Problems with Cisco VPN Client

steap · Posted: Thu Oct 02, 2003 11:33 am Post subject: Problems with Cisco VPN Client

Hi...
I installed the Cisco VPN Client 4.0.1a using the "emerge" command. Connecting and authentification works fine but it seems that I can't receive data. I try to open an http-url via the secure connection and don't receive any data.
The strange thing is: I have also WinXP and VPN Client for Win installed on this machine and there it works. I also tried it on a debian machine in the same network and it worked. Therefore I don't think it's a problem with the firewall.
Maybe there is something wrong with the routing...
Any ideas?

Thanx
Stefan

Lozzer · Posted: Thu Oct 02, 2003 9:26 pm Post subject: Maybe DNS

Can you resolve hostnames? Especially hostnames that are private to your company DNS. (check with ping hostname - it should come back with PING hostname (ip address)).

If name resolution is not happening, try pinging an ip address on the private network.

If this works, then you have a DNS problem. I think the Cisco VPN client overwrites /etc/resolv.conf when you connect. Check whether the nameservers are on your company network after you connect.

There isn't really much you can do about routing with this VPN. Instead of exposing a network interface it intercepts and reroutes packets in the kernel. If you are using the same pcf as on Windows then it should be OK.

I've got this working, but I installed it manually, because I didn't realise there was a Gentoo package for it :oops:

steap · Posted: Fri Oct 03, 2003 7:57 am Post subject:

First thanks

- but resolving hostnames works fine.
Could the kernel 2.4.22 be the reason for my problem? On the other machine I tried, I used 2.4.21

Think, I'll load the 2.4.21 sources and just try it...

steap · Posted: Fri Oct 03, 2003 8:56 am Post subject:

so... - the kernel isn't the reason...

Lozzer · The kernel I got it running with was linux-2.4.20-gentoo-r7

The kernel I got it running with was linux-2.4.20-gentoo-r7

steap · Posted: Fri Oct 03, 2003 9:47 am Post subject:

Now I got the VPN-Connection working

But I don't know the real reason for the problem. What I did is setting the MTU of the eth0 and cipsec0 interfaces by hand (set it to 2000). After establishing the VPN connection the MTU for eth0 is 1856 and for cipsec0 is still 2000

shiqicao · n00b Joined: 13 May 2004 Posts: 2

where can u set MTU?

Lozzer · Posted: Fri May 14, 2004 12:38 am Post subject:

You can do it manually by using the ifconfig command e.g.

enkil · Posted: Fri May 14, 2004 6:56 am Post subject:

@steap:
I had the same problem with the vpnclient... I was able to establish a vpn-connection and even ping other computers in the network, but I was unable to get any bigger packages transmitted...
Problem was, that I used my onboard Marvell 1000MBiT NIC, something with its driver seems to be broken... Are you using a Marvell-NIC, too?

castrik · n00b Joined: 16 Apr 2004 Posts: 31

i have had a similar problem before, turned out i needed to allow specific ip protocols thru my firewall. im not sure what they are offhand.

steap · Posted: Fri May 14, 2004 2:15 pm Post subject:

Now everything works fine. Since the problems occured more than half a year ago, I don't know what finally solved this strange behaviour.
At the moment I use kernel 2.6.5 and a newer version of the vpn-client.

@enkil:
I have a Broadcom 1000MBit NIC in my Notebook, I had the probs with...