Cisco VPN misbehaving on Linux, works fine on Windows and Mac

veggen · 2014-03-17 09:34:56

A client provided me with VPN details in a PCF file. I imported the file on Windows and upon connection, my default gateway gets replaced and I can access their network (SSH and HTTP), but nothing outside of it, which is to be expected. A colleague did a similar thing on Mac with similar results. In Arch, I imported the same file using NetworkManager and while the connection is successfully established, the gateway does not get set, and I can not access their network, but the rest remains accessible. I tried manually adding a route to the host I'm interested in, but not sure if I did it right.

Output of ip route list without the connection:

ip route list
default via 10.10.10.254 dev eno1  proto static 
10.10.10.0/23 dev eno1  proto kernel  scope link  src 10.10.11.110  metric 1

Output of ip route list with the connection (replaced some bits with X, Y and Z for probably needless anonymization):

ip route list
default via 10.10.10.254 dev eno1  proto static 
10.10.10.0/23 dev eno1  proto kernel  scope link  src 10.10.11.110  metric 1 
10.13.Y.Y/27 dev tun0  proto kernel  scope link  src 10.13.Y.Y 
81.145.X.X via 10.10.10.254 dev eno1  proto static

What I tried (172.19.Z.Z is the server on their network I need to be able to access):

ip route add 172.19.Z.Z via 81.145.X.X
RTNETLINK answers: Network is unreachable

ip route add 172.19.Z.Z via 10.13.Y.Y
RTNETLINK answers: Network is unreachable

ip route add 172.19.Z.Z dev tun0

After this, attempts to open an HTTP connection with the server just time out.

Does anyone have any kind of advice? I'd much appreciate it.

Last edited by veggen (2014-03-17 09:55:33)

veggen · 2014-03-19 18:28:16

Is there any more info I can post to make troubleshooting easier?

Strike0 · 2014-03-20 08:19:26

Additional info from networkmanager logging to journalctl might perhaps help.
I have no experiences with the plugin you use, but it could be you are hitting the bug described (with a work-around) here. http://colans.net/blog/installing-vpn-p … buntu-1304

veggen · 2014-04-01 09:12:37

Thanks a bunch for the link! It really helped!

Connecting from the terminal client, as described in the linked article, worked fine, so it looks like a NetworkManager issue.
The output on the journal is:

Apr 01 11:05:41 arch NetworkManager[522]: <info> Starting VPN service 'vpnc'...
Apr 01 11:05:41 arch NetworkManager[522]: <info> VPN service 'vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 4887
Apr 01 11:05:41 arch NetworkManager[522]: <info> VPN service 'vpnc' appeared; activating connections
Apr 01 11:05:41 arch NetworkManager[522]: <info> VPN plugin state changed: starting (3)
Apr 01 11:05:41 arch NetworkManager[522]: <info> VPN connection 'MyVPN' (Connect) reply received.
Apr 01 11:05:41 arch NetworkManager[522]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...
Apr 01 11:05:43 arch NetworkManager[522]: <info> VPN connection 'MyVPN' (IP4 Config Get) reply received from old-style plugin.
Apr 01 11:05:43 arch NetworkManager[522]: <info> VPN Gateway: 81.145.47.66
Apr 01 11:05:43 arch NetworkManager[522]: <info> Tunnel Device: tun0
Apr 01 11:05:43 arch NetworkManager[522]: <info> IPv4 configuration:
Apr 01 11:05:43 arch NetworkManager[522]: <info> Internal Address: 10.13.250.182
Apr 01 11:05:43 arch NetworkManager[522]: <info> Internal Prefix: 27
Apr 01 11:05:43 arch NetworkManager[522]: <info> Internal Point-to-Point Address: 10.13.250.182
Apr 01 11:05:43 arch NetworkManager[522]: <info> Maximum Segment Size (MSS): 0
Apr 01 11:05:43 arch NetworkManager[522]: <info> Forbid Default Route: yes
Apr 01 11:05:43 arch NetworkManager[522]: <info> DNS Domain: '(none)'
Apr 01 11:05:43 arch NetworkManager[522]: <info> No IPv6 configuration
Apr 01 11:05:44 arch NetworkManager[522]: <info> VPN connection 'MyVPN' (IP Config Get) complete.
Apr 01 11:05:44 arch NetworkManager[522]: <info> Policy set 'mynetworkname' (wlp3s0) as default for IPv4 routing and DNS.
Apr 01 11:05:44 arch dbus[527]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Apr 01 11:05:44 arch NetworkManager[522]: <info> VPN plugin state changed: started (4)
Apr 01 11:05:44 arch systemd[1]: Starting Network Manager Script Dispatcher Service...
Apr 01 11:05:44 arch dbus[527]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Apr 01 11:05:44 arch systemd[1]: Started Network Manager Script Dispatcher Service.

Is the VPN connection 'MyVPN' (IP4 Config Get) reply received from old-style plugin interesting for anything?

Strike0 · 2014-04-02 17:49:38

Good that worked at least :-)

That info message you refer to is not relevant, google suggests it also appears with the openvpn plugin.

Since you converted the pcf to a conf file according to the link above: what happens when you setup a new connection in the NM gui and import the *.conf file (instead of the pcf)? Once you have done that, have a look regarding the warning what is configured in advanced options for the connection. Maybe it also helps, if you compare log output from a successful connection on the commandlne to above posted output regarding the routing shown.

Arch Linux

#1 2014-03-17 09:34:56

Cisco VPN misbehaving on Linux, works fine on Windows and Mac

#2 2014-03-19 18:28:16

Re: Cisco VPN misbehaving on Linux, works fine on Windows and Mac

#3 2014-03-20 08:19:26

Re: Cisco VPN misbehaving on Linux, works fine on Windows and Mac

#4 2014-04-01 09:12:37

Re: Cisco VPN misbehaving on Linux, works fine on Windows and Mac

#5 2014-04-02 17:49:38

Re: Cisco VPN misbehaving on Linux, works fine on Windows and Mac

Board footer