[vpn-help] Network communication through VPN client causes Ubuntu to freeze

Demelza fire_keese at hotmail.com
Thu Aug 11 05:32:11 CDT 2011


Demelza Buckham <fire_keese at ...> writes:

> 
> 
> 
> 
> <!--
> .hmmessage P
> {
> margin:0px;
> padding:0px
> }
> body.hmmessage
> {
> font-size: 10pt;
> font-family:Tahoma
> }
> -->Hi thereI'm not quite sure whether this is a question for Shrew Soft or
Ubuntu, but I'll try here first.I've managed to get Shrew Soft VPN Client
connected to my Juniper SSG 5 using this tutorial:
http://www.shrew.net/support/wiki/HowtoJuniperSsgHowever, if I try to connect to
any hosts, my computer immediately freezes and requires a hard reboot.  (Pinging
a non-existant host is fine, pinging the SSG 5 using its public IP is fine,
however, pinging or trying to connect via SSH to a host that exists within the
remote network causes the problem.)For example:Ubuntu 11.04 (my PC) main IP =
10.0.0.212Ubuntu 11.04 (my PC) tunnel IP = 192.168.150.1Juniper WAN IP =
10.0.0.213Target IP = 192.168.10.5Non-existent IP = 192.168.10.123Pinging
10.0.0.213 works, pinging 192.168.10.123 gets no response (it's dropped by my
switch), pinging 192.168.10.5 kills my PC.When I ping 192.168.10.5: Juniper does
an ARP on the IP, and sends the ping out of the correct port, the target
computer replies, the reply is received by Juniper and is forwarded onto my PC -
I'm guessing it dies at this point, although I can't see why.Using:Ubuntu
11.04VPN Client 2.1.5ScreenOS (on SSG) 6.2.0r11.0Troubleshooting done so far:-
I've doubled checked all of the client and Juniper settings, all are exactly as
in the tutorial (except number of simultaneous connections to user account)-
I've turned off ipv6- Tried disabling Ubuntu network manager- Tried using both
eth0 and eth1 and disabling the inactive one (eth0 on-board, eth1 USB adapter)-
Checked logs on Juniper; can't see anything- I can see the ping and the response
on wireshark running on the target computer (it only sees one ping)- Checked
logs on computer running the VPN client; nothing that seems relevant (both
syslog and iked.log, which was set to log level loud)- Tried turning off NAT
traversal on both client and Juniper- Tried manually putting in cipher and hash
algorithms for Phase 1 and 2 rather than leaving as auto- Debugging with the
Juniper debug command isn't showing anything relevant; and I can't see how to
debug both the flow and IKE/tunnel together, so can't see the relationship
between the packets being sent and the tunnel status- Uninstalled other VPN
software from the machine (I did have OpenVPN on there)I'm not really sure what
else to do at this stage; it looks like the Ubuntu is freezing before logging
anything and I can't see any problems on any of the other hardware involved.This
is what syslog shows when I connect to the VPN; although I don't think it's
relevantNetworkManager[836]:    SCPlugin-Ifupdown: devices added (path:
/sys/devices/virtual/net/tap0, iface: tap0)NetworkManager[836]:   
SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface:
tap0): no ifupdown configuration found.NetworkManager[836]: <warn>
/sys/devices/virtual/net/tap0: couldn't determine device driver; ignoring...Any
help with what I could do next to try and solve the issue would be appreciated. 
Thanks very much.Dee
> 
>  		 	   		  
> 
> _______________________________________________
> vpn-help mailing list
> vpn-help at ...
> http://lists.shrew.net/mailman/listinfo/vpn-help
> 



UPDATE: I installed Shrew Soft version 1.7 on a Win 7 virtual machine with a
bridged connection to Ubuntu, and that works fine.

I also uninstalled 1.5 and compiled the 1.7 version on Ubuntu; getting the same
issue as with 1.5.





More information about the vpn-help mailing list