regression potential Split-tunnel drops inside traffic

Bug #355327 reported by kentpost on 2009-04-04
2
Affects Status Importance Assigned to Milestone
vpnc (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: vpnc

On clean installs of Ubuntu 8.10 and 9.04(@4/4/2009), while using same config and same destination ASA 5510, same tunnelgrp/config.. I am seeing split-tunnel traffic behavior differences.
Split-tunnel inside network using split-DNS = one more complication perhaps outside QA scope.
On 9.04, I get ping replies (icmp is passing) from short-name,FQDN and ip but browser will not load any inside/tunnel sites. Browser is otherwise 100%~not browser isolated issue. Same issue with RDP/3389 traffic. Seems like only ICMP making roundtrip others getting lost.
On 8.10, same home network src; same destination asa/grp - all perfectly working as expected.

I have modified route table, DHCP||DHCP-AddressOnly and all other config elements with no change on certainly 2(less certainly 3) separate 9.04(B) clean installs. While 8.10, Mac and Windows all function well from same remote network(home) to same destination(work).

This is my first Ubuntu bug report; I hope to have met basic posting requirements and adhered to general scientific principles. I am able to assist further and provide specific data where required.

In this sequence, we see sucesfull ping replies then an initial/first contact from .5 then it goes dark. This is reproducible; nmap, if run first, will find port 80 listening and then any requests will make it appear offline.

HERE IS CENTOS HOST 10.1.1.5:
kent@rambutan2:~$ ping 10.1.1.5
PING 10.1.1.5 (10.1.1.5) 56(84) bytes of data.
64 bytes from 10.1.1.5: icmp_seq=1 ttl=63 time=1782 ms
64 bytes from 10.1.1.5: icmp_seq=2 ttl=63 time=2570 ms
64 bytes from 10.1.1.5: icmp_seq=3 ttl=63 time=1956 ms
64 bytes from 10.1.1.5: icmp_seq=4 ttl=63 time=1658 ms
^C
--- 10.1.1.5 ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 4015ms
rtt min/avg/max/mdev = 1658.116/1991.981/2570.812/350.600 ms, pipe 3
kent@rambutan2:~$ wget http://10.1.1.5
--2009-04-04 13:22:24-- http://10.1.1.5/
Connecting to 10.1.1.5:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: /twiki/bin/view/WebHome [following]
--2009-04-04 13:22:27-- http://10.1.1.5/twiki/bin/view/WebHome
Connecting to 10.1.1.5:80... connected.
HTTP request sent, awaiting response... ^C
kent@rambutan2:~$ nmap -v -A 10.1.1.5

Starting Nmap 4.76 ( http://nmap.org ) at 2009-04-04 13:23 PDT
Initiating Ping Scan at 13:23
Scanning 10.1.1.5 [1 port]
Completed Ping Scan at 13:23, 2.00s elapsed (1 total hosts)
Read data files from: /usr/share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.30 seconds
kent@rambutan2:~$ wget http://www.cnn.com
--2009-04-04 13:23:50-- http://www.cnn.com/
Resolving www.cnn.com... 157.166.255.18
Connecting to www.cnn.com|157.166.255.18|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 96260 (94K) [text/html]
Saving to: `index.html.1'

25% [========> ] 24,552 --.-K/s eta 20s ^C
kent@rambutan2:~$ nmap -v -A 10.1.1.5

Starting Nmap 4.76 ( http://nmap.org ) at 2009-04-04 13:24 PDT
Initiating Ping Scan at 13:24
Scanning 10.1.1.5 [1 port]
Completed Ping Scan at 13:24, 2.00s elapsed (1 total hosts)
Read data files from: /usr/share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.44 seconds

HERE IS WINDOWS OS HOST:
kent@rambutan2:~$ ping 10.1.1.27
PING 10.1.1.27 (10.1.1.27) 56(84) bytes of data.
64 bytes from 10.1.1.27: icmp_seq=1 ttl=127 time=3361 ms
64 bytes from 10.1.1.27: icmp_seq=2 ttl=127 time=3032 ms
^C
--- 10.1.1.27 ping statistics ---
5 packets transmitted, 2 received, 60% packet loss, time 4017ms
rtt min/avg/max/mdev = 3032.119/3196.856/3361.594/164.747 ms, pipe 4
kent@rambutan2:~$ wget http://10.1.1.27
--2009-04-04 13:30:50-- http://10.1.1.27/
Connecting to 10.1.1.27:80... connected.
HTTP request sent, awaiting response... ^C
kent@rambutan2:~$ ping 10.1.1.27
PING 10.1.1.27 (10.1.1.27) 56(84) bytes of data.
64 bytes from 10.1.1.27: icmp_seq=1 ttl=127 time=1436 ms
64 bytes from 10.1.1.27: icmp_seq=2 ttl=127 time=1506 ms
^C
--- 10.1.1.27 ping statistics ---
4 packets transmitted, 2 received, 50% packet loss, time 2999ms
rtt min/avg/max/mdev = 1436.969/1471.564/1506.159/34.595 ms, pipe 2
kent@rambutan2:~$ nmap -v -A 10.1.1.27

Starting Nmap 4.76 ( http://nmap.org ) at 2009-04-04 13:31 PDT
Initiating Ping Scan at 13:31
Scanning 10.1.1.27 [1 port]
Completed Ping Scan at 13:31, 2.00s elapsed (1 total hosts)
Read data files from: /usr/share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.40 seconds

GENERAL INFO:
kent@rambutan2:~$ lsb_release -rd
Description: Ubuntu jaunty (development branch)
Release: 9.04
kent@rambutan2:~$ apt-cache policy vpnc
vpnc:
  Installed: 0.5.3-1
  Candidate: 0.5.3-1
  Version table:
 *** 0.5.3-1 0
        500 http://us.archive.ubuntu.com jaunty/universe Packages
        100 /var/lib/dpkg/status
kent@rambutan2:~$ apt-cache policy network-manager-vpnc
network-manager-vpnc:
  Installed: 0.7.1~20090213+bzr13-0ubuntu1
  Candidate: 0.7.1~20090213+bzr13-0ubuntu1
  Version table:
 *** 0.7.1~20090213+bzr13-0ubuntu1 0
        500 http://us.archive.ubuntu.com jaunty/universe Packages
        100 /var/lib/dpkg/status
kent@rambutan2:~$

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers