Page 1 of 1

"Linux Host", "Windows guest": Cisco VPN routing problem

Posted: 20. Jul 2010, 17:38
by rlbay
Hi, I am writing here because after a major update of VirtualBox (I think from 3.1 to 3.2 but not sure), I am interested by a specific VPN connection problem.
This is the situation:
- host: Linux x86_64 (Ubuntu 10)
- guest: Windows XP SP3 32-bit

From Windows XP, I am connecting using Cisco VPN client using a bridged NIC. The connection is successful, but after that I am not able to use the remote lan.
What I can say is that:
1. ping remotehost fails
2. tracert -d remotehost fails as well since the first hop
3. the same Cisco VPN connection on a "real" XP machine, with almost the same configuration (patch level, installed software, ...), works fine (ping remotehost responds, tracert -d works, ...)
4. the same Cisco VPN connection on the same VBox Windows, guest worked fine some months ago
5. I tried to find a solution in different ways without solution:
- changed guest NIC from bridged to nat
- changed guest NIC emulation from Intel pro/1000 to AMD PCNet PCI II & III
- upgraded Cisco VPN software from 4.x to 5.x


It seems something related to Virtual Box. The most similar topic I have read is http://www.virtualbox.org/ticket/4499, but no solution is reported.
I do not know how to solve this issue.
Best regards
-Renato

"Linux Host", "Windows guest": Cisco VPN problem detail

Posted: 22. Jul 2010, 10:34
by rlbay
Hi, I am providing some details about what I think is a VirtualBox bug.

This is the situation before the Cisco VPN connection is established:

Code: Select all

C:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...08 00 27 24 1e 62 ...... Intel(R) PRO/1000 MT Desktop Adapter - SecuRemote Miniport
0x3 ...00 0c 29 71 65 e1 ...... Intel(R) PRO/1000 MT Desktop Adapter #2 - SecuRemote Miniport
0x4 ...54 cc a4 84 17 03 ...... Check Point Virtual Network Adapter For SecureClient - SecuRemote Miniport
0x10006 ...00 ff 68 bd 8c 86 ...... Juniper Network Connect Virtual Adapter - SecuRemote Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.3.2       10.0.3.15       10
          0.0.0.0          0.0.0.0        10.28.0.1     10.28.98.71       10
         10.0.3.0    255.255.255.0        10.0.3.15       10.0.3.15       10
        10.0.3.15  255.255.255.255        127.0.0.1       127.0.0.1       10
        10.28.0.0      255.255.0.0      10.28.98.71     10.28.98.71       10
      10.28.98.71  255.255.255.255        127.0.0.1       127.0.0.1       10
   10.255.255.255  255.255.255.255        10.0.3.15       10.0.3.15       10
   10.255.255.255  255.255.255.255      10.28.98.71     10.28.98.71       10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
        224.0.0.0        240.0.0.0        10.0.3.15       10.0.3.15       10
        224.0.0.0        240.0.0.0      10.28.98.71     10.28.98.71       10
  255.255.255.255  255.255.255.255        10.0.3.15       10.0.3.15       1
  255.255.255.255  255.255.255.255        10.0.3.15           10006       1
  255.255.255.255  255.255.255.255        10.0.3.15               4       1
  255.255.255.255  255.255.255.255      10.28.98.71     10.28.98.71       1
Default Gateway:         10.28.0.1
===========================================================================
Persistent Routes:
  None

C:\>ipconfig

Windows IP Configuration


Ethernet adapter NAT:

        Connection-specific DNS Suffix  . : replynet.prv
        IP Address. . . . . . . . . . . . : 10.0.3.15
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.3.2

Ethernet adapter bridged:

        Connection-specific DNS Suffix  . : replynet.prv
        IP Address. . . . . . . . . . . . : 10.28.98.71
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . : 10.28.0.1

Ethernet adapter {28FB614E-9DDE-482A-B9F9-CB5FEBBCA4DF}:

        Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Network Connect Adapter:

        Media State . . . . . . . . . . . : Media disconnected
This is the situation after the Cisco VPN connection is successfully established:

