Ubuntu
linux package

System hang when I used cisco vpn client and I want to connect to our exchange server with evolution

Bug #441204 reported by Laszlo Laszlo
56
This bug affects 10 people
Affects Status Importance Assigned to Milestone
Linux
New
Undecided
Unassigned
linux (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

OS: Ubuntu 9.10 beta i386
I installed the vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz with this patch:

cat vpnclient-linux.2.6.31.diff
--- vpnclient.ori/interceptor.c 2009-05-21 01:16:34.000000000 +1200
+++ vpnclient/interceptor.c 2009-09-06 22:02:39.000000000 +1200
@@ -116,6 +116,14 @@
 };
 #endif

+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31)
+static struct net_device_ops interceptor_netdev_ops = {
+ .ndo_start_xmit = interceptor_tx,
+ .ndo_do_ioctl = interceptor_ioctl,
+ .ndo_get_stats = interceptor_stats,
+};
+#endif
+
 static struct notifier_block interceptor_notifier = {
     .notifier_call = handle_netdev_event,
 };
@@ -129,9 +137,13 @@
 {
     ether_setup(dev);

+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31)
+ dev->netdev_ops = &interceptor_netdev_ops;
+#else
     dev->hard_start_xmit = interceptor_tx;
     dev->get_stats = interceptor_stats;
     dev->do_ioctl = interceptor_ioctl;
+#endif

     dev->mtu = ETH_DATA_LEN-MTU_REDUCTION;
     kernel_memcpy(dev->dev_addr, interceptor_eth_addr,ETH_ALEN);
@@ -242,6 +254,9 @@
 {
     int rc = -1;
     int i = 0;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31)
+ struct net_device_ops * tmp_ops;
+#endif

     if (!supported_device(dev))
     {
@@ -268,8 +283,14 @@
     Bindings[i].original_mtu = dev->mtu;

     /*replace the original send function with our send function */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31)
+ Bindings[i].InjectSend = dev->netdev_ops->ndo_start_xmit;
+ tmp_ops = (struct net_device_ops *) dev->netdev_ops;
+ tmp_ops->ndo_start_xmit = replacement_dev_xmit;
+#else
     Bindings[i].InjectSend = dev->hard_start_xmit;
     dev->hard_start_xmit = replacement_dev_xmit;
+#endif

     /*copy in the ip packet handler function and packet type struct */
     Bindings[i].InjectReceive = original_ip_handler.orig_handler_func;
@@ -285,13 +306,21 @@
 {
     int rc = -1;
     BINDING *b;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31)
+ struct net_device_ops * tmp_ops;
+#endif

     b = getbindingbydev(dev);

     if (b)
     {
         rc = 0;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,31)
+ tmp_ops = (struct net_device_ops *) dev->netdev_ops;
+ tmp_ops->ndo_start_xmit = b->InjectSend;
+#else
         dev->hard_start_xmit = b->InjectSend;
+#endif
         kernel_memset(b, 0, sizeof(BINDING));
     }
     else

I created the correct vpn profile, I started vpnclient_init (the cisco_ipsec module loaded without problem).
[ 8188.692703] cisco_ipsec: module license 'Proprietary' taints kernel.
[ 8188.692710] Disabling lock debugging due to kernel taint
[ 8188.696931] Cisco Systems VPN Client Version 4.8.02 (0030) kernel module loaded
Then I connected with cisco vpn client to our companys network. I want to connect to exchange server with Evolution, but when I started Evolution system hanged. I must push the power button down for some second to turn off my machine.

ProblemType: Bug
Architecture: i386
ArecordDevices:
 **** List of CAPTURE Hardware Devices ****
 card 0: Intel [HDA Intel], device 0: CONEXANT Analog [CONEXANT Analog]
   Subdevices: 1/1
   Subdevice #0: subdevice #0
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: lacika 1670 F.... pulseaudio
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info:
 Card hw:0 'Intel'/'HDA Intel at 0xfe100000 irq 17'
   Mixer name : 'Conexant CX20549 (Venice)'
   Components : 'HDA:14f15045,17aa20db,00100100'
   Controls : 18
   Simple ctrls : 8
Date: Sat Oct 3 10:58:25 2009
DistroRelease: Ubuntu 9.10
HibernationDevice: RESUME=UUID=9519b930-bcd1-4f0d-80a9-38ea254974ff
MachineType: LENOVO 8933WBS
Package: linux-image-2.6.31-11-generic-pae 2.6.31-11.38
PccardctlIdent:
 Socket 0:
   no product info available
PccardctlStatus:
 Socket 0:
   no card
ProcCmdLine: BOOT_IMAGE=/vmlinuz-2.6.31-11-generic-pae root=UUID=4ab37387-392b-4854-8235-dd10f954e96f ro quiet
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-11.38-generic-pae
RelatedPackageVersions:
 linux-backports-modules-2.6.31-11-generic-pae N/A
 linux-firmware 1.20
RfKill:
 0: phy0: Wireless LAN
  Soft blocked: no
  Hard blocked: no
SourcePackage: linux
Uname: Linux 2.6.31-11-generic-pae i686
dmi.bios.date: 05/12/2009
dmi.bios.vendor: LENOVO
dmi.bios.version: 7OETC3WW (2.23 )
dmi.board.name: 8933WBS
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr7OETC3WW(2.23):bd05/12/2009:svnLENOVO:pn8933WBS:pvrThinkPadR61:rvnLENOVO:rn8933WBS:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 8933WBS
dmi.product.version: ThinkPad R61
dmi.sys.vendor: LENOVO

Revision history for this message
Laszlo Laszlo (laszlo-laszlo-answare) wrote :
Revision history for this message
Luis Fernandez (luis-fernandez-madrid) wrote :

Same patch as above. Cisco Vpn client starts and works for my using Terminal Server Client to connect to a windows system during hours without problem but when I disconnect the Vpn the network does not work anymore until restart the computer. I try to stop and restart the network interface but I get isolated anyway. No ping to anywhere.
Then I try to reconnect the vpn and then the computer freezes. No mouse and no keyboard.

always the same: start Cisco Vpn Client, test the connection, pinging a remote host, disconnect the vpn and the result is no network and when I try to start the vpn one more time, the system freezes

Linux ubdk01 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux

Revision history for this message
kaosanfr (kaosanfr) wrote :

I applied this patch and the Cisco VPN freezes after 40 seconds of activity and then:
Secure VPN Connection terminated locally by the Client
Reason: Remote peer is no longer responding.

When running tcpdump -n 'arp', default router is sending ARP-request to linux, but with Cisco Systems VPN Client Version 4.8.02 (0030) Running on: Linux 2.6.31-14-generic #48-Ubuntu or any 2.6.31 kernel is unable to answer

This arrived after updating from ubuntu 9.04 to ubuntu 9.10

Do you know what could be the explanation ?

Revision history for this message
Luis Fernandez (luis-fernandez-madrid) wrote :
Download full text (6.9 KiB)

As you said, This arrived after updating from 9.04 to 9.10. I´ve recompiled the sources after patching it and no erros during compilation
I don´t know why the system freezes.
I know that from Linux kernel 2.6.31 the old net_device structure used in interceptor.c is unsupported.
may be any bug implementing the new net_device_ops sctructure on the patch
May be the Language Spanish es-ES ? I don´t think so cause in previous version works well.
I don´ know the reasson why sorry.
Someone can help please?

user01@ubdk01:~$ ifconfig
eth0 Link encap:Ethernet direcciónHW 00:4f:4e:05:ef:9f
          Direc. inet:192.168.1.35 Difus.:192.168.1.255 Másc:255.255.255.0
          Dirección inet6: fe80::24f:4eff:fe05:ef9f/64 Alcance:Enlace
          ACTIVO DIFUSIÓN FUNCIONANDO MULTICAST MTU:1500 Métrica:1
          Paquetes RX:56 errores:0 perdidos:0 overruns:0 frame:0
          Paquetes TX:58 errores:0 perdidos:0 overruns:0 carrier:0
          colisiones:0 long.colaTX:1000
          Bytes RX:4741 (4.7 KB) TX bytes:6437 (6.4 KB)
          Interrupción:5 Dirección base: 0xd000

lo Link encap:Bucle local
          Direc. inet:127.0.0.1 Másc:255.0.0.0
          Dirección inet6: ::1/128 Alcance:Anfitrión
          ACTIVO LOOPBACK FUNCIONANDO MTU:16436 Métrica:1
          Paquetes RX:7 errores:0 perdidos:0 overruns:0 frame:0
          Paquetes TX:7 errores:0 perdidos:0 overruns:0 carrier:0
          colisiones:0 long.colaTX:0
          Bytes RX:576 (576.0 B) TX bytes:576 (576.0 B)

user01@ubdk01:~$ ping 192.168.1.150
PING 192.168.1.150 (192.168.1.150) 56(84) bytes of data.
From 192.168.1.35 icmp_seq=1 Destination Host Unreachable
From 192.168.1.35 icmp_seq=2 Destination Host Unreachable
From 192.168.1.35 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.1.150 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3015ms
, pipe 3
user01@ubdk01:~$ ping 192.168.1.36
PING 192.168.1.36 (192.168.1.36) 56(84) bytes of data.
64 bytes from 192.168.1.36: icmp_seq=1 ttl=128 time=0.248 ms
64 bytes from 192.168.1.36: icmp_seq=2 ttl=128 time=0.231 ms
64 bytes from 192.168.1.36: icmp_seq=3 ttl=128 time=0.228 ms
^C
--- 192.168.1.36 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.228/0.235/0.248/0.019 ms
user01@ubdk01:~$ vpnclient connect MyCisco
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686
Config file directory: /etc/opt/cisco-vpnclient

Initializing the VPN connection.
Contacting the gateway at 80.38.90.196
User Authentication for MyCisco...

The server has requested the following information to complete the user authentication:

Username [MyCisco]:
Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.

Your VPN connection is secure.

VPN tunnel information.
Client address: 192.168.60.77
Server address:
Encryption: 128-bit AES
Authentication: HMAC-SHA
IP Compression: None
NAT passthrough is active on port UDP 4500
Local LAN Access is d...

Read more...

Revision history for this message
kannan (rkannan) wrote :

Hi,
I have the same issue. After disconnecting from Cisco VPN, I cannot access internet. I checked the routing tables with the route command and they look the same as they were before connecting to VPN.

Revision history for this message
korziner (korziner) wrote :

After updating from 9.04 to 9.10 the system freezes when pressing Connect button in the Kvpnc.
2.6.31-15-generic

http://its.eiu.edu/software/vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
http://lamnk.com/download/vpnclient-linux-2.6.31-final.diff
patch < ./vpnclient-linux-2.6.31-final.diff
sudo sed -i 's/const\ struct\ net_device_ops\ \*netdev_ops;/struct\ net_device_ops\ \*netdev_ops;/' `find /usr/src -name netdevice.h`
./vpn_install
/etc/init.d/vpnclient_init start

Revision history for this message
Daniel Dietrich (shaddowy2) wrote :

Got the same problem with the new kernel (2.6.31-14-generic) but ONLY when using my external wifi card (rtl 8187 chipset)
What I did in terminal to install cisco vpn client to the new kernel:
a) downloaded and extracted vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
b) patch it with vpnclient-linux-2.6.31-final.diff
c) replace the string const struct net_device_ops *netdev_ops; with struct net_device_ops *netdev_ops; netdevice.h files with:
# sudo sed -i 's/const\ struct\ net_device_ops\ \*netdev_ops;/struct\ net_device_ops\ \*netdev_ops;/' `find /usr/src -name netdevice.h`
d) installing cisco vpn: # sudo ./vpn_install
e) turning off 2nd cpu core with: sudo sh -c 'echo 0 > /sys/devices/system/cpu/cpu1/online' to prevent crash caused by cisco dual core bug
f) start cisco vpn with: # sudo /etc/init.d/vpnclient_init restart and connect with: # sudo vpnclient connect wlan

Works like a charm for my internal intel gm 45 express chipset.
But when I try with my external wifi Alfa awus036h (realteak 8187 chipset), the whole pc freezes as soon as I press the enter key to establish the connection with my Lenovo R400 laptop.

Revision history for this message
Joel Duckworth (joel-jpd) wrote :

I'm also getting crashes when I use my HSDPA modem the whole system just freezes up... dam I've got to move to openvpn or something, cisco is driving me nuts, if only vnpnc supported client certificates.

