VPN connection & gateway problem - maemo.org

mcfab | # 1 | 2008-01-31, 10:43 | Report

Hi,

I'm using vpnc (a client for Cisco/VPN routers) through a WiFi connection at my job (N800+OS2008) .
The problem: in order to work VPNC needs to replace the default gateway (wlan0 interface) by its own gateway (tun0 interface), but it seems that the tablet's connection manager automatically restore the wlan0 gateway if I delete it.

Reproducing the bug into a "normal" wifi session:
1: make a wifi connection
2: open a web browser an make sure internet access is ok.
3: open xterm and type (as root) : "route del default"
this command removes the gateway (type "route" to check it) .
4: now retry internet surfing and check that internet is no more reachable.
5: try to access to some web sites during 1-2 minutes and suddenly: it works again!
6: finally return to xterm and type "route" : the gateway has been restored !

So how to say to the tablet: "please DO NOT touch the gateway!" :-E
Any ideas ?

Thanks a lot!

-- Fab

tvogel | # 2 | 2008-01-31, 11:28 | Report

Hm, I also use vpnc and after vpnc connected, it sets the routing table as follows. I don't have to set up any routing by hand.

Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.18.0.1      172.18.0.1      255.255.255.255 UGH   0      0        0 wlan0
172.18.0.0      *               255.255.0.0     U     0      0        0 wlan0
default         172.18.10.5     0.0.0.0         UG    0      0        0 tun0
default         172.18.0.1      0.0.0.0         UG    0      0        0 wlan0

I don't know if the duplicate default route is a potential problem, but actually it seems to work fine. Probably because the first default route is the one to the tunnel.

mcfab | # 3 | 2008-01-31, 12:57 | Report

Yes, this is exactly what i have at the first vpnc connection (tun0 first, then wlan0 gateway). It works effectively, but after some time (1 to 5 min), the web browser tell me "unable to connect to server XXX". Then I look at the route and I see the two gateways have been reversed! (wlan0 FIRST then tun0)

The first time I've encountered this problem I thought these two gateways were the problem, an this is the reason why I've tried to manually remove the extra "wlan0" .

Strange, isn't it ?

TA-t3 | # 4 | 2008-01-31, 12:58 | Report

@tvogel:
There should be only one default route, because that's where any destination not matching the 172.187.0.0 net is going. So, the second default route should really be deleted. The reason it works for you is probably, as you say, that the "correct" default route happens to be the first one listed.

tvogel | # 5 | 2008-01-31, 15:25 | Report

Anyway, I just checked and also after 10 min. the routing table is still the same and pings go through. No idea...

mcfab | # 6 | 2008-01-31, 17:04 | Report

Thanks for trying !

But I agree with TA-t3 . There should be only one default route.

I've tried to trace vpnc's output from xterm by running this command (as root):

vpnc --no-detach --debug 2 <my_config_file>

the connection appens but it prints: "route: SIOC[ADD|DEL]RT: no such device" . Have you ever seen this message ?

The Following User Says Thank You to mcfab For This Useful Post:

tvogel | # 7 | 2008-01-31, 22:28 | Report

Yes, and I found the cause:

Look at line 156f of /etc/vpnc/vpnc-script which looks like

Code:

                route $route_syntax_del default "$DEFAULTGW"
                route add default $route_syntax_gw "$INTERNAL_IP4_ADDRESS"

The first line is missing the $route_syntax_gw, so fix it to be this:

Code:

                route $route_syntax_del default $route_syntax_gw "$DEFAULTGW"
                route add default $route_syntax_gw "$INTERNAL_IP4_ADDRESS"

This will delete the old default route using the correct syntax prior to setting the new one.

BTW, I checked again and my N810 doesn't fiddle around with the default route. So, mcfab, could it be that your WLAN connection is not stable? If your tablet re-establishes the link it will redo DHCP and reset the default gw...

Tilman

The Following 2 Users Say Thank You to tvogel For This Useful Post:
TA-t3

mcfab | # 8 | 2008-02-01, 09:05 | Report

Thank you Tilman!
Now gateways are correctly set, and a bug has been erased from Earth

Your suggestion to look around DHCP is very interesting and I will investigate into this way.

mcfab | # 9 | 2008-02-01, 09:33 | Report

Good news!

I've got the answer from the vpnc maemo-port's maintainer :

Originally Posted by

It's the fault of the DHCP-client. Everytime the Lease-Time is over (which might happen in the interval ofjust a few minutes) a DHCP-Renew ist done. The tablet's DHCP-client is somehow broken, because it always sets the default route supplied by the DHCP-Server, even if there is a different default route active . I have not found a "clean" solution for that problem, yet. I personally edited /etc/udhcpc/udhcpc.script so that it doesn't do anything on RENEWs, just on BOUNDs.

Many thanks to him
Many thanks to you

Fabrice

The Following User Says Thank You to mcfab For This Useful Post:
TA-t3

TA-t3 | # 10 | 2008-02-01, 11:52 | Report

Good info from mcfab and tvogel here, thanks button engaged. Now, if those tidbits could be put into the wiki somehow.. it could be useful for others.