6

Recently I've been unable to connect to a Cisco VPN gateway using vpnc even though I had been using vpnc to connect to this same gateway for about a year leading up to this breakage... I'm using the command line client, not NetworkManager.

Strangely, sometimes if I reboot and try again it works... However, tonight I tried that a few times and never got through...

I see the following messages in /var/log/syslog:

Aug 21 22:44:56 sonbuntu NetworkManager[1193]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Aug 21 22:44:56 sonbuntu NetworkManager[1193]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Aug 21 22:44:56 sonbuntu NetworkManager[1193]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...
Aug 21 22:47:06 sonbuntu avahi-daemon[1116]: Withdrawing workstation service for tun0.
Aug 21 22:47:06 sonbuntu NetworkManager[1193]:    SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tun0, iface: tun0)
Aug 21 22:48:08 sonbuntu NetworkManager[1193]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Aug 21 22:48:08 sonbuntu NetworkManager[1193]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Aug 21 22:48:08 sonbuntu NetworkManager[1193]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...

When I strace it, it seems to hang around here:

time(NULL)                              = 1377150323
times({tms_utime=8, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 1717972828
gettimeofday({1377150323, 725505}, NULL) = 0
getrusage(RUSAGE_SELF, {ru_utime={0, 88000}, ru_stime={0, 16000}, ...}) = 0
time(NULL)                              = 1377150323
times({tms_utime=8, tms_stime=1, tms_cutime=0, tms_cstime=0}) = 1717972828
time(NULL)                              = 1377150323
poll([{fd=3, events=POLLIN}], 1, 96000) = 0 (Timeout)
poll([{fd=3, events=POLLIN}], 1, 192000^C <unfinished ...>

My version of vpnc hasn't changed since I originally installed it:

Version: 0.5.3r512-2ubuntu1

However, I did notice that one of its dependencies, libgcrypt11, did recently change:

Version: 1.5.0-3ubuntu2.2

(used to be 1.5.0-3ubuntu1).

As I see it there could be a few different possibilities about why this has broken:

  1. libgcrypt11 broke it

  2. Some Ubuntu kernel configuration broke it (/var/log/syslog is complaining about a lacking driver...)

  3. Something changed on the gateway's end (I plan on asking IT if they've changed anything but it will be very hard to actually get connected to the right person for this)

Should I try to roll back libgcrypt11? Any other ideas? Why is /var/log/syslog complaining about a missing driver?

I've tried some of the responses to this similar-looking vpnc problem but to no avail...

Update It appears to be a bug in libgcrypt11=1.5.0-3ubuntu2.2. See my answer for details.

Community
  • 1
mgalgs
  • 181

5 Answers5

2

Looks like there must be a bug in libgcrypt11=1.5.0-3ubuntu2.2. After rolling back to libgcrypt11=1.5.0-3ubuntu2.1 things are working again...

sudo apt-get install libgcrypt11=1.5.0-3ubuntu2.1

I've filed a bug report on launchpad.

mgalgs
  • 181
1

I'm getting exactly the same thing happening. My Cisco VPN was working last week, but fails now. I downgraded libgcrypt11 to 1.5.0-3ubuntu2.1 but that doesn't resolve the problem for me.

Anybody else having issues with this?

jaypee18
  • 11
  • 1
1

For me the cause of VPN not working anymore was that my stored passwords where somehow wrong although I didn't change them. I found that out by starting NetworkManager VPNC in the shell using the following command (in Siduction, that is, but I guess it might be similar in Ubuntu):

sudo /usr/lib/NetworkManager/nm-vpnc-service --debug

Then I started the VPNC connection as usual via NetworkManager tray icon - the debug output can be seen on the console.

For me it showed (on the bottom):

/usr/sbin/vpnc: hash comparison failed:  (ISAKMP_N_AUTHENTICATION_FAILED)(24)
check group password!
MaxHQ
  • 11
  • 1
1

I had the same problem, and tried the downgrade of libcrypt11 ... fresh install of 14.04.2 LTS 64-bit, and so the downgrade was not in the repository and I had to download the deb and use dpkg to install it:

curl http://launchpadlibrarian.net/122471093/libgcrypt11_1.5.0-3ubuntu2.1_amd64.deb >lc.deb
sudo dpkg -i lc.deb

The downgrade didn't work, however when I ran the client in debug mode:

sudo /usr/lib/NetworkManager/nm-vpnc-service --debug

I discovered that our Cisco server wanted a domain name (DNS, not Active Directory), which can be configured on the Advanced tab in Network Manager.

David Foerster
  • 36,264
  • 56
  • 94
  • 147
Dave Crooke
  • 161
0

I started having the same problem one day on Xubuntu 14.04.

I've added the line Enable Single DES to the file /etc/vpnc/default.conf. This fixed it at first. Days later I had the same issue again. I tried removing that line and it worked again.

I can't tell if something changed on the VPN server side or not to cause this, but that resolved it for me.

MadMike
  • 4,244
  • 8
  • 28
  • 50
Chip
  • 1