LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-07-2004, 10:16 PM   #1
rennard
LQ Newbie
 
Registered: Jul 2004
Posts: 3

Rep: Reputation: 0
DNS problems with cisco vpn client / mandrake 10


I installed the cisco vpn linux client (4.0.4.B) on a fresh mandrake 10 install to access the intranet at work. Install went fine, no errors, and I can log in ok.

Once I'm logged in, I can ping IPs on the internal network (can ping the DNS servers, ssh into servers, spawn X-Windows, etc), but the intranet DNS isn't picking up.

I've checked /etc/resolv.conf and it has been updated properly with the domain, nameservers and search for the intranet.

Using 'nslookup <address> <dns server ip>' times out (Although the exact same command works if I reboot into Windows).

I'm pretty stumped at this point as to what to try next. Any suggestions?
 
Old 07-15-2004, 02:46 PM   #2
schaubert
LQ Newbie
 
Registered: Jul 2004
Posts: 1

Rep: Reputation: 0
Linux DNS Problem with VPN 4.0.4.B

I'm seeing the same problem with the VPN client not being able to support DNS.
After a fresh fedora redhat install, the VPN works fine.
After upgrading from kernal rev 2.6.5-1.358 to 2.6.6-1.435.2.1 the VPN still connected, and I can reach nodes by IP address, but DNS no longer works.

I suspect there could be an unknown compatability issue with the 4.0.4.B VPN client and the newest kernel.
 
Old 08-07-2004, 11:57 AM   #3
jito
LQ Newbie
 
Registered: Aug 2004
Posts: 2

Rep: Reputation: 0
same problem

Hi, I'm having the same problem with Mandrake 10 and the Cisco VPN client. I can connect to the VPN fine and even ping other computers but DNS lookups don't seem to be working. Was anyone able to resolve this?
 
Old 08-07-2004, 04:33 PM   #4
sorcerer01
LQ Newbie
 
Registered: Aug 2004
Location: Milano, MI, Italy
Distribution: Whitebox
Posts: 9

Rep: Reputation: 0
To solve your issue take a look at my site
<URL REMOVED>

MOD Note: If you are interested in advertising please contact the site administrator.

Last edited by david_ross; 09-04-2004 at 08:48 AM.
 
Old 08-08-2004, 02:47 AM   #5
jito
LQ Newbie
 
Registered: Aug 2004
Posts: 2

Rep: Reputation: 0
site translation problem

Thanks for the reply, but I don't see anything in English mentioning the cisco DNS problem.
 
Old 08-23-2004, 10:53 AM   #6
rhoekstra
Member
 
Registered: Aug 2004
Location: The Netherlands
Distribution: RedHat 2, 3, 4, 5, Fedora, SuSE, Gentoo
Posts: 372

Rep: Reputation: 42
I'm experiencing the same problem here. If anyone found the problem, I'd like to hear the solution..

Thanks in advance..

(besides, backslashes in URLs ??)
 
Old 08-26-2004, 05:48 PM   #7
tcouey
LQ Newbie
 
Registered: Aug 2004
Posts: 3

Rep: Reputation: 0
Same problem here, with Fedora Core 2, kernel 2.6.7-1.494.2.2. It had worked before with my old kernel, maybe you need to uninstall it before reinstalling it? Has anyone tried that? I just ran the install script again after updating the kernel.
 
Old 08-27-2004, 09:38 PM   #8
efanning
Member
 
Registered: Jul 2004
Distribution: Right now - Ubuntu 7.04
Posts: 81

Rep: Reputation: 15
I'd like to test it out on my version of FC2. Where can I get the Cisco VPN Client. I tried there website but was unable to download it.

Eric
 
Old 08-28-2004, 12:51 AM   #9
tcouey
LQ Newbie
 
Registered: Aug 2004
Posts: 3

Rep: Reputation: 0
I got it from my employer, but I don't think I can redistribute it for a couple of reasons. First it's commercially licensed, and second it has my company's server and crypto keys in it.
 
Old 09-01-2004, 02:36 PM   #10
gpetme
LQ Newbie
 
Registered: Nov 2002
Posts: 17

Rep: Reputation: 0
same problem here (kernel 2.6.8)

I'm having the same issue here... Gentoo 2004.2, kernel 2.6.8, Cisco VPN client 4.0.5 Rel k9. I can ping/ssh/etc but not much else. Intranet web browsing does not work, neither does just about any name based service. But, it does suspiciously work every once in a while, no rhyme or reason to it though. Cisco sucks.

gpetme
 
Old 09-06-2004, 03:22 PM   #11
fatcat
LQ Newbie
 
Registered: Jan 2004
Posts: 10

Rep: Reputation: 1
Same problem here. Cisco VPN worked fine in 2.6.6 but no more in 2.6.7 or 2.6.8 All hints appreciated
 
Old 09-07-2004, 03:10 PM   #12
fatcat
LQ Newbie
 
Registered: Jan 2004
Posts: 10

Rep: Reputation: 1
Cool solution for 3c59x

I managed to get it work in my toshiba tecra 8100 laptop. I have 3c59x network driver and adding parameter hw_checksums=0 cured the problem. For some reason adding it to /etc/modules.conf did not help although it should have:
options 3c59x hw_checksums=0
(It just caused the network initializatio during boot to take forever (or at least long)

But vpn works when I unload the module and reload it with this parameter like this (as root):

/etc/init.d/network stop
/sbin/rmmod 3c59x
/sbin/modprobe 3c59x hw_checksums=0
/etc/init.d/network start
 
Old 09-21-2004, 04:13 PM   #13
gpetme
LQ Newbie
 
Registered: Nov 2002
Posts: 17

Rep: Reputation: 0
Update:

I've gotten some functionality to work. I do notice that name lookups take quite a long time to complete.

SSH - Works via IP quickly, but slowly by name. For now I have added a few entries in /etc/hosts for the systems I ssh into most of the itme. Because of this weird behavior from the Cisco client I've been forced to login to a server and 'bounce' from there to where I need to go - this way I avoid the bugs in the VPN client.

HTTP / HTTPS - Works sometimes - this has gotten better with no changes except for an upgrade from v4.0.1 to v4.0.5. It's still not great, however.

One thing I have noticed is that it appears that the Cisco Concentrator only supports one DNS search suffix - that is, here we have company.com, production.company.com, corporate.company.com, etc. Also, it appears that /etc/resolv.conf is ignored by the Cisco client. When I ping a host, try to browse to a host, the Concentrator appears to only support hostnames in company.com, and not other domains. I've verified with our network engineers that it's configured to supoprt more than one DNS suffix, but they don't appear to get picked up by the client. Weird. It sure would be nice if the Cisco IPSec VPNs supoprted a standard IPSec client so we could use an open source client and be done with this thing. Besides all the problems I've had with this thing it sometimes crashes my system (or at least I suspect the client of being the root of the problem.

gpetme
 
Old 09-21-2004, 06:14 PM   #14
tcouey
LQ Newbie
 
Registered: Aug 2004
Posts: 3

Rep: Reputation: 0
I got it working again by uninstalling it completely and reinstalling it. It seems that it configures itself against your kernel, so if you change kernels you have to reinstall (but uninstall first).
 
Old 09-25-2004, 12:14 AM   #15
gpetme
LQ Newbie
 
Registered: Nov 2002
Posts: 17

Rep: Reputation: 0
fix available from Cisco

I got the latest Cisco Client for Linux (v4.0.6) and the bugs have been fixed. Here's the release notes:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Cisco VPN Client Readme file
============================


This file describes the contents of the Cisco VPN Client files for the Linux platform

Refer to the Bug Navigator on Cisco Connection Online for open issues:
http://www.cisco.com/support/bugtools/bugtool.shtml



Revision: Release 4.6.00.0045
Files: vpnclient-linux-4.6.00.0045-k9.tar.gz

Contents:

Resolved Issues


CSCee60160 unity linux tg3 driver incompatibility
CSCee27420 Linux VPN client has problem with DNS and kernel >2.6.5


Unresolved Issues

CSCee60154

Symptoms
After making a VPN Client connection, some traffic types no longer work.
Specifically applications that send large packets like SMTP, HTTP, and SSH.

Conditions
The 2.6.4 Kernel enabled a feature of certain ethernet cards that discards
packets larger than the configured MTU. Since the VPN Client lowers the MTU
visible to the applications in order to add it's overhead without exceeding
the original MTU, the resulting packets are bigger than the newly configured
MTU. Therefore the card throws out the large encrypted packets.

This can easily be tested with a ping.
ping -s 500 x.x.x.x should pass
ping -s 2600 x.x.x.x should fail

Workarounds
If an lsmod shows that the "e100" driver is in use for the network card, it
can be replaced with the "eepro100" driver.

ifdown eth0
rmmod e100
modprobe eepro100
ifup eth0




Revision: Release 4.0 Rel
Files: vpnclient-linux-4.0.Rel-k9.tar.gz

Contents: - See Release Notes for Release 4.0 Rel at:
http://www.cisco.com/univercd/cc/td/...ient/index.htm

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco VPN Client problems deiussum Linux - Networking 13 05-25-2008 09:11 AM
cisco vpn 4.6 client mnauta Linux - General 6 12-04-2005 06:03 PM
Cisco VPN-Client nodream Linux - Networking 3 12-23-2003 04:36 PM
Connect to Cisco VPN w/o Cisco VPN Client gboutwel Linux - Networking 4 02-07-2003 12:46 PM
Cisco VPN client swilde Linux - Networking 1 10-26-2002 07:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration