Juniper NCSVC and Linux 3.19

So interestingly I noticed that as soon as I upgraded to the 3.19 kernel (RC5 in my case) I was no longer able to connect to any internal machines on my corporate VPN.

Interestingly my private OpenVPN services still all functioned correctly.

In the 3.19 kernel there have been many changes to the network infrastructure so likely something there broke my VPN. It could also be a problem with the way exported routes from my corporate VPN. I’m not sure but I do know it doesn’t work right.

UPDATE:

Well it’s been a busy few weeks. I still haven’t run down which commit broke this, however given the amount of comments from all of you, it seems to be a problem for many more people than myself.

One thing I did suspect was a possible mishandling of certain packets generated by vpnc as multi-cast, unfortunately this didn’t pan out, so further investigation is still required.

UPDATE (2):

It seems from 4.5 forward (including 4.6 which I’m running now) This is broken yet again.

27 thoughts on “Juniper NCSVC and Linux 3.19

  1. I run into the same problem! Juniper Networks VPN is not working for me using Linux Kernel 3.19. I investigated 5h but could not solve this issue. I gave up and downgrade my system to 3.16. Now everything is working fine. Did you report this issue to Juniper or Linux Kernel Group?

  2. Hello

    same problem here with 3.19.0 stable. VPN it’s working with 3.18.7
    I’m trying to figure out where the problem is, and for now the only difference I have found in the NCSVC log is this line:
    20150213103340.712840 ncsvc[p8570.t8570] adapter.warn IP Packet too small 0 (adapter.cpp:141)

    after

    20150213103340.679731 ncsvc[p8570.t8570] ipsec.info IpsecEngine::setTunAdapter (nil) (engine.cpp:104)

    Then there are a lot of missing lines (about 40) like:
    20150213103526.253371 ncsvc[p8570.t8570] rmon.info got a netlink route update: type = 16 (routemon.cpp:351)

    that are present with kernel 3.18.7 (only three of them in 3.19.0)

  3. Do you think it has to do with the Cryptography changes, network or wireless changes? I have the same issue? Have you reported it on the Linux Kernel website?

  4. I tried nightly builds between 3.19.0 and 3.19.1 and they worked. I just tried the official 3.19.1 and it stop working again….very confusing.

  5. Someone should do a git bisect between 3.18.5 and 3.19.0 to find the change that broke us. Then report to the kernel devs.

    I would do it, but I don’t know when I will have time.

  6. Hello,

    I confirm the same problem.
    The Juniper client conects fine but no traffic is routed inside.
    Downgrading from 3.19.2 to 3.18.6 solved the problem.

  7. Yes, