Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 04-06-2007, 04:28 PM   #1
Registered: Apr 2007
Location: texas
Distribution: mandriva 2007.0 / edgy
Posts: 63

Rep: Reputation: 15
VPN client - destination unreachable, all else good (New install).

Hi all. I usually google my problem before I bother others with them, and this is probably on it's 4th day of trying to debug, and I simply can't take it anymore (no hair left). Also, I'm fairly new to this, so I must apoligize ahead of time, if this is a n00b thing (and I hope it is).

A new install of Mandriva (2007.0). Everything works great.

I've installed a ci$co VPN client (and am using the profile supplied by my work). When I start VPN, I get a tunnel, I'm assigned a client address IP of 10.1.15.*, and I can see the server address,

Your VPN connection is secure.
VPN tunnel information.
Client address:
Server address:
Encryption: 168-bit 3-DES
Authentication: HMAC-MD5
IP Compression: None
NAT passthrough is active on port UDP 10000 
Local LAN Access is disabled
but when I try to ping anyone in that same area 10.1.15.*, I get

" From icmp_seq=1 Destination Host Unreachable "

Now, this is ONLY in that area. I can still go everywhere else on the internet, just not in this group (I know there are multiple systems in this group).

Is this a firewall coniguration this? A NAT configuration thing? To my knowledge, I have not configured ANYTHING on the new install yet (its' all default, so firewall, etc is default).

Here are my goodies;

PHP Code:
[name-hidden@adsl-71-145-143-67 /]$ netstat -r
Kernel IP routing table
Destination     Gateway    Genmask      Flags   MSS Window  irtt Iface
.sigma adsl-71-145-143 UGH       0 0          0 eth0 UG        0 0          0 cipsec0 UG        0 0          0 cipsec0    
*  U         0 0          0 eth0       
*  U         0 0          0 cipsec0  UG        0 0          0 cipsec0  UG        0 0          0 cipsec0  UG        0 0          0 cipsec0  UG        0 0          0 cipsec0  UG        0 0          0 cipsec0  UG        0 0          0 cipsec0  UG        0 0          0 cipsec0  UG        0 0          0 cipsec0  UG        0 0          0 cipsec0  UG        0 0          0 cipsec0  UG        0 0          0 cipsec0
default         adsl-71-145-143   UG        0 0          0 eth0 

PHP Code:
cipsec0   Link encap:Ethernet  HWaddr 00:0B:FC:F8:01:8F  
          inet addr
:  Mask:
          inet6 addr
fe80::20b:fcff:fef8:18f/64 Scope:Link
:1356  Metric:1
          RX packets
:144 errors:0 dropped:0 overruns:0 frame:0
          TX packets
:0 errors:0 dropped:742 overruns:0 carrier:0
:0 txqueuelen:1000 
          RX bytes
:16744 (16.3 KiB)  TX bytes:(0.0 b)

eth0      Link encap:Ethernet  HWaddr 00:0D:61:06:6C:76  
          inet addr
:  Bcast:  Mask:
          inet6 addr
fe80::20d:61ff:fe06:6c76/64 Scope:Link
:1500  Metric:1
          RX packets
:33776 errors:0 dropped:0 overruns:0 frame:0
          TX packets
:38043 errors:0 dropped:0 overruns:0 carrier:0
:0 txqueuelen:1000 
          RX bytes
:13572390 (12.9 MiB)  TX bytes:3280497 (3.1 MiB)
Interrupt:17 Base address:0xc000 

lo        Link encap
:Local Loopback  
          inet addr
:  Mask:
          inet6 addr
: ::1/128 Scope:Host
:16436  Metric:1
          RX packets
:49758 errors:0 dropped:0 overruns:0 frame:0
          TX packets
:49758 errors:0 dropped:0 overruns:0 carrier:0
:0 txqueuelen:
          RX bytes
:4423952 (4.2 MiB)  TX bytes:4423952 (4.2 MiB
(FWIW, you can see that cipsec0 has dropped all TX packets.)

A look into my resolv.conf yeilds; (why the redundant nameserver?)

PHP Code:
search sigmatel

I'm not getting a lot of support from work, as they are all xp guys.


Old 04-07-2007, 05:46 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971
i admit i've not tried doing that, but there's no reasno i qould expect this to actaully work. obviosuly your ability to reach the other vpn users is wholly dependent on the peer device, your vpn concentrator, asa / pix firewall etc... nothing you should be able to have any influence over. by default a pix firewall either won't or can't (version dependent) allow identical interfaces to talk to each other, so it's not your fault.

btw, i prefer using vpnc instead of cisco's own client, apparently slightly less featureful, but a lot lot simpler and nicer to use, assuming you can convert the profile you've been given to the vpnc format config.
Old 04-07-2007, 08:49 PM   #3
Registered: Apr 2007
Location: texas
Distribution: mandriva 2007.0 / edgy
Posts: 63

Original Poster
Rep: Reputation: 15
Well... I don't quite believe it, but I got it working by 'enabling' the firewall. I thought the firewall wasn't enabled / letting everything go by, but I guess I was wrong.


In case anyone else has this problem... my configuration was set up correctly, I just needed to enable the firewall.

Now for my next networking problem (I'll need to start a new thread ... it's an sshd problem.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
destination host unreachable mundacho Linux - Networking 1 03-10-2006 02:59 PM
help ! Destination Unreachable ernvb Linux - Hardware 3 10-24-2005 12:09 AM
Destination Host Unreachable danka Linux - Networking 8 01-01-2005 06:29 PM
Destination Host Unreachable thanos35 Linux - General 4 01-06-2003 07:48 AM
destination host unreachable jb1 Linux - Networking 3 11-27-2002 02:36 PM

All times are GMT -5. The time now is 05:32 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration