Saturday, September 26, 2009

VPNC & Linux: "vpnc: no response from target" and host lookup

In trying to use VPNC on my desktop, running Arch Linx at home to VPN to work, I encountered two problems. The first is the popular vpnc: no response from target problem and the second involved determining the name of my host once I was connected.

I installed VPNC using Arch's package manager:

$ pacman -Sy vpnc
Then I copied a configuration file from my laptop running Ubuntu 9.04 to /etc/vpnc/mycompany.conf (I'm omitting the gateway address of course and replacing it with a series of X's):
IPSec ID 3des
IPSec gateway XXX.XXX.XX.X
IPSec secret 3des
Xauth username prystasj
NAT Traversal Mode cisco-udp

This worked fine for a while, but eventually I was unable to connect with the popular vpnc: no response from target exception. After some googling, I was added the following two IKE directives and a Local directive for the port:

IPSec ID 3des
IPSec gateway XXX.XXX.XX.X
IPSec secret 3des
Xauth username prystasj
IKE Authmode psk
IKE DH Group dh2
NAT Traversal Mode cisco-udp
Local Port 10000
Then I was back in business When viewing similar postings about the no response error, it was noted the NAT directive was one that was also commonly needed.

Hopefully the above can help some with similar connection issues. Now for the second problem. After my VPN connection was created, a Java application I needed to run required to lookup the hostname, was failing with a java.net.UnknownHostException.

To confirm, I ran nslookup with my hostname and received an error at the end of the output:

$ nslookup myhost
Server: 123.456.78.999
Address: 123.456.78.999#11

** server can't find myhost: NXDOMAIN
The answer it turns out (for me at least) lied in /etc/resolv.conf. When running VPNC the file was replaced with the contents similar to the following:
#@VPNC_GENERATED@ -- this file is generated by vpnc
# and will be overwritten by vpnc
# as long as the above mark is intact
# Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
domain gateway.2wire.net
nameserver 132.174.47.100
nameserver 132.174.47.101
# /etc/resolv.conf.tail can replace this line
I needed to add the address of my server as a nameserver taking the address from the output of nslookup:
domain gateway.2wire.net
nameserver 123.456.78.999
nameserver 132.174.47.100
nameserver 132.174.47.101
Now both nslookup, and therefore my Java application, can resolve the hostname:
$ nslookup myhost
Server: 123.456.78.999
Address: 123.456.78.999#11

Name: myhost.somegateway.someprovider.net
Address: 321.654.87.999

Unfortunately, I can no longer reach any hosts on the network I'm now connected to. I need to do some more research on resolving it seems. I also tried a search directive. I followed the advice here for dnsmasq: Setup of OpenDNS and dnsmasq (on Arch Linux).

Now the Java application cited it could not find a host with name D5BMHS91, so I had to edit my /etc/hosts as such:

# /etc/hosts: static lookup table for host names
127.0.0.1 localhost myhost D5BMHS91

Notes: This was all done on Arch Linx 2009.08. In order to get nslookup to work, I had to install dnsutils.

$ sudo pacman -Sy dnsutils

9 comments:

  1. Thanks man! This helped me get my vpn working! :) Was pulling my hair out trying to configure it.

    ReplyDelete
  2. This looks great, but I don't know where to look for my config file on ubuntu. I've tried looking in /etc/vpnc but nothing there. Any suggestions?

    ReplyDelete
  3. Comptom, config file is given to you by the administrator vpn network to which you want to connect

    ReplyDelete
  4. Thanks you saved my day. As you hinted just adding the NAT entry was sufficient to make it start working.

    --Girijesh

    ReplyDelete
  5. thanks dude. from russia with love )

    ReplyDelete
  6. Thanks bro the NAT entry helped :) . Saved my day

    ReplyDelete
  7. Thanks NAT entry saved me , life saver:)

    ReplyDelete
  8. I try to connect with my vpnc and I can't because i get always this message
    no response from target
    so what I do to solve this problem

    ReplyDelete
  9. This comment has been removed by the author.

    ReplyDelete