Revision history for this message
Andrew Kohlsmith (akohlsmith) wrote :

I get a hardlock when trying to connect, but I haven't disabled one of the cores on my processor yet.

I have heard that the Cisco IPSec VPN is just a normal IPSec VPN; this is great news if it's true, but I can't get my private key out of the proprietary export format that the Cisco client exports to. Does anyone have any means of exporting the private key? I could use regular old frees/wan then.

Revision history for this message
Jeremy Foshee (jeremyfoshee) wrote :

Hi Laszlo,

If you could also please test the latest upstream kernel available that would be great. It will allow additional upstream developers to examine the issue. Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Once you've tested the upstream kernel, please remove the 'needs-upstream-testing' tag. This can be done by clicking on the yellow pencil icon next to the tag located at the bottom of the bug description and deleting the 'needs-upstream-testing' text. Please let us know your results.

Thanks in advance.

    [This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]

tags: added: needs-upstream-testing
tags: added: kj-triage
Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Greg Mislick (mislick2) wrote :
Download full text (4.2 KiB)

Hello All,

Forgive me if I'm dong this wrong - first time adding any info. Nice work to all by the way...

Okay: Using vpnc to connect to CISCO ASA 5510 at my office - I happen to be the network Admin, so I know what's on the other side. I happen to be using Split Tunneling as well.

Ubuntu 10.04 LTS w/ vpnc (command line) on a DELL Latitude D510 w/ 2GB RAM and the DELL wi-fi card.
Connecting to LAN w/ Wi-Fi.

The symptom was exactly what was described above: Connect vpn using the VPNC (not CISCO client) and everything looks good for a short time - about long enough to connect to a server on the other side using the default installed Terminal Server Client. Then hard freeze. The only way out was to shutdown via the powerbutton. Shades of Windows creeping in and giving me the willies...

I've read a bunch of threads on various bugs related to VPN and Ubuntu and ended up here.

I did run this on 9.04 and 9.10 and even the 10.04 LTS without any problems ... At HOME.

The difference here is that I'm not at home, I'm outside, using a Sprint 3G/4G hotspot (Sierra Wireless modem + wi-fi AP w/ router, DHCP)

I could not figure out why I was not able to use this for VPN, but could surf internet just fine until I connected the VPN. UNLIKE this bug, I usually got everything back after shutting down all VPN and Terminal services processes - if I was able to.

ANSWER: (and it makes this seem that perhaps it is NOT A BUG) is that the LAN settings happen to match a defined route within my office network. Thus I created an impossible condition as soon as the VPN returned the route info from my office and altered my route list on the laptop.

In short, the condition existed that the default path to get out of my LAN was also defined within my office network.

So, assuming that my local gw is 192.168.0.1 - as many of them are - and there is a path defined within the VPN connected LAN such that 192.168.0.0 subnet mask 255.255.255.0 or 255.255.0.0 (worse case) exists then you get an impossible routing condition setup and the local machine, my laptop, is frozen trying to resolve how to get anywhere.

so, to get to the VPN connected network I have a route that says to use 192.168.0.1 on eth1, but a littel further down the route table I have a statement -returned from the VPN- that says that for anything on the 192.168.0.0 network (mask 255.255.255.0) to use tun0 (see below)

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
<VPN-IP> 192.168.0.1 255.255.255.255 UGH 0 0 0 eth1
192.168.4.0 * 255.255.255.0 U 0 0 0 tun0
192.168.0.0 * 255.255.255.0 U 0 0 0 tun0

In this case, you are hosed.

I changed the 3rd octet on my local LAN and the DHCP assignment ranges to match and all the problems went away.

Note: I altered the route table above to show what HAS to be the situation, since while it exists I cannot get to the route table to copy it. However, all that I did was change the 3rd octet to, in this case <>0 and <>4 value, something not defined as a ...

Read more...

Revision history for this message
Brad Figg (brad-figg) wrote : Unsupported series, setting status to "Won't Fix".

This bug was filed against a series that is no longer supported and so is being marked as Won't Fix. If this issue still exists in a supported series, please file a new bug.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: Incomplete → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.