Bug 731200 - vpnc stopped working completely
Summary: vpnc stopped working completely
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: vpnc
Version: 16
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
Assignee: Christian Krause
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-16 22:27 UTC by Felipe Contreras
Modified: 2012-02-02 18:45 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-02-02 18:45:34 UTC


Attachments (Terms of Use)
Log for old vpnc (60.52 KB, text/plain)
2011-09-07 15:59 UTC, Felipe Contreras
no flags Details
Log for new vpnc (38.02 KB, text/plain)
2011-09-07 16:00 UTC, Felipe Contreras
no flags Details

Description Felipe Contreras 2011-08-16 22:27:11 UTC
Description of problem:
vpnc used to work, now the connection seems to succeed, but no packets make it anywhere.

Version-Release number of selected component (if applicable):
vpnc-0.5.3-12.svn457

How reproducible:
Always

Steps to Reproduce:
1. Connect to a VPN
  
Actual results:
ping google.com (or anything) doesn't work

Expected results:
the connection works properly

Additional info:
I have a laptop with F14, and the same VPNs that fail here work there completely fine.

Comment 1 Felipe Contreras 2011-08-17 00:05:11 UTC
Actually, I downgraded to 0.5.3-9.fc15, and it works fine.

Comment 2 Fedora Admin XMLRPC Client 2011-08-31 00:43:37 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 3 Christian Krause 2011-09-06 23:28:49 UTC
Please can you run vpnc on the command line with "--debug 3" and attach the complete debug output? Please do the test with version 0.5.3-9.fc15 as well as with 0.5.3-12.svn457. Thank you very much in advance!

from "vpnc --long-help":
  --debug <0/1/2/3/99>
      Show verbose debug messages
       *  0: Do not print debug information.
       *  1: Print minimal debug information.
       *  2: Show statemachine and packet/payload type information.
       *  3: Dump everything exluding authentication data.
       * 99: Dump everything INCLUDING AUTHENTICATION data (e.g. PASSWORDS).
  conf-variable: Debug <0/1/2/3/99>

Comment 4 Felipe Contreras 2011-09-07 15:59:24 UTC
Created attachment 521935 [details]
Log for old vpnc

Comment 5 Felipe Contreras 2011-09-07 16:00:12 UTC
Created attachment 521936 [details]
Log for new vpnc

Comment 6 Felipe Contreras 2011-09-07 16:03:24 UTC
As you can see, there's clearly a regression, I say you should revert back to the old one.

It's also interesting the fact that even though vpnc fails (it doesn't go to the background), the NetworkManager plug in think it does.

Comment 7 Christian Krause 2011-09-11 17:03:26 UTC
I have looked at both attachments and it looks like that the differences start when dealing with NAT mode.

1. Please can you double-check that you have used in both tests (old and new vpnc version) exactly the same config file?

2. Please can you also attach the config file (please replace all private data like IP addresses, user names and passwords with xxxx or so)?

3. Please can you also try, whether changing the NAT mode helps by any chance?

From the "man vpnc":
--------------------------
       --natt-mode <natt/none/force-natt/cisco-udp>
              Which NAT-Traversal Method to use:
              ·      natt -- NAT-T as defined in RFC3947
              ·      none -- disable use of any NAT-T method
              ·      force-natt -- always use NAT-T encapsulation even without
                     presence  of  a NAT device (useful if the OS captures all
                     ESP traffic)
              ·      cisco-udp -- Cisco proprietary  UDP  encapsulation,  com‐
                     monly over Port 10000
              Note: cisco-tcp encapsulation is not yet supported
              Default: natt
       conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp>
-------------------------

Comment 8 Felipe Contreras 2011-09-13 08:42:13 UTC
(In reply to comment #7)
> I have looked at both attachments and it looks like that the differences start
> when dealing with NAT mode.
> 
> 1. Please can you double-check that you have used in both tests (old and new
> vpnc version) exactly the same config file?

Yes, I used the same configuration because I actually didn't use a configuration, I specified everything on the command line.

> 2. Please can you also attach the config file (please replace all private data
> like IP addresses, user names and passwords with xxxx or so)?

No configuration:

% vpnc --gateway $gw --id $id --username $user --debug 3

> 3. Please can you also try, whether changing the NAT mode helps by any chance?

Yup, disabling NAT seemed to work, however, I noticed a difference between two different VPNs.

One VPN works perfectly fine when I disable NAT from NetworkManager, but the other one never works. NM says it connected just fine, but it just doesn't work.

Comment 9 Felipe Contreras 2011-11-16 16:44:48 UTC
Why no update? The new version is clearly breaking existing use-cases, if there is no fix, it should be reverted.

Still happening on Fedora 16.

Comment 10 Felipe Contreras 2012-02-02 18:45:34 UTC
Obviously nobody cares if vpn is broken.


Note You need to log in before you can comment on or make changes to this bug.