eth0 to 192.168.23.254 port 67
Jul 13 22:50:06 work dhclient: DHCPACK of 192.168.23.129 from 192.168.23.254
Jul 13 22:50:06 work NetworkManager: <info> DHCP daemon state is now 3 (renew) for interface eth0
Jul 13 22:50:06 work dhclient: bound to 192.168.23.129 -- renewal in 880 seconds.
Jul 13 22:50:13 work vpnc[24927]: packet too short from 216.31.250.90
Jul 13 22:50:53 work last message repeated 2 times
Jul 13 22:51:53 work last message repeated 3 times
Jul 13 22:52:53 work last message repeated 3 times
Jul 13 22:53:53 work last message repeated 3 times
Jul 13 22:54:53 work last message repeated 3 times
Jul 13 22:55:53 work last message r...

Read more...

Luca Falavigna (dktrkranz)
Changed in vpnc:
assignee: nobody → dktrkranz
importance: Undecided → Medium
status: New → Confirmed
assignee: dktrkranz → nobody
Revision history for this message
Steve Thomas (steve-thomas-internode) wrote :

I am getting this problem with 8.10RC (on Dell XPS M1330).

Was working fine on 8.04 (after I ticked the Disable dead peer detection). Now that option appears to make no difference. Here's the log:

Oct 25 12:19:07 balzac NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.vpnc'...
Oct 25 12:19:07 balzac NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 12590
Oct 25 12:19:07 balzac NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' just appeared, activating connections
Oct 25 12:19:07 balzac NetworkManager: <info> VPN plugin state changed: 1
Oct 25 12:19:07 balzac NetworkManager: <info> VPN plugin state changed: 3
Oct 25 12:19:07 balzac NetworkManager: <info> VPN connection 'UofA' (Connect) reply received.
Oct 25 12:19:07 balzac kernel: [ 5866.067738] tun0: Disabled Privacy Extensions
Oct 25 12:19:12 balzac NetworkManager: <info> VPN connection 'UofA' (IP Config Get) reply received.
Oct 25 12:19:12 balzac NetworkManager: <info> VPN Gateway: 129.127.45.40
Oct 25 12:19:12 balzac NetworkManager: <info> Tunnel Device: tun0
Oct 25 12:19:12 balzac NetworkManager: <info> Internal IP4 Address: 129.127.136.6
Oct 25 12:19:12 balzac NetworkManager: <info> Internal IP4 Prefix: 24
Oct 25 12:19:12 balzac NetworkManager: <info> Internal IP4 Point-to-Point Address: 129.127.136.6
Oct 25 12:19:12 balzac NetworkManager: <info> Maximum Segment Size (MSS): 0
Oct 25 12:19:12 balzac NetworkManager: <info> Static Route: 129.127.0.0/16 Next Hop: 129.127.0.0
Oct 25 12:19:12 balzac NetworkManager: <info> Static Route: 192.43.227.0/24 Next Hop: 192.43.227.0
Oct 25 12:19:12 balzac NetworkManager: <info> Static Route: 192.43.228.0/24 Next Hop: 192.43.228.0
Oct 25 12:19:12 balzac NetworkManager: <info> Static Route: 192.43.229.0/24 Next Hop: 192.43.229.0
Oct 25 12:19:12 balzac NetworkManager: <info> Static Route: 10.0.0.0/8 Next Hop: 10.0.0.0
Oct 25 12:19:12 balzac NetworkManager: <info> Internal IP4 DNS: 129.127.41.3
Oct 25 12:19:12 balzac NetworkManager: <info> Internal IP4 DNS: 129.127.43.4
Oct 25 12:19:12 balzac NetworkManager: <info> DNS Domain: 'adelaide.edu.au'
Oct 25 12:19:12 balzac NetworkManager: <info> Login Banner:
Oct 25 12:19:12 balzac NetworkManager: <info> -----------------------------------------
Oct 25 12:19:12 balzac NetworkManager: <info> Staff Virtual Private Network^M The University of Adelaide
Oct 25 12:19:12 balzac NetworkManager: <info> -----------------------------------------
Oct 25 12:19:12 balzac vpnc[12596]: can't open pidfile /var/run/vpnc/pid for writing
Oct 25 12:19:13 balzac NetworkManager: <info> VPN connection 'UofA' (IP Config Get) complete.
Oct 25 12:19:13 balzac NetworkManager: <info> Policy set 'Auto Badgers' (wlan0) as default for routing and DNS.
Oct 25 12:19:13 balzac NetworkManager: <info> VPN plugin state changed: 4
Oct 25 12:19:13 balzac nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/01ifupdown' exited with error status 1.

The last line would be interesting if I knew what it meant. :(

Revision history for this message
Steve Thomas (steve-thomas-internode) wrote :

... also tried uninstalling latest vpnc and installed Chris' version instead. Made no difference.

Revision history for this message
Buddhist Monk (sambitbasu) wrote :

I had to go back to 7.10 just for this problem. Chris's patch made things better but didn't eliminate the problem. Can somebody confirm that the issue has/has not been resolved in 8.10 final release. The I won't bother upgrading.

Revision history for this message
Michael Plump (plumpy) wrote :

It has not been resolved in 8.10 final.

Revision history for this message
UnSandpiper (aybora) wrote :

Confirm, this is not solved in 8.10.

Using vpnc from command line, not with network-manager.

I had this problem already in 8.04 and found a workaround back then, stupid me doesn't remember what I did to fix that, though. Probably something mentioned in here previously.

However, since 8.10 I start to have this problem again.

Nov 4 12:03:05 xxxx vpnc[19269]: connection terminated by dead peer detection

Revision history for this message
UnSandpiper (aybora) wrote :

And Chris' deb fixes it for me.
Sorry for double posting, could have tried that out before my previous posting of course...

Revision history for this message
Matthias Metzger (macellarius) wrote :

Hi,

I implemented Chris' patch to the current intrepid version. You can try it: https://launchpad.net/~macellarius/+archive

Revision history for this message
Steve Thomas (steve-thomas-internode) wrote :

I tried Matthias' implementation of the patch. Doesn't work for me. Tried it through nm and also by starting from the command line.

Running Intrepid on a Dell XPS M1330 (and getting desperate for a fix!)

Revision history for this message
Marc Luethi (netztier) wrote :

Matthias, thanks for a dpd-less vpnc version.

It might not actually needed anymore - I just upgraded to 8.10 and I am successfully running the vpnc version from the normal repos now. I am making use of the "Disable DPD" checkbox that was implemented according to

http://mail.gnome.org/archives/networkmanager-list/2008-June/msg00156.html
and
https://bugzilla.redhat.com/show_bug.cgi?id=403661

If I uncheck the "Disable DPD" option, the VPN connection to my PIX is promptly disconnected after 300sec - with DPD disabled, it stays up. So now we can disable DPD on a per connection basis, which is the best way to have it, since now we can connect to VPN concentrators with or without DPD support.

Revision history for this message
vpxavier (vpxavier-gmail) wrote :

I also have the problem with ubuntu 9.10 (64 bits) with the command line version of vpnc installed from the package manager.

Revision history for this message
vpxavier (vpxavier-gmail) wrote :

Sounds like googling a little bit helps... I've found a workaround:
add this line to your .conf file in /etc/vpnc:

DPD idle timeout (our side) 0

I've just added it a few minutes ago, but my VPN's up since then...
I hope this helps....

Revision history for this message
Steve Thomas (steve-thomas-internode) wrote :

I still have this problem in 9.10. Running vpnc version 0.5.3, from the command line. And I have DPD idle set to 0 in the default.config.

I've also dumped nm and use Wicd. Didn't make any difference.

I'm not entirely sure if it's a time-out/disconnection problem, or just incredibly slow. Seems v. slow right from the start -- e.g. 30 seconds to login prompt on the remote host.

I can't find the log file -- where is it? (Not in /var/log/)

This is a nightmare for me, because I work from home a lot -- and right now I'm having to use Vista. Please help!!

Revision history for this message
vpxavier (vpxavier-gmail) wrote :

hello, sounds like "DPD idle timeout (our side) 0" is not enough... it keeps being disconnected after a few minutes...
I read there is something wrong when using network-manager...

@Steve Thomas: /var/log/daemon.log

Revision history for this message
vpxavier (vpxavier-gmail) wrote :

for more info, just after vpnc disconnected (again...) here's what is writtent in my daemon.log:
Jan 7 10:20:41 mylaptop wpa_supplicant[1337]: CTRL-EVENT-SCAN-RESULTS
Jan 7 10:22:41 mylaptop wpa_supplicant[1337]: CTRL-EVENT-SCAN-RESULTS
Jan 7 10:24:41 mylaptop wpa_supplicant[1337]: CTRL-EVENT-SCAN-RESULTS
Jan 7 10:26:41 mylaptop wpa_supplicant[1337]: CTRL-EVENT-SCAN-RESULTS
Jan 7 10:28:41 mylaptop wpa_supplicant[1337]: CTRL-EVENT-SCAN-RESULTS
Jan 7 10:30:41 mylaptop wpa_supplicant[1337]: CTRL-EVENT-SCAN-RESULTS
Jan 7 10:32:41 mylaptop wpa_supplicant[1337]: CTRL-EVENT-SCAN-RESULTS
Jan 7 10:34:41 mylaptop wpa_supplicant[1337]: CTRL-EVENT-SCAN-RESULTS
Jan 7 10:36:31 mylaptop vpnc[3552]: connection terminated by peer
Jan 7 10:36:31 mylaptop NetworkManager: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tun0, iface: tun0)

Revision history for this message
Sabine Grabner (sabine-grabner) wrote :

Were you able to resolve the disconnect problem? I am having the same log entry in Ubuntu 10.4.

"NetworkManager: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tun0, iface: tun0)"

Revision history for this message
broe (erich-rupp) wrote :

looks like someone found the bug and there's also a preliminary patch available:

http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2010-December/003492.html

would be great to include this (or the final patch) into debian/ubuntu

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.