search

streambinder / vpnc

IPsec (Cisco/Juniper) VPN concentrator client
https://davidepucci.it/doc/vpnc
GNU General Public License v2.0
37 stars 20 forks source link

target network bug/usage #25

Closed GFdevelop closed 2 years ago

GFdevelop commented 2 years ago

I am using vpnc to connect to my company vpn, vpnc connect to the network but only the connections to the addresses behind the vpn are working. I have tried to use the option IPSEC target network X.X.X.X/24 to route only traffic to these addresses and leave the others outside the vpn but when I start vpnc I have this output:

vpnc version 0.5.3
IKE SA selected psk+xauth-aes256-sha1
NAT status: this end behind NAT? YES -- remote end behind NAT? no
NAT-T mode: 2
got address X.X.X.X

and after seconds:

vpnc: no response from target
Error: argument "via" is wrong: use nexthop syntax to specify multiple via

I am using systemd-networkd with systemd-resolved and when vpnc is trying to establish the connection I have this output from resolvectl status:

Global
           Protocols: +LLMNR +mDNS +DNSOverTLS DNSSEC=yes/supported
    resolv.conf mode: stub
  Current DNS Server: 2001:4860:4860::8888#dns.google
         DNS Servers: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.10#dns.quad9.net 2606:4700:4700::1111#cloudflare-dns.com 2620:fe::10#dns.quad9.net

Link 3 (wlan0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS +DNSOverTLS DNSSEC=yes/supported
Current DNS Server: 192.168.1.254
       DNS Servers: 192.168.1.254 2001:b07:aa7:c399::1

Link 4 (docker0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=yes/supported

Link 6 (tun0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS +DNSOverTLS DNSSEC=yes/supported
Current DNS Server: 8.8.8.8
       DNS Servers: 8.8.8.8 8.8.4.

What is wrong? How can I route only the connections to these addresses with vpnc?

streambinder commented 2 years ago

It seems rather an issue related to dwmw2/vpnc-scripts. I think it's related to the command issued against ip tool (e.g. ip route add ... via ...) and a possible mismatch with the version you're running (nexthop is advised instead of via). Wich OS/distribution are you running?

GFdevelop commented 2 years ago

arch linux rolling release with linux 5.10.79-1-lts

streambinder commented 2 years ago

Which version is iproute2 at?

FYI, gonna close this issue anyway as not strictly related to vpnc itself. Suggest you to report this issue to vpnc-scripts maintainer.

GFdevelop commented 2 years ago

5.15.0 Hot to report on git.infradead.org?

streambinder commented 2 years ago

5.15.0

Giving a look at its source code to check whether field renaming or such happened, should answer to our question (even though I don't think a minor release would bring such a huge change).

Hot to report on git.infradead.org?

Honestly, no clue. I'd contact directly the author (easily reachable through other social medias).

GFdevelop commented 2 years ago

Anyway thank you.

streambinder commented 2 years ago

You welcome :)