[long] cvpnd not responding (mandrake linux)

Discussion in 'Cisco' started by Jerome Quelin, Jan 14, 2004.

  1. Hi there,

    I try to install & use the cisco vpn client for linux, version 3.7.2
    The installation goes well, so does the module loading. But when trying
    to run a vpnclient connect, it waits and finally abandon without
    setting up the tunnel.

    1. The software installation worked without a problem. See the
    vpn.install attached file for more details.

    2. Module loading also performed well:
    # cd /etc/init.d
    # ./vpnclient_init start
    Starting /usr/local/bin/vpnclient: Warning: loading
    /lib/modules/2.4.19-16mdk/CiscoVPN/cisco_ipsec will taint the kernel:
    no license
    See http://www.tux.org/lkml/#export-tainted for information about
    tainted modules
    Module cisco_ipsec loaded, with warnings
    Done
    # ./vpnclient_init status
    Module Size Used by Tainted: P
    cisco_ipsec 377024 0 (unused)

    cipsec0 Lien encap:Ethernet HWaddr 00:00:00:00:00:00
    BROADCAST MULTICAST MTU:1400 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 lg file transmission:100
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

    3. Profile setup: I created a new profile
    /etc/CiscoSystemsVPNClient/Profiles/rvi.pcf
    This profile is copied from a friend's machine and is working.

    4. The connect fails without any given reasons. The line "Failed to
    establish..." appears after about one minute and a half.
    $ vpnclient connect rvi
    Cisco Systems VPN Client Version 3.7.2 (Rel)
    Copyright (C) 1998-2002 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.4.19-16mdk #1 Fri Sep 20 18:15:05 CEST 2002 i686

    Initializing the IPSec link.
    Failed to establish a connection.
    There are no new notification messages at this time.
    $
    Between "Initializing the IPSec link." and "Failed...", all my
    connections do not work anymore, as they're supposed to (this means
    that the module is performing correctly - if the module is responsible
    for this behavior). After returning to the prompt, the connections are
    working back.

    5. I tried to strace the vpnclient while it was trying to establish the
    connection. See attached file strace.vpn for more details (I removed
    some repeted lines - marked with "[ lots of lines skipped ]").
    Anyway, the important thing is (if I'm reading correctly) that vpnclient
    tries to reach a given UDP port, that must be opened by cvpnd (I
    guess).

    6. But if I look at the open ports of cvpnd:
    # lsof -p `pgrep cvpnd`
    COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
    cvpnd 2276 jquelin mem REG 3,4 1374448 156363
    /usr/local/bin/cvpnd
    cvpnd 2276 jquelin mem REG 3,4 539887 154887 /lib/ld-2.2.5.so
    cvpnd 2276 jquelin mem REG 3,4 8220 154898
    /lib/libdl-2.2.5.so
    cvpnd 2276 jquelin mem REG 3,4 137780 123914
    /lib/i686/libm-2.2.5.so
    cvpnd 2276 jquelin mem REG 3,4 1167240 123912
    /lib/i686/libc-2.2.5.so
    cvpnd 2276 jquelin mem REG 3,4 36296 154908
    /lib/libnss_files-2.2.5.so
    cvpnd 2276 jquelin mem REG 3,4 12884 154906
    /lib/libnss_dns-2.2.5.so
    cvpnd 2276 jquelin mem REG 3,4 60716 154918
    /lib/libresolv-2.2.5.so

    ==> there are no UDP listening port. Is it normal?



    If you want some information:
    - running mandrake linux 9.0, stock kernel (2.4.19)
    - hotplug not used (I read the release notes)
    - connected to internet via (working :) ) adsl line, with PPP protocol
    - USB Alcatel Speedtouch adsl modem
    - more information:
    $ uname -a
    Linux merlin 2.4.19-16mdk #1 Fri Sep 20 18:15:05 CEST 2002 i686 unknown
    unknown GNU/Linux
    $ gcc -v
    Reading specs from /usr/lib/gcc-lib/i586-mandrake-linux-gnu/3.2/specs
    Configured with: ../configure --prefix=/usr --libdir=/usr/lib
    --with-slibdir=/lib --mandir=/usr/share/man --infodir=/usr/share/info
    --enable-shared --enable-threads=posix --disable-checking
    --enable-long-long --enable-__cxa_atexit
    --enable-languages=c,c++,ada,f77,objc,java
    --host=i586-mandrake-linux-gnu --with-system-zlib
    Thread model: posix
    gcc version 3.2 (Mandrake Linux 9.0 3.2-1mdk)


    Do you have any ideas why the connection fails? Is it normal for cvpnd
    not to have open UDP ports? If you need some more information, I'll be
    more than happy to provide them.

    Regards,
    Jerome
    --
    Jerome Quelin, Jan 14, 2004
    #1
    1. Advertising

  2. Jerome Quelin wrote:
    > If you want some information:
    > - running mandrake linux 9.0, stock kernel (2.4.19)
    > - hotplug not used (I read the release notes)
    > - connected to internet via (working :) ) adsl line, with PPP
    > protocol - USB Alcatel Speedtouch adsl modem


    I forgot to tell that I'm not using iptables nor any firewalling
    product. Nor am I using other vpn clients.

    Jerome
    --
    Jerome Quelin, Jan 14, 2004
    #2
    1. Advertising

  3. Jerome Quelin wrote:
    > 6. But if I look at the open ports of cvpnd:

    [snip]
    > ==> there are no UDP listening port. Is it normal?


    Sorry, but in fact, there are some open udp ports:
    # netstat -an | grep 29749
    udp 59136 0 127.0.0.1:29749 0.0.0.0:*
    # lsof -i udp:29749
    COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
    cvpnd 2921 jquelin 9u IPv4 21821 UDP merlin:29749
    #


    # ps -ef | grep vpn
    jquelin 2920 1849 0 22:18 pts/4 00:00:00 vpnclient
    jquelin 2921 2920 0 22:18 ? 00:00:00 cvpnd
    root 2927 2001 0 22:19 pts/2 00:00:00 grep vpn
    # lsof -p 2920
    COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
    vpnclient 2920 jquelin cwd DIR 3,4 4096 156356
    /etc/CiscoSystemsVPNClient
    vpnclient 2920 jquelin rtd DIR 3,4 4096 2 /
    vpnclient 2920 jquelin txt REG 3,4 181408 156362
    /usr/local/bin/vpnclient
    vpnclient 2920 jquelin mem REG 3,4 539887 154887
    /lib/ld-2.2.5.so
    vpnclient 2920 jquelin mem REG 3,4 137780 123914
    /lib/i686/libm-2.2.5.so
    vpnclient 2920 jquelin mem REG 3,4 1167240 123912
    /lib/i686/libc-2.2.5.so
    vpnclient 2920 jquelin 0u CHR 136,4 6 /dev/pts/4
    vpnclient 2920 jquelin 1u CHR 136,4 6 /dev/pts/4
    vpnclient 2920 jquelin 2u CHR 136,4 6 /dev/pts/4
    vpnclient 2920 jquelin 3u IPv4 21808 UDP merlin:29748
    vpnclient 2920 jquelin 4u sock 0,0 21809 can't identify
    protocol
    # lsof -p 2921
    COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
    cvpnd 2921 jquelin cwd DIR 3,4 4096 156356
    /etc/CiscoSystemsVPNClient
    cvpnd 2921 jquelin rtd DIR 3,4 4096 2 /
    cvpnd 2921 jquelin txt REG 3,4 1374448 156363
    /usr/local/bin/cvpnd
    cvpnd 2921 jquelin mem REG 3,4 539887 154887 /lib/ld-2.2.5.so
    cvpnd 2921 jquelin mem REG 3,4 8220 154898
    /lib/libdl-2.2.5.so
    cvpnd 2921 jquelin mem REG 3,4 137780 123914
    /lib/i686/libm-2.2.5.so
    cvpnd 2921 jquelin mem REG 3,4 1167240 123912
    /lib/i686/libc-2.2.5.so
    cvpnd 2921 jquelin mem REG 3,4 36296 154908
    /lib/libnss_files-2.2.5.so
    cvpnd 2921 jquelin mem REG 3,4 12884 154906
    /lib/libnss_dns-2.2.5.so
    cvpnd 2921 jquelin mem REG 3,4 60716 154918
    /lib/libresolv-2.2.5.so
    cvpnd 2921 jquelin 0wW REG 3,4 5 125266
    /var/run/cvpnd.pid
    cvpnd 2921 jquelin 1u IPv4 21811 UDP *:isakmp
    cvpnd 2921 jquelin 2u CHR 136,4 6 /dev/pts/4
    cvpnd 2921 jquelin 3u IPv4 21812 UDP *:4500
    cvpnd 2921 jquelin 4u IPv4 21814 UDP merlin:29747
    cvpnd 2921 jquelin 5u IPv4 21815 UDP merlin:29755
    cvpnd 2921 jquelin 6u IPv4 21816 UDP merlin:29756
    cvpnd 2921 jquelin 7u IPv4 21817 UDP merlin:29753
    cvpnd 2921 jquelin 8u IPv4 21819 UDP merlin:29751
    cvpnd 2921 jquelin 9u IPv4 21821 UDP merlin:29749
    cvpnd 2921 jquelin 10u sock 0,0 21823 can't identify
    protocol

    < here lsof hangs for a moment >

    cvpnd 2921 jquelin 11u IPv4 21841 UDP
    81.248.234.145:32853->193.252.19.4:domain

    < here lsof hangs for a moment >

    cvpnd 2921 jquelin 12u IPv4 22582 UDP
    81.248.234.145:32854->193.252.19.3:domain

    < here lsof hangs for a moment >

    cvpnd 2921 jquelin 13u IPv4 22889 UDP
    81.248.234.145:32855->dns-adsl-gpe2-b.wanadoo.fr:domain

    < lsof stops when vpnclient stops >
    #


    81.248.234.145 is my current ip on my ppp link (adsl).
    193.252.19.3 is one my isp dns servers.



    Still investigating,
    Jerome
    --
    Jerome Quelin, Jan 14, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hallvard Tangeraas
    Replies:
    0
    Views:
    518
    Hallvard Tangeraas
    Sep 14, 2004
  2. Hallvard Tangeraas

    Sharing Mozilla setups -Mandrake Linux/Windows

    Hallvard Tangeraas, Sep 14, 2004, in forum: Firefox
    Replies:
    0
    Views:
    398
    Hallvard Tangeraas
    Sep 14, 2004
  3. norm

    Re: Mandrake linux 7.2

    norm, Aug 10, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    652
  4. steve gibbs

    Re: Mandrake linux 7.2

    steve gibbs, Aug 10, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    458
    steve gibbs
    Aug 10, 2003
  5. Jarhead

    Dual Boot Win ME and Mandrake Linux

    Jarhead, Nov 25, 2003, in forum: Computer Support
    Replies:
    5
    Views:
    464
    Jarhead
    Nov 27, 2003
Loading...

Share This Page