“vpnc” on Linux is the best and most popular VPN client for Cisco gateways. Some distributions recently upgraded their stock version to 0.5.x and above which brought up some mysterious connection issues with some Cisco equipment.

It affected:

  • OpenSUSE 11 and above
  • SLED10SP2
  • Ubuntu 8.04 and above for sure
  • and probably some others

The problem is that the client disconnects every 5 minutes regardless and the logs are quite speechless. This problem is not well documented on the internet and this quick tip is trying to solve that.

Cisco VPN configuration includes a global feature called Dead Peer Detection (DPD) which enables a router to detect a dead peer and, if detected, delete the IPSec and IKE security associations with that peer.

My guess is that this problem will affect people who have their DPD turned off at the VPN gateway end and upgraded to “vpnc v0.5.x” or above where the “vpnc” software is compiled with the default 300 seconds DPD detection setting.

After all we have to turn off DPD at the client end as well (vpnc) what we can achieve 2 ways:

  • add “–dpd-idle 0” command line switch when invoking “vpnc”
  • better yet to add this line to the config file: “DPD idle timeout (our side) 0”

The config file location is varying between distributions, it could be any of the following:

/etc/vpnc.conf
/etc/vpnc/vpnc.conf
/etc/vpnc/default.conf

 

Further information: man vpnc

(Visited 1 times, 1 visits today)
Tags:
Category: SUSE Linux Enterprise Desktop, Technical Solutions
This entry was posted Wednesday, 19 November, 2008 at 10:33 am
You can follow any responses to this entry via RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet