Description of problem:
vpnc used to work, now the connection seems to succeed, but no packets make it anywhere.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Connect to a VPN
ping google.com (or anything) doesn't work
the connection works properly
I have a laptop with F14, and the same VPNs that fail here work there completely fine.
Actually, I downgraded to 0.5.3-9.fc15, and it works fine.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Please can you run vpnc on the command line with "--debug 3" and attach the complete debug output? Please do the test with version 0.5.3-9.fc15 as well as with 0.5.3-12.svn457. Thank you very much in advance!
from "vpnc --long-help":
Show verbose debug messages
* 0: Do not print debug information.
* 1: Print minimal debug information.
* 2: Show statemachine and packet/payload type information.
* 3: Dump everything exluding authentication data.
* 99: Dump everything INCLUDING AUTHENTICATION data (e.g. PASSWORDS).
conf-variable: Debug <0/1/2/3/99>
Created attachment 521935 [details]
Log for old vpnc
Created attachment 521936 [details]
Log for new vpnc
As you can see, there's clearly a regression, I say you should revert back to the old one.
It's also interesting the fact that even though vpnc fails (it doesn't go to the background), the NetworkManager plug in think it does.
I have looked at both attachments and it looks like that the differences start when dealing with NAT mode.
1. Please can you double-check that you have used in both tests (old and new vpnc version) exactly the same config file?
2. Please can you also attach the config file (please replace all private data like IP addresses, user names and passwords with xxxx or so)?
3. Please can you also try, whether changing the NAT mode helps by any chance?
From the "man vpnc":
Which NAT-Traversal Method to use:
· natt -- NAT-T as defined in RFC3947
· none -- disable use of any NAT-T method
· force-natt -- always use NAT-T encapsulation even without
presence of a NAT device (useful if the OS captures all
· cisco-udp -- Cisco proprietary UDP encapsulation, com‐
monly over Port 10000
Note: cisco-tcp encapsulation is not yet supported
conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp>
(In reply to comment #7)
> I have looked at both attachments and it looks like that the differences start
> when dealing with NAT mode.
> 1. Please can you double-check that you have used in both tests (old and new
> vpnc version) exactly the same config file?
Yes, I used the same configuration because I actually didn't use a configuration, I specified everything on the command line.
> 2. Please can you also attach the config file (please replace all private data
> like IP addresses, user names and passwords with xxxx or so)?
% vpnc --gateway $gw --id $id --username $user --debug 3
> 3. Please can you also try, whether changing the NAT mode helps by any chance?
Yup, disabling NAT seemed to work, however, I noticed a difference between two different VPNs.
One VPN works perfectly fine when I disable NAT from NetworkManager, but the other one never works. NM says it connected just fine, but it just doesn't work.
Why no update? The new version is clearly breaking existing use-cases, if there is no fix, it should be reverted.
Still happening on Fedora 16.
Obviously nobody cares if vpn is broken.