Emerging works perfectly, but when utilising the vpnclient, I get the connection nicely, but after about 30 seconds of connectivity, the connection dies away. I have used the same version of vpnclient successfully on fc3, but somehow I can't get this working with gentoo. On the positive side, this version of the client functions on Intel e1000 ethernet with kernels newer than 2.6.9. Could this be a USE flag problem or should I follow the or is there some other flags that would make this work better? Reproducible: Always Steps to Reproduce: 1. open vpn connection 2. wait 30 seconds 3. vpn connection drops Actual Results: Connection dies away... Expected Results: Keep the connection going... Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.11.7 i686) ================================================================= System uname: 2.6.11.7 i686 Intel(R) Pentium(R) M processor 1600MHz Gentoo Base System version 1.6.9 Python: dev-lang/python-2.3.5 [2.3.5 (#1, Apr 28 2005, 12:38:41)] distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.3 [enabled] dev-lang/python: 2.3.5 sys-apps/sandbox: [Not Present] sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.8.5-r3, 1.5, 1.7.9-r1, 1.6.3, 1.4_p6, 1.9.4 sys-devel/binutils: 2.15.92.0.2-r7 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium4 -mcpu=pentium4 -Os -pipe -msse -msse2 -mmmx -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium4 -mcpu=pentium4 -Os -pipe -msse -msse2 -mmmx -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distcc distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://trumpetti.atm.tut.fi/gentoo/ http://gentoo.oregonstate.edu/ http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/usr/tmp_portage" PORTDIR="/usr/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="x86 X acpi alsa apm arts avi berkdb bitmap-fonts bluetooth bonobo cdr crypt cups curl dga doc dvd emboss encode esd f77 fam flac foomaticdb fortran freetype gdbm gif gnome gphoto2 gpm gstreamer gtk gtk2 i8x0 imagemagick imap imlib ipv6 java javascript jpeg kerberos ldap libg++ libwww mad maildir mbox md5sum mikmod mmx motif mozilla mp3 mpeg ncurses nls nptl ogg oggvorbis opengl oss pam pcmcia pda pdflib perl png ppds python qt quicktime radeon readline samba sasl sdl slang sms spell sse ssl svga tcltk tcpd tetex tiff transcode truetype truetype-fonts type1-fonts unicode vorbis wifi xchattext xml xml2 xmms xv zlib video_cards_radeon" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
...and what if you try an earlier kernel? The Cisco VPN Client is notorious for not working on the latest kernels.
Testing 2.6.10, I have had perfect functionality with previous version of cisco-vpnclient-3des on a 2.6.9 kernel. No dropping, unless via the vpn box in our company. ;)
Nope, doesn't work with 2.6.10... :-( Also worse performance on 2.6.9 than earlier version... I'm masking myself back to previous on regular use. I think I forgot to mention that I'm using mostly a wlan with wpa encryption at home. I will gladly try a new version should one come out though... ;) I also needed the newer baselayout for handier wlan usage, thus unmasked are: =sys-apps/baselayout-1.11.9-r1 =app-shells/bash-3.0-r7 =sys-libs/readline-5.0-r2 =sys-apps/sysvinit-2.85-r1
happens again with gentoo-sources-2.6.11-r9
just noticed this bug while browsing. this is a cisco bug. Some linux distributions have the rp_filter enabled by default in latest kernels. The new VPN Client Virtual Adapter interferes with this setting while connected and may result in a loss of connectivity. Workaround Set the rp_filter to 0. echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter the bug isn't comitted yet into a version which should be compatible with the rp_filter.
Thanks, this fixed the problem, I modified /etc/sysctl.conf to contain: # Enables source route verification net.ipv4.conf.default.rp_filter = 0 # Enable reverse path net.ipv4.conf.all.rp_filter = 0 and ran 'sysctl -p'. Now the vpn works like fine.
Cool... I'll add a comment to the emerge output at the end of the ebuild
Can you see if this is still a problem is 4.5.03.0190? If not, please REOPEN this bug.
I was just going to ask that question of 4.6.3.0190, as I had some cutoff's today with 4.6.3.0190 on RHEL4 that had the net.ipv4.conf.default.rp_filter set to 1. Though it might have been something entirely other and that has been fixed. I'll have to test the newer on gentoo as well...
it is still a problem with the latest chris.
Yeah, it seems that on FC4/RHEL4 and gentoo, I need to specify the rp_filter to value of 0 so that the vpn is more stable.
