Ubuntu Intrepid and vpnc

My company has a decent work-from-home policy. Every Thursday we can work from home. And most do, including myself. In addition to the regular Thursdays, we work from home whenever there are project deadlines - which is almost always. Hence, to have a solid VPN connection is a must for me.

My last non-Ubuntu desktop was Fedora. I compiled the Cisco vpnclient and used it without a problem. When I switched to Ubuntu Edgy (6.10) I started using the open source vpnc which worked quite nicely. The upgrade to Fiesty (7.04) and Gutsy (7.10) worked fine too. But from Hardy (8.04) the problem of dead-peer-detection raised its ugly head. There were patches available, but that didn't solve the problem for me. I was looking forward to the Intrepid (8.10) release hoping the the vpnc issue will be resolved for good. After Intrepid was released there were contradictory reports about whether the dead-peer-detection issue has been resolved. I decided to test it out myself. So I upgraded to Intrepid.

vpnc can be used from command line, or else one can install the vpnc plugin for the network-manager (nm) and control the vpnc connection from the network-manager applet. Until now, I have only used the command-line. But this time I have tried both for testing. This is what I have found:

• The dead-peer-detection issue is solved both in the command-line client as well as network-manager plugin when you pass the dead-peer-detection interval value 0 to the command-line program or check a box in the network-manager plugin.


• network-manager plugin has a bug that overwrites the resolv.conf when the VPN is disconnected. I am forgetting what exactly is the nature of the bug, but basically it didn't revert back to the original resolv.conf after VPN session ended. The bug may only be for the static IPs.


• Even if the dead-peer-detection issue was resolved, my VPN connection would just stall for a minute or two before continuing after I have typed about 10-15 characters in my SSH window. And this repeats over and over again. Googling the problem suggests something to do with routing table and/or DNS lookup. I tried different things for a while but none could resolve this issue.

At last I gave up and went back to the proprietary cisco vpnclient. I compiled and installed it following this post. Since then I am having a smooth VPN ride. I would love to go back to the open source vpnc client, but not at the expense of stability of connection. I need to earn my bread.