Code: Select all

C:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...08 00 27 24 1e 62 ...... Intel(R) PRO/1000 MT Desktop Adapter - SecuRemote Miniport
0x3 ...00 0c 29 71 65 e1 ...... Intel(R) PRO/1000 MT Desktop Adapter #2 - SecuRemote Miniport
0x4 ...54 cc a4 84 17 03 ...... Check Point Virtual Network Adapter For SecureClient - SecuRemote Miniport
0x10006 ...00 ff 68 bd 8c 86 ...... Juniper Network Connect Virtual Adapter - SecuRemote Miniport
0x10007 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - SecuRemote Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       2.250.9.33      2.250.9.33       1
       2.250.9.33  255.255.255.255        127.0.0.1       127.0.0.1       10
    2.255.255.255  255.255.255.255       2.250.9.33      2.250.9.33       10
         10.0.3.0    255.255.255.0        10.0.3.15       10.0.3.15       10
         10.0.3.0    255.255.255.0       2.250.9.33      2.250.9.33       10
        10.0.3.15  255.255.255.255        127.0.0.1       127.0.0.1       10
        10.28.0.0      255.255.0.0      10.28.98.71     10.28.98.71       10
        10.28.0.0      255.255.0.0       2.250.9.33      2.250.9.33       10
       10.28.0.11  255.255.255.255      10.28.98.71     10.28.98.71       1
      10.28.98.71  255.255.255.255        127.0.0.1       127.0.0.1       10
   10.255.255.255  255.255.255.255        10.0.3.15       10.0.3.15       10
   10.255.255.255  255.255.255.255      10.28.98.71     10.28.98.71       10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
    165.72.209.14  255.255.255.255        10.28.0.1     10.28.98.71       1
        224.0.0.0        240.0.0.0       2.250.9.33      2.250.9.33       10
        224.0.0.0        240.0.0.0        10.0.3.15       10.0.3.15       10
        224.0.0.0        240.0.0.0      10.28.98.71     10.28.98.71       10
  255.255.255.255  255.255.255.255       2.250.9.33      2.250.9.33       1
  255.255.255.255  255.255.255.255        10.0.3.15           10006       1
  255.255.255.255  255.255.255.255        10.0.3.15               4       1
  255.255.255.255  255.255.255.255        10.0.3.15       10.0.3.15       1
  255.255.255.255  255.255.255.255      10.28.98.71     10.28.98.71       1
Default Gateway:        2.250.9.33
===========================================================================
Persistent Routes:
  None

C:\>ipconfig

Windows IP Configuration


Ethernet adapter NAT:

        Connection-specific DNS Suffix  . : replynet.prv
        IP Address. . . . . . . . . . . . : 10.0.3.15
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :

Ethernet adapter bridged:

        Connection-specific DNS Suffix  . : replynet.prv
        IP Address. . . . . . . . . . . . : 10.28.98.71
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
        Default Gateway . . . . . . . . . :

Ethernet adapter {28FB614E-9DDE-482A-B9F9-CB5FEBBCA4DF}:

        Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Network Connect Adapter:

        Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 2.250.9.33
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 2.250.9.33

C:\>ping XXXX

Pinging XXXX [2.108.46.91] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 2.108.46.91:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Note that the ping command fails, whereas on real XP che ping command succeeds.

Is this the correct place where to find a solution?

Regards
-Renato

Re: "Linux Host", "Windows guest": Cisco VPN routing problem

Posted: 23. Jul 2010, 12:11
by TonyPh12345
Which Cisco VPN? Is it an SSL VPN?

I would argue that the GUEST behavior is correct.

When I use Cisco (Not SSL) VPN, I can no longer access my local network, I can only access hosts that are on the opposite side of the VPN tunnel.

Re: "Linux Host", "Windows guest": Cisco VPN routing problem

Posted: 23. Jul 2010, 12:18
by rlbay
Hi TonyPh12345,

>Which Cisco VPN? Is it an SSL VPN?
The exact name is "Cisco System VPN Client" actually at version 5.0.07.0290. It is not the SSL VPN Cisco client.

> I would argue that the GUEST behavior is correct.
> When I use Cisco (Not SSL) VPN, I can no longer access my local network, I can only access hosts that are on the opposite side of the VPN tunnel.
The problem is that I cannot reach the remote network! I know that the local network is forbidden, but I am supposed to reach the remote server for which I established the VPN connection. The problem is this one: I cannot reach the server which I supposed to reach. Using a "real" XP, the remote server is available, using che VBox'ed XP, the remote server is not available.

Regards
-Renato

Re: "Linux Host", "Windows guest": Cisco VPN routing problem

Posted: 26. Jul 2010, 13:27
by rlbay
Hi, is there any way to correct the (probable) bug I have reported?