Cisco VPN problem with DNS

Ed Alexander esalexa at nc.rr.com
Fri Jun 9 16:46:09 UTC 2006 

Gavin,

Are you using the tg3 driver on the network interface you're going 
through to connect to the VPN?  If so, try a different driver.  There 
were (and probably still are) issues with the tg3 and Cisco VPN client.

In my case, I had a Broadcom interface, so I switched to the bcom driver 
(downloaded from their website) and it fixed the problem.  HTH.

Cheers,
Ed

> Subject: Cisco VPN problem with DNS
> From: "Gavin McDonald" <gavitron at gmail.com>
> Date: Thu, 8 Jun 2006 12:17:45 -0700
> To: "'General Red Hat Linux discussion list'" <redhat-list at redhat.com>
> 
> Hi list,
> 
> I have a client with a RHEL ES 3 server, 64-bit on Pentium D-930.
> We have tried Cisco VPN Client v4.7 and v4.8.
> 
> The problem is as such:
> 
> The cisco VPN client connects successfully, and IP connectivity is
> established.  the RHEL client can connect to all remote servers by IP.
> However, DNS is non-functional.  some digging shows that /etc/resolv.conf is
> not updated correctly by the VPN client.  Where this really gets strange
> though, is that even after correcting resolv.conf to point to the DNS
> server, (Which he can ping and even `tracepath <DNS_IP>/53`,) DNS lookups
> still fail.  he's been using /etc/hosts to define remote hosts, and name
> lookups for servers defined as such work fine.
> 
> I've checked his iptables, and unless I'm mistaken, the first rule should
> exlude that as the culprit:
> 
>> > Chain RH-Firewall-1-INPUT (2 references)
>> > target     prot opt source               destination
>> > ACCEPT     all  --  anywhere             anywhere
> 
> this rule should catch and allow ALL traffic, right?
> 
> So at this point I'm stymied.  I have now tasked our cisco rep with
> verifying the VPN server-side setup, but it appears that even if the VPN
> were to hand the DNS address correctly, DNS would still fail for a reason
> that eludes me.  (as manual edits to resolv.conf fail to work.)
> 
> I hope you guys can see something I missed,
> 
> Regards,
> 
> Gavin McDonald
> ========================
> EVI Logistic Enterprises
> email: me at gavitron.com
> phone: (604) 313-3845
> 
>

More information about the redhat-list mailing list