VPNC dropping traffic

Question

I have a Linux VPS (Ubuntu Server 16.04 LTS) connected to my institution's VPN (which is Cisco-based). However, and even though the connection is correctly established, all traffic is dropped. I am using vpnc from the command line and all parameters have been checked and are correct.

I have tried to connect using vpnc with the exact same parameters from my desktop (Ubuntu 16.04 LTS) and everything works fine, no traffic is dropped.

Things I have tried:

• Disabling UFW
• Running vpnc in verbose mode (99), but no errors are shown
• dmesg or the syslog file shows nothing of interest
• Disabling and re-enabling the tun1 interface (the interface assigned to vpnc)
• Stopping my OpenVPN server (which is also running on tun0 on the same server)
• Checked the routing, the correct interface is used
• ping -I with the vpnc interface to ensure the problem is not related to routing. All packets are lost when using the vpnc interface (tun1 in my case). Note I am doing the ping to a server that is in the Cisco VPN, and which replies to ping packets when tested from my desktop connected to the VPN with the same user.

Any help would be very appreciated!

Answer 1

I was also in the same boat (using Debian v8.8 and vpnc v5.3r550); all was well with the connect (other than group name now being case sensitive), but once tunneled, I lost all traffic in and out. Then I noted that "sudo route -n" (while tunneled) had "dev tun0" entries for my DNS servers and my larger network (where route command before or after tunneling did not have any references to those), so I "sudo route del -net 123.123.123.123 dev tun0" (a few times over with real ip addresses) while tunneled, and all was working again. Guessing those are configured on the Cisco router or pulled from DHCP (I'm just a user). Anyway, I now have those scripted with the vpnc command (and maybe one day will investigate why my config file having "target-network" didn't work; i.e. didn't actually tunnel a specific network as entered, nor did it not route all traffic, as you might infer if you specified a target network!).