Kernel 2.6.8-1.521 breaks Cisco VPN client...

Kaj J.Niemi mail.sw.rh.rhl.devel at spam.fi.basen.net
Fri Sep 3 20:04:15 UTC 2004


> If i then shifts to the wire, UDP packages suddently isn't comming throug
> but tcp connections work fine. That is, no name server resolution, but I'm
> able to ping and access sites with the ip.

Since you're running 4.0.4B you might want to upgrade to 4.6.00.0045
(released August 25, 2004), which fixes "The Linux VPN Client does
not work with DNS requests and SMTP." (CSCee27420)

The workaround for 4.0.3, 4.0.4 and 4.0.5 is to use a split-tunnel setup
instead of tunneling everything and making sure the name servers are
positioned outside the ranges setup as being tunneled. This of course
will not work if your internal network consists of private address space
and your external name servers do not return the correct answers for
RFC 1918 address space queries. :) Yet another reason why nat is evil. ;-)



// kaj





More information about the fedora-devel-list mailing list