Fedora Networking :: Route Table Change Disconnects From Secure Connection
Oct 21, 2010
I use a secure connection to reach company network from outside. There's a client application "Juniper network", which creates the secured tunnel to a company network. However, the connection never survives more than 8 seconds, when it goes disconnected with the message "Route monitor alarm". From my recent search for a solution I've found that this error is caused by a change in a route table, which violates a connection policy.
"This disconnect is typically triggered by a change in the routing table of the client machine, the change is such that the split tunnel policies defined by the administrator will be violated" - from [URL]
This is how a routing table looks before, during and after the connection attempt:
Code:
[vs@dilbert network-scripts]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.64.64.64 * 255.255.255.255 UH 0 0 0 ppp0
xxx.xxx.xxx.0 10.64.64.64 255.255.255.255 UGH 0 0 0 ppp0
[Code].....
View 4 Replies
ADVERTISEMENT
Oct 21, 2010
I got this definition:"a process that replaces a series of related, specific routes in a route table with a more generic route." honestly I found it not so clear.. I want to know if this definition is correct and also more details about this subject..
View 1 Replies
View Related
Feb 10, 2010
Going haywire on a new Centos 5.4 64bit install on vmware esx 4. I should know, but my mind is obviously fucked up today. I get the "distination unreachable", indicating something ICMP related, checked network setup, all looks like usual. Except my routing table lacks the 127.0.0.0 and 0.0.0.0 def. gw entries, as in this working box example:
192.168.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.9.1 0.0.0.0 UG 0 0 0 eth0
FWIW, during install, did the usual basic firewall steps, not'n extra added but SSH. Tried with/without iptables, no change; no wonder given the lacky routing table. Sure, I can add what's missing, but I'd like to know why it's missing; i.e. what I missed on basic setup, as I'm going to repeat this with a nof Centos/RHEL installations (replacing SLES).
View 1 Replies
View Related
Feb 11, 2010
New Centos 5.4 64bit install on vmware esx 4, NAT net setup. I can ping/trace other servers on IP, do nslookup's on name..Ping(traceroute on name gets me "distination unreachable", indicating an ICMP issue, so I checked the network setup, all looks like usual.Well, except that my routing table lacks the 127.0.0.0 and 0.0.0.0 def. gw entries, as in this working box example:
192.168.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.9.1 0.0.0.0 UG 0 0 0 eth0
FWIW, during install, I did the usual basic firewall steps,including SSH.Tried with/without iptables, no change; no wonder given the lacky routing table. Sure, I can add what's missing to the routing table, but I'd like to know why it's missing; i.e. what I missed on basic setup, as I'm going to repeat this with a nof new installations (replacing SLES).
View 5 Replies
View Related
Sep 16, 2010
I have loaded ubuntu Lynx 10.04.1 as a dual boot behind XP home. I have wireless connection to the XP os via netgear wireless G router and USB 2.0 adapter. The network connection works well with the XP side. When I boot into ubuntu I am sure I have configured the network properly with the wep key and password and the network signal is alive in the work bar at the top of the screen. When I open Firefox and try to browse to ,say, ebay it asks for the passphrase again then tells me that FF is in work offline mode. When I correct this I get asked for the pass phrase again and the connection is disengaged. It just keeps asking for the passphrase and disconnecting. When I reboot into XP everything works perfectly again.
View 9 Replies
View Related
Apr 13, 2010
I upgraded to Karmic the other day and my Wireless Internet has been disconnecting every hour or so. I had the same problem on Intrepid but I managed to fix it somehow. After disconnecting, it will reconnect after a few seconds.
View 9 Replies
View Related
Apr 18, 2010
Recently I've installed Ubuntu 9.10. I have DSL connection so, I wrote all details needed. After trying to connect on it, it automatically disconnects and connect auth connection again. I have worked on 9.04 and older versions and used to work very good, also the internet connection, but not in 9.10.
View 5 Replies
View Related
Feb 20, 2011
Hey all, I have got this strange problem with my Slackware server acting as router and gateway to my internal network. It randomly disconnects the WAN connection after X days ( it is between 2-7 days ). This error messages occured in /var/log/messages just before it lost its WAN connection:
Feb 20 14:36:00 tml dhcpcd: eth1: failed to renew, attempting to rebind
View 10 Replies
View Related
Aug 23, 2010
I installed Cisco Anyconnect VPN client from the university website, to connect to the VNP. On Windows Vista everything worked fine without problem, while on Kubuntu 10.04 the installation has been OK, but when the client connects, my internet connection drops, so I'm not able to do anything!How should I fix this?I'm currently using an adsl, connecting through pppoeconf.
View 3 Replies
View Related
Sep 17, 2010
There are two connections in my Ubuntu server: eth0 is a normal interface and, eth1 is configured with an static IP, and has an domain name with that IP. But this connection is charged by bytes, very expensive.
how to set up the route table so that: everyone can access my server with the domain name, and let the traffic goes from eth0 as much as possible(I have a proxy service on my server. At least, let the proxy traffic goes from eth0)?
[Code]...
View 7 Replies
View Related
May 10, 2011
I've installed (Slackware 12.2) Cisco AnyConnect Secure Mobility Client for vpn connection (it is OpenSSL based app). When I'm trying to connect using this agent I get the error
Code: AnyConnect cannot confirm it is connected to your secure gateway.The local network may not be trustworthy.Please try another network.I don't know much about vpn. Any help are very welcomed.
View 1 Replies
View Related
Jan 24, 2011
Running Gentoo with kernel 2.6.29 on a Sparc Ultra 10. I'm having problems with my cable modem connection failing, so I've added a static route that enables me to log into the modem's diagnostics page at 192.168.100.1 when the connection drops; my /etc/conf.d/net looks like this (with the comment lines removed).
Code:
dns_domain_lo="MYNETWORK"
config_eth1=("192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255")
config_eth0=("dhcp")
routes_eth0=(
"192.168.100.1/32 via 0.0.0.0"
) dhcpcd_eth0="-N"
This works but after a period of several hours to several days, this static route disappears from the routing table.
View 1 Replies
View Related
Jun 16, 2010
I'm having a problem with Subversion. When I try an "svn up" it gives me this error message:
SSL handshake failed: Secure connection truncated
I'm running Ubuntu 10/4 but I also had this problem with 9/10. Does anyone know what this error message means? It appears to be an SSL problem but it's not clear to me what exactly the problem is. I do not have this problem with svn on my other office computer, nor my home computer. FYI, I'm running subversion on the Regina project.
The full error message is this:
Code:
svn up
svn: OPTIONS of '[URL]': SSL handshake failed: Secure connection truncated [URL]. Although I don't think there's anything specific to Regina about this svn problem, as I mentioned, I can "svn up" from home, or from my other office computer.
View 9 Replies
View Related
Oct 14, 2010
Several of our servers that do not have direct exposure to the Internet have the following entry appearing in their respective /var/log/secure files.Are these messages harmless? If so, is there any way or reason to suppress their appearing in the log files?
View 1 Replies
View Related
May 8, 2011
I have 3 network interfaces on my Linux Router :
Interface - Gateway - Type
Code:
br0 - 192.168.0.1 - Internet
eth2 - 192.168.1.1 - LAN
tun0 - 10.0.0.2 - VPN (via br0)
What I'd like to do is to route all TCP packets coming from eth2 to tun0 where a VPN client is running on 10.0.0.2. If I delete all default routes and if I add a new route to tun0 like :
Code:
route del default
route add default gw 10.0.0.2
Everything is fine, and everyone on eth2 can reach the Internet using the VPN access. Now the problem is that my VPN client does not allow any other protocols other than TCP. And I also want to allow VPN access only to eth2, no other LAN nor the router itself. use iptables to filter any TCP packets and mark them, so they can be sent to tun0, while any other packets can reach the Internet via br0 (192.168.0.1). I found on the Internet that we can mark packets before they get routed. Using the following commands :
Code:
iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i eth2 -p tcp --dport 80
ip route add table 300 default via 10.0.0.2 dev tun0
ip rule add fwmark 0x55 table 300
First of all, --dport 80 never work... :/ I wanted to filter TCP 80 packets coming from eth2, but none of them seems to be HTTP packets... oO (very strange...). Nevermind, I decided to forget about the --dport option. I use the "iptables -L -v -t mangle" command to see how many packets are marked, and it is working fine, all TCP packets coming from eth2 are marked. Now the problem is that none of them are routed to tun0 they are all respecting the "route -n" rules... and not the "table 300" rule I have created.
View 4 Replies
View Related
Apr 29, 2009
I would like to add a static route, however I do not understand what is meant by the Address setting below
GATEWAY2=10.241.58.62
NETMASK2=255.255.255.224
ADDRESS2=10.241.57.32
Does this mean any addresses beginning with 10.241.57.32 are routed over the gateway 10.241.58.62 an address range
View 3 Replies
View Related
Feb 10, 2011
I am running an Ubuntu Server on a VirtualBox VM running on my windows machine. So I've created a self-signed certificate using the following tutorial: [URL]
From this tutorial I'm left with 3 files:
server.key
server.csr
server.crt
Then I found this very similar tutorial that has an extra bit on installing the certificates in apache: [URL] So I followed it's instructions which boil down to this:
[Code]...
So I'm thinking this should work now. However in Chrome I get: SSL connection error Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have. Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. IE8 gives me a typical "Internet Explorer cannot display the webpage" Note that [URL] fails while [URL] works fine, so it's definitely something in my ssl setup I'm thinking.
View 5 Replies
View Related
Jan 27, 2009
After I updated to kernel-2.6.27.9-159.fc10 a couple of weeks ago, my wireless kept dropping the connection every few minutes (using an intel 3945 with the kernel iwl driver), particularly if secured with WPA. Updating to the 2.6.27.12-170.2.5.fc10 kernel currently in updates-testing has solved the problem.
View 3 Replies
View Related
Sep 15, 2009
This is the first one of probably many posts as I am new to Fedora having lots of questions. This one is about the openvpn client which is used by me to connect to my company network. Thanks to the Fedora FAQ it was easy for me to set up the client and establish a connection. There is just one problem every time I open a connection I am disconnected from my local Internet. I was using openvpn on my Windows XP PC before and there was no problem keeping two Network connections, the (W)LAN and the vpn tunnel. Does anyone know how to solve this? I am utilizing the latest Fedora 11 release and configured openvpn client via the Network Manager GUI.
View 2 Replies
View Related
Dec 19, 2010
iam working on fedora 14 kde 32-bit version
as the title says , when iam downloading anything from anywhere ,, even when iam updating , i cant use anything else on internet ,,, no chat , not even browsing ,
View 3 Replies
View Related
May 30, 2010
I have recently installed Fedora 13 on my laptop, an Acer Aspire One D150. The laptop has an Intel 4965agn wifi card which worked flawlessly under Fedora 12. Now however it keeps disconnecting every 10 minutes, even if I browse the web. On top of this, it also becomes very hot, so hot that you can feel it through the plastic case.
View 1 Replies
View Related
Nov 27, 2010
After a new fresh-from-DVD install of Fedora 14 64-bit (over top of Fedora 12 64-bit which went over top of Fedora 10 64-bit before that) my Linksys WUSB600N adapter connects at login to my WiFi N router with WPA2 Personal.
That is great, as previously (fc10/12) I had to use the Ralink drivers per ogetbilo's thread on this forum (that thread kept me on the net for many years now). And at some point this even became a pain because sometimes the system would boot and refuse to connect to the wireless (which would hang trying to connect) and then crash to a dump screen on shutdown (bug reported). The fix was hoped to be found in upgrading to F14 and the newer kernels with working native Ralink chip support.
But I still have an issue... the connection stays up for a few minutes then drops. If I disable/re-enable wireless it (at least sometimes) re-connects. But obviously that is not workable. This is a USB adapter and I am not entirely sure that there is not some USB powersave issue going on, but I do not see anywhere to disable system USB power saving either.
View 1 Replies
View Related
Jan 5, 2011
I recently installed Fedora 14 on my machine. Ever since I cannot connect to the Internet at home.henever I plugin in the ethernet cable the ADSL router disconnects and all machines connected to the router lose connection to the Internet.
