In trying to use VPNC on my desktop, running Arch Linx at home to VPN to work, I encountered two problems. The first is the popular vpnc: no response from target problem and the second involved determining the name of my host once I was connected.
I installed VPNC using Arch's package manager:
$ pacman -Sy vpncThen I copied a configuration file from my laptop running Ubuntu 9.04 to /etc/vpnc/mycompany.conf (I'm omitting the gateway address of course and replacing it with a series of X's):
IPSec ID 3des
IPSec gateway XXX.XXX.XX.X
IPSec secret 3des
Xauth username prystasj
NAT Traversal Mode cisco-udp
This worked fine for a while, but eventually I was unable to connect with the popular vpnc: no response from target exception. After some googling, I was added the following two IKE directives and a Local directive for the port:
IPSec ID 3desThen I was back in business When viewing similar postings about the no response error, it was noted the NAT directive was one that was also commonly needed.
IPSec gateway XXX.XXX.XX.X
IPSec secret 3des
Xauth username prystasj
IKE Authmode psk
IKE DH Group dh2
NAT Traversal Mode cisco-udp
Local Port 10000
Hopefully the above can help some with similar connection issues. Now for the second problem. After my VPN connection was created, a Java application I needed to run required to lookup the hostname, was failing with a java.net.UnknownHostException.
To confirm, I ran nslookup with my hostname and received an error at the end of the output:
$ nslookup myhostThe answer it turns out (for me at least) lied in /etc/resolv.conf. When running VPNC the file was replaced with the contents similar to the following:
Server: 123.456.78.999
Address: 123.456.78.999#11
** server can't find myhost: NXDOMAIN
#@VPNC_GENERATED@ -- this file is generated by vpncI needed to add the address of my server as a nameserver taking the address from the output of nslookup:
# and will be overwritten by vpnc
# as long as the above mark is intact
# Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
domain gateway.2wire.net
nameserver 132.174.47.100
nameserver 132.174.47.101
# /etc/resolv.conf.tail can replace this line
domain gateway.2wire.netNow both nslookup, and therefore my Java application, can resolve the hostname:
nameserver 123.456.78.999
nameserver 132.174.47.100
nameserver 132.174.47.101
$ nslookup myhost
Server: 123.456.78.999
Address: 123.456.78.999#11
Name: myhost.somegateway.someprovider.net
Address: 321.654.87.999
Unfortunately, I can no longer reach any hosts on the network I'm now connected to. I need to do some more research on resolving it seems. I also tried a search directive. I followed the advice here for dnsmasq: Setup of OpenDNS and dnsmasq (on Arch Linux).
Now the Java application cited it could not find a host with name D5BMHS91, so I had to edit my /etc/hosts as such:
# /etc/hosts: static lookup table for host names
127.0.0.1 localhost myhost D5BMHS91
Notes: This was all done on Arch Linx 2009.08. In order to get nslookup to work, I had to install dnsutils.
$ sudo pacman -Sy dnsutils
Thanks man! This helped me get my vpn working! :) Was pulling my hair out trying to configure it.
ReplyDeleteThis looks great, but I don't know where to look for my config file on ubuntu. I've tried looking in /etc/vpnc but nothing there. Any suggestions?
ReplyDeleteComptom, config file is given to you by the administrator vpn network to which you want to connect
ReplyDeleteThanks you saved my day. As you hinted just adding the NAT entry was sufficient to make it start working.
ReplyDelete--Girijesh
thanks dude. from russia with love )
ReplyDeleteThanks bro the NAT entry helped :) . Saved my day
ReplyDeleteThanks NAT entry saved me , life saver:)
ReplyDeleteI try to connect with my vpnc and I can't because i get always this message
ReplyDeleteno response from target
so what I do to solve this problem
This comment has been removed by the author.
ReplyDelete