[Vpn-help] Feisty 32 bit network browsing

charles morrison charlie2 at ledgible.com
Wed Sep 5 17:52:00 CDT 2007


Matthew Grooms wrote:
> Matthew Linehan wrote:
>>
>> We used the linux route command, to dump the routing table.  I'm no 
>> expert in linux IP routing, but it does not look right to me.  There 
>> were no entries in the routing table that would direct packets 
>> destined for the 192.168.168.* network to the 192.168.167.1 TAP0 
>> interface created by the VPN tunnel.  Indeed there were NO lines in 
>> the routing table that referenced the 192.168.168.* network at all.  
>> I'm fairly certain that the incorrect routing table is the source of 
>> the problem, however I do not know how iked and the ip routing stuff 
>> interact with each other, so I could be wrong.
>>
>
> Charlie and Matthew,
>
> The only problem I saw was related to the tap driver not being 
> released due to IPsec policies not being cleared out properly. This 
> was a bug I introduced recently while trying to fix a lock recursion 
> issue and may have been munging things up. Could you please try the 
> following ...
>
> cd <ike dir>
> svn update
> make clean
> rm CMakeCache.txt
> cmake -DCMAKE_INSTALL_PREFIX=/usr -DQTGUI=YES -DETCDIR=/etc -DNATT=YES
> make
> make install
> setkey -F
> setkey -FP
> /etc/init.d/iked stop
> /etc/init.d/iked start
>
> ... and try to connect again. If you still having problems, please let 
> me know and we can investigate further. It seems to be working fine on 
> my FC6 and Kubuntu 4.07 test hosts. I'm confident we can make it work 
> again :)
>
> Thanks,
>
> -Matthew
>
Matt,

I tried your suggestions and seem to have the same problem.

I did have to use sudo make install, sudo setkey -F, sudo setkey -FP, 
sudo /etc/init.d.iked stop, and sudo /etc/init.d/start to get it 
working. I don't know if the use of root permissions has anything to do 
with this or not. Also, when I initially tried to setkey, an error 
message told me to install ipsec-tools using apt-get, which I did. Just 
to make sure there were no unknown dependencies, I went through the 
updates again, but no difference. Also, I disabled zeroconf in the 
Kubuntu GUI under system settings>network settings.

  Also note that once disconnected from the VPN, I no longer have a 
valid internet connection. Even Firefox doesn't work anymore. I can't 
bring up Google. Tap0 does start when I connect and vanishes when 
disconnected. The IP address for tap0 is a valid IP from our network and 
is the same address as assigned when I use the Windows client.

Here is my Linux route table prior to connection:
*Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric     Ref    
    Use Iface
10.64.64.64     *               255.255.255.255     UH    0              
0        0 ppp0
link-local      *               255.255.0.0                 U     0      
        0        0 eth0
link-local      *               255.255.0.0                 U     0     
         0        0 ath0
default         *               0.0.0.0                         U     
0              0        0 ppp0
default         *               0.0.0.0                         U     
1000         0        0 eth0
*
Here is the Linux route table during the VPN connection: (note they are 
the same)
*Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric     Ref    
    Use Iface
10.64.64.64     *               255.255.255.255     UH    0      
0        0         ppp0
link-local      *               255.255.0.0             U     0      
0        0             eth0
link-local      *               255.255.0.0             U     0      
0        0             ath0
default         *               0.0.0.0                     U     0      
0        0             ppp0
default         *               0.0.0.0                     U     1000   
0        0            eth0
*
I looked at the same tables using Windows and they are quite a bit 
different.

Here it is under Windows before the VPN connection:
*===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface    
      Metric
          0.0.0.0                  0.0.0.0          166.217.217.243  
166.217.217.243      1
        127.0.0.0                255.0.0.0            127.0.0.1       
127.0.0.1               1
  166.217.217.243      255.255.255.255           127.0.0.1       
127.0.0.1           1
  166.217.255.255  255.255.255.255      166.217.217.243      
166.217.217.243      1
        224.0.0.0        224.0.0.0              166.217.217.243      
166.217.217.243      1
  255.255.255.255  255.255.255.255          
166.217.217.243               2       1
Default Gateway:   166.217.217.243
===========================================================================
Persistent Routes:*

Here it is under Windows during the VPN  connection:

*===========================================================================
Active Routes:
Network Destination        Netmask          Gateway           Interface  
            Metric
          0.0.0.0                  0.0.0.0          166.217.217.243  
166.217.217.243      1
        127.0.0.0                255.0.0.0        127.0.0.1             
  127.0.0.1               1
  166.217.217.243  255.255.255.255        127.0.0.1           
127.0.0.1               1
  166.217.255.255  255.255.255.255  166.217.217.243  166.217.217.243      1
    192.168.167.2  255.255.255.255            127.0.0.1           
127.0.0.1           1
  192.168.167.255  255.255.255.255    192.168.167.2       
192.168.167.2       1
    192.168.168.0    255.255.255.0        192.168.167.2       
192.168.167.2       1
        224.0.0.0        224.0.0.0          166.217.217.243          
166.217.217.243      1
        224.0.0.0        224.0.0.0            192.168.167.2           
192.168.167.2       1
  255.255.255.255  255.255.255.255    192.168.167.2               2      
             1
Default Gateway:   166.217.217.243
===========================================================================
Persistent Routes:
  None*

Note that the IP assigned by my gateway VPN is 192.168.167.2 and appears 
in the Windows tables but not in the Linux tables.

Here are the Linux system log messages related to the connection. 
Connection made using /dev/ttyUSB0 using KPPP:

09/05/2007 05:44:11 PM    charles    pppd[5683]    Connect: ppp0 <--> 
/dev/ttyUSB0

09/05/2007 05:44:11 PM    charles    pppd[5683]    pppd 2.4.4 started by 
charles, uid 1000

09/05/2007 05:44:11 PM    charles    pppd[5683]    Using interface ppp0

09/05/2007 05:44:17 PM    charles    pppd[5683]    Cannot determine 
ethernet address for proxy ARP

09/05/2007 05:44:17 PM    charles    pppd[5683]    Could not determine 
remote IP address: defaulting to 10.64.64.64

09/05/2007 05:44:17 PM    charles    pppd[5683]    local  IP address 
166.217.178.100

09/05/2007 05:44:17 PM    charles    pppd[5683]    not replacing 
existing default route through eth0

09/05/2007 05:44:17 PM    charles    pppd[5683]    primary   DNS address 
10.11.12.13

09/05/2007 05:44:17 PM    charles    pppd[5683]    remote IP address 
10.64.64.64

09/05/2007 05:44:17 PM    charles    pppd[5683]    secondary DNS address 
10.11.12.14

09/05/2007 05:46:18 PM    charles    kernel    [  520.800000] tun: (C) 
1999-2004 Max Krasnyansky <maxk at qualcomm.com>

09/05/2007 05:46:18 PM    charles    kernel    [  520.800000] tun: 
Universal TUN/TAP device driver, 1.6

09/05/2007 05:46:28 PM    charles    kernel    [  531.012000] tap0: no 
IPv6 routers present

The message not replacing default route through eth0 looks suspicious to 
me. Also, the DNS entries do not look correct.

Sorry about the formatting. I tried to clean it up a little.
 
Thanks,

Charlie Morrison


-- 
Charlie Morrison
American LED-gible, Inc
1776 Lone Eagle Street
Columbus, OH  43228  USA
614-851-1100
FAX  614-851-1121
We use ISO 26300 document standards available through Open Office at http://www.openoffice.org






More information about the vpn-help mailing list