View 9 Replies
View Related
Jan 25, 2011
Having trouble getting my Netgear WNA1000 working thru wireless router. Have tried lots of suggestions from other threads to no avail. Someone suggested that th routing table isn't set correctly, so have been trying to use the follwing to make the proper entry in the routing table: sudo route add -net 192.168.0.1 netmask 255.255.255.0 dev wlan0
Result: error message stating with:
"route: netmask does not match route address"
followed by "Usage" instructions which tell me to do what I just did. Any ideas on how I can populate my routing table with correct entry for my wireless card? Not to complicate matters, but I temporarily turned off encryption on my router to eliminate that as a possibility until I get connected. So maybe it'still trying to connect via encrypted mode - do I need to turn off encryption on my (client) end?
View 2 Replies
View Related
Jul 3, 2009
I'm currently on F11, and experienced problems with Network Manager. Whenever I to connect to a network, wired or wireless, it just seems to try to connect, and then after 2-3 seconds, it just reports "Disconnected"..
Then I switched to network, and both wired and wireless works. so I don't think there is any driver or hardware issue...
Does anyone have any idea of this problem? The network manager have worked on the live CD version ( before installed to HD).
View 12 Replies
View Related
Nov 23, 2009
With Fedora 11, I got NetworkManager, and it never worked right.. Right now, the nm-applet crashes regularly, no message nothing, just disappears from the panel. I wrote a two-liner to run it in an infinite loop. But my wifi also disconnects every 10 minutes. It's like clockwork, it just disconnects. I see things about "error 38" in the logs. I tried downgrading, upgrading, nothing helped.
[Code].....
View 7 Replies
View Related
Jan 10, 2010
Is there any application out there for linux that can notify me of when a new IP address connects or disconnects to my network?
View 5 Replies
View Related
Feb 14, 2010
I have two system, an Intel Core2 Duo system running the 32-bit version of Fedora 12, and a MacBook Pro running the 64-bit version of Fedora 12. I'm using the Gnome desktop on each system. I have enabled all the services I believe are necessary to support NFS including nfs, rpcbind, rpcgssd, rpcidmapd, and rpcsvcgssd on each system. I have added an entry to my /etc/exports file to export my home on each system, and if I type this command:
$ showmount -e localhost
I get a result like this:
Export list for localhost:
/home/tron 192.168.200.101,192.168.200.100
However when I issue this type of command:
$ showmount -e <remote host name>
I get this kind of result: rpc mount export: RPC: Unable to receive; errno = No route to host Research on the Internet indicates this is usually due to a firewall problem. However, I use the Firewall Configuration application to the disable the firewall on both systems, and I continue to get the same result. What is needed so I can get this two machines to display their exported file shares remotely? It turns out I did not disable the firewall when I thought I had. Now that I'm certain the firewall is disabled on both systems, I'm able to get the showmount command to succeed.
View 5 Replies
View Related
Feb 13, 2010
I have two system, an Intel Core2 Duo system running the 32-bit version of Fedora 12, and a MacBook Pro running the 64-bit version of Fedora 12.
I'm using the Gnome desktop on each system. I have enabled all the services I believe are necessary to support NFS including nfs, rpcbind, rpcgssd, rpcidmapd, and rpcsvcgssd on each system.
I have added an entry to my /etc/exports file to export my home on each system, and if I type this command:
$ showmount -e localhost
I get a result like this: Export list for localhost: /home/tron 192.168.200.101,192.168.200.100
However when I issue this type of command: $ showmount -e <remote host name>
I get this kind of result: rpc mount export: RPC: Unable to receive; errno = No route to host
Research on the Internet indicates this is usually due to a firewall problem. However, I use the Firewall Configuration application to the disable the firewall on both systems, and I continue to get the same result.
What is needed so I can get this two machines to display their exported file shares remotely?
View 44 Replies
View Related
Feb 20, 2010
I'm currently using Pidgin 2.6.2 on Karmic. Status changes work fine if I change it in Pidgin, but if I use the user switching applet to change my status is consistently disconnects my connection to Windows Live (but not AIM or GTalk), claiming that I have "signed on from another location". A quick Google and forums search turned up nothing.
View 3 Replies
View Related
