Hello,
Caused by a dead Cisco 3000 concentrator we got new VPN profiles xxx.pcf
to connect to another concentrator with some other IP and credentials.
Based on the PCF file I created the new vpnc.conf and the diff between
both is really only the external IP and the credentials:
# diff vpnc.conf vpnc.conf.old
1,3c1,3
< IPSec gateway 132.174.xxx.xx
< IPSec ID XXXXXXXXXXXX
< IPSec secret XXXXXXXXXX
---
> IPSec gateway 132.174.xxx.xx
> IPSec ID XXXXXXX
> IPSec secret XXXXXXXXX
After the VPN tunnel is established correctly and routings are setup, I
run a PING to the remote DNS server and the pkg are sent to the VPN interface
tun0:
# tcpdump -n -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type NULL (BSD loopback), capture size 262144 bytes
13:41:25.906344 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4992, length 64
13:41:26.909180 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4993, length 64
13:41:27.910305 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4994, length 64
13:41:28.916432 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4995, length 64
13:41:29.923030 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4996, length 64
13:41:30.924670 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4997, length 64
13:41:31.931023 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4998, length 64
but no answer is coming in;
When I watch at the same time the Internet interface wlan0 of the
laptop, I see the traffic caused by the PING also in the wlan0
interface:
# tcpdump -n -i wlan0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:43:30.889779 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x11b), length 116
13:43:31.899887 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x11c), length 116
13:43:32.931689 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x11d), length 116
13:43:33.940569 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x11e), length 116
13:43:34.950683 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x11f), length 116
13:43:35.956574 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x120), length 116
13:43:36.958244 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x121), length 116
13:43:37.965300 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x122), length 116
13:43:38.973784 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x123), length 116
13:43:39.985459 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x124), length 116
13:43:41.008307 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x125), length 116
13:43:42.043100 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x126), length 116
but there is no answer from the concentrator 132.174.XXX.XX.
My colleagues who are using some Windows vpnclient do not face this
problem, i.e. the concentrator and the file xxx.pcf seems to be fine.
They all get an IP addr assigned from the same range 10.31.30.100 ... 10.31.30.102
Any ideas, what could be the problem? I have a longish --debug 3 log if
someone wants to have a look.
Thanks
matthias
--
Matthias Apitz, ? guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
Caused by a dead Cisco 3000 concentrator we got new VPN profiles xxx.pcf
to connect to another concentrator with some other IP and credentials.
Based on the PCF file I created the new vpnc.conf and the diff between
both is really only the external IP and the credentials:
# diff vpnc.conf vpnc.conf.old
1,3c1,3
< IPSec gateway 132.174.xxx.xx
< IPSec ID XXXXXXXXXXXX
< IPSec secret XXXXXXXXXX
---
> IPSec gateway 132.174.xxx.xx
> IPSec ID XXXXXXX
> IPSec secret XXXXXXXXX
After the VPN tunnel is established correctly and routings are setup, I
run a PING to the remote DNS server and the pkg are sent to the VPN interface
tun0:
# tcpdump -n -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type NULL (BSD loopback), capture size 262144 bytes
13:41:25.906344 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4992, length 64
13:41:26.909180 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4993, length 64
13:41:27.910305 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4994, length 64
13:41:28.916432 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4995, length 64
13:41:29.923030 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4996, length 64
13:41:30.924670 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4997, length 64
13:41:31.931023 IP 10.31.30.102 > 10.23.47.18: ICMP echo request, id 50711, seq 4998, length 64
but no answer is coming in;
When I watch at the same time the Internet interface wlan0 of the
laptop, I see the traffic caused by the PING also in the wlan0
interface:
# tcpdump -n -i wlan0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:43:30.889779 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x11b), length 116
13:43:31.899887 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x11c), length 116
13:43:32.931689 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x11d), length 116
13:43:33.940569 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x11e), length 116
13:43:34.950683 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x11f), length 116
13:43:35.956574 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x120), length 116
13:43:36.958244 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x121), length 116
13:43:37.965300 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x122), length 116
13:43:38.973784 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x123), length 116
13:43:39.985459 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x124), length 116
13:43:41.008307 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x125), length 116
13:43:42.043100 IP 10.42.0.152 > 132.174.XXX.XX: ESP(spi=0x31c98d2c,seq=0x126), length 116
but there is no answer from the concentrator 132.174.XXX.XX.
My colleagues who are using some Windows vpnclient do not face this
problem, i.e. the concentrator and the file xxx.pcf seems to be fine.
They all get an IP addr assigned from the same range 10.31.30.100 ... 10.31.30.102
Any ideas, what could be the problem? I have a longish --debug 3 log if
someone wants to have a look.
Thanks
matthias
--
Matthias Apitz, ? guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub