Mageia forum

[janasx1]

Hi,
My employer use ciscoVPN and I have the pcf file for the connection.
I installed Kvpnc and imported the pcf file and am able to connect successfully.
After connection domain name lookup fails.
I checked the resolv.conf when it is connected and it has the DNS from my employer.
I also check it when disconnected and those DNS goes away.

For some reason, it looks like the system is not taking the DNS added to resolv.conf.
Can you please point me to what configurations I need to check for this issue?
Thanks

[isadora]

~topic moved by moderator

[janasx1]

I dont think its the name server issue.
When connected, I tried pinging the DNS in resolv.conf and its unreachable.
Looks like some issue with the route getting updated through the VPN server?

Please help.
Thanks

[tom_]

type

Code: Select all

route

and check is there is a route between your machine and the vpn server for the ip range you need.

if there isn't a route, this command could help you (adjust ip, netmask and device for your needs)

Code: Select all

route add -net 10.2.0.0 netmask 255.255.0.0 dev ppp0

[wintpe]

can you ping the dns server?

if you can...

check that nsswitch.conf has files dns against hosts:

otherwise the nss stack wont work

nslookup bypasses this, but apps dont.

and by the way cisco vpn brings up a firewall to block out all internet based traffic once the vpn is invoked so that the employers network is not exposed to a back door.

it can be disabled, but not many emploers do, for obvious reasons.

regards peter

[janasx1]

Tom,
Looks like the route is setup properly.

Here is the route without vpn pointing to the router.

Code: Select all

[root@localhost ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.11.1    0.0.0.0         UG    35     0        0 wlan0
link-local      *               255.255.0.0     U     35     0        0 wlan0
192.168.11.0    *               255.255.255.0   U     35     0        0 wlan0
[root@localhost ~]#

Here is the route with VPN

Code: Select all

[root@localhost ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               0.0.0.0         U     0      0        0 tun0
link-local      *               255.255.0.0     U     35     0        0 wlan0
192.168.11.0    *               255.255.255.0   U     35     0        0 wlan0
205.203.130.5   192.168.11.1    255.255.255.255 UGH   0      0        0 wlan0
[root@localhost ~]#

wintpe,
Ping does not go through for DNS.
From 172.26.146.220 icmp_seq=1 Destination Host Unreachable

Here is the content of nsswitch.conf file.

Code: Select all

passwd:         files
shadow:         files
group:          files

hosts:           mdns4_minimal files nis dns myhostname mdns4
networks:       files

services:       files
protocols:      files
rpc:            files
ethers:         files
netmasks:       files
netgroup:       files
publickey:      files

bootparams:     files
automount:      files
aliases:        files


Also, its not just the internet sites, its also servers in my office that I cant reach.

Thanks

[wintpe]

ok.

can i ask does this problem only come about when the cisco vpn is loaded or is it always.

in case you missed the line that said, cisco vpn brings up rules to block local access.

so lets say that your cisco vpn is not quite setup right and your local access gets blocked as soon as you
load cisco vpn that may be the perception.

have you tried disabling the systems firewall before you bring up the vpn, because if the cisco vpn which uses port 5000 by
default to reach the listening daemon at your emploers site cant get there, then the vpn tunnel may never let any traffic through.

also with routing , its a two way thing, ie you have a route that says where your traffic should go, ie through the tun0 device or whatever cisco uses these days, but the other end also needs a route back.

telnet can usualy tell if theres a route there but not back, as if it hangs, but does nothing else it will usualy indicate the route there is ok, if its says destination unreachable, then it usualy indicates that the route there is at fault, you can use telnet with almost any port on the other end, as you can with a similar tool "nc" or netcat

regards peter

[janasx1]

Thanks a lot Peter.
Its solved. Its the firewall issue. I am typing this reply from the VPN connection !!!

vvvvvvvvvvvvvvvvvvvvvvSOLUTIONvvvvvvvvvvvvvvvvvvvv

go to Mageia control center > security > Set up your personal firewall > selected Everything > press OK