-   Linux - Networking (
-   -   vpnc headaches... (

thegreatgatsby 12-28-2004 02:31 PM

vpnc headaches...
trying to get VPNC working on my Toshiba laptop.

the config file is below.
when I connect, I get no error messages, but I cannot use the internet!

on connecting I get: VPNC started in background (pid: 5620)

following this, internet doesn't work etc

any ideas??

IKE DH Group dh2
Perfect Forward Secrecy nopfs
IPSec gateway
IPSec ID banana
IPSec secret thane
Xauth username santaclaus
Xauth password 1212ha

cjcox 12-31-2004 01:13 AM

What are your routes?

I route to my vpn server via my common (non vpn) gateway and the rest
through the tun0 device.

ip route add $VPNGW via "$default"
ip route delete default
ip route add default dev tun0

Where VPNGW is the IP of the vpn server and default is my
local gateway of my Dlink router.

You'll also need a /etc/resolv.conf with the DNS entries for your VPN network.

thegreatgatsby 01-07-2005 01:54 AM

so, are you saying I must change the settings each time I change location (i.e. gateway)
as I use the laptop at home / work /etc etc


cjcox 01-07-2005 11:02 AM

Uh... yes... that's pretty obvious though (??).

I guess the Cisco client with its UDP/TCP tunneling tends to act somewhat like "dhcp" in that it configures things for you.. you are sort of on your own with vpnc. It comes with some scripts that can be tweaked... of course, I just write my own. Unlike the Cisco client, vpnc will not turn off your network connections. Something to keep in mind (basically means that you can join your VPN network to the internet if you so desire... something your admin might not like).

thegreatgatsby 01-07-2005 03:31 PM

thanks, I'm my own admin at home.

It appears that the best solution is to use vpnc on my home desktop (as computer ip & gateway remain static, & only the external ip address changes) but to keep battling with the cisco client for my laptop..

(my home desktop is 64bit & have never managed to get cisco to work, whereas the laptop did once work with cisco, before a kernel update,, that's the subject of another post)

anyway, once I am back home I will try your suggestions for my home computer & hope can get vpnc to work...

thanks for all your help.

cjcox 01-07-2005 03:35 PM

You MUST recompile the Cisco VPN client with ANY kernel update. Also, you really have to use 4.0.5 or higher for 2.6 kernels.

suv 06-16-2005 10:26 PM

I am using vpnc 0.3.2-3 package from yum. Everything seems fine when i connect to my university as I get an ip and everything on tun0. I only need vpn to access some places on univ i don't want to make it the default route. I added a static route using:

route add -net netmask dev tun0

so that only univ sites route through tun0. The problem is that I can transmit packets but can't receive any. I have added my univ DNS server to resolv.conf and have turned off iptables. Also, apparently this version of vpnc doesn't come with the vpnc-connect and disconnect scripts to automatically set things.

Do i need to add the vpn gateway to the routing table?
Is there anything else i can try? Please help!

All times are GMT -5. The time now is 01:06 AM.