[vpn-help] virtual adapter routing broken on Ubuntu 10.04??

r hayman rhayman at visi.com
Sun Jul 11 21:09:18 CDT 2010 

So, I've got two absolutely identical machines - I mean absolutely
identical hardware.  One runs Windows 7 64-bit and one runs Ubuntu 10.04
64 bit desktop.

In all cases, the ShrewSoft configurations are the same between the
Windows and the Ubuntu machines.

I can run ShrewSoft 2.1.5 (via the Ubuntu package manager) and establish
a Mutual PSK+XAuth VPN connection using both a non-ModeConfig and
ModeConfig configuration.

I can also run ShrewSoft 2.1.5 (via download from ShrewSoft.com) on
Windows 7 64-bit and establish a Mutual PSK+XAuth VPN connection using
both a non-ModeConfig and ModeConfig configuration.

The non-ModeConfig connections use the 'existing adapter and current
address' whereas the ModeConfig connections use the 'virtual adapter and
assigned address'.

Here's the kicker that's got me wondering if Ubuntu 10.04 has a routing
bug:

In all instances of VPN connections *except* the Ubuntu 10.04 ShrewSoft
ModeConfig connection, everything works flawlessly as expected.  Only
with the Ubuntu 10.04 ShrewSoft ModeConfig connection I cannot ping
hosts on the remote end of the VPN, nor can I see any host on the remote
end.

The routing tables look good to me (netstat -r and route output), the
Virtual Adapter (tap0) establishes the expected (non-overlapping) IP
address, yet, the only instance of improper (or non-existant) routing
occur with virtual adapters on Ubuntu 10.04.  

Under Ubuntu 10.04, when I ping the remote end of the VPN connection,
the tap0 adapter does not register any traffic, but the eth0 adapter
does.  This leads me to believe Ubuntu 10.04 has a routing issue with
virtual adapters.  

Does it matter that I'm using Netgear VPN firewalls?  I don't think so,
since the Windows 7 works fine using the non-ModeConfig and the
ModeConfig settings, and the Ubuntu 10.04 box works fine using the
non-ModeConfig settings.

I could supply all the various permutations of logs and configurations
that I've tried, but the fact that I can establish connectivity in all
instances leads me to believe the problem is *not* with my ShrewSoft
configurations and/or VPN connections.

Here's the bottom line:
Windows7 -> FVS114 -> FVS336G -> remote host
in either 'Mutual PSK + XAuth' non-ModeConfig or ModeConfig settings,
after establishing the VPN, the Windows7 machine can ping the remote
host and see hosts on the remote LAN

Ubuntu10.04 -> FVS114 -> FVS336G -> remote host
in 'Mutual PSK + XAuth' non-ModeConfig setting, after establishing the
VPN, the Ubuntu machine can ping the remote host and see hosts on the
remote LAN
in 'Mutual PSK + XAuth' ModeConfig setting, after establishing the VPN,
the Ubuntu machine cannot ping the remote host, nor can it see anything
on the remote LAN.

Thoughts anybody?

More information about the vpn-help mailing list