[vpn-help] virtual adapter routing broken on Ubuntu 10.04??

mikelupo at aol.com mikelupo at aol.com
Mon Jul 12 19:50:04 CDT 2010


Can you throw in the Ubuntu CD for Jaunty 9.04 (I think you can it run but don't install) and then try it there? You may be forced to install it in order to make configuration changes though. I don't know. 

Why I wrote you....
I had a weird networking issue with 9.10 and that probably carries forward in your 10.04 where some virtual networking that we do between our devices under development and the outside world stopped working when we upgraded to 9.10. We backed up Ubuntu to 9.04 and all was well. So if you have the time/energy back your Unbuntu to an older kernel and give it a try. 

Now, after all that I have said so far you must know this.
1) I have never tried to do any kind of VPN connection using any Ubuntu client.
2) I do not know what's required on the Ubuntu client in order to negotiate a shew/VPN connection. If it's a VPN allowable feature that came available in the later Ubuntu client version then I've certainly shown my ignorance. 

...but at least I want to help. 

Best,
Mike






-----Original Message-----
From: r hayman <rhayman at visi.com>
To: vpn-help at lists.shrew.net
Sent: Sun, Jul 11, 2010 10:09 pm
Subject: [vpn-help] virtual adapter routing broken on Ubuntu 10.04??


So, I've got two absolutely identical machines - I mean absolutely
dentical hardware.  One runs Windows 7 64-bit and one runs Ubuntu 10.04
4 bit desktop.
In all cases, the ShrewSoft configurations are the same between the
indows and the Ubuntu machines.
I can run ShrewSoft 2.1.5 (via the Ubuntu package manager) and establish
 Mutual PSK+XAuth VPN connection using both a non-ModeConfig and
odeConfig configuration.
I can also run ShrewSoft 2.1.5 (via download from ShrewSoft.com) on
indows 7 64-bit and establish a Mutual PSK+XAuth VPN connection using
oth a non-ModeConfig and ModeConfig configuration.
The non-ModeConfig connections use the 'existing adapter and current
ddress' whereas the ModeConfig connections use the 'virtual adapter and
ssigned address'.
Here's the kicker that's got me wondering if Ubuntu 10.04 has a routing
ug:
In all instances of VPN connections *except* the Ubuntu 10.04 ShrewSoft
odeConfig connection, everything works flawlessly as expected.  Only
ith the Ubuntu 10.04 ShrewSoft ModeConfig connection I cannot ping
osts on the remote end of the VPN, nor can I see any host on the remote
nd.
The routing tables look good to me (netstat -r and route output), the
irtual Adapter (tap0) establishes the expected (non-overlapping) IP
ddress, yet, the only instance of improper (or non-existant) routing
ccur with virtual adapters on Ubuntu 10.04.  
Under Ubuntu 10.04, when I ping the remote end of the VPN connection,
he tap0 adapter does not register any traffic, but the eth0 adapter
oes.  This leads me to believe Ubuntu 10.04 has a routing issue with
irtual adapters.  
Does it matter that I'm using Netgear VPN firewalls?  I don't think so,
ince the Windows 7 works fine using the non-ModeConfig and the
odeConfig settings, and the Ubuntu 10.04 box works fine using the
on-ModeConfig settings.
I could supply all the various permutations of logs and configurations
hat I've tried, but the fact that I can establish connectivity in all
nstances leads me to believe the problem is *not* with my ShrewSoft
onfigurations and/or VPN connections.
Here's the bottom line:
indows7 -> FVS114 -> FVS336G -> remote host
n either 'Mutual PSK + XAuth' non-ModeConfig or ModeConfig settings,
fter establishing the VPN, the Windows7 machine can ping the remote
ost and see hosts on the remote LAN
Ubuntu10.04 -> FVS114 -> FVS336G -> remote host
n 'Mutual PSK + XAuth' non-ModeConfig setting, after establishing the
PN, the Ubuntu machine can ping the remote host and see hosts on the
emote LAN
n 'Mutual PSK + XAuth' ModeConfig setting, after establishing the VPN,
he Ubuntu machine cannot ping the remote host, nor can it see anything
n the remote LAN.
Thoughts anybody?
_______________________________________________
pn-help mailing list
pn-help at lists.shrew.net
ttp://lists.shrew.net/mailman/listinfo/vpn-help

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20100712/4d8e7d75/attachment-0002.html>


More information about the vpn-help mailing list