[vpn-help] Network communication through VPN client causes Ubuntu to freeze

Demelza Buckham fire_keese at hotmail.com
Wed Aug 10 06:18:58 CDT 2011






Hi there

I'm not quite sure whether this is a question for Shrew Soft or Ubuntu, but I'll try here first.

I've managed to get Shrew Soft VPN Client connected to my Juniper SSG 5 using this tutorial: http://www.shrew.net/support/wiki/HowtoJuniperSsg

However, if I try to connect to any hosts, my computer immediately freezes and requires a hard reboot.  (Pinging a non-existant host is fine, pinging the SSG 5 using its public IP is fine, however, pinging or trying to connect via SSH to a host that exists within the remote network causes the problem.)

For example:
Ubuntu 11.04 (my PC) main IP = 10.0.0.212
Ubuntu 11.04 (my PC) tunnel IP = 192.168.150.1
Juniper WAN IP = 10.0.0.213
Target IP = 192.168.10.5
Non-existent IP = 192.168.10.123

Pinging 10.0.0.213 works, pinging 192.168.10.123 gets no response (it's dropped by my switch), pinging 192.168.10.5 kills my PC.

When I ping 192.168.10.5: Juniper does an ARP on the IP, and sends the ping out of the correct port, the target computer replies, the reply is received by Juniper and is forwarded onto my PC - I'm guessing it dies at this point, although I can't see why.

Using:
Ubuntu 11.04
VPN Client 2.1.5
ScreenOS (on SSG) 6.2.0r11.0

Troubleshooting done so far:
- I've doubled checked all of the client and Juniper settings, all are exactly as in the tutorial (except number of simultaneous connections to user account)
- I've turned off ipv6
- Tried disabling Ubuntu network manager
- Tried using both eth0 and eth1 and disabling the inactive one (eth0 on-board, eth1 USB adapter)
- Checked logs on Juniper; can't see anything
- I can see the ping and the response on wireshark running on the target computer (it only sees one ping)
- Checked logs on computer running the VPN client; nothing that seems relevant (both syslog and iked.log, which was set to log level loud)
- Tried turning off NAT traversal on both client and Juniper
- Tried manually putting in cipher and hash algorithms for Phase 1 and 2 rather than leaving as auto
- Debugging with the Juniper debug command isn't showing anything relevant; and I can't see how to debug both the flow and IKE/tunnel together, so can't see the relationship between the packets being sent and the tunnel status
- Uninstalled other VPN software from the machine (I did have OpenVPN on there)

I'm not really sure what else to do at this stage; it looks like the Ubuntu is freezing before logging anything and I can't see any problems on any of the other hardware involved.

This is what syslog shows when I connect to the VPN; although I don't think it's relevant
NetworkManager[836]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0)
NetworkManager[836]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found.
NetworkManager[836]: <warn> /sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...



Any help with what I could do next to try and solve the issue would be appreciated.  Thanks very much.


Dee

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20110810/19c5cac8/attachment.html>


More information about the vpn-help mailing list