So interestingly I noticed that as soon as I upgraded to the 3.19 kernel (RC5 in my case) I was no longer able to connect to any internal machines on my corporate VPN.
Interestingly my private OpenVPN services still all functioned correctly.
In the 3.19 kernel there have been many changes to the network infrastructure so likely something there broke my VPN. It could also be a problem with the way exported routes from my corporate VPN. I’m not sure but I do know it doesn’t work right.
UPDATE:
Well it’s been a busy few weeks. I still haven’t run down which commit broke this, however given the amount of comments from all of you, it seems to be a problem for many more people than myself.
One thing I did suspect was a possible mishandling of certain packets generated by vpnc as multi-cast, unfortunately this didn’t pan out, so further investigation is still required.
UPDATE (2):
It seems from 4.5 forward (including 4.6 which I’m running now) This is broken yet again.
I run into the same problem! Juniper Networks VPN is not working for me using Linux Kernel 3.19. I investigated 5h but could not solve this issue. I gave up and downgrade my system to 3.16. Now everything is working fine. Did you report this issue to Juniper or Linux Kernel Group?
I’ve not reported it yet. I hope to have time this weekend to play around with it further.
Hello
same problem here with 3.19.0 stable. VPN it’s working with 3.18.7
I’m trying to figure out where the problem is, and for now the only difference I have found in the NCSVC log is this line:
20150213103340.712840 ncsvc[p8570.t8570] adapter.warn IP Packet too small 0 (adapter.cpp:141)
after
20150213103340.679731 ncsvc[p8570.t8570] ipsec.info IpsecEngine::setTunAdapter (nil) (engine.cpp:104)
Then there are a lot of missing lines (about 40) like:
20150213103526.253371 ncsvc[p8570.t8570] rmon.info got a netlink route update: type = 16 (routemon.cpp:351)
that are present with kernel 3.18.7 (only three of them in 3.19.0)
Same issue!
adapter.warn IP Packet too small 🙁
Happening to me since I’ve updated to 3.19
Do you think it has to do with the Cryptography changes, network or wireless changes? I have the same issue? Have you reported it on the Linux Kernel website?
Honestly I’m not sure. I haven’t had time to investigate this further. It seems strange that other VPN’s still function without issue.
I tried nightly builds between 3.19.0 and 3.19.1 and they worked. I just tried the official 3.19.1 and it stop working again….very confusing.
Someone should do a git bisect between 3.18.5 and 3.19.0 to find the change that broke us. Then report to the kernel devs.
I would do it, but I don’t know when I will have time.
I upgraded kernel to 4.0.0rc4 and it is working again.
FYI 3.18.9 works
3.19.2 still a no-go
The same problem with kernel 3.19.2 on Arch Linux.
Downgrade to 3.18.6 Working good.
I am seeing the same issue on Fedora 21 with 3.19.1 and Dell Sonicwall Aventail Connect VPN.
The latest version of openconnect (http://www.infradead.org/openconnect/) can handle Juniper VPN’s too.
Hello,
I confirm the same problem.
The Juniper client conects fine but no traffic is routed inside.
Downgrading from 3.19.2 to 3.18.6 solved the problem.
Yes, I can confirm the following with Fedora 21
* network connect stop working since upgrade to Kernel 3.19 x86_64
* read this post
* yum update, and got new kernel: from 3.19.1 => 3.19.3-200.fc21.x86_64
* everything works
Many thanks Colin!
This patch fixes the issue:
https://bugzilla.kernel.org/show_bug.cgi?id=90901
Thanks, you saved for me a lot of time!
I’m happy you found this post and the discussions here useful!
I had this same issue in the past,
I now have again the same or a similar issue with kernel 4.5, where 4.4 was fine. Anyone else?
Yeah, I’m seeing the same problem with 4.6 as well, it seems another regression.
Hi, 4.5.4-1-ARCH works fine
Yup, I’m seeing this issue in 4.6.1. Anybody know a workaround?
facing the problem on ubuntu 15.04 with linux kernel – 3.19.0-15-generic.. thank god, this post saved my time
Bug report with patch here:
https://bugzilla.kernel.org/show_bug.cgi?id=121131
before running vpn login as root in terminal and run this:
“echo 0 > /proc/sys/net/ipv6/conf/default/router_solicitations”