I'm now trying 0.9.6 on Vista 32-bit. I can connect and get an IP address from DNS server on remote LAN, but can't seem to ping or RDP to any host on the remote network. I can connect using vpnc on Linux from my same network and do everything. I can also connect using Cisco VPN client from same Vista 32-bit system.
I've noticed a couple of things that seem to stand out:
First in the Cisco ASA log I see almost an identical connection sequence for vpncfe vs Cisco VPN client except vpncfe also has the following line repeated 4 times:
192.168.190.219|224.0.0.22|Deny IP from 192.168.190.219 to 224.0.0.22, IP options: "Router Alert"
Second, the routing table seems to be different with vpncfe vs the Cisco VPN client:
vpncfe has the line: 192.168.190.0 255.255.255.0 192.168.190.201 192.168.1.129 (where 192.168.190.0 is the remote network and 192.168.190.201 is the address I'm assigned by the Cisco ASA and 192168.1.129 is my local IP)
Cisco VPN instead has the line: 192.168.190.0 255.255.255.0 192.168.190.1 192.168.1.129 (where 192.168.190.1 is the IP for the Cisco ASA itself)
I've read postings that allude to a NAT config problem on the ASA, however, since my Linux VPNC works just fine, I don't see how that could be the problem unless vpncfe handles the NAT issue differently (I'm using Cisco-UDP NAT-traversal).
I've tried manually adjusting the Windows routing table to look like the Cisco VPN pushed routing, but to no avail.
Is vpncfe just a very specialized configuration of vpnc that only works in specific Cisco setups or is it just vpnc that needs to be configured in a way I'm not understanding?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is it possible to paste the debug window here? What do the route add commands look like? Have you used vpnc under a cygwin configuration? I converted vpnc-script.js to AutoIt but the base network setup scripts are exactly the same, so I'm guessing if VPNCFE fails, so should vpnc on cygwin.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I actually haven't tried vpnc on cygwin. I was thinking about heading in that direction though since I couldn't get this to work. I've looked at the debug window but it never shows any errors. I've set debug to 2, still nothing. Should it be higher?
I'm still not sure why you setup the routing the way you do. Both with vpnc in Linux and Cisco VPN client in Windows there is a route to the entire remote LAN through the tunnel. I'm not sure why you seem to route to the single remote assigned address.
Please let me know about the debug and I'll be glad to include for you. Also, I'll setup a cygwin environment on my Windows system and try regular vpnc.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm not sure exactly what to suggest just yet. I am not convinced that just the routing table is the problem. I did try manually altering it after the connection with no success. I need to do more testing to see if there is something else going on.
In the meantime, here are the three routing tables for comparison. First just my normal routing table on this system:
The routing tables look similar to mine only that in vpncfe I didn't even get the gateway specified, in the rest the routes are just like in your case (subnets differ, but they don't change the idea). So I didn't test vpnc in cygwin, but I did test the vpnc in linux and it worked with the same settings that vpncfe generated (had to remove only the tap interface line cause there was no such network interface on linux) and I got a stable connection with data going in and out. I've also managed to do even some rdp.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm now trying 0.9.6 on Vista 32-bit. I can connect and get an IP address from DNS server on remote LAN, but can't seem to ping or RDP to any host on the remote network. I can connect using vpnc on Linux from my same network and do everything. I can also connect using Cisco VPN client from same Vista 32-bit system.
I've noticed a couple of things that seem to stand out:
First in the Cisco ASA log I see almost an identical connection sequence for vpncfe vs Cisco VPN client except vpncfe also has the following line repeated 4 times:
192.168.190.219|224.0.0.22|Deny IP from 192.168.190.219 to 224.0.0.22, IP options: "Router Alert"
Second, the routing table seems to be different with vpncfe vs the Cisco VPN client:
vpncfe has the line: 192.168.190.0 255.255.255.0 192.168.190.201 192.168.1.129 (where 192.168.190.0 is the remote network and 192.168.190.201 is the address I'm assigned by the Cisco ASA and 192168.1.129 is my local IP)
Cisco VPN instead has the line: 192.168.190.0 255.255.255.0 192.168.190.1 192.168.1.129 (where 192.168.190.1 is the IP for the Cisco ASA itself)
I've read postings that allude to a NAT config problem on the ASA, however, since my Linux VPNC works just fine, I don't see how that could be the problem unless vpncfe handles the NAT issue differently (I'm using Cisco-UDP NAT-traversal).
I've tried manually adjusting the Windows routing table to look like the Cisco VPN pushed routing, but to no avail.
Is vpncfe just a very specialized configuration of vpnc that only works in specific Cisco setups or is it just vpnc that needs to be configured in a way I'm not understanding?
Thanks for this information, I'm really trying to sort out the routing issues and this hopefully will help me.
Is it possible to paste the debug window here? What do the route add commands look like? Have you used vpnc under a cygwin configuration? I converted vpnc-script.js to AutoIt but the base network setup scripts are exactly the same, so I'm guessing if VPNCFE fails, so should vpnc on cygwin.
I actually haven't tried vpnc on cygwin. I was thinking about heading in that direction though since I couldn't get this to work. I've looked at the debug window but it never shows any errors. I've set debug to 2, still nothing. Should it be higher?
I'm still not sure why you setup the routing the way you do. Both with vpnc in Linux and Cisco VPN client in Windows there is a route to the entire remote LAN through the tunnel. I'm not sure why you seem to route to the single remote assigned address.
Please let me know about the debug and I'll be glad to include for you. Also, I'll setup a cygwin environment on my Windows system and try regular vpnc.
Actually I'm just doing the exact same thing that is done in vpnc-script.js. At least I should be…
When I compare the routes created by the Cisco client and VPNCFE when connecting to the server I have access to, I only see 2 differences.
A route is added like so (192.168.0.1 is my default gateway, 192.168.0.58 is the IP on NIC):
192.168.0.1 255.255.255.255 192.168.0.58 192.168.0.58 1
The route metrics for the automatically created routes are lower using the Cisco client (20 versus 30).
If you have any suggestions I'd be glad to listen.
I'm not sure exactly what to suggest just yet. I am not convinced that just the routing table is the problem. I did try manually altering it after the connection with no success. I need to do more testing to see if there is something else going on.
In the meantime, here are the three routing tables for comparison. First just my normal routing table on this system:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.17.254 192.168.17.129 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.17.0 255.255.255.0 On-link 192.168.17.129 281
192.168.17.129 255.255.255.255 On-link 192.168.17.129 281
192.168.17.255 255.255.255.255 On-link 192.168.17.129 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.17.129 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.17.129 281
Second, the routing table when connected using the Cisco VPN client:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.17.254 192.168.17.129 25
76.173.158.135 255.255.255.255 192.168.17.254 192.168.17.129 100
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.17.0 255.255.255.0 On-link 192.168.17.129 281
192.168.17.129 255.255.255.255 On-link 192.168.17.129 281
192.168.17.254 255.255.255.255 On-link 192.168.17.129 100
192.168.17.255 255.255.255.255 On-link 192.168.17.129 281
192.168.190.0 255.255.255.0 On-link 192.168.190.201 281
192.168.190.0 255.255.255.0 192.168.190.1 192.168.190.201 100
192.168.190.201 255.255.255.255 On-link 192.168.190.201 281
192.168.190.255 255.255.255.255 On-link 192.168.190.201 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.17.129 281
224.0.0.0 240.0.0.0 On-link 192.168.190.201 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.17.129 281
255.255.255.255 255.255.255.255 On-link 192.168.190.201 281
And, finally, the routing table when connected using vpncfe:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.17.254 192.168.17.129 25
76.173.158.135 255.255.255.255 192.168.17.254 192.168.17.129 26
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.17.0 255.255.255.0 On-link 192.168.17.129 281
192.168.17.129 255.255.255.255 On-link 192.168.17.129 281
192.168.17.255 255.255.255.255 On-link 192.168.17.129 281
192.168.190.0 255.255.255.0 192.168.190.201 192.168.17.129 26
192.168.190.0 255.255.255.0 On-link 192.168.190.201 286
192.168.190.201 255.255.255.255 On-link 192.168.190.201 286
192.168.190.255 255.255.255.255 On-link 192.168.190.201 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.17.129 281
224.0.0.0 240.0.0.0 On-link 192.168.190.201 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.17.129 281
255.255.255.255 255.255.255.255 On-link 192.168.190.201 286
Hopefully this will help illustrate my confusion over the different routes.
The routing tables look similar to mine only that in vpncfe I didn't even get the gateway specified, in the rest the routes are just like in your case (subnets differ, but they don't change the idea). So I didn't test vpnc in cygwin, but I did test the vpnc in linux and it worked with the same settings that vpncfe generated (had to remove only the tap interface line cause there was no such network interface on linux) and I got a stable connection with data going in and out. I've also managed to do even some rdp.
Hi all,
Please note my reply in http://sourceforge.net/projects/vpncfe/forums/forum/915352/topic/3374628/index/page/2
Unfortunately I haven't seen this discussion before but I believe that the issue as described in the other thread relates to this one.
Thanks!