Linux-Cisco-VPN

From: Axel Gallus (uh5d_at_rz.uni-karlsruhe.de)
Date: 11/10/05


Date: Thu, 10 Nov 2005 18:35:02 +0100

I am trying to get my cisco vpn client working under (Debian-)Linux on a
Laptop.
Everything seems ok, despite the fact, that when the vpn client notices
to having established the connection, i can't use it.

Here are the outputs from "ifconfig" and "route" before
invoking the vpn client and afterwards:

-------------
ifconfig before:

eth0 Link encap:Ethernet HWaddr 00:D0:59:B8:45:C5
          inet addr:192.168.0.235 Bcast:192.168.0.255 Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:653 (653.0 b) TX bytes:342 (342.0 b)

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:31 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4748 (4.6 KiB) TX bytes:4748 (4.6 KiB)
--------------

route before:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
default radium.mshome.n 0.0.0.0 UG 0 0 0 eth0

(radium.mshome.n... has ip 192.168.0.1)
----------------

output of vpn client:

Cisco Systems VPN Client Version 4.6.02 (0030)
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.11.6 #2 Sun Oct 30 00:50:12 CEST 2005 i686
Config file directory: /etc/opt/cisco-vpnclient

Initializing the VPN connection.
Contacting the gateway at 129.13.72.1
User Authentication for dul...

Enter Username and Password.

Username [****]: Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.

Your VPN connection is secure.

VPN tunnel information.
Client address: 129.13.78.90
Server address: 129.13.72.1
Encryption: 168-bit 3-DES
Authentication: HMAC-MD5
IP Compression: None
NAT passthrough is active on port UDP 10000
Local LAN Access is enabled

-------------------
ifconfig after:

cipsec0 Link encap:Ethernet HWaddr 00:0B:FC:F8:01:8F
          inet addr:129.13.78.90 Mask:255.255.0.0
          UP RUNNING NOARP MTU:1212 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:5 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b) TX bytes:1028 (1.0 KiB)

eth0 Link encap:Ethernet HWaddr 00:D0:59:B8:45:C5
          inet addr:192.168.0.235 Bcast:192.168.0.255 Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2874 (2.8 KiB) TX bytes:4566 (4.4 KiB)

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:70 errors:0 dropped:0 overruns:0 frame:0
          TX packets:70 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:16464 (16.0 KiB) TX bytes:16464 (16.0 KiB)

------------------

route after:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
129.13.72.1 * 255.255.255.255 UH 0 0 0
cipsec0
172.21.64.246 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
129.13.239.0 192.168.0.1 255.255.255.0 UG 0 0 0 eth0
172.21.12.0 192.168.0.1 255.255.252.0 UG 0 0 0 eth0
129.13.240.0 192.168.0.1 255.255.248.0 UG 0 0 0 eth0
129.13.0.0 * 255.255.0.0 U 0 0 0
cipsec0
10.0.0.0 192.168.0.1 255.0.0.0 UG 0 0 0 eth0
default 129.13.78.90 0.0.0.0 UG 0 0 0
cipsec0

------------------

When i start firefox nothing happens.
When i try to ping www.cnn.com , i get no answers.
All that is possible before invoking the vpn client.

I'd like to point out, that firefox has "direct internet connection" without
proxy
configured, and that I should be able to ping, because it works
on the same Laptop under windows.

What went wrong?
Some advices?

Thx in advance

Axel



Relevant Pages