vpnc dead peer detection disconnects immediately
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vpnc (Debian) |
Fix Released
|
Unknown
|
|||
vpnc (Ubuntu) |
Fix Released
|
Medium
|
Anton | ||
Feisty |
Fix Released
|
Medium
|
Michael Bienia |
Bug Description
Binary package hint: vpnc
This was not a problem with 3.3, with 4.0 this is happening and disconnects my vpn almost immediately.
Mar 18 11:28:04 lee-laptop vpnc[12104]: connection terminated by dead peer detection
ProblemType: Bug
Architecture: i386
Date: Sun Mar 18 11:30:25 2007
DistroRelease: Ubuntu 7.04
Uname: Linux lee-laptop 2.6.20-11-generic #2 SMP Thu Mar 15 08:03:07 UTC 2007 i686 GNU/Linux
Related branches
Mitch Anderson (metarx) wrote : | #1 |
Peter Adamka (malmo) wrote : | #2 |
I got the same issue.
There is no workarround for this.
>uname -a
Linux phobos 2.6.20-11-generic #2 SMP Thu Mar 15 08:03:07 UTC 2007 i686
Jeb Benbow (jebenbow) wrote : | #3 |
+1
I downgraded to 0.3.3 to get things working again.
$ uname -a
Linux strongbadia 2.6.20-11-generic #2 SMP Thu Mar 15 03:43:56 UTC 2007 x86_64 GNU/Linux
DevenPhillips (deven-phillips) wrote : | #4 |
Yet another vote for this being a problem. I'm on Feisty with all of the latest packages as of this morning. I get disconnected withing 60 seconds every time.
Deven Phillips, CISSP, CCNA
Systems Administrator
Metal Sales Manufacturing Corp.
gfunicus (tsuther) wrote : | #5 |
Same problem here, 5 to 30 seconds until disconnect.
$ apt-show-versions vpnc
vpnc/feisty uptodate 0.4.0-2ubuntu1
$ uname -a
Linux AngryButler68 2.6.20-13-386 #2 Sun Mar 25 00:18:53 UTC 2007 i686 GNU/Linux
Ante Karamatić (ivoks) wrote : | #6 |
I'm marking this confirmed since couple of users reported this. I use vpnc on daily basis and this kind of thing never hapend.
Changed in vpnc: | |
importance: | Undecided → Medium |
status: | Unconfirmed → Confirmed |
DevenPhillips (deven-phillips) wrote : | #7 |
Ante,
Are you using the 4.x vpnc?
Deven
DevenPhillips (deven-phillips) wrote : | #8 |
- Debug output from vpnc Edit (151.9 KiB, text/plain)
Additional Information:
Version installed: vpnc-0.4.0-2ubuntu1
Connecting to PIX 515 using Group Auth and XAuth.
Log message: vpnc[13375]: connection terminated by dead peer detection
See attachment for output from "vpnc-connect --debug 3 --no-detach <Profile>"
Wilbur Harvey (wilbur-harvey-spirentcom) wrote : | #9 |
I also have the same problem. It lasts about 30 seconds and dies every time.
I have all the latest Feisty updates as of 03/29/2007
wharvey@nforce41:~$ apt-show-versions vpnc
vpnc/feisty uptodate 0.4.0-2ubuntu1
A few weeks ago everything worked fine.
To the same server:
WindowsXP default VPNC client works fine.
Cisco Client for my Mac works fine.
Default Mac client won't connect at all.
Thomas Novin (thomasn80) wrote : | #10 |
I don't know how to install an older version except doing the way I just did:
Added into /etc/apt/
deb http://
deb-src http://
Started Synaptics, searched for 'vpnc' and deinstalled my current version. Then I chose the menu Package and from there chose 'Force Version' to install v0.3.3+SVN.
This solved the problem, I now have a stable connection.
DevenPhillips (deven-phillips) wrote : Re: [Bug 93413] Re: vpnc dead peer detection disconnects immediately | #11 |
What devices are everyone connecting to. Could this problem be specific to
the PIX? Are any VPN concentrator users having this issue?
Deven Phillips, CISSP, CCNA
On 4/3/07, ThomasNovin <email address hidden> wrote:
>
> I don't know how to install an older version except doing the way I just
> did:
>
> Added into /etc/apt/
>
> deb http://
> deb-src http://
>
> Started Synaptics, searched for 'vpnc' and deinstalled my current
> version. Then I chose the menu Package and from there chose 'Force
> Version' to install v0.3.3+SVN.
>
> This solved the problem, I now have a stable connection.
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
Mitch Anderson (metarx) wrote : | #12 |
The one I was connecting to was a Cisco Pix 515. Which I know is very
old. Its been since swapped with a newer ASA, but I have yet to test to
see if I'm still having problems with the ASA. But after seeing someone
else having problems also with an older PIX, I've wondered myself if its
just a problem with connecting to them.
DevenPhillips wrote:
> What devices are everyone connecting to. Could this problem be specific to
> the PIX? Are any VPN concentrator users having this issue?
>
> Deven Phillips, CISSP, CCNA
>
> On 4/3/07, ThomasNovin <email address hidden> wrote:
>> I don't know how to install an older version except doing the way I just
>> did:
>>
>> Added into /etc/apt/
>>
>> deb http://
>> deb-src http://
>>
>> Started Synaptics, searched for 'vpnc' and deinstalled my current
>> version. Then I chose the menu Package and from there chose 'Force
>> Version' to install v0.3.3+SVN.
>>
>> This solved the problem, I now have a stable connection.
>>
>> --
>> vpnc dead peer detection disconnects immediately
>> https:/
>> You received this bug notification because you are a direct subscriber
>> of the bug.
>>
>
DevenPhillips (deven-phillips) wrote : | #13 |
PIX 515 isn't all that old. We just bought ours about 1.5 years ago.
Deven Phillips, CISSP, CCNA
On 4/3/07, Mitch <email address hidden> wrote:
>
> The one I was connecting to was a Cisco Pix 515. Which I know is very
> old. Its been since swapped with a newer ASA, but I have yet to test to
> see if I'm still having problems with the ASA. But after seeing someone
> else having problems also with an older PIX, I've wondered myself if its
> just a problem with connecting to them.
>
> DevenPhillips wrote:
> > What devices are everyone connecting to. Could this problem be specific
> to
> > the PIX? Are any VPN concentrator users having this issue?
> >
> > Deven Phillips, CISSP, CCNA
> >
> > On 4/3/07, ThomasNovin <email address hidden> wrote:
> >> I don't know how to install an older version except doing the way I
> just
> >> did:
> >>
> >> Added into /etc/apt/
> >>
> >> deb http://
> >> deb-src http://
> >>
> >> Started Synaptics, searched for 'vpnc' and deinstalled my current
> >> version. Then I chose the menu Package and from there chose 'Force
> >> Version' to install v0.3.3+SVN.
> >>
> >> This solved the problem, I now have a stable connection.
> >>
> >> --
> >> vpnc dead peer detection disconnects immediately
> >> https:/
> >> You received this bug notification because you are a direct subscriber
> >> of the bug.
> >>
> >
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
Lee Connell (lee-a-connell) wrote : | #14 |
i have issue on 501, 506, 515 until I roll back to vpnc 3.3
>From: Mitch <email address hidden>
>Reply-To: Bug 93413 <email address hidden>
>To: <email address hidden>
>Subject: Re: [Bug 93413] Re: vpnc dead peer detection disconnects
>immediately
>Date: Tue, 03 Apr 2007 16:47:45 -0000
>
>The one I was connecting to was a Cisco Pix 515. Which I know is very
>old. Its been since swapped with a newer ASA, but I have yet to test to
>see if I'm still having problems with the ASA. But after seeing someone
>else having problems also with an older PIX, I've wondered myself if its
>just a problem with connecting to them.
>
>DevenPhillips wrote:
> > What devices are everyone connecting to. Could this problem be specific
>to
> > the PIX? Are any VPN concentrator users having this issue?
> >
> > Deven Phillips, CISSP, CCNA
> >
> > On 4/3/07, ThomasNovin <email address hidden> wrote:
> >> I don't know how to install an older version except doing the way I
>just
> >> did:
> >>
> >> Added into /etc/apt/
> >>
> >> deb http://
> >> deb-src http://
> >>
> >> Started Synaptics, searched for 'vpnc' and deinstalled my current
> >> version. Then I chose the menu Package and from there chose 'Force
> >> Version' to install v0.3.3+SVN.
> >>
> >> This solved the problem, I now have a stable connection.
> >>
> >> --
> >> vpnc dead peer detection disconnects immediately
> >> https:/
> >> You received this bug notification because you are a direct subscriber
> >> of the bug.
> >>
> >
>
>--
>vpnc dead peer detection disconnects immediately
>https:/
>You received this bug notification because you are a direct subscriber
>of the bug.
_______
The average US Credit Score is 675. The cost to see yours: $0 by Experian.
http://
DevenPhillips (deven-phillips) wrote : | #15 |
So, it appears that the issue may be specific to the PIX devices.
Deven
On 4/3/07, Lee Connell <email address hidden> wrote:
>
> i have issue on 501, 506, 515 until I roll back to vpnc 3.3
>
> >From: Mitch <email address hidden>
> >Reply-To: Bug 93413 <email address hidden>
> >To: <email address hidden>
> >Subject: Re: [Bug 93413] Re: vpnc dead peer detection disconnects
> >immediately
> >Date: Tue, 03 Apr 2007 16:47:45 -0000
> >
> >The one I was connecting to was a Cisco Pix 515. Which I know is very
> >old. Its been since swapped with a newer ASA, but I have yet to test to
> >see if I'm still having problems with the ASA. But after seeing someone
> >else having problems also with an older PIX, I've wondered myself if its
> >just a problem with connecting to them.
> >
> >DevenPhillips wrote:
> > > What devices are everyone connecting to. Could this problem be
> specific
> >to
> > > the PIX? Are any VPN concentrator users having this issue?
> > >
> > > Deven Phillips, CISSP, CCNA
> > >
> > > On 4/3/07, ThomasNovin <email address hidden> wrote:
> > >> I don't know how to install an older version except doing the way I
> >just
> > >> did:
> > >>
> > >> Added into /etc/apt/
> > >>
> > >> deb http://
> > >> deb-src http://
> > >>
> > >> Started Synaptics, searched for 'vpnc' and deinstalled my current
> > >> version. Then I chose the menu Package and from there chose 'Force
> > >> Version' to install v0.3.3+SVN.
> > >>
> > >> This solved the problem, I now have a stable connection.
> > >>
> > >> --
> > >> vpnc dead peer detection disconnects immediately
> > >> https:/
> > >> You received this bug notification because you are a direct
> subscriber
> > >> of the bug.
> > >>
> > >
> >
> >--
> >vpnc dead peer detection disconnects immediately
> >https:/
> >You received this bug notification because you are a direct subscriber
> >of the bug.
>
> _______
> The average US Credit Score is 675. The cost to see yours: $0 by Experian.
>
> http://
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
gfunicus (tsuther) wrote : | #16 |
I do not appear to have the problem on at least one ASA Version 7.1(2), but
do seem to have a problem on multiple pix's.
On 4/3/07, DevenPhillips <email address hidden> wrote:
>
> So, it appears that the issue may be specific to the PIX devices.
>
> Deven
>
> On 4/3/07, Lee Connell <email address hidden> wrote:
> >
> > i have issue on 501, 506, 515 until I roll back to vpnc 3.3
> >
> > >From: Mitch <email address hidden>
> > >Reply-To: Bug 93413 <email address hidden>
> > >To: <email address hidden>
> > >Subject: Re: [Bug 93413] Re: vpnc dead peer detection disconnects
> > >immediately
> > >Date: Tue, 03 Apr 2007 16:47:45 -0000
> > >
> > >The one I was connecting to was a Cisco Pix 515. Which I know is very
> > >old. Its been since swapped with a newer ASA, but I have yet to test
> to
> > >see if I'm still having problems with the ASA. But after seeing
> someone
> > >else having problems also with an older PIX, I've wondered myself if
> its
> > >just a problem with connecting to them.
> > >
> > >DevenPhillips wrote:
> > > > What devices are everyone connecting to. Could this problem be
> > specific
> > >to
> > > > the PIX? Are any VPN concentrator users having this issue?
> > > >
> > > > Deven Phillips, CISSP, CCNA
> > > >
> > > > On 4/3/07, ThomasNovin <email address hidden> wrote:
> > > >> I don't know how to install an older version except doing the way I
> > >just
> > > >> did:
> > > >>
> > > >> Added into /etc/apt/
> > > >>
> > > >> deb http://
> > > >> deb-src http://
> > > >>
> > > >> Started Synaptics, searched for 'vpnc' and deinstalled my current
> > > >> version. Then I chose the menu Package and from there chose 'Force
> > > >> Version' to install v0.3.3+SVN.
> > > >>
> > > >> This solved the problem, I now have a stable connection.
> > > >>
> > > >> --
> > > >> vpnc dead peer detection disconnects immediately
> > > >> https:/
> > > >> You received this bug notification because you are a direct
> > subscriber
> > > >> of the bug.
> > > >>
> > > >
> > >
> > >--
> > >vpnc dead peer detection disconnects immediately
> > >https:/
> > >You received this bug notification because you are a direct subscriber
> > >of the bug.
> >
> > _______
> > The average US Credit Score is 675. The cost to see yours: $0 by
> Experian.
> >
> >
> http://
> >
> > --
> > vpnc dead peer detection disconnects immediately
> > https:/
> > You received this bug notification because you are a direct subscriber
> > of the bug.
> >
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
Anivair (anivair) wrote : | #17 |
I'm having this same problem. Some code from /var/log/syslog (not too much):
Apr 5 13:45:51 ltsp-2 vpnc[30422]: connection terminated by dead peer detection
That's all that is relevant. I'm connecting to a Cisco 3060 Concentrator. Not PIX at all.
OrkanSpec (orkanspec) wrote : | #18 |
I have the same problem. vpnc disconnects in less than a minute in feisty.
Jeb Benbow (jebenbow) wrote : | #19 |
With the feisty release only a week away what should we do to resolve this bug?
The Debian bug report lists a fix to be removing the patch 06_stolen_
(http://
Another option would be to revert back to VPNC 3.3
Luca, Can you point this in the right direction?
thomas michel (tom-michel) wrote : | #20 |
Hi,
it does not seem to be specific to pix asa. I got the same problem here with a Cisco 1812 Router.
DevenPhillips (deven-phillips) wrote : | #21 |
No, the bug is not PIX specific. The problem appears to be with the Dead Peer Detection code in vpnc. I have spoken with people on the vpnc development team and they are looking for people to help in debugging the problem. I would recommend rolling back to 0.3.3 for Feisty final release though.... This bug is not going to be fixed in time for release.
Deven Phillips, CISSP, CCNA
Dennis Krul (launchpad-themirror) wrote : | #22 |
I have similar problems with the vpnc package.
Rolling back to 0.3.3 is not an option for me, because my environment requires the 'vendor' option which is introduced in 0.4.0.
Compiling 0.4.0 from source solves the problem for me.
In my opinion the best solution is to remove the patch and package vpnc as is.
James Tait (jamestait) wrote : | #23 |
I have currently rolled back to 0.3.3 but I'm willing to help out with fixing 0.4.0. While I can't offer unrestricted access to our production PIX, I'm quite happy to supply debug output where it will help. Note that I'm not really familiar with the Debian/Ubuntu build process, so I'd need to get up to speed on that first and also take some advice on what sensitive bits (usernames, passwords, etc) I'd need to be wary of in the output.
Claus (clauslund) wrote : | #24 |
I'm seeing this problem as well ... and would be willing to help troubleshoot as much as needed. However, I'm at the same point as James Tait (I'd need very specific instructions on what to do and what to look for).
I'm connecting to a PIX 515...
Rocco (rocco) wrote : | #25 |
Same problem, connecting to a PIX. Is there a smooth way around this problem while this is fixed in Ubuntu?
artt (cualquiercosa) wrote : | #26 |
I've solved it by rebuilding without the patch:
cd /usr/src
sudo apt-get source vpnc
cd vpnc-0.
sudo gedit 00list
remove the line 06_stolen_from_head
cd ../..
sudo debian/rules binary
cd ..
sudo apt-get remove vpnc
sudo dpkg -i vpnc_0.
if you had installed network-
be careful when upgrading the system, don't update vpnc or you will get the patched version
James Tait (jamestait) wrote : | #27 |
I'm working on a patch to allow a config option to disable RFC3706 Dead Peer Detection. All being well should be available in the next day or so.
James Tait (jamestait) wrote : | #28 |
- Patch to add a config option to disable RFC3706 Dead Peer Detection Edit (3.4 KiB, text/plain)
I'm attaching above-mentioned patch for someone with greater knowledge than me to test.
The patch is completely untested as I currently have no idea about building and packaging in Ubuntu. I'm sure I'll get up to speed eventually, but in the meantime if someone else is able to apply the patch and make any required changes to get it working then it can be tested, rather than waiting for me to learn what I need to learn to test it myself.
Amit Kucheria (amitk) wrote : | #29 |
Comment 26 by artt fixes problems for me as well. Connecting to a Cisco here...
aoyoyo (naiyanat) wrote : | #30 |
can't apt-get source vpnc
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to find a source package for vpnc
<b>my /etc/apt/
deb http://
deb http://
deb http://
deb-src http://
## Major bug fix updates produced after the final release of the
## distribution.
deb http://
deb-src http://
## Uncomment the following two lines to add software from the 'universe'
## repository.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team.
# deb http://
#deb-src http://
## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://
#deb-src http://
deb http://
deb-src http://
deb http://
#deb-src http://
deb http://
deb http://
James Tait (jamestait) wrote : | #31 |
aoyoyo, I think you need to add universe to the deb-src line, thus:
deb-src http://
aoyoyo (naiyanat) wrote : | #32 |
Hi James,
You have something else. I got this error.
aoyoyo@
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Could not open file /var/lib/
artt (cualquiercosa) wrote : | #33 |
I think you have to do an
apt-get update
before you can access the repository
aoyoyo (naiyanat) wrote : | #34 |
functioning. thanks a lot artt.
Tomas Thiemel (thiemel) wrote : | #35 |
SOLUTION
https:/
WORKS
even on x86_64 - just change
"sudo dpkg -i vpnc_0.
to
"sudo dpkg -i vpnc_0.
* artt, you saved my life! :-) *
Yesterday, I upgraded from Ubuntu 6.10 to 7.04 and today I had problem to connect to internet via school's WiFi network and VPN, sice I found the solution.
It was hard to find ("to google") this solution, so here are some "key words" to help the solution:
===================
...
VPNC started in foreground...
lifetime status: 3 of 7200 seconds used, 0|0 of 0 kbytes used
...
lifetime status: 31 of 7200 seconds used, 36|15 of 0 kbytes used
dead peer detected, terminating
S7.10
S8
===================
vpnc
disconnect
dead peer detected, terminating
===================
DevenPhillips (deven-phillips) wrote : | #36 |
I also concur with the results. artt's removal of the 06 patch fixes the client for me.
James Tait (jamestait) wrote : | #37 |
But doesn't removing the 06 patch completely disable DPD and some other functionality even for those devices with which it works?
Fernando (fernando-medina) wrote : | #38 |
Downloaded the vpnc sources and removed the 06 line as stated. I got a error trying to compile the Debian way, so I just removed the vpnc packages then just make, make install and my vpnc is now working perfectly again.
I think this is pretty serious big, and seems fairly simple to fix, at least temporarily, why is it not getting done?
thanks to all in the forum,
DevenPhillips (deven-phillips) wrote : | #39 |
As of yesterday, the configuration option to disable Dead Peer Detection in vpnc is in the CVS repository for vpnc. Can we get an updated Ubuntu package soon?
James Tait (jamestait) wrote : | #40 |
- Patch to add a config option to disable RFC3706 Dead Peer Detection (corrected and tested) Edit (2.6 KiB, text/plain)
If I understand DevenPhillips' last message correctly, this is no longer required, but I'm attaching the corrected, tested patch to allow disabling of Dead Peer Detection.
I have an AMD64 package available if others would like to test it.
If you wish to build your own package:
- place this file in vpnc-0.
- cd vpnc-0.4.0
- echo 09_config_
- sudo debian/rules binary
Changed in vpnc: | |
status: | Unknown → Unconfirmed |
Changed in vpnc: | |
assignee: | nobody → geser |
status: | Confirmed → In Progress |
Changed in vpnc: | |
status: | In Progress → Needs Info |
Changed in vpnc: | |
status: | Needs Info → Fix Committed |
Changed in vpnc: | |
status: | Unconfirmed → Fix Committed |
26 comments hidden Loading more comments | view all 106 comments |
James Tait (jamestait) wrote : | #67 |
Works for me in Feisty.
Panda_N_Shark (info-codedmind) wrote : | #68 |
Problem solve for me.
Ubuntu feisty connect to a pix
Thanks
Thomas Novin (thomasn80) wrote : | #69 |
The problem with 20 minutes was not related, I had the same problem in 0.3.3+SVN. Fix is OK.
Changed in vpnc: | |
assignee: | nobody → geser |
importance: | Undecided → Medium |
status: | Fix Committed → Fix Released |
TomasHnyk (sup) wrote : | #70 |
Works for me, at least as much as I can say after 1,5 hour long testing.
Emmet Hikory (persia) wrote : | #71 |
I've unsubscribed ubuntu-
Changed in vpnc: | |
status: | Unconfirmed → Fix Released |
Michael Bienia (geser) wrote : | #72 |
The fixed package works for me too.
The package has been available a week for testing and I count (including me) 5 "works for me" and no regressions. This should be enough to get the package moved to feisty-updates.
Thanks for the testing.
Changed in vpnc: | |
status: | Fix Released → Unconfirmed |
Martin Pitt (pitti) wrote : | #73 |
Copied to feisty-updates.
Changed in vpnc: | |
status: | Fix Committed → Fix Released |
OrkanSpec (orkanspec) wrote : | #74 |
Just another confirmation: works for me.
Kubuntu 7.04 amd64
vpnc 0.4.0-2ubuntu1.1
It has been the best version so far.
The previous version 0.4.0-2ubuntu1 disconnected in a minute.
vpnc in Dapper and Edgy disconnected in 10-15 minutes.
Current version does not disconnect - I have tested it for 40 minutes.
Alarik Myrin (alarik-sknt) wrote : | #75 |
I'm trying out the suggestion posted here:
https:/
I must be missing a package. When I try this step:
sudo debian/rules binary
I get the following output:
dh_testdir
# Add here commands to compile the package.
/usr/bin/make
make[1]: libgcrypt-config: Command not found
make[1]: Entering directory `/usr/src/
gcc -W -Wall -O0 -Wmissing-
tunip.c:84:20: error: gcrypt.h: No such file or directory
In file included from vpnc.h:24,
tunip.h:42: error: expected specifier-
tunip.c: In function ‘encap_rawip_recv’:
tunip.c:189: error: ‘struct ike_sa’ has no member named ‘buf’
tunip.c:190: error: ‘struct ike_sa’ has no member named ‘buflen’
tunip.c:191: error: ‘struct ike_sa’ has no member named ‘bufpayload’
tunip.c:192: error: ‘struct ike_sa’ has no member named ‘bufsize’
tunip.c: In function ‘encap_udp_recv’:
tunip.c:218: error: ‘struct ike_sa’ has no member named ‘buf’
tunip.c:219: error: ‘struct ike_sa’ has no member named ‘buflen’
tunip.c:220: error: ‘struct ike_sa’ has no member named ‘bufpayload’
tunip.c:221: error: ‘struct ike_sa’ has no member named ‘bufsize’
tunip.c: In function ‘encap_any_decap’:
tunip.c:230: error: ‘struct ike_sa’ has no member named ‘buflen’
tunip.c:230: error: ‘struct ike_sa’ has no member named ‘bufpayload’
tunip.c:230: error: ‘struct ike_sa’ has no member named ‘var_header_size’
tunip.c:231: error: ‘struct ike_sa’ has no member named ‘buf’
tunip.c:231: error: ‘struct ike_sa’ has no member named ‘bufpayload’
tunip.c:231: error: ‘struct ike_sa’ has no member named ‘var_header_size’
tunip.c:232: error: ‘struct ike_sa’ has no member named ‘buflen’
tunip.c: In function ‘tun_send_ip’:
tunip.c:245: error: ‘struct ike_sa’ has no member named ‘buf’
tunip.c:246: error: ‘struct ike_sa’ has no member named ‘buflen’
tunip.c:254: error: ‘struct ike_sa’ has no member named ‘buf’
tunip.c: In function ‘hmac_compute’:
tunip.c:283: error: ‘gcry_md_hd_t’ undeclared (first use in this function)
tunip.c:283: error: (Each undeclared identifier is reported only once
tunip.c:283: error: for each function it appears in.)
tunip.c:283: error: expected ‘;’ before ‘md_ctx’
tunip.c:289: warning: implicit declaration of function ‘gcry_md_open’
tunip.c:289: error: ‘md_ctx’ undeclared (first use in this function)
tunip.c:289: error: ‘GCRY_MD_FLAG_HMAC’ undeclared (first use in this function)
tunip.c:291: warning: implicit declaration of function ‘gcry_md_setkey’
tunip.c:293: warning: implicit declaration of function ‘gcry_md_write’
tunip.c:294: warning: implicit declaration of function ‘gcry_md_final’
tunip.c:295: warning: implicit declaration of function ‘gcry_md_read’
tunip.c:295: warning: assignment makes pointer from integer without a cast
tunip.c:304: warning: implicit declaration of function ‘gcry_md_close’
tunip.c: In function ‘encap_
tunip.c:328: error: ‘struct ike_sa’ has no member named ‘buflen’
tunip.c:328: error: ‘struct ike_sa’ has no member named ‘var_header_size’
tunip.c:328: error: ‘struct ike_sa’ has ...
TomasHnyk (sup) wrote : | #76 |
Alarik Myrin
Why don't you just use the updated package? It should be in feisty-updates by now.
Alarik Myrin (alarik-sknt) wrote : | #77 |
Ah yes, there it is, thank you.
Alarik
ih (ih-ad) wrote : Had to enable feisty-updates | #78 |
The fix works.
Only want to point out that for some reason by default feisty-updates was not enabled (this is a clean install of 7.04 AMD64)
I had to enable it in Synaptic / Settings / Repositories in the "Updates" tab
TomasHnyk (sup) wrote : | #79 |
I think I had to do the same think, though I do not remember since I tweaked the sources.list by hand anyway.
Could you please fill this as another bug? Search if it has not been reported before though. It might be by design but that would be strange since that would mean we do not trust our own updates...
ih (ih-ad) wrote : | #80 |
I filed bug 119248 for the "feisty-updates not enabled by default"
https:/
tanas (macarvalho) wrote : | #81 |
Hate to say but I still get the "no response from target" message with 0.4.0ubuntu1.1 (yes I'm sure it's 1.1 and not 1).
Downgraded to 0.3.3 and it is working fine.
(then I upgraded back to 0.4.0-1.1 which failed again, and then back to 0.3.3 which worked fine)
(sorry, I'm a sort of newbie and couldn't find any log file)
TomasHnyk (sup) wrote : | #82 |
tanas: do you ever connect? If not, you are probably not facing this bug.
If you indeed connect and disconnect exactly after 30 seconds, you probably are facing this bug - but that should not be possible, heh:-).
tanas (macarvalho) wrote : | #83 |
I was indeed connected with 0.3.3.
vpnc said I was connected;
During the connection I checked my IP, and it was no longer the one I had before, but the IP from the VPN Server I was connected to;
I was able to connect to online services that depend on the vpn connection (intranet for instance);
With 0.4.0 I get the "no response" message after 14 or 15 seconds (not 30... possibly a new bug?) after I entered the password
TomasHnyk (sup) wrote : | #84 |
Are you trying from the command line? Do you ever get an IP from the VPN server? (with current version)
tanas (macarvalho) wrote : Re: [Bug 93413] Re: vpnc dead peer detection disconnects immediately | #85 |
Yep, from the command line (sudo vpnc-connect)
I dont know if I get the VPN server IP.. just have 15 seconds to
check.. Is there any way to check that?
TomasHnyk (sup) wrote : | #86 |
well, the simplest probably is to open another gnome-terminal and periodically run ifconfig - if you do not see something there, it is unlikely you are dealing with this bug (open anoter bug, maybe try to go upstream first - link to vpnc mailing list is somewhere above)
tanas (macarvalho) wrote : | #87 |
Uhm, I am behind a firewall, so ifconfig just gives the usual 192.168...
I tried a more primitive method: connecting with vpnc during a download. The download rate never decreased (which I guess it would if I were connected to the vpn server).
So I guess it is indeed a new bug
tanas (macarvalho) wrote : | #88 |
thanks anyway!
TomasHnyk (sup) wrote : | #89 |
it does not matter if you are behind a firewall, vpn gives you a new IP address anyway. a new interface called tun or tap is created usually.
tanas (macarvalho) wrote : | #90 |
Sorry, I meant behind a router.
I tried my primitive test (downloading while connecting) using 0.3.3
and the download was interrupted immediately after introducing the
login.
On 25/06/07, TomasHnyk <email address hidden> wrote:
> it does not matter if you are behind a firewall, vpn gives you a new IP
> address anyway. a new interface called tun or tap is created usually.
