[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#439520: linux-image-2.6.18-5-686: Unable to connect with VPNC from HOME LAN

Package: linux-image-2.6.18-5-686
Version: 2.6.18.dfsg.1-13etch1
Severity: important

The debian machine functions as a gateway between my home LAN (using a
10.10.10.* private network), and the outside world.  When the gateway
was using sarge and a 2.4 kernel, VPNC from inside clients worked
without a hitch.

When I upgraded to etch, I was no longer able to connect to the work
LAN using vpnc clients in my home LAN.  I am able to connect when
plugging my VPNC client machine on the outside of the debian gateway.

I am also able to connect from the inside using Cisco's VPN client,
using the same protocol (the work VPN gateway is a Cisco box).

When I sniff all NICs on the gateway using Wireshark, I see the
following traffic when connecting with the Cisco client:

1. A 914 bytes ISAKMP package on UDP port 500, with source the client
   machine (with a 10.10.10.* address), and destination the VPN gw at
   the workplace

2. A 588 byes IP package with source my home network's gateway's external
  address, and destination the VPN gw at the work place

3. A 503 bytes ISAKMP package on UDP port 500, with the work VPN gw as
   source and my home network's gateway's external address as the

4. A 503 bytes ISAKMP package on UDP port 500, with the work VPN gw as
   source, and the client machine's 10.10.10.* address as the

When I do the same sniffing on an VPNC attempted connect, all I see,

1. A 1330 bytes ISAKMP package on UDP port 500, with the client's
   10.10.10.* address as source, and the workplace VPN gw as

and there it appearently stops...

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages linux-image-2.6.18-5-686 depends on:
ii  coreutils                     5.97-5.3   The GNU core utilities
ii  debconf [debconf-2.0]         1.5.11     Debian configuration management sy
ii  initramfs-tools [linux-initra 0.85h      tools for generating an initramfs
ii  module-init-tools             3.3-pre4-2 tools for managing Linux kernel mo

Versions of packages linux-image-2.6.18-5-686 recommends:
ii  libc6-i686             2.3.6.ds1-13etch2 GNU C Library: Shared libraries [i

-- debconf information:
  linux-image-2.6.18-5-686/postinst/create-kimage-link-2.6.18-5-686: true
  linux-image-2.6.18-5-686/postinst/old-system-map-link-2.6.18-5-686: true
  linux-image-2.6.18-5-686/preinst/elilo-initrd-2.6.18-5-686: true
  linux-image-2.6.18-5-686/postinst/depmod-error-2.6.18-5-686: false
  linux-image-2.6.18-5-686/preinst/bootloader-initrd-2.6.18-5-686: true
  linux-image-2.6.18-5-686/postinst/old-dir-initrd-link-2.6.18-5-686: true
  linux-image-2.6.18-5-686/postinst/old-initrd-link-2.6.18-5-686: true
  linux-image-2.6.18-5-686/prerm/would-invalidate-boot-loader-2.6.18-5-686: true
* linux-image-2.6.18-5-686/preinst/lilo-initrd-2.6.18-5-686: false
  linux-image-2.6.18-5-686/preinst/overwriting-modules-2.6.18-5-686: true
  shared/kernel-image/really-run-bootloader: true
  linux-image-2.6.18-5-686/postinst/depmod-error-initrd-2.6.18-5-686: false
  linux-image-2.6.18-5-686/prerm/removing-running-kernel-2.6.18-5-686: true

Reply to: