Saturday, March 27, 2010

Solutions to VPN Problems with Ubuntu Linux – vpnc, network-manager, “terminated by dead peer”, WICD

I have been successfully using the Linux vpnc client to connect into the corporate network for months. However, I recently gained access to a more secure VPN network at the company, and I had nothing but trouble. This blog post explains the solution for that, as well as some other random network issues I was having.

Will this blog post solve MY problem?

I don’t know if I can help you, but here are the symptoms I was having on my machine:

  • I could establish VPN, but something truncated my connection every 5 minutes
  • After establishing VPN from certain locations, I could not ssh to my target instance; it never resolved the IP address
  • As I moved around the building (particularly up and down stairs), I had trouble with re-establishing network
  • I found the network hanging every 2 minutes for a few seconds

Troubleshooting

The key to solving these problems is to look into /var/log/syslog. Do you see either of these entries?

"connection terminated by dead peer detection”

This will be noted when something terminates your VPN connection"

“Roamed from BSSID 00:0F:61:1B:A4:32 (ESSID) to (none) ((none))”, followed by “Roamed from BSSID (none) ((none)) to 00:0F:61:1B:A4:32 (ESSID)”

This will happen every 2 minutes, and will be associated with a pause in your network traffic.

network-manager was the problem for me

I believe the source of all the trouble was the second error noted above. Based on Google searches, this indicates that the network card is scanning for new wireless networks every 2 minutes. During this time (which lasts 6 seconds) no other network traffic can be sent. It makes sense that this would cause issues with a picky VPN.

See this Ubuntu bug report for a full explanation (and confusion as to the proper fix) related to this nasty problem. Some folks indicated the network-manager component to be the source of the problem. network-manager is the default network manager for GNOME Linux distros (like Ubuntu). The problem reported in the bug report does not affect everybody – only some network cards. I run on a Dell Latitude E6400 with an Dell 1510 network card.

Sadly, the network-manager folks didn’t agree that it was their problem. So I had to look elsewhere for a solution.

WICD was the solution for me

Following guidance from others posting on the bug report, I uninstalled network-manager and installed an alterative called WICD (pronounced “wicked”). I have been running WICD for a week, and I am sold. All of the issues that I reported are now gone.

WICD has much of the same functionality of network-manager, but is a bit simpler which perhaps is its strength. Here is a screen shot of the WICD applet:

wicd_applet

If you wish to go this route (highly recommended!), issue the following command. It will install wicd and remove network-manager:

sudo aptitude install wicd

Note that wicd doesn't currently (as of 1.6.1) have menu driven support for VPNs. It is supposed to come with version 2.0 though, so keep checking in on this. It simply means that to start a VPN connection, you will have to do it from the command line instead of from the applet. If you are using vpnc, that means you have to do this from a terminal:

sudo vpnc

WICD Pro Tip

One thing that should be the default in WICD, but isn’t, is to always show the wired network connection in the list. Choose this by checking the box in the UI here:

  • Preferences->General->Always show wired interface

2 comments:

  1. I have it up en running on 8.10, and helped a colleague the other day to sett it up, and all we used was the info above.This was really helpful! More power to you and to your site!


    VPN

    ReplyDelete
  2. Thanks so much. Yeah, I just shut downed network-manager and now my mounted drives from a network share are much faster when I'm on the VPN. Obviously network-manager is clogging up the VPN or something.

    ReplyDelete