“vpnc” on Linux is the best and most popular VPN client for Cisco gateways. Some distributions recently upgraded their stock version to 0.5.x and above which brought up some mysterious connection issues with some Cisco equipment.
- OpenSUSE 11 and above
- Ubuntu 8.04 and above for sure
- and probably some others
The problem is that the client disconnects every 5 minutes regardless and the logs are quite speechless. This problem is not well documented on the internet and this quick tip is trying to solve that.
Cisco VPN configuration includes a global feature called Dead Peer Detection (DPD) which enables a router to detect a dead peer and, if detected, delete the IPSec and IKE security associations with that peer.
My guess is that this problem will affect people who have their DPD turned off at the VPN gateway end and upgraded to “vpnc v0.5.x” or above where the “vpnc” software is compiled with the default 300 seconds DPD detection setting.
After all we have to turn off DPD at the client end as well (vpnc) what we can achieve 2 ways:
- add “–dpd-idle 0” command line switch when invoking “vpnc”
- better yet to add this line to the config file: “DPD idle timeout (our side) 0”
The config file location is varying between distributions, it could be any of the following:
/etc/vpnc.conf /etc/vpnc/vpnc.conf /etc/vpnc/default.conf
Further information: man vpnc