--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: linux-image-2.6.18-5-686: Unable to connect with VPNC from HOME LAN
- From: Steinar Bang <sb@dod.no>
- Date: Sat, 25 Aug 2007 14:28:13 +0200
- Message-id: <20070825122813.20992.26296.reportbug@doohan>
Package: linux-image-2.6.18-5-686
Version: 2.6.18.dfsg.1-13etch1
Severity: important
The debian machine functions as a gateway between my home LAN (using a
10.10.10.* private network), and the outside world. When the gateway
was using sarge and a 2.4 kernel, VPNC from inside clients worked
without a hitch.
When I upgraded to etch, I was no longer able to connect to the work
LAN using vpnc clients in my home LAN. I am able to connect when
plugging my VPNC client machine on the outside of the debian gateway.
I am also able to connect from the inside using Cisco's VPN client,
using the same protocol (the work VPN gateway is a Cisco box).
When I sniff all NICs on the gateway using Wireshark, I see the
following traffic when connecting with the Cisco client:
1. A 914 bytes ISAKMP package on UDP port 500, with source the client
machine (with a 10.10.10.* address), and destination the VPN gw at
the workplace
2. A 588 byes IP package with source my home network's gateway's external
address, and destination the VPN gw at the work place
3. A 503 bytes ISAKMP package on UDP port 500, with the work VPN gw as
source and my home network's gateway's external address as the
destination
4. A 503 bytes ISAKMP package on UDP port 500, with the work VPN gw as
source, and the client machine's 10.10.10.* address as the
destination
When I do the same sniffing on an VPNC attempted connect, all I see,
is:
1. A 1330 bytes ISAKMP package on UDP port 500, with the client's
10.10.10.* address as source, and the workplace VPN gw as
destination
and there it appearently stops...
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages linux-image-2.6.18-5-686 depends on:
ii coreutils 5.97-5.3 The GNU core utilities
ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy
ii initramfs-tools [linux-initra 0.85h tools for generating an initramfs
ii module-init-tools 3.3-pre4-2 tools for managing Linux kernel mo
Versions of packages linux-image-2.6.18-5-686 recommends:
ii libc6-i686 2.3.6.ds1-13etch2 GNU C Library: Shared libraries [i
-- debconf information:
linux-image-2.6.18-5-686/postinst/create-kimage-link-2.6.18-5-686: true
linux-image-2.6.18-5-686/postinst/old-system-map-link-2.6.18-5-686: true
linux-image-2.6.18-5-686/preinst/elilo-initrd-2.6.18-5-686: true
linux-image-2.6.18-5-686/postinst/bootloader-test-error-2.6.18-5-686:
linux-image-2.6.18-5-686/postinst/depmod-error-2.6.18-5-686: false
linux-image-2.6.18-5-686/preinst/already-running-this-2.6.18-5-686:
linux-image-2.6.18-5-686/preinst/bootloader-initrd-2.6.18-5-686: true
linux-image-2.6.18-5-686/postinst/old-dir-initrd-link-2.6.18-5-686: true
linux-image-2.6.18-5-686/postinst/old-initrd-link-2.6.18-5-686: true
linux-image-2.6.18-5-686/preinst/failed-to-move-modules-2.6.18-5-686:
linux-image-2.6.18-5-686/preinst/abort-install-2.6.18-5-686:
linux-image-2.6.18-5-686/prerm/would-invalidate-boot-loader-2.6.18-5-686: true
linux-image-2.6.18-5-686/postinst/bootloader-error-2.6.18-5-686:
* linux-image-2.6.18-5-686/preinst/lilo-initrd-2.6.18-5-686: false
linux-image-2.6.18-5-686/preinst/overwriting-modules-2.6.18-5-686: true
shared/kernel-image/really-run-bootloader: true
linux-image-2.6.18-5-686/postinst/depmod-error-initrd-2.6.18-5-686: false
linux-image-2.6.18-5-686/prerm/removing-running-kernel-2.6.18-5-686: true
linux-image-2.6.18-5-686/preinst/initrd-2.6.18-5-686:
linux-image-2.6.18-5-686/preinst/lilo-has-ramdisk:
linux-image-2.6.18-5-686/postinst/kimage-is-a-directory:
linux-image-2.6.18-5-686/preinst/abort-overwrite-2.6.18-5-686:
--- End Message ---