Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 26 Dec 2008 20:43:30 -0800
From:      perryh@pluto.rain.com
To:        yanefbsd@gmail.com
Cc:        freebsd-ports@freebsd.org
Subject:   Re: vpnc connects, but does not work
Message-ID:  <4955b272.MWjQx%2BxO4J2XXL7M%perryh@pluto.rain.com>
In-Reply-To: <7d6fde3d0812261900q5a647f5l3782264aba604199@mail.gmail.com>
References:  <49521954.BcMAlOlPOLu7CRKx%perryh@pluto.rain.com> <7d6fde3d0812261900q5a647f5l3782264aba604199@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> > I have installed vpnc to connect to an employer's Cisco
> > VPN system, and it seems to make the connection, but after
> > connecting I can't ping the gateway nor anything beyond it ...
> >
> > Does this look at all familiar to anyone?
>
>     I have no idea since I haven't used vpnc, yet, but have you
> tried tracerouting a connection and/or using tcpdump?

Traceroute to YYY.YYY.127.228, which I guess is the concentrator's
public IP address, produces the same 14-hop result whether connected
or disconnected (modulo the need to use "traceroute -n" while
connected:  vpnc replaces /etc/resolv.conf with one specifying only
the corporate nameservers, and I can't reach them with the link not
working, so there is no name service while connected).  Traceroute
to the tun0 IP address, while connected, produced nothing:

  $ traceroute -n ZZZ.ZZZ.233.42
  traceroute to ZZZ.ZZZ.233.42 (ZZZ.ZZZ.233.42), 64 hops max, 40 byte packets
   1  * * *
   2  * * *
   3  * * *
   4  * * *
   5  * * *
  ^C

What seems truly bizarre is that, while connected, I couldn't ping
the tun0 interface:

  $ ping ZZZ.ZZZ.233.42
  PING ZZZ.ZZZ.233.42 (ZZZ.ZZZ.233.42): 56 data bytes
  ^C
  --- ZZZ.ZZZ.233.42 ping statistics ---
  4 packets transmitted, 0 packets received, 100% packet loss

even though it was reported as up:

  $ ifconfig -a
  ...
  tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1412
          inet6 fe80::2b0:d0ff:fe28:ad4f%tun0 prefixlen 64 scopeid 0x4
          inet ZZZ.ZZZ.233.42 --> ZZZ.ZZZ.233.42 netmask 0xffffffff
          Opened by PID 24635

Shouldn't a local interface, reported as up, *always* respond to
a ping of its own IP address?  What could cause it not to do so?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4955b272.MWjQx%2BxO4J2XXL7M%perryh>