vpnc dead peer detection disconnects immediately
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vpnc (Debian) |
Fix Released
|
Unknown
|
|||
vpnc (Ubuntu) |
Fix Released
|
Medium
|
Anton | ||
Feisty |
Fix Released
|
Medium
|
Michael Bienia |
Bug Description
Binary package hint: vpnc
This was not a problem with 3.3, with 4.0 this is happening and disconnects my vpn almost immediately.
Mar 18 11:28:04 lee-laptop vpnc[12104]: connection terminated by dead peer detection
ProblemType: Bug
Architecture: i386
Date: Sun Mar 18 11:30:25 2007
DistroRelease: Ubuntu 7.04
Uname: Linux lee-laptop 2.6.20-11-generic #2 SMP Thu Mar 15 08:03:07 UTC 2007 i686 GNU/Linux
Related branches
Mitch Anderson (metarx) wrote : | #1 |
Peter Adamka (malmo) wrote : | #2 |
I got the same issue.
There is no workarround for this.
>uname -a
Linux phobos 2.6.20-11-generic #2 SMP Thu Mar 15 08:03:07 UTC 2007 i686
Jeb Benbow (jebenbow) wrote : | #3 |
+1
I downgraded to 0.3.3 to get things working again.
$ uname -a
Linux strongbadia 2.6.20-11-generic #2 SMP Thu Mar 15 03:43:56 UTC 2007 x86_64 GNU/Linux
DevenPhillips (deven-phillips) wrote : | #4 |
Yet another vote for this being a problem. I'm on Feisty with all of the latest packages as of this morning. I get disconnected withing 60 seconds every time.
Deven Phillips, CISSP, CCNA
Systems Administrator
Metal Sales Manufacturing Corp.
gfunicus (tsuther) wrote : | #5 |
Same problem here, 5 to 30 seconds until disconnect.
$ apt-show-versions vpnc
vpnc/feisty uptodate 0.4.0-2ubuntu1
$ uname -a
Linux AngryButler68 2.6.20-13-386 #2 Sun Mar 25 00:18:53 UTC 2007 i686 GNU/Linux
Ante Karamatić (ivoks) wrote : | #6 |
I'm marking this confirmed since couple of users reported this. I use vpnc on daily basis and this kind of thing never hapend.
Changed in vpnc: | |
importance: | Undecided → Medium |
status: | Unconfirmed → Confirmed |
DevenPhillips (deven-phillips) wrote : | #7 |
Ante,
Are you using the 4.x vpnc?
Deven
DevenPhillips (deven-phillips) wrote : | #8 |
- Debug output from vpnc Edit (151.9 KiB, text/plain)
Additional Information:
Version installed: vpnc-0.4.0-2ubuntu1
Connecting to PIX 515 using Group Auth and XAuth.
Log message: vpnc[13375]: connection terminated by dead peer detection
See attachment for output from "vpnc-connect --debug 3 --no-detach <Profile>"
Wilbur Harvey (wilbur-harvey-spirentcom) wrote : | #9 |
I also have the same problem. It lasts about 30 seconds and dies every time.
I have all the latest Feisty updates as of 03/29/2007
wharvey@nforce41:~$ apt-show-versions vpnc
vpnc/feisty uptodate 0.4.0-2ubuntu1
A few weeks ago everything worked fine.
To the same server:
WindowsXP default VPNC client works fine.
Cisco Client for my Mac works fine.
Default Mac client won't connect at all.
Thomas Novin (thomasn80) wrote : | #10 |
I don't know how to install an older version except doing the way I just did:
Added into /etc/apt/
deb http://
deb-src http://
Started Synaptics, searched for 'vpnc' and deinstalled my current version. Then I chose the menu Package and from there chose 'Force Version' to install v0.3.3+SVN.
This solved the problem, I now have a stable connection.
DevenPhillips (deven-phillips) wrote : Re: [Bug 93413] Re: vpnc dead peer detection disconnects immediately | #11 |
What devices are everyone connecting to. Could this problem be specific to
the PIX? Are any VPN concentrator users having this issue?
Deven Phillips, CISSP, CCNA
On 4/3/07, ThomasNovin <email address hidden> wrote:
>
> I don't know how to install an older version except doing the way I just
> did:
>
> Added into /etc/apt/
>
> deb http://
> deb-src http://
>
> Started Synaptics, searched for 'vpnc' and deinstalled my current
> version. Then I chose the menu Package and from there chose 'Force
> Version' to install v0.3.3+SVN.
>
> This solved the problem, I now have a stable connection.
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
Mitch Anderson (metarx) wrote : | #12 |
The one I was connecting to was a Cisco Pix 515. Which I know is very
old. Its been since swapped with a newer ASA, but I have yet to test to
see if I'm still having problems with the ASA. But after seeing someone
else having problems also with an older PIX, I've wondered myself if its
just a problem with connecting to them.
DevenPhillips wrote:
> What devices are everyone connecting to. Could this problem be specific to
> the PIX? Are any VPN concentrator users having this issue?
>
> Deven Phillips, CISSP, CCNA
>
> On 4/3/07, ThomasNovin <email address hidden> wrote:
>> I don't know how to install an older version except doing the way I just
>> did:
>>
>> Added into /etc/apt/
>>
>> deb http://
>> deb-src http://
>>
>> Started Synaptics, searched for 'vpnc' and deinstalled my current
>> version. Then I chose the menu Package and from there chose 'Force
>> Version' to install v0.3.3+SVN.
>>
>> This solved the problem, I now have a stable connection.
>>
>> --
>> vpnc dead peer detection disconnects immediately
>> https:/
>> You received this bug notification because you are a direct subscriber
>> of the bug.
>>
>
DevenPhillips (deven-phillips) wrote : | #13 |
PIX 515 isn't all that old. We just bought ours about 1.5 years ago.
Deven Phillips, CISSP, CCNA
On 4/3/07, Mitch <email address hidden> wrote:
>
> The one I was connecting to was a Cisco Pix 515. Which I know is very
> old. Its been since swapped with a newer ASA, but I have yet to test to
> see if I'm still having problems with the ASA. But after seeing someone
> else having problems also with an older PIX, I've wondered myself if its
> just a problem with connecting to them.
>
> DevenPhillips wrote:
> > What devices are everyone connecting to. Could this problem be specific
> to
> > the PIX? Are any VPN concentrator users having this issue?
> >
> > Deven Phillips, CISSP, CCNA
> >
> > On 4/3/07, ThomasNovin <email address hidden> wrote:
> >> I don't know how to install an older version except doing the way I
> just
> >> did:
> >>
> >> Added into /etc/apt/
> >>
> >> deb http://
> >> deb-src http://
> >>
> >> Started Synaptics, searched for 'vpnc' and deinstalled my current
> >> version. Then I chose the menu Package and from there chose 'Force
> >> Version' to install v0.3.3+SVN.
> >>
> >> This solved the problem, I now have a stable connection.
> >>
> >> --
> >> vpnc dead peer detection disconnects immediately
> >> https:/
> >> You received this bug notification because you are a direct subscriber
> >> of the bug.
> >>
> >
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
Lee Connell (lee-a-connell) wrote : | #14 |
i have issue on 501, 506, 515 until I roll back to vpnc 3.3
>From: Mitch <email address hidden>
>Reply-To: Bug 93413 <email address hidden>
>To: <email address hidden>
>Subject: Re: [Bug 93413] Re: vpnc dead peer detection disconnects
>immediately
>Date: Tue, 03 Apr 2007 16:47:45 -0000
>
>The one I was connecting to was a Cisco Pix 515. Which I know is very
>old. Its been since swapped with a newer ASA, but I have yet to test to
>see if I'm still having problems with the ASA. But after seeing someone
>else having problems also with an older PIX, I've wondered myself if its
>just a problem with connecting to them.
>
>DevenPhillips wrote:
> > What devices are everyone connecting to. Could this problem be specific
>to
> > the PIX? Are any VPN concentrator users having this issue?
> >
> > Deven Phillips, CISSP, CCNA
> >
> > On 4/3/07, ThomasNovin <email address hidden> wrote:
> >> I don't know how to install an older version except doing the way I
>just
> >> did:
> >>
> >> Added into /etc/apt/
> >>
> >> deb http://
> >> deb-src http://
> >>
> >> Started Synaptics, searched for 'vpnc' and deinstalled my current
> >> version. Then I chose the menu Package and from there chose 'Force
> >> Version' to install v0.3.3+SVN.
> >>
> >> This solved the problem, I now have a stable connection.
> >>
> >> --
> >> vpnc dead peer detection disconnects immediately
> >> https:/
> >> You received this bug notification because you are a direct subscriber
> >> of the bug.
> >>
> >
>
>--
>vpnc dead peer detection disconnects immediately
>https:/
>You received this bug notification because you are a direct subscriber
>of the bug.
_______
The average US Credit Score is 675. The cost to see yours: $0 by Experian.
http://
DevenPhillips (deven-phillips) wrote : | #15 |
So, it appears that the issue may be specific to the PIX devices.
Deven
On 4/3/07, Lee Connell <email address hidden> wrote:
>
> i have issue on 501, 506, 515 until I roll back to vpnc 3.3
>
> >From: Mitch <email address hidden>
> >Reply-To: Bug 93413 <email address hidden>
> >To: <email address hidden>
> >Subject: Re: [Bug 93413] Re: vpnc dead peer detection disconnects
> >immediately
> >Date: Tue, 03 Apr 2007 16:47:45 -0000
> >
> >The one I was connecting to was a Cisco Pix 515. Which I know is very
> >old. Its been since swapped with a newer ASA, but I have yet to test to
> >see if I'm still having problems with the ASA. But after seeing someone
> >else having problems also with an older PIX, I've wondered myself if its
> >just a problem with connecting to them.
> >
> >DevenPhillips wrote:
> > > What devices are everyone connecting to. Could this problem be
> specific
> >to
> > > the PIX? Are any VPN concentrator users having this issue?
> > >
> > > Deven Phillips, CISSP, CCNA
> > >
> > > On 4/3/07, ThomasNovin <email address hidden> wrote:
> > >> I don't know how to install an older version except doing the way I
> >just
> > >> did:
> > >>
> > >> Added into /etc/apt/
> > >>
> > >> deb http://
> > >> deb-src http://
> > >>
> > >> Started Synaptics, searched for 'vpnc' and deinstalled my current
> > >> version. Then I chose the menu Package and from there chose 'Force
> > >> Version' to install v0.3.3+SVN.
> > >>
> > >> This solved the problem, I now have a stable connection.
> > >>
> > >> --
> > >> vpnc dead peer detection disconnects immediately
> > >> https:/
> > >> You received this bug notification because you are a direct
> subscriber
> > >> of the bug.
> > >>
> > >
> >
> >--
> >vpnc dead peer detection disconnects immediately
> >https:/
> >You received this bug notification because you are a direct subscriber
> >of the bug.
>
> _______
> The average US Credit Score is 675. The cost to see yours: $0 by Experian.
>
> http://
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
gfunicus (tsuther) wrote : | #16 |
I do not appear to have the problem on at least one ASA Version 7.1(2), but
do seem to have a problem on multiple pix's.
On 4/3/07, DevenPhillips <email address hidden> wrote:
>
> So, it appears that the issue may be specific to the PIX devices.
>
> Deven
>
> On 4/3/07, Lee Connell <email address hidden> wrote:
> >
> > i have issue on 501, 506, 515 until I roll back to vpnc 3.3
> >
> > >From: Mitch <email address hidden>
> > >Reply-To: Bug 93413 <email address hidden>
> > >To: <email address hidden>
> > >Subject: Re: [Bug 93413] Re: vpnc dead peer detection disconnects
> > >immediately
> > >Date: Tue, 03 Apr 2007 16:47:45 -0000
> > >
> > >The one I was connecting to was a Cisco Pix 515. Which I know is very
> > >old. Its been since swapped with a newer ASA, but I have yet to test
> to
> > >see if I'm still having problems with the ASA. But after seeing
> someone
> > >else having problems also with an older PIX, I've wondered myself if
> its
> > >just a problem with connecting to them.
> > >
> > >DevenPhillips wrote:
> > > > What devices are everyone connecting to. Could this problem be
> > specific
> > >to
> > > > the PIX? Are any VPN concentrator users having this issue?
> > > >
> > > > Deven Phillips, CISSP, CCNA
> > > >
> > > > On 4/3/07, ThomasNovin <email address hidden> wrote:
> > > >> I don't know how to install an older version except doing the way I
> > >just
> > > >> did:
> > > >>
> > > >> Added into /etc/apt/
> > > >>
> > > >> deb http://
> > > >> deb-src http://
> > > >>
> > > >> Started Synaptics, searched for 'vpnc' and deinstalled my current
> > > >> version. Then I chose the menu Package and from there chose 'Force
> > > >> Version' to install v0.3.3+SVN.
> > > >>
> > > >> This solved the problem, I now have a stable connection.
> > > >>
> > > >> --
> > > >> vpnc dead peer detection disconnects immediately
> > > >> https:/
> > > >> You received this bug notification because you are a direct
> > subscriber
> > > >> of the bug.
> > > >>
> > > >
> > >
> > >--
> > >vpnc dead peer detection disconnects immediately
> > >https:/
> > >You received this bug notification because you are a direct subscriber
> > >of the bug.
> >
> > _______
> > The average US Credit Score is 675. The cost to see yours: $0 by
> Experian.
> >
> >
> http://
> >
> > --
> > vpnc dead peer detection disconnects immediately
> > https:/
> > You received this bug notification because you are a direct subscriber
> > of the bug.
> >
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
Anivair (anivair) wrote : | #17 |
I'm having this same problem. Some code from /var/log/syslog (not too much):
Apr 5 13:45:51 ltsp-2 vpnc[30422]: connection terminated by dead peer detection
That's all that is relevant. I'm connecting to a Cisco 3060 Concentrator. Not PIX at all.
OrkanSpec (orkanspec) wrote : | #18 |
I have the same problem. vpnc disconnects in less than a minute in feisty.
Jeb Benbow (jebenbow) wrote : | #19 |
With the feisty release only a week away what should we do to resolve this bug?
The Debian bug report lists a fix to be removing the patch 06_stolen_
(http://
Another option would be to revert back to VPNC 3.3
Luca, Can you point this in the right direction?
thomas michel (tom-michel) wrote : | #20 |
Hi,
it does not seem to be specific to pix asa. I got the same problem here with a Cisco 1812 Router.
DevenPhillips (deven-phillips) wrote : | #21 |
No, the bug is not PIX specific. The problem appears to be with the Dead Peer Detection code in vpnc. I have spoken with people on the vpnc development team and they are looking for people to help in debugging the problem. I would recommend rolling back to 0.3.3 for Feisty final release though.... This bug is not going to be fixed in time for release.
Deven Phillips, CISSP, CCNA
Dennis Krul (launchpad-themirror) wrote : | #22 |
I have similar problems with the vpnc package.
Rolling back to 0.3.3 is not an option for me, because my environment requires the 'vendor' option which is introduced in 0.4.0.
Compiling 0.4.0 from source solves the problem for me.
In my opinion the best solution is to remove the patch and package vpnc as is.
James Tait (jamestait) wrote : | #23 |
I have currently rolled back to 0.3.3 but I'm willing to help out with fixing 0.4.0. While I can't offer unrestricted access to our production PIX, I'm quite happy to supply debug output where it will help. Note that I'm not really familiar with the Debian/Ubuntu build process, so I'd need to get up to speed on that first and also take some advice on what sensitive bits (usernames, passwords, etc) I'd need to be wary of in the output.
Claus (clauslund) wrote : | #24 |
I'm seeing this problem as well ... and would be willing to help troubleshoot as much as needed. However, I'm at the same point as James Tait (I'd need very specific instructions on what to do and what to look for).
I'm connecting to a PIX 515...
Rocco (rocco) wrote : | #25 |
Same problem, connecting to a PIX. Is there a smooth way around this problem while this is fixed in Ubuntu?
artt (cualquiercosa) wrote : | #26 |
I've solved it by rebuilding without the patch:
cd /usr/src
sudo apt-get source vpnc
cd vpnc-0.
sudo gedit 00list
remove the line 06_stolen_from_head
cd ../..
sudo debian/rules binary
cd ..
sudo apt-get remove vpnc
sudo dpkg -i vpnc_0.
if you had installed network-
be careful when upgrading the system, don't update vpnc or you will get the patched version
James Tait (jamestait) wrote : | #27 |
I'm working on a patch to allow a config option to disable RFC3706 Dead Peer Detection. All being well should be available in the next day or so.
James Tait (jamestait) wrote : | #28 |
- Patch to add a config option to disable RFC3706 Dead Peer Detection Edit (3.4 KiB, text/plain)
I'm attaching above-mentioned patch for someone with greater knowledge than me to test.
The patch is completely untested as I currently have no idea about building and packaging in Ubuntu. I'm sure I'll get up to speed eventually, but in the meantime if someone else is able to apply the patch and make any required changes to get it working then it can be tested, rather than waiting for me to learn what I need to learn to test it myself.
Amit Kucheria (amitk) wrote : | #29 |
Comment 26 by artt fixes problems for me as well. Connecting to a Cisco here...
aoyoyo (naiyanat) wrote : | #30 |
can't apt-get source vpnc
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to find a source package for vpnc
<b>my /etc/apt/
deb http://
deb http://
deb http://
deb-src http://
## Major bug fix updates produced after the final release of the
## distribution.
deb http://
deb-src http://
## Uncomment the following two lines to add software from the 'universe'
## repository.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team.
# deb http://
#deb-src http://
## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://
#deb-src http://
deb http://
deb-src http://
deb http://
#deb-src http://
deb http://
deb http://
James Tait (jamestait) wrote : | #31 |
aoyoyo, I think you need to add universe to the deb-src line, thus:
deb-src http://
aoyoyo (naiyanat) wrote : | #32 |
Hi James,
You have something else. I got this error.
aoyoyo@
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Could not open file /var/lib/
artt (cualquiercosa) wrote : | #33 |
I think you have to do an
apt-get update
before you can access the repository
aoyoyo (naiyanat) wrote : | #34 |
functioning. thanks a lot artt.
Tomas Thiemel (thiemel) wrote : | #35 |
SOLUTION
https:/
WORKS
even on x86_64 - just change
"sudo dpkg -i vpnc_0.
to
"sudo dpkg -i vpnc_0.
* artt, you saved my life! :-) *
Yesterday, I upgraded from Ubuntu 6.10 to 7.04 and today I had problem to connect to internet via school's WiFi network and VPN, sice I found the solution.
It was hard to find ("to google") this solution, so here are some "key words" to help the solution:
===================
...
VPNC started in foreground...
lifetime status: 3 of 7200 seconds used, 0|0 of 0 kbytes used
...
lifetime status: 31 of 7200 seconds used, 36|15 of 0 kbytes used
dead peer detected, terminating
S7.10
S8
===================
vpnc
disconnect
dead peer detected, terminating
===================
DevenPhillips (deven-phillips) wrote : | #36 |
I also concur with the results. artt's removal of the 06 patch fixes the client for me.
James Tait (jamestait) wrote : | #37 |
But doesn't removing the 06 patch completely disable DPD and some other functionality even for those devices with which it works?
Fernando (fernando-medina) wrote : | #38 |
Downloaded the vpnc sources and removed the 06 line as stated. I got a error trying to compile the Debian way, so I just removed the vpnc packages then just make, make install and my vpnc is now working perfectly again.
I think this is pretty serious big, and seems fairly simple to fix, at least temporarily, why is it not getting done?
thanks to all in the forum,
DevenPhillips (deven-phillips) wrote : | #39 |
As of yesterday, the configuration option to disable Dead Peer Detection in vpnc is in the CVS repository for vpnc. Can we get an updated Ubuntu package soon?
James Tait (jamestait) wrote : | #40 |
- Patch to add a config option to disable RFC3706 Dead Peer Detection (corrected and tested) Edit (2.6 KiB, text/plain)
If I understand DevenPhillips' last message correctly, this is no longer required, but I'm attaching the corrected, tested patch to allow disabling of Dead Peer Detection.
I have an AMD64 package available if others would like to test it.
If you wish to build your own package:
- place this file in vpnc-0.
- cd vpnc-0.4.0
- echo 09_config_
- sudo debian/rules binary
Michael Bienia (geser) wrote : | #41 |
I'm also affected by this bug.
But I'm not yet sure how to fix it.
Disabling the 06_stolen_from_head patch disables more changes than necessary but should also work for network-
Adding the option to disable dpd is the better fix but only useful for those using vpnc-connect. network-
James Tait (jamestait) wrote : | #42 |
I think there are two issues here -- the first, that DPD doesn't work in some circumstances, can be worked around with the ability to disable DPD in those circumstances. In fact perhaps it should be disabled by default so that those with appliances with which DPD would cause problems get the better experience, i.e. not getting disconnected after a few seconds, by default. If their appliance supports DPD, they can always enable it, then disable it again if it doesn't work. The correct solution is to fix the DPD feature in VPNC, but since details are currently sparse on what causes the problem, the option to enable/disable DPD is a useful middle ground.
The second issue is that if this option is added to vpnc, network-
Panda_N_Shark (codedmind) wrote : | #43 |
Comment 26 result to me.
If you will try don't forget to install dpatch if get an error when do sudo debina/rules binary
Thanks m8
This should be fixed because now we have always update manager ask for update...
Fix this please
Alexander Papaspyrou (lxndrp) wrote : | #44 |
James,
I opened a new bug report (Bug #112406) on the second (UI) part. However, fixing this will presumably take up some time.
This issue, though, should be fixed real soon now (tm), since it renders network-
I propose to raise the importance one level. Please add the upstream dpatch to finally solve this irritating problem.
Tom (tom-ranson) wrote : | #45 |
Hi,
Comment 26 fixes for me also- Ubuntu 7.04 2.6.20-15-generic.
FYI, I'm now using network-
Tom (tom-ranson) wrote : | #46 |
Just realised that I was taling rubbish in my previous post!
To confirm: steps in comment 26 above fixes/works-around my dead peer detection issue when connecting to a PIX 515E.
Bug: https:/
TomasHnyk (sup) wrote : | #47 |
I would only add that in order to prevent Update manager from ranting about upgrding vpnc after following advice in 26 , just dowload the deb (it can be found in /var/cache/
James Tait (jamestait) wrote : | #48 |
OK folks, how do we need to move forward on this?
- Firstly, should the patch I submitted be "reversed" so that DPD disabled is the default behaviour and users can enable DPD by using an "Enable Dead Peer Detection" config option?
- I guess whichever way it goes I'll need to edit documentation to describe the new option.
- Do I need to just attach the dpatch file, as I have done, or do I need to attach a new .diff.gz for the package?
- Do I need to submit it to Debian instead?
- Do I need to upload a working .deb?
Since we now have a working fix for this problem, it would be good to get it committed so we can start to look at the issue of supporting the new options from network-
Panda_N_Shark (codedmind) wrote : | #49 |
I connect to a pix, in windows i need cisco vpn client, now in ubuntu and the reverse thing (post 26) solve my connection problem
Now everything works great. I vote too go back :D
DevenPhillips (deven-phillips) wrote : | #50 |
I vote that we implement the patch to be able to disable DPD. The patch is
currently available in the repository for vpnc. I think this is the best
solution. Unfortunately, as mentioned in previous posts, this breaks
compatibility with the graphical tools. Personally, I think that going
forward is a better step than backward.
Deven
On 5/8/07, Panda_N_Shark <email address hidden> wrote:
>
> I connect to a pix, in windows i need cisco vpn client, now in ubuntu
> and the reverse thing (post 26) solve my connection problem
>
> Now everything works great. I vote too go back :D
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
Panda_N_Shark (info-codedmind) wrote : | #51 |
@DevenPhillips
I only think that people with need to connect to universities connect throw a pix, and to do that i think the solution in post 26 is the best, or solve the problem that new patch create, because graphical is more easy to new commers to ubuntu.
Just my 2 cents.
TomasHnyk (sup) wrote : | #52 |
Also, the broken code should be rather fixed upstream, disabling it during compiling is only a workaround, not a solution. I would also call for downgrading for the reasons mentioned above (plus the pacakge is tested - however, we need to look if there were any bugs solved by 3.3>4.0 upgrade in Ubuntu.)
James Tait (jamestait) wrote : | #53 |
Panda_N_Shark said:
> I only think that people with need to connect to universities
> connect throw a pix,
I disagree. I know more people who connect to business networks through PIX appliances than University networks. The technology is equally applicable in either situation.
> and to do that i think the solution in post 26 is the best,
I still feel, as Deven Phillips neatly summarised, that this would be a step backward. I'm not sure if it breaks compatibility with network-
> or solve the problem that new patch create, because graphical is more
> easy to new commers to ubuntu.
Agreed, and this is the reason Bug #112406 was opened by Alexander Papaspyrou. However, there's little point working towards implementing UI support for a new feature in vpnc if that feature is never going to be implemented.
TomasHnyk said 53 minutes ago: (permalink)
> Also, the broken code should be rather fixed upstream,
Agreed, but I'm not involved with the upstream project (can someone point me at their home page and CVS?) and not familiar with how Ubuntu patches are propagated upstream. I'm new to all of this. I seem to remember seeing in changelogs that patches have been applied at the Ubuntu level, then later reverted when the upstream project has applied them. Maybe that is what needs to happen here, I don't know -- hence my questions above.
> disabling it
> during compiling is only a workaround, not a solution.
Absolutely agreed, which is why I submitted the patch for the config option. Technically, IMO, this is still a work-around but a cleaner solution than disabling DPD for everyone.
> I would also call
> for downgrading for the reasons mentioned above (plus the pacakge is
> tested - however, we need to look if there were any bugs solved by
> 3.3>4.0 upgrade in Ubuntu.)
Not bug fixes as such, but:
* New upstream release
+ GNU/kFreeBSD related fixes (closes: #400740)
+ Supports phase2 rekeying (closes: #411108)
+ auto-creating /var/run/vpnc (closes: #403783)
* Old config handling extensions replaced with wrappers to upstream
vpnc-script function variables which are declared official now
(closes: #399131)
* more connect/shutdown hooks (closes: #366257)
* not depending on iproute, though old extensions may not work without it
but users are warned in that case (closes: #393848)
I'd suggest that there are enough feature enhancements in there to support sticking with the current version, which was considered good enough for release with Feisty.
I'm not just pushing this solution because I want to see my patch included, I have nothing to lose by its rejection, I just think it's the best solution so far proposed.
Alexander Papaspyrou (lxndrp) wrote : | #54 |
James,
I second that. On purpose, I left the description of the newly opened network-
And yes, it might happen that certain config options are not available in the gui, albeit included in the underlying command line tool. I'm pretty sure that this happens not only here. However, I don't see a real problem for vpnc here.
I would suggest to disable it DPD until a UI config option is available, regardless when this will be the case. Rendering vpnc useless for many people just for the sake of UI consistency doesn't sound sensible to me.
TomasHnyk (sup) wrote : | #55 |
This is also reported in Debian (I added the link)
As for the development, they know about it, from their website (http://
There is also a development mailing list, http://
This bugreport gets mentioned at least twice there: http://
http://
but it does not seem to get really much attention.
This http://
Now, there is a lot of new features so downgrading is not an option. However, I think that applying the patch is too much hassle, since it needs changes in other package (network-
Changed in vpnc: | |
status: | Unknown → Unconfirmed |
James Tait (jamestait) wrote : | #56 |
The vpnc patch pointed out by TomasHnyk (thanks for the pointers!) is actually a better solution than I'd proposed -- allowing users to configure the DPD timeout with a default value of 300 seconds, rather than a hard-coded timeout. Setting the timeout to 0 disables DPD. Much cleaner.
I wonder if that could be rolled into the 06_stolen_
TomasHnyk (sup) wrote : | #57 |
This https:/
From what I understand, this also mean that the bug open for network-
Therefore, I think the best way to solve this (until it gets "properly" solved in upstream) is to revert the patch (06_stolen_
Well, now, according to the procedure, a MOTU is needed for agreeing with the fix.
For Gutsy, this wil hopefully get included as well, but there is time for that at least until August 16th, the https:/
James Tait (jamestait) wrote : | #58 |
- Patch to add the upstream change to allow configuration of the DPD idle timeout Edit (7.1 KiB, text/plain)
I consulted #ubuntu-motu and merged the upstream change referenced above. The only change I made was to set the DPD idle timeout to 0 by default, to disable DPD unless explicitly set by the user. This means users don't get disconnected by DPD as the default behaviour.
TomasHnyk (sup) wrote : | #59 |
great, so, will it get in Feisty, then? If any testing is needed, let me know.
Michael Bienia (geser) wrote : | #60 |
Thanks for the debdiff James.
I've removed the unrelated change to vpnc-script from the dpatch and added a comment about the changed default value for --dpd-idle to the changelog.
I've uploaded it then to feisty-proposed and gutsy. It should appear in feisty-proposed in a few days. I'll announce when it's in feisty-proposed and can be tested.
Changed in vpnc: | |
assignee: | nobody → geser |
status: | Confirmed → In Progress |
James Tait (jamestait) wrote : | #61 |
I think I should clarify my previous, probably too brief, comment.
I asked on #ubuntu-motu for guidance on how to proceed with this ticket. It was agreed that 06_stolen_
TomasHnyk said on 2007-05-12:
> great, so, will it get in Feisty, then? If any testing is needed, let me know.
Michael Bienia has uploaded it to feisty-proposed, so my understanding is that yes, it will eventually get into Feisty.
Michael Bienia said on 2007-05-13:
> Thanks for the debdiff James.
No problem, thanks for talking me through the process and doing the SRU.
> I've removed the unrelated change to vpnc-script from the dpatch and
> added a comment about the changed default value for --dpd-idle to the
> changelog.
Yes, thanks for that. I guess it was getting late when I glanced over the debdiff and I completely missed the vpnc-script change. FWIW, I'm still running the package with that change in, with no ill effects, but I'm really not sure what it does so I agree with the decision to back it out. Thanks for updating the changelog as well -- I knew I was forgetting something!
TomasHnyk (sup) wrote : | #62 |
hm, there is nothing (as of now) in proposed: http://
Martin Pitt (pitti) wrote : | #63 |
Accepted into feisty-proposed. Please go ahead with testing and update the bug tasks and their status for gutsy and feisty (See https:/
Changed in vpnc: | |
status: | In Progress → Needs Info |
James Tait (jamestait) wrote : | #64 |
I see the new version in Gutsy, but not in feisty-proposed. I'm hoping this will automatically happen by setting the status to Fix Committed as per https:/
Changed in vpnc: | |
status: | Needs Info → Fix Committed |
Changed in vpnc: | |
status: | Unconfirmed → Fix Committed |
Michael Bienia (geser) wrote : | #65 |
The new package is now available for testing from feisty-proposed.
Please comment if the proposed package works for you or not.
Thomas Novin (thomasn80) wrote : | #66 |
Tested now with vpnc-0.
James Tait (jamestait) wrote : | #67 |
Works for me in Feisty.
Panda_N_Shark (info-codedmind) wrote : | #68 |
Problem solve for me.
Ubuntu feisty connect to a pix
Thanks
Thomas Novin (thomasn80) wrote : | #69 |
The problem with 20 minutes was not related, I had the same problem in 0.3.3+SVN. Fix is OK.
Changed in vpnc: | |
assignee: | nobody → geser |
importance: | Undecided → Medium |
status: | Fix Committed → Fix Released |
TomasHnyk (sup) wrote : | #70 |
Works for me, at least as much as I can say after 1,5 hour long testing.
Emmet Hikory (persia) wrote : | #71 |
I've unsubscribed ubuntu-
Changed in vpnc: | |
status: | Unconfirmed → Fix Released |
Michael Bienia (geser) wrote : | #72 |
The fixed package works for me too.
The package has been available a week for testing and I count (including me) 5 "works for me" and no regressions. This should be enough to get the package moved to feisty-updates.
Thanks for the testing.
Changed in vpnc: | |
status: | Fix Released → Unconfirmed |
Martin Pitt (pitti) wrote : | #73 |
Copied to feisty-updates.
Changed in vpnc: | |
status: | Fix Committed → Fix Released |
OrkanSpec (orkanspec) wrote : | #74 |
Just another confirmation: works for me.
Kubuntu 7.04 amd64
vpnc 0.4.0-2ubuntu1.1
It has been the best version so far.
The previous version 0.4.0-2ubuntu1 disconnected in a minute.
vpnc in Dapper and Edgy disconnected in 10-15 minutes.
Current version does not disconnect - I have tested it for 40 minutes.
Alarik Myrin (alarik-sknt) wrote : | #75 |
I'm trying out the suggestion posted here:
https:/
I must be missing a package. When I try this step:
sudo debian/rules binary
I get the following output:
dh_testdir
# Add here commands to compile the package.
/usr/bin/make
make[1]: libgcrypt-config: Command not found
make[1]: Entering directory `/usr/src/
gcc -W -Wall -O0 -Wmissing-
tunip.c:84:20: error: gcrypt.h: No such file or directory
In file included from vpnc.h:24,
tunip.h:42: error: expected specifier-
tunip.c: In function ‘encap_rawip_recv’:
tunip.c:189: error: ‘struct ike_sa’ has no member named ‘buf’
tunip.c:190: error: ‘struct ike_sa’ has no member named ‘buflen’
tunip.c:191: error: ‘struct ike_sa’ has no member named ‘bufpayload’
tunip.c:192: error: ‘struct ike_sa’ has no member named ‘bufsize’
tunip.c: In function ‘encap_udp_recv’:
tunip.c:218: error: ‘struct ike_sa’ has no member named ‘buf’
tunip.c:219: error: ‘struct ike_sa’ has no member named ‘buflen’
tunip.c:220: error: ‘struct ike_sa’ has no member named ‘bufpayload’
tunip.c:221: error: ‘struct ike_sa’ has no member named ‘bufsize’
tunip.c: In function ‘encap_any_decap’:
tunip.c:230: error: ‘struct ike_sa’ has no member named ‘buflen’
tunip.c:230: error: ‘struct ike_sa’ has no member named ‘bufpayload’
tunip.c:230: error: ‘struct ike_sa’ has no member named ‘var_header_size’
tunip.c:231: error: ‘struct ike_sa’ has no member named ‘buf’
tunip.c:231: error: ‘struct ike_sa’ has no member named ‘bufpayload’
tunip.c:231: error: ‘struct ike_sa’ has no member named ‘var_header_size’
tunip.c:232: error: ‘struct ike_sa’ has no member named ‘buflen’
tunip.c: In function ‘tun_send_ip’:
tunip.c:245: error: ‘struct ike_sa’ has no member named ‘buf’
tunip.c:246: error: ‘struct ike_sa’ has no member named ‘buflen’
tunip.c:254: error: ‘struct ike_sa’ has no member named ‘buf’
tunip.c: In function ‘hmac_compute’:
tunip.c:283: error: ‘gcry_md_hd_t’ undeclared (first use in this function)
tunip.c:283: error: (Each undeclared identifier is reported only once
tunip.c:283: error: for each function it appears in.)
tunip.c:283: error: expected ‘;’ before ‘md_ctx’
tunip.c:289: warning: implicit declaration of function ‘gcry_md_open’
tunip.c:289: error: ‘md_ctx’ undeclared (first use in this function)
tunip.c:289: error: ‘GCRY_MD_FLAG_HMAC’ undeclared (first use in this function)
tunip.c:291: warning: implicit declaration of function ‘gcry_md_setkey’
tunip.c:293: warning: implicit declaration of function ‘gcry_md_write’
tunip.c:294: warning: implicit declaration of function ‘gcry_md_final’
tunip.c:295: warning: implicit declaration of function ‘gcry_md_read’
tunip.c:295: warning: assignment makes pointer from integer without a cast
tunip.c:304: warning: implicit declaration of function ‘gcry_md_close’
tunip.c: In function ‘encap_
tunip.c:328: error: ‘struct ike_sa’ has no member named ‘buflen’
tunip.c:328: error: ‘struct ike_sa’ has no member named ‘var_header_size’
tunip.c:328: error: ‘struct ike_sa’ has ...
TomasHnyk (sup) wrote : | #76 |
Alarik Myrin
Why don't you just use the updated package? It should be in feisty-updates by now.
Alarik Myrin (alarik-sknt) wrote : | #77 |
Ah yes, there it is, thank you.
Alarik
ih (ih-ad) wrote : Had to enable feisty-updates | #78 |
The fix works.
Only want to point out that for some reason by default feisty-updates was not enabled (this is a clean install of 7.04 AMD64)
I had to enable it in Synaptic / Settings / Repositories in the "Updates" tab
TomasHnyk (sup) wrote : | #79 |
I think I had to do the same think, though I do not remember since I tweaked the sources.list by hand anyway.
Could you please fill this as another bug? Search if it has not been reported before though. It might be by design but that would be strange since that would mean we do not trust our own updates...
ih (ih-ad) wrote : | #80 |
I filed bug 119248 for the "feisty-updates not enabled by default"
https:/
tanas (macarvalho) wrote : | #81 |
Hate to say but I still get the "no response from target" message with 0.4.0ubuntu1.1 (yes I'm sure it's 1.1 and not 1).
Downgraded to 0.3.3 and it is working fine.
(then I upgraded back to 0.4.0-1.1 which failed again, and then back to 0.3.3 which worked fine)
(sorry, I'm a sort of newbie and couldn't find any log file)
TomasHnyk (sup) wrote : | #82 |
tanas: do you ever connect? If not, you are probably not facing this bug.
If you indeed connect and disconnect exactly after 30 seconds, you probably are facing this bug - but that should not be possible, heh:-).
tanas (macarvalho) wrote : | #83 |
I was indeed connected with 0.3.3.
vpnc said I was connected;
During the connection I checked my IP, and it was no longer the one I had before, but the IP from the VPN Server I was connected to;
I was able to connect to online services that depend on the vpn connection (intranet for instance);
With 0.4.0 I get the "no response" message after 14 or 15 seconds (not 30... possibly a new bug?) after I entered the password
TomasHnyk (sup) wrote : | #84 |
Are you trying from the command line? Do you ever get an IP from the VPN server? (with current version)
tanas (macarvalho) wrote : Re: [Bug 93413] Re: vpnc dead peer detection disconnects immediately | #85 |
Yep, from the command line (sudo vpnc-connect)
I dont know if I get the VPN server IP.. just have 15 seconds to
check.. Is there any way to check that?
TomasHnyk (sup) wrote : | #86 |
well, the simplest probably is to open another gnome-terminal and periodically run ifconfig - if you do not see something there, it is unlikely you are dealing with this bug (open anoter bug, maybe try to go upstream first - link to vpnc mailing list is somewhere above)
tanas (macarvalho) wrote : | #87 |
Uhm, I am behind a firewall, so ifconfig just gives the usual 192.168...
I tried a more primitive method: connecting with vpnc during a download. The download rate never decreased (which I guess it would if I were connected to the vpn server).
So I guess it is indeed a new bug
tanas (macarvalho) wrote : | #88 |
thanks anyway!
TomasHnyk (sup) wrote : | #89 |
it does not matter if you are behind a firewall, vpn gives you a new IP address anyway. a new interface called tun or tap is created usually.
tanas (macarvalho) wrote : | #90 |
Sorry, I meant behind a router.
I tried my primitive test (downloading while connecting) using 0.3.3
and the download was interrupted immediately after introducing the
login.
On 25/06/07, TomasHnyk <email address hidden> wrote:
> it does not matter if you are behind a firewall, vpn gives you a new IP
> address anyway. a new interface called tun or tap is created usually.
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
Lynoure Braakman (lynoure) wrote : | #91 |
I'm having this problem (disconnecting after 30s) with up-to-date feisty with feisty-updates in use.
ih (ih-ad) wrote : | #92 |
It is fixed in version vpnc-0.
Go to Synaptic and check what version is it that you have installed and what version is available for install.
Also check your repositories list.
tanas (macarvalho) wrote : | #93 |
I guess that message was just intended for Lynoure, because I have the
problem with the 1.1 package as well (but not with the 0.3.3)
On 06/07/07, ih <email address hidden> wrote:
> It is fixed in version vpnc-0.
>
> Go to Synaptic and check what version is it that you have installed and
> what version is available for install.
>
> Also check your repositories list.
>
> --
> vpnc dead peer detection disconnects immediately
> https:/
> You received this bug notification because you are a direct subscriber
> of the bug.
>
ih (ih-ad) wrote : | #94 |
Hmm... Maybe it's a different problem or manifestation of said problem.
I definitely had the problem and it was definitely fixed for me with the 1.1 release (of 0.4). I am using it pretty much every day for extended periods of time. I had only one case when conenctivity disappeared, but network manager was still showing me as connected.
jan_k (wobble-gmx) wrote : | #95 |
I can second tanas's experience. Connection break-down after about 30 seconds with the lates vpnc, but not with 0.3.3
tanas (macarvalho) wrote : | #96 |
I am so sorry for the report above. On a clean Feisty installation
(same computer, same server) I was able to connect using vpnc
0.4.0ubuntu1.1 to my Cisco VPN Server.
I can however garantee that the problem I had before (also with
feisty) was consistent: 0.4.0-1.1 didn't work but 0.3.3 did. I tried
several times, totally removing ("Complete removal" option on
synaptics) everything related to vpnc between different attempts.
Ranjan (ranjansimon) wrote : | #97 |
I have the same problem with 0.4.0ubunutu1.1 . It connects fine and is alive for sometime but disconnects suddenly without any notification. Here is the debug output
-------
length: 0014
d.doi: 00000001 (ISAKMP_DOI_IPSEC)
d.protocol: 03 (ISAKMP_
d.spi_length: 04
d.num_spi: 0002
d.spi: de42663b
d.spi: 2d7d6df3
DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
next_type: 00 (ISAKMP_
length: 001c
d.doi: 00000001 (ISAKMP_DOI_IPSEC)
d.protocol: 01 (ISAKMP_
d.spi_length: 10
d.num_spi: 0001
d.spi: d71ee671 b4ba9d01 41a8f878 11098722
DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
PARSING PAYLOAD type: 00 (ISAKMP_
PARSE_OK
NAT-T mode, adding non-esp marker
S8
-------
Any suggestions
Changed in vpnc: | |
status: | New → Fix Released |
NetherBen (bcx) wrote : | #98 |
Try fooling with the value for --dpd-idle
--dpd-idle <0,10-86400>
DPD idle timeout (our side) <0,10-86400>
Send DPD packet after not receiving anything for <idle> seconds.
Use 0 to disable DPD completely (both ways).
Default: 300
i.e.
In your config file have the line:
DPD idle timeout (our side) 0
(to disable it)
cbrmichi (cbrmichi) wrote : | #99 |
how to do this with network-
knarf (launchpad-ubuntu-f) wrote : | #100 |
For network-
--- nm-vpnc-
+++ nm-vpnc-service.c 2008-05-01 20:58:24.000000000 +0200
@@ -379,6 +379,8 @@ static gint nm_vpnc_
g_ptr_array_add (vpnc_argv, (gpointer) (*vpnc_binary));
g_ptr_array_add (vpnc_argv, (gpointer) "--non-inter");
g_ptr_array_add (vpnc_argv, (gpointer) "--no-detach");
+ g_ptr_array_add (vpnc_argv, (gpointer) "--dpd-idle");
+ g_ptr_array_add (vpnc_argv, (gpointer) "0");
g_ptr_array_add (vpnc_argv, (gpointer) "-");
g_ptr_array_add (vpnc_argv, NULL);
or (simpler but possibly less flexible) replace /usr/bin/vpnc with a short script which adds --dpd-idle 0 to the command line. I took the former approach, you can make up the latter...
Julian Zeidler (julian-zeidlers) wrote : | #101 |
da isses nimm option 2.
am besten du speicherst ein kleines script in /usr/local/bin ab
etwa der art:
#!/bin/bash
sudo vpnc-disconnect
sudo vpnc-connect outside --dpd-idle 0
knarf schrieb:
> For network-
>
> --- nm-vpnc-
> +++ nm-vpnc-service.c 2008-05-01 20:58:24.000000000 +0200
> @@ -379,6 +379,8 @@ static gint nm_vpnc_
> g_ptr_array_add (vpnc_argv, (gpointer) (*vpnc_binary));
> g_ptr_array_add (vpnc_argv, (gpointer) "--non-inter");
> g_ptr_array_add (vpnc_argv, (gpointer) "--no-detach");
> + g_ptr_array_add (vpnc_argv, (gpointer) "--dpd-idle");
> + g_ptr_array_add (vpnc_argv, (gpointer) "0");
> g_ptr_array_add (vpnc_argv, (gpointer) "-");
> g_ptr_array_add (vpnc_argv, NULL);
>
> or (simpler but possibly less flexible) replace /usr/bin/vpnc with a
> short script which adds --dpd-idle 0 to the command line. I took the
> former approach, you can make up the latter...
>
>
AlienMind (hosujael) wrote : | #102 |
a more logical aproach:
mv /usr/sbin/vpnc /usr/sbin/vpnc2
vi /usr/sbin/vpnc #new file with content:
#!/bin/bash
export PATH=/usr/
cat | /usr/sbin/vpnc2 --non-inter --no-detach --dpd-idle 0 -
chmod +x /usr/sbin/vpnc
Mondin Marco (mondin-marco) wrote : | #103 |
A similar aproach, I used that work whit kvpnc is:
sudo mv /usr/sbin/vpnc /usr/sbin/vpnc2
sudo nano /usr/sbin/vpnc
Put this lines in file:
#!/bin/bash --dpd-idle 0 $*
sudo chmod +x /usr/sbin/vpnc
It is a similar solution, but don't hang kvpnc.
Mondin Marco (mondin-marco) wrote : | #104 |
Excuse me, i lost same thing:
A similar aproach, I used that work whit kvpnc is:
sudo mv /usr/sbin/vpnc /usr/sbin/vpnc2
sudo nano /usr/sbin/vpnc
Put this lines in file:
#!/bin/bash
/usr/sbin/vpnc2 --dpd-idle 0 $*
sudo chmod +x /usr/sbin/vpnc
It is a similar solution, but don't hang kvpnc.
burtbick (list-burtbicksler) wrote : | #105 |
With Hardy (8.04) and KVPNC from the repository I was experiencing a similar problem.
I could get connected with our Cisco VPN, but then after a few seconds the connection would go down and shortly after that would not reconnect until I Quit KVPNC.
I played around with some timing and in Network/General I noticed the Use connection status check and that the interval was initially set to a relatively small value (I think it was 5 or 10). This happened to be the same interval that I was seeing the failure from the ping being sent out
After turning on level 3 logging I noticed that the failure was tied to a "ping" message being sent out. The message was error: Ping to IPAddr within 1 checks every 5s has been failed!
I then kicked the interval up to 20 seconds, and I could now stay connected for 20 seconds! But every 20 seconds it would report failure, drop the connection and reconnect. But in this case it appeared that it did not get into the state where I would have to quit KVPNC and restart it in order to connect again.
For good measure I changed the interval to 40 seconds, and now every 40 seconds it reports the Ping failure, drops the connection and reconnects.
So, next I disabled the connection status check to test and see what would happen.
Now the connection has been up for over 42 Minutes (not seconds) and as far as I can see the connection is still fine and dandy. I can function via ssh and also a fish:// session in Konqueror for browsing and copying files.
Has anyone seen this problem (with the Ping used to do the connection status check failing), and if so did you find a solution to the problem? If not, and you are having regular drops of the connection you might want to try disabling the connection status check and see if that makes a difference.
Of course I would like to have the connection status check working, but disabling the connection status check at least appears to allow me to use KVPNC to access my work network for the moment.
I should also note that I have had this problem with Kubuntu 7.04 before but never had the time to ferret out what might be going on, and I had a build of the Cisco Linux VPN client that I could use on 7.04.
burtbick (list-burtbicksler) wrote : | #106 |
OK, What I suspected (and kind of confirmed) was that whatever is being used as the address to ping when the connection status check is enabled but the specific IP address is unchecked doesn't work in all cases.
To test my theory I turned the connection status check back on, also checked the use specific address and entered an IP address of a machine behind the VPN that I knew I could ping.
That worked for 5+ hours yesterday, and for over an hour today. Then I started to get failures and again (K)VPNC was doing auto retries and got into a mode where it would not see the network without Quiting KVPNC and restarting it. Then it was fine for a few minutes and repeated. I expect that the machine behind the VPN was unable to respond to the ping request in a timely fashion. Since I turned off the connection status check again no problems with the connection going down.
But I wanted to report that it appears that you need to use the specific IP address option with the connection status check if you are having a similar problem. Now to find a machine behind the VPN that doesn't get bogged down, or increase the timeout for the ping test if that is possible.
Burt
Changed in vpnc (Ubuntu): | |
assignee: | Michael Bienia (geser) → Anton (bogatyia) |
I'm also having this same issue.
However, mine will stay connected for < 30 seconds. Tho it seems it depends on the amount of data. Its about long enough for me to ssh into a host and su to root, and then it stops responding, and this error is in /var/log/syslog
Mar 18 19:43:28 carnage vpnc[11612]: connection terminated by dead peer detection
Uname: Linux carnage 2.6.20-12-generic #2 SMP Sun Mar 18 03:07:14 UTC 2007 i686 GNU/Linux
Date: Sun Mar 18 19:45:57 MDT 2007