Hide Forgot
Description of problem: A vpnc connection initiated with either the command-line or NetworkManager will connect and then arbitrarily disconnect (typically 30-60 minutes later) with little or no warning in the logs. This has been a long standing issue through many Fedora releases. Relevant info from /var/log/message: Feb 4 13:06:01 jute avahi-daemon[866]: Withdrawing workstation service for tun0. Feb 4 13:06:01 jute kernel: [78384.573349] libfcoe_device_notification: NETDEV_UNREGISTER tun0 Feb 4 13:06:01 jute lldpad[973]: netlink: 20 bytes leftover after parsing attributes. Feb 4 13:06:01 jute lldpad[973]: netlink: 20 bytes leftover after parsing attributes. Feb 4 13:06:02 jute kernel: [78385.581047] libfcoe_device_notification: NETDEV_UNREGISTER tun0 Version-Release number of selected component (if applicable): # yum list vpnc\* Loaded plugins: langpacks, presto, refresh-packagekit Installed Packages vpnc.x86_64 0.5.3-13.svn457.fc16 @koji-override-0/$releasever vpnc-script.noarch 0.5.3-13.svn457.fc16 @koji-override-0/$releasever How reproducible: Always disconnects, regardless of "Dead Peer Detection" being enabled or not Steps to Reproduce: 1. Connect to internet 2. sudo vpnc <myconfig> 3. Verify vpnc is now working Actual results: Sudden disconnect within the hour Expected results: VPN connection does not disconnect, wreaking havoc on network mounts, email, etc. Additional info:
Has anyone seen this problem? It persists and there's little or no diagostics. Anyway to implicate the server side? Or is this clearly a client side issue? Thanks, -Matt
Yes, I have as well. I did not see it prior to upgrading from F15 to F16, which I did last week. Prior to that my vpnc connections were stable so I suspect it was regression introduced in F16. brian
You might try disabling Dead Peer Detection with --dpd-idle 0 or DPD idle timeout (our side) 0 in the config file.
I just had another thought on this. My vpnc connection has been rock stable today over several hours of testing. One notable difference is that I've disabled wifi and am just using wired ethernet. I can retry with DPD disabled over wifi. How do I configure vpnc when it's controlled by network manager?
nm-connection-editor and click the VPN tab, double-click your connection. There's a box for dead peer detection there. One other thought, perhaps your wifi is dropping for some reason (kernel stupidity, etc) and when it drops for too long, and NM reconnects, then the VPN is gone already too. But try disabling DPD first.
I should add that I didn't notice any definitive wifi problems, either via the GUI or from network usage. But it's possible some wifi instability was present that I didn't notice.
I just encountered this again on wifi with dead peer detection disabled. From the log: Mar 14 11:56:36 bfallik-laptop kernel: [80866.777576] vpnc[13844]: segfault at 7fb2fb3a3ded ip 00007fb2 fb18ba3d sp 00007fff0af89c10 error 4 in vpnc[7fb2fb17a000+21000] Mar 14 11:56:37 bfallik-laptop abrtd: Directory 'ccpp-2012-03-14-11:56:37-13844' creation detected Mar 14 11:56:37 bfallik-laptop abrt[16275]: Saved core dump of pid 13844 (/usr/sbin/vpnc) to /var/spool /abrt/ccpp-2012-03-14-11:56:37-13844 (638976 bytes) Mar 14 11:56:37 bfallik-laptop kernel: [80867.048295] libfcoe_device_notification: NETDEV_UNREGISTER tun0 It looks like this was a segfault in VPNC. Here's the backtrace of the coredump from gdb: ... Core was generated by `/usr/sbin/vpnc --non-inter --no-detach -'. Program terminated with signal 11, Segmentation fault. #0 0x00007ffdbe645a3d in unpack_verify_phase2 (s=0x7fff8d2ddc70, r_packet=0x7ffdbe858b40 "VQ\357\335~h\001\324\255\300I\344\366FF\345\b\020 \001\226E\366\031", r_length=<optimized out>, r_p=0x7fff8d2dd8b8, nonce=0x0, nonce_size=0) at vpnc.c:609 609 for (sz = spos; r_packet[sz] != 0; sz += r_packet[sz + 2] << 8 | r_packet[sz + 3]) ; Missing separate debuginfos, use: debuginfo-install glibc-2.14.90-24.fc16.6.x86_64 gnome-keyring-3.2.1-3.fc16.x86_64 gnutls-2.12.14-1.fc16.x86_64 zlib-1.2.5-6.fc16.x86_64 (gdb) bt #0 0x00007ffdbe645a3d in unpack_verify_phase2 (s=0x7fff8d2ddc70, r_packet=0x7ffdbe858b40 "VQ\357\335~h\001\324\255\300I\344\366FF\345\b\020 \001\226E\366\031", r_length=<optimized out>, r_p=0x7fff8d2dd8b8, nonce=0x0, nonce_size=0) at vpnc.c:609 #1 0x00007ffdbe64b1fe in do_rekey (r=0x0, s=0x7fff8d2ddc70) at vpnc.c:3005 #2 process_late_ike (s=0x7fff8d2ddc70, r_packet=<optimized out>, r_length=<optimized out>) at vpnc.c:3044 #3 0x00007ffdbe641afd in process_socket (s=0x7fff8d2ddc70) at tunip.c:731 #4 vpnc_main_loop (s=0x7fff8d2ddc70) at tunip.c:902 #5 vpnc_doit (s=0x7fff8d2ddc70) at tunip.c:1064 #6 0x00007ffdbe63d418 in main (argc=<optimized out>, argv=<optimized out>) at vpnc.c:3185 (gdb) Please let me know if I can provide anything else. I'm hesitant to upload the core file since it might contain sensitive bits.
Here's more info from my setup: * I'm on the wire * DPD is disabled * Command line only Since NM is out of the loop, is there other debugging to turn on? This is the very simplistic config file. --- IPSec gateway <mygateway> IPSec ID <myid> IPSec secret <mysecret> Xauth username <myusername> Xauth password <mypass> DPD idle timeout (our side) 0 Enable Single DES
This message is a reminder that Fedora 16 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 16. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '16'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 16's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 16 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.