In brief:  After establishing a VPN tunnel, net-misc/kvpnc calls /usr/share/apps/kvpnc/ping_check.sh to test that the tunnel remains up.  ping_check.sh pings its specified ping target host through the VPN tunnel device (usually tun0) and counts failed pings.  If it gets more than a certain number of ping failures, it assumes that the connection has died, and shuts down the tunnel.

The first problem here is that kvpnc assumes that the VPN gateway is the correct host to test-ping in this manner, and in fact that it is even pingable at all via the tunnel.  This assumption is not necessarily correct.  In cases when it is not correct, this will result in kvpnc killing a perfectly good connection after about three and a half minutes.

This could be fixed by allowing a separate ping target host to be defined, and using the VPN gateway as a fallback ping host only if no ping target has been defined for that connection.


(I find the logic behind the design of ping_check.sh a little mystifying; I wouldn't have done it this way at all.  But that's a separate issue.)

Reproducible: Always

Steps to Reproduce:
Unfortunately I can't give a reproduction example because I don't have a publicly accessible VPN that meets the ping host issue described above.