Mailing List Archive: vpnc: devel

vpnc 0.5.1 -- connection lost - error: Disabled Privacy Extensions

Index | Next | Previous | View Threaded

daniel.krenn at student

Jan 6, 2009, 9:25 AM

Post #1 of 2 (2602 views)
Permalink

vpnc 0.5.1 -- connection lost - error: Disabled Privacy Extensions

Hello, i am using vpnc 0.5.1 on debian lenny amd64, 2.6.26-1. The
connection gets lost sometimes half an hour, sometimes several hours
after connecting.

After a connection loss, you can find the following in syslog.
Jan 2 14:25:50 debian kernel: [27886.688220] tun0: Disabled Privacy
Extensions
Jan 2 14:25:58 debian vpnc[28608]: sendto: Message too long

I have attatched logs und the output of 'route -n' and 'ifconfig':
(1) === route and ifconfig before connecting ===
(2) === connecting
(3) === route and ifconfig after connecting ===
(4) === route and ifconfig after connection lost ===
(5) === reconnecting again
Errors: "SIOCSIFMTU: Das Argument ist ungültig" and "RTNETLINK
answers: File exists".
(6) === route and ifconfig after reconnecting again ===
(7) === route and ifconfig after disconnecting again ===
Some of the routes were deleted.
(8) === reconnecting again
Error, network unreachable (because of deleted route).

I think the problem is similar to that of the post of April 2008
"[vpnc-devel] vpnc 0.5.1 leaves my system in a unsusable state by not
resetting to a correct route and doesn't work at all, maybe a bug?".

I hope this log will help to solve the bug.

Daniel

(0) === my config

Debug 0
IKE DH Group dh2
Perfect Forward Secrecy dh2
IPSec gateway 10.0.0.11
#IPSec gateway 10.0.0.12 #ist auch moeglich
IPSec ID XXX
IPSec secret XXX
Xauth username XXX
Xauth password XXX
DPD idle timeout (our side) 0

(1) === route and ifconfig before connecting ===

daniel [at] debia:~$ sudo route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use
Iface
10.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
0.0.0.0 10.17.0.1 0.0.0.0 UG 0 0 0 eth0
daniel [at] debia:~$ sudo ifconfig
eth0 Link encap:Ethernet Hardware Adresse 00:1d:09:5c:95:26
inet Adresse:10.17.3.76 Bcast:10.17.255.255 Maske:255.255.0.0
inet6-Adresse: fe80::21d:9ff:fe5c:9526/64
Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:43 errors:0 dropped:0 overruns:0 frame:0
TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX bytes:5615 (5.4 KiB) TX bytes:9480 (9.2 KiB)
Interrupt:17

lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:16436 Metrik:1
RX packets:101 errors:0 dropped:0 overruns:0 frame:0
TX packets:101 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:6412 (6.2 KiB) TX bytes:6412 (6.2 KiB)

(2) === connecting

daniel [at] debia:~$ sudo vpnc vcgraz_debug
vpnc version 0.5.1
IKE SA selected psk+xauth-3des-md5
NAT status: no NAT-T VID seen
Enter Username and Password.
got address 193.171.240.34
IPSEC SA selected 3des-md5
VPNC started in background (pid: 4458)...

(3) === route and ifconfig after connecting ===

daniel [at] debia:~$ sudo route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use
Iface
10.0.0.11 10.17.0.1 255.255.255.255 UGH 0 0 0 eth0
10.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
daniel [at] debia:~$ sudo ifconfig
eth0 Link encap:Ethernet Hardware Adresse 00:1d:09:5c:95:26
inet Adresse:10.17.3.76 Bcast:10.17.255.255 Maske:255.255.0.0
inet6-Adresse: fe80::21d:9ff:fe5c:9526/64
Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:157 errors:0 dropped:0 overruns:0 frame:0
TX packets:154 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX bytes:30262 (29.5 KiB) TX bytes:23663 (23.1 KiB)
Interrupt:17

lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:16436 Metrik:1
RX packets:101 errors:0 dropped:0 overruns:0 frame:0
TX packets:101 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:6412 (6.2 KiB) TX bytes:6412 (6.2 KiB)

tun0 Link encap:UNSPEC Hardware Adresse
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet Adresse:193.171.240.34 P-z-P:193.171.240.34
Maske:255.255.255.255
UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1412 Metrik:1
RX packets:52 errors:0 dropped:0 overruns:0 frame:0
TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:500
RX bytes:11998 (11.7 KiB) TX bytes:4221 (4.1 KiB)

(4) === route and ifconfig after connection lost ===

daniel [at] debia:~$ sudo route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use
Iface
10.0.0.11 10.17.0.1 255.255.255.255 UGH 0 0 0 eth0
10.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
daniel [at] debia:~$ sudo ifconfig
eth0 Link encap:Ethernet Hardware Adresse 00:1d:09:5c:95:26
inet Adresse:10.17.3.76 Bcast:10.17.255.255 Maske:255.255.0.0
inet6-Adresse: fe80::21d:9ff:fe5c:9526/64
Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:249804 errors:31 dropped:0 overruns:0 frame:0
TX packets:162516 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:33204 Sendewarteschlangenlänge:1000
RX bytes:87321041 (83.2 MiB) TX bytes:33560354 (32.0 MiB)
Interrupt:17

lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:16436 Metrik:1
RX packets:6147 errors:0 dropped:0 overruns:0 frame:0
TX packets:6147 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:275094 (268.6 KiB) TX bytes:275094 (268.6 KiB)

(5) === reconnecting again

daniel [at] debia:~$ sudo vpnc vcgraz_debug
vpnc version 0.5.1
IKE SA selected psk+xauth-3des-md5
NAT status: no NAT-T VID seen
Enter Username and Password.
got address 193.171.240.149
Usage: ip link set DEVICE { up | down |
arp { on | off } |
dynamic { on | off } |
multicast { on | off } |
allmulticast { on | off } |
promisc { on | off } |
trailers { on | off } |
txqueuelen PACKETS |
name NEWNAME |
address LLADDR | broadcast LLADDR |
mtu MTU }
netns PID }
ip link show [ DEVICE ]
SIOCSIFMTU: Das Argument ist ungültig
RTNETLINK answers: File exists
IPSEC SA selected 3des-md5
VPNC started in background (pid: 19226)...

(6) === route and ifconfig after reconnecting again ===

daniel [at] debia:~$ sudo route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use
Iface
10.0.0.11 10.17.0.1 255.255.255.255 UGH 0 0 0 eth0
10.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
daniel [at] debia:~$ sudo ifconfig
eth0 Link encap:Ethernet Hardware Adresse 00:1d:09:5c:95:26
inet Adresse:10.17.3.76 Bcast:10.17.255.255 Maske:255.255.0.0
inet6-Adresse: fe80::21d:9ff:fe5c:9526/64
Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:250061 errors:31 dropped:0 overruns:0 frame:0
TX packets:162567 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:33204 Sendewarteschlangenlänge:1000
RX bytes:87353601 (83.3 MiB) TX bytes:33570456 (32.0 MiB)
Interrupt:17

lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:16436 Metrik:1
RX packets:6160 errors:0 dropped:0 overruns:0 frame:0
TX packets:6160 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:275471 (269.0 KiB) TX bytes:275471 (269.0 KiB)

tun0 Link encap:UNSPEC Hardware Adresse
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet Adresse:193.171.240.149 P-z-P:193.171.240.149
Maske:255.255.255.255
UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1500 Metrik:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:500
RX bytes:2018 (1.9 KiB) TX bytes:2137 (2.0 KiB)

(7) === route and ifconfig after (manually) disconnecting again ===

daniel [at] debia:~$ sudo route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use
Iface
10.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
daniel [at] debia:~$ sudo ifconfig
eth0 Link encap:Ethernet Hardware Adresse 00:1d:09:5c:95:26
inet Adresse:10.17.3.76 Bcast:10.17.255.255 Maske:255.255.0.0
inet6-Adresse: fe80::21d:9ff:fe5c:9526/64
Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:250496 errors:31 dropped:0 overruns:0 frame:0
TX packets:162794 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:33241 Sendewarteschlangenlänge:1000
RX bytes:87478939 (83.4 MiB) TX bytes:33605466 (32.0 MiB)
Interrupt:17

lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:16436 Metrik:1
RX packets:6187 errors:0 dropped:0 overruns:0 frame:0
TX packets:6187 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:276974 (270.4 KiB) TX bytes:276974 (270.4 KiB)

(8) === reconnecting again

daniel [at] debia:~$ sudo vpnc vcgraz
vpnc: connecting to port 62465: Network is unreachable
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

jmvpnc at loplof

Jan 8, 2009, 4:48 PM

Post #2 of 2 (2472 views)
Permalink

Re: vpnc 0.5.1 -- connection lost - error: Disabled Privacy Extensions [In reply to]

On Tue, Jan 06, 2009 at 06:25:17PM +0100, Daniel Krenn wrote:
> Hello, i am using vpnc 0.5.1 on debian lenny amd64, 2.6.26-1. The
> connection gets lost sometimes half an hour, sometimes several hours
> after connecting.
>
> After a connection loss, you can find the following in syslog.
> Jan 2 14:25:50 debian kernel: [27886.688220] tun0: Disabled Privacy
> Extensions
> Jan 2 14:25:58 debian vpnc[28608]: sendto: Message too long

This message really starts to annoy me: Several people have reported it,
some could perfectly reprocuce it, but the only time I encountered I could
only reproduce it for about 20 Minutes (and I didn't have the the time
at that particular moment).

> I have attatched logs und the output of 'route -n' and 'ifconfig':
> (1) === route and ifconfig before connecting ===
> (2) === connecting
> (3) === route and ifconfig after connecting ===
> (4) === route and ifconfig after connection lost ===
> (5) === reconnecting again
> Errors: "SIOCSIFMTU: Das Argument ist ungÃ¼ltig" and "RTNETLINK
> answers: File exists".
> (6) === route and ifconfig after reconnecting again ===
> (7) === route and ifconfig after disconnecting again ===
> Some of the routes were deleted.
> (8) === reconnecting again
> Error, network unreachable (because of deleted route).
>
> I think the problem is similar to that of the post of April 2008
> "[vpnc-devel] vpnc 0.5.1 leaves my system in a unsusable state by not
> resetting to a correct route and doesn't work at all, maybe a bug?".
>
> I hope this log will help to solve the bug.

Sort of: Until we can find and fix the real cause of the problem, we
must detect it and properly clean up after it so a reconnect will work
again - that's something that hit others in other situations as well.
So we have two bugs here: The "too long" error and the "insufficient
cleanup" error. I'll start with the latter one soon.

ciao
Joerg
--
Joerg Mayer <jmayer [at] loplof>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads