[Bug 355327] [NEW] regression potential Split-tunnel drops inside traffic

kentpost kentpost at hotmail.com
Sat Apr 4 20:42:19 UTC 2009 

Public bug reported:

Binary package hint: vpnc

On clean installs of Ubuntu 8.10 and 9.04(@4/4/2009), while using same config and same destination ASA 5510, same tunnelgrp/config.. I am seeing split-tunnel traffic behavior differences.
Split-tunnel inside network using split-DNS = one more complication perhaps outside QA scope.
On 9.04, I get ping replies (icmp is passing) from short-name,FQDN and ip but browser will not load any inside/tunnel sites. Browser is otherwise 100%~not browser isolated issue. Same issue with RDP/3389 traffic. Seems like only ICMP making roundtrip others getting lost. 
On 8.10, same home network src; same destination asa/grp -  all perfectly working as expected. 


I have modified route table, DHCP||DHCP-AddressOnly and all other config elements with no change on certainly 2(less certainly 3) separate 9.04(B) clean installs. While 8.10, Mac and Windows all function well from same remote network(home) to same destination(work).

This is my first Ubuntu bug report; I hope to have met basic posting
requirements and adhered to general scientific principles. I am able to
assist further and provide specific data where required.

In this sequence, we see sucesfull ping replies then an initial/first
contact from .5 then it goes dark. This is reproducible; nmap, if run
first, will find port 80 listening and then any requests will make it
appear offline.

HERE IS CENTOS HOST 10.1.1.5:
kent at rambutan2:~$ ping 10.1.1.5
PING 10.1.1.5 (10.1.1.5) 56(84) bytes of data.
64 bytes from 10.1.1.5: icmp_seq=1 ttl=63 time=1782 ms
64 bytes from 10.1.1.5: icmp_seq=2 ttl=63 time=2570 ms
64 bytes from 10.1.1.5: icmp_seq=3 ttl=63 time=1956 ms
64 bytes from 10.1.1.5: icmp_seq=4 ttl=63 time=1658 ms
^C
--- 10.1.1.5 ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 4015ms
rtt min/avg/max/mdev = 1658.116/1991.981/2570.812/350.600 ms, pipe 3
kent at rambutan2:~$ wget http://10.1.1.5
--2009-04-04 13:22:24--  http://10.1.1.5/
Connecting to 10.1.1.5:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: /twiki/bin/view/WebHome [following]
--2009-04-04 13:22:27--  http://10.1.1.5/twiki/bin/view/WebHome
Connecting to 10.1.1.5:80... connected.
HTTP request sent, awaiting response... ^C
kent at rambutan2:~$ nmap -v -A 10.1.1.5

Starting Nmap 4.76 ( http://nmap.org ) at 2009-04-04 13:23 PDT
Initiating Ping Scan at 13:23
Scanning 10.1.1.5 [1 port]
Completed Ping Scan at 13:23, 2.00s elapsed (1 total hosts)
Read data files from: /usr/share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.30 seconds
kent at rambutan2:~$ wget http://www.cnn.com
--2009-04-04 13:23:50--  http://www.cnn.com/
Resolving www.cnn.com... 157.166.255.18
Connecting to www.cnn.com|157.166.255.18|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 96260 (94K) [text/html]
Saving to: `index.html.1'

25% [========>                              ] 24,552      --.-K/s  eta 20s     ^C
kent at rambutan2:~$ nmap -v -A 10.1.1.5

Starting Nmap 4.76 ( http://nmap.org ) at 2009-04-04 13:24 PDT
Initiating Ping Scan at 13:24
Scanning 10.1.1.5 [1 port]
Completed Ping Scan at 13:24, 2.00s elapsed (1 total hosts)
Read data files from: /usr/share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.44 seconds

HERE IS WINDOWS OS HOST:
kent at rambutan2:~$ ping 10.1.1.27
PING 10.1.1.27 (10.1.1.27) 56(84) bytes of data.
64 bytes from 10.1.1.27: icmp_seq=1 ttl=127 time=3361 ms
64 bytes from 10.1.1.27: icmp_seq=2 ttl=127 time=3032 ms
^C
--- 10.1.1.27 ping statistics ---
5 packets transmitted, 2 received, 60% packet loss, time 4017ms
rtt min/avg/max/mdev = 3032.119/3196.856/3361.594/164.747 ms, pipe 4
kent at rambutan2:~$ wget http://10.1.1.27
--2009-04-04 13:30:50--  http://10.1.1.27/
Connecting to 10.1.1.27:80... connected.
HTTP request sent, awaiting response... ^C
kent at rambutan2:~$ ping 10.1.1.27
PING 10.1.1.27 (10.1.1.27) 56(84) bytes of data.
64 bytes from 10.1.1.27: icmp_seq=1 ttl=127 time=1436 ms
64 bytes from 10.1.1.27: icmp_seq=2 ttl=127 time=1506 ms
^C
--- 10.1.1.27 ping statistics ---
4 packets transmitted, 2 received, 50% packet loss, time 2999ms
rtt min/avg/max/mdev = 1436.969/1471.564/1506.159/34.595 ms, pipe 2
kent at rambutan2:~$ nmap -v -A 10.1.1.27

Starting Nmap 4.76 ( http://nmap.org ) at 2009-04-04 13:31 PDT
Initiating Ping Scan at 13:31
Scanning 10.1.1.27 [1 port]
Completed Ping Scan at 13:31, 2.00s elapsed (1 total hosts)
Read data files from: /usr/share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 2.40 seconds

GENERAL INFO:
kent at rambutan2:~$ lsb_release -rd
Description:	Ubuntu jaunty (development branch)
Release:	9.04
kent at rambutan2:~$ apt-cache policy vpnc
vpnc:
  Installed: 0.5.3-1
  Candidate: 0.5.3-1
  Version table:
 *** 0.5.3-1 0
        500 http://us.archive.ubuntu.com jaunty/universe Packages
        100 /var/lib/dpkg/status
kent at rambutan2:~$ apt-cache policy network-manager-vpnc
network-manager-vpnc:
  Installed: 0.7.1~20090213+bzr13-0ubuntu1
  Candidate: 0.7.1~20090213+bzr13-0ubuntu1
  Version table:
 *** 0.7.1~20090213+bzr13-0ubuntu1 0
        500 http://us.archive.ubuntu.com jaunty/universe Packages
        100 /var/lib/dpkg/status
kent at rambutan2:~$

** Affects: vpnc (Ubuntu)
     Importance: Undecided
         Status: New

-- 
regression potential Split-tunnel drops inside traffic
https://bugs.launchpad.net/bugs/355327
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list