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
Lynoure Braakman (lynoure) wrote : | #91 |
I'm having this problem (disconnecting after 30s) with up-to-date feisty with feisty-updates in use.
ih (ih-ad) wrote : | #92 |
It is fixed in version vpnc-0.
Go to Synaptic and check what version is it that you have installed and what version is available for install.
Also check your repositories list.
tanas (macarvalho) wrote : | #93 |
I guess that message was just intended for Lynoure, because I have the
problem with the 1.1 package as well (but not with the 0.3.3)
On 06/07/07, ih <email address hidden> wrote:
> It is fixed in version vpnc-0.
>
> Go to Synaptic and check what version is it that you have installed and
> what version is available for install.
>
> Also check your repositories list.
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
ih (ih-ad) wrote : | #94 |
Hmm... Maybe it's a different problem or manifestation of said problem.
I definitely had the problem and it was definitely fixed for me with the 1.1 release (of 0.4). I am using it pretty much every day for extended periods of time. I had only one case when conenctivity disappeared, but network manager was still showing me as connected.
jan_k (wobble-gmx) wrote : | #95 |
I can second tanas's experience. Connection break-down after about 30 seconds with the lates vpnc, but not with 0.3.3
tanas (macarvalho) wrote : | #96 |
I am so sorry for the report above. On a clean Feisty installation
(same computer, same server) I was able to connect using vpnc
0.4.0ubuntu1.1 to my Cisco VPN Server.
I can however garantee that the problem I had before (also with
feisty) was consistent: 0.4.0-1.1 didn't work but 0.3.3 did. I tried
several times, totally removing ("Complete removal" option on
synaptics) everything related to vpnc between different attempts.
Ranjan (ranjansimon) wrote : | #97 |
I have the same problem with 0.4.0ubunutu1.1 . It connects fine and is alive for sometime but disconnects suddenly without any notification. Here is the debug output
-------
length: 0014
d.doi: 00000001 (ISAKMP_DOI_IPSEC)
d.protocol: 03 (ISAKMP_
d.spi_length: 04
d.num_spi: 0002
d.spi: de42663b
d.spi: 2d7d6df3
DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
next_type: 00 (ISAKMP_
length: 001c
d.doi: 00000001 (ISAKMP_DOI_IPSEC)
d.protocol: 01 (ISAKMP_
d.spi_length: 10
d.num_spi: 0001
d.spi: d71ee671 b4ba9d01 41a8f878 11098722
DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
PARSING PAYLOAD type: 00 (ISAKMP_
PARSE_OK
NAT-T mode, adding non-esp marker
S8
-------
Any suggestions
Changed in vpnc: | |
status: | New → Fix Released |
NetherBen (bcx) wrote : | #98 |
Try fooling with the value for --dpd-idle
--dpd-idle <0,10-86400>
DPD idle timeout (our side) <0,10-86400>
Send DPD packet after not receiving anything for <idle> seconds.
Use 0 to disable DPD completely (both ways).
Default: 300
i.e.
In your config file have the line:
DPD idle timeout (our side) 0
(to disable it)
cbrmichi (cbrmichi) wrote : | #99 |
how to do this with network-
knarf (launchpad-ubuntu-f) wrote : | #100 |
For network-
--- nm-vpnc-
+++ nm-vpnc-service.c 2008-05-01 20:58:24.000000000 +0200
@@ -379,6 +379,8 @@ static gint nm_vpnc_
g_ptr_array_add (vpnc_argv, (gpointer) (*vpnc_binary));
g_ptr_array_add (vpnc_argv, (gpointer) "--non-inter");
g_ptr_array_add (vpnc_argv, (gpointer) "--no-detach");
+ g_ptr_array_add (vpnc_argv, (gpointer) "--dpd-idle");
+ g_ptr_array_add (vpnc_argv, (gpointer) "0");
g_ptr_array_add (vpnc_argv, (gpointer) "-");
g_ptr_array_add (vpnc_argv, NULL);
or (simpler but possibly less flexible) replace /usr/bin/vpnc with a short script which adds --dpd-idle 0 to the command line. I took the former approach, you can make up the latter...
Julian Zeidler (julian-zeidlers) wrote : | #101 |
da isses nimm option 2.
am besten du speicherst ein kleines script in /usr/local/bin ab
etwa der art:
#!/bin/bash
sudo vpnc-disconnect
sudo vpnc-connect outside --dpd-idle 0
knarf schrieb:
> For network-
>
> --- nm-vpnc-
> +++ nm-vpnc-service.c 2008-05-01 20:58:24.000000000 +0200
> @@ -379,6 +379,8 @@ static gint nm_vpnc_
> g_ptr_array_add (vpnc_argv, (gpointer) (*vpnc_binary));
> g_ptr_array_add (vpnc_argv, (gpointer) "--non-inter");
> g_ptr_array_add (vpnc_argv, (gpointer) "--no-detach");
> + g_ptr_array_add (vpnc_argv, (gpointer) "--dpd-idle");
> + g_ptr_array_add (vpnc_argv, (gpointer) "0");
> g_ptr_array_add (vpnc_argv, (gpointer) "-");
> g_ptr_array_add (vpnc_argv, NULL);
>
> or (simpler but possibly less flexible) replace /usr/bin/vpnc with a
> short script which adds --dpd-idle 0 to the command line. I took the
> former approach, you can make up the latter...
>
>
AlienMind (hosujael) wrote : | #102 |
a more logical aproach:
mv /usr/sbin/vpnc /usr/sbin/vpnc2
vi /usr/sbin/vpnc #new file with content:
#!/bin/bash
export PATH=/usr/
cat | /usr/sbin/vpnc2 --non-inter --no-detach --dpd-idle 0 -
chmod +x /usr/sbin/vpnc
Mondin Marco (mondin-marco) wrote : | #103 |
A similar aproach, I used that work whit kvpnc is:
sudo mv /usr/sbin/vpnc /usr/sbin/vpnc2
sudo nano /usr/sbin/vpnc
Put this lines in file:
#!/bin/bash --dpd-idle 0 $*
sudo chmod +x /usr/sbin/vpnc
It is a similar solution, but don't hang kvpnc.
Mondin Marco (mondin-marco) wrote : | #104 |
Excuse me, i lost same thing:
A similar aproach, I used that work whit kvpnc is:
sudo mv /usr/sbin/vpnc /usr/sbin/vpnc2
sudo nano /usr/sbin/vpnc
Put this lines in file:
#!/bin/bash
/usr/sbin/vpnc2 --dpd-idle 0 $*
sudo chmod +x /usr/sbin/vpnc
It is a similar solution, but don't hang kvpnc.
burtbick (list-burtbicksler) wrote : | #105 |
With Hardy (8.04) and KVPNC from the repository I was experiencing a similar problem.
I could get connected with our Cisco VPN, but then after a few seconds the connection would go down and shortly after that would not reconnect until I Quit KVPNC.
I played around with some timing and in Network/General I noticed the Use connection status check and that the interval was initially set to a relatively small value (I think it was 5 or 10). This happened to be the same interval that I was seeing the failure from the ping being sent out
After turning on level 3 logging I noticed that the failure was tied to a "ping" message being sent out. The message was error: Ping to IPAddr within 1 checks every 5s has been failed!
I then kicked the interval up to 20 seconds, and I could now stay connected for 20 seconds! But every 20 seconds it would report failure, drop the connection and reconnect. But in this case it appeared that it did not get into the state where I would have to quit KVPNC and restart it in order to connect again.
For good measure I changed the interval to 40 seconds, and now every 40 seconds it reports the Ping failure, drops the connection and reconnects.
So, next I disabled the connection status check to test and see what would happen.
Now the connection has been up for over 42 Minutes (not seconds) and as far as I can see the connection is still fine and dandy. I can function via ssh and also a fish:// session in Konqueror for browsing and copying files.
Has anyone seen this problem (with the Ping used to do the connection status check failing), and if so did you find a solution to the problem? If not, and you are having regular drops of the connection you might want to try disabling the connection status check and see if that makes a difference.
Of course I would like to have the connection status check working, but disabling the connection status check at least appears to allow me to use KVPNC to access my work network for the moment.
I should also note that I have had this problem with Kubuntu 7.04 before but never had the time to ferret out what might be going on, and I had a build of the Cisco Linux VPN client that I could use on 7.04.
burtbick (list-burtbicksler) wrote : | #106 |
OK, What I suspected (and kind of confirmed) was that whatever is being used as the address to ping when the connection status check is enabled but the specific IP address is unchecked doesn't work in all cases.
To test my theory I turned the connection status check back on, also checked the use specific address and entered an IP address of a machine behind the VPN that I knew I could ping.
That worked for 5+ hours yesterday, and for over an hour today. Then I started to get failures and again (K)VPNC was doing auto retries and got into a mode where it would not see the network without Quiting KVPNC and restarting it. Then it was fine for a few minutes and repeated. I expect that the machine behind the VPN was unable to respond to the ping request in a timely fashion. Since I turned off the connection status check again no problems with the connection going down.
But I wanted to report that it appears that you need to use the specific IP address option with the connection status check if you are having a similar problem. Now to find a machine behind the VPN that doesn't get bogged down, or increase the timeout for the ping test if that is possible.
Burt
Changed in vpnc (Ubuntu): | |
assignee: | Michael Bienia (geser) → Anton (bogatyia) |
I'm also having this same issue.
However, mine will stay connected for < 30 seconds. Tho it seems it depends on the amount of data. Its about long enough for me to ssh into a host and su to root, and then it stops responding, and this error is in /var/log/syslog
Mar 18 19:43:28 carnage vpnc[11612]: connection terminated by dead peer detection
Uname: Linux carnage 2.6.20-12-generic #2 SMP Sun Mar 18 03:07:14 UTC 2007 i686 GNU/Linux
Date: Sun Mar 18 19:45:57 MDT 2007