Re: FIXED: vpnc connects, but does not work
... I do have a Linux OS that I have access to that strangely does use vpnc successfully. That may help quite a bit. You can use something like tcpdump or wireshark on the FreeBSD system to monitor the traffic between the Linux system and the Cisco while connecting and doing something simple like pinging the inside nameserver, then reverse roles and use the Linux system to monitor the traffic between FreeBSD and the Cisco while connecting and attempting to do the same simple thing. You won't be able to see what's inside the IPSEC-encrypted packets, but you can at least see how many of what size are sent in each direction. This may provide some clues as to what is going wrong. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FIXED: vpnc connects, but does not work
Hi perryh! On Mon, 12 Jan 2009, per...@pluto.rain.com wrote: ... I do have a Linux OS that I have access to that strangely does use vpnc successfully. That may help quite a bit. You can use something like tcpdump or wireshark on the FreeBSD system to monitor the traffic between the Linux system and the Cisco while connecting and doing something simple like pinging the inside nameserver, then reverse roles and use the Linux system to monitor the traffic between FreeBSD and the Cisco while connecting and attempting to do the same simple thing. You won't be able to see what's inside the IPSEC-encrypted packets, but you can at least see how many of what size are sent in each direction. This may provide some clues as to what is going wrong. Alas, this is a multi-boot system where the Linux OS is installed - so no chance of that :-( I've just determined that it might not be a problem with vpnc..,as such. I got an ethernet connection to work just now, so it looks as if its just down to now vpnc is handling my wifi interface, for some reason. As I said originally, this **was** working, and now its stopped for some reason. I'm now fairly certain that its not got anything to do with vpnc natively, as I used the same vpnc conf file to successfully access the office over ethernet. I'll keep at it.., Thanks for your assistance! Regards, S Roberts ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FIXED: vpnc connects, but does not work
Hi perryh! Glad to hear that you managed to get your problem fixed.., I also have this problem, the difference being that mine **USED to** work, but now it suddenly stoped working. I tried adding the line to my conf file as you did, but for me, the problem remains: Appears to connect and authenticate successfully to my office's VPN concentrator Once (apparently) connected, I can't access any resources on the company network (mail / servers, etc), nor can I ping anything.., Wondering if you can point me to where you found the info on the various options I can try to continue debugging this problem, please. The FW guys at the office aren't exactly forthcoming where non-MS windows is concerned, you see.., Thanks. Regards, S Roberts On Sun, 04 Jan 2009, per...@pluto.rain.com wrote: I have installed vpnc to connect to an employer's Cisco VPN system, and it seems to make the connection, but after connecting I can't ping the gateway nor anything beyond it ... It turned out the only problem was the absence of NAT Traversal Mode cisco-udp in vpnc.conf. (Presumably not all configurations of the Cisco 3000 will need that, else it would be the default, but it seems to be correct for the one involved here.) I never did figure out why that kept the interface from responding to a ping of its own address :( ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FIXED: vpnc connects, but does not work
I also have this problem, the difference being that mine **USED to** work, but now it suddenly stoped working. I tried adding the line to my conf file as you did, but for me, the problem remains: Appears to connect and authenticate successfully to my office's VPN concentrator Once (apparently) connected, I can't access any resources on the company network (mail / servers, etc), nor can I ping anything.., Including the IP address of your tun0 interface? (If you can ping that, but nothing beyond, you have a different problem than I had.) Wondering if you can point me to where you found the info on the various options I can try to continue debugging this problem, please. That line came from the output of vpnc --long-help. Other things to look at are the vpnc(8) manpage, the /usr/local/share/doc/vpnc/README file, and the TODO file in /usr/ports/security/vpnc/work/vpnc-0.4.0. There's more detail of what I think is going on in this thread: http://lists.freebsd.org/pipermail/freebsd-net/2009-January/020638.html By the time you get it working again, you will probably have learned more about the workings of vpnc than you really cared to know :) The FW guys at the office aren't exactly forthcoming where non-MS windows is concerned, you see.., Not surprising :( Too many security types act as if obscurity helped security, not realizing that it inconveniences only their customers and not their enemies. Any chance they would be willing to say what config change they made on their end about the time it stopped working, without reference to what is running on your end? Another thing to check is whether your ISP changed something. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FIXED: vpnc connects, but does not work
Hi perryh! Thanks for the reply.., On Sun, 11 Jan 2009, per...@pluto.rain.com wrote: I also have this problem, the difference being that mine **USED to** work, but now it suddenly stoped working. I tried adding the line to my conf file as you did, but for me, the problem remains: Appears to connect and authenticate successfully to my office's VPN concentrator Once (apparently) connected, I can't access any resources on the company network (mail / servers, etc), nor can I ping anything.., Including the IP address of your tun0 interface? (If you can ping that, but nothing beyond, you have a different problem than I had.) Nope - same as yours.., Wondering if you can point me to where you found the info on the various options I can try to continue debugging this problem, please. That line came from the output of vpnc --long-help. Other things to look at are the vpnc(8) manpage, the /usr/local/share/doc/vpnc/README file, and the TODO file in /usr/ports/security/vpnc/work/vpnc-0.4.0. There's more detail of what I think is going on in this thread: http://lists.freebsd.org/pipermail/freebsd-net/2009-January/020638.html By the time you get it working again, you will probably have learned more about the workings of vpnc than you really cared to know :) The FW guys at the office aren't exactly forthcoming where non-MS windows is concerned, you see.., This is great - I had a peek, so will pour over these and see how I get on with further debugging.., Its not TOO bad on my side, as I do have a Linux OS that I have access to that strangely does use vpnc successfully. Will press on with the pointers you've provided here. Thanks for the help! Regards, S Roberts Not surprising :( Too many security types act as if obscurity helped security, not realizing that it inconveniences only their customers and not their enemies. Any chance they would be willing to say what config change they made on their end about the time it stopped working, without reference to what is running on your end? Another thing to check is whether your ISP changed something. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
