[vpnc-devel] after one connection lifetime expiration, vpnc gets stuck in some kind of loop

Adam Williamson awilliam at redhat.com
Fri Sep 18 19:25:11 CEST 2009 

Hi, all. There doesn't appear to be a user list, so I'm posting here.

Red Hat keeps its mail servers inside our VPN, so for _my_ mail server
to retrieve my Red Hat mail, it has to be connected to the VPN.
Obviously I'd like to just connect it once and forget about it, but life
don't work that way =)

It seems like once the initial connection's lifetime expires, the
connection stops working. vpnc is (usually) still running, but not
working right. I ran it with --no-detach --debug 2, and it seems to get
stuck in some kind of loop. http://pastie.org/622001 is just one
minute's worth of the log - it just keeps going round and round. This
actually seems to prevent the machine from getting a usable connection
to _any_ site, not just ones behind the VPN, presumably because it's
looping so fast requests just don't get out. So when it gets stuck in
this state, I get no mail until I go in and restart vpnc.

Sometimes, too, vpnc seems to just go away - I notice I'm not getting
any mail, I ssh into my mailserver box, and vpnc ain't running. I
haven't got any logs of that case yet, but I'm going to keep running it
in logging mode for the next few days and see if I can catch it.

Often, when I log on to the vpn from my mailserver, it knocks my desktop
off (as soon as the mailserver shows the connect message, my desktop
notifies me that its connection has failed). obviously things are
somewhat screwy somewhere.

this is extremely frustrating as RH has just gone to a RSA dongle-based
login system for the VPN, so I can't just store the password in my vpnc
config file and have cron run a script to force a reconnect every hour,
like I used to, which more or less circumvented the problem. Having to
ssh into my mailserver every 18 hours or so and re-connect to the VPN is
driving me frickin' batty, so it'd be great if someone could figure out
what's going wrong here.

This happens with both vpnc 0.5.3 and current SVN, which I built to see
if it's fixed this problem. It appears not :/

config file looks like this (with personal data redacted):

IPSec gateway 66.187.233.55
IKE Authmode psk
IPSec ID ***********
IPSec secret ************
IKE DH Group dh2
NAT Traversal Mode natt
Xauth username **********
DPD idle timeout (our side) 0

I disabled DPD after reading several bug reports and discussions in the
archives of this list which suggested it could cause this type of
problem, but it doesn't seem to have entirely fixed it here.

-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net

More information about the vpnc-devel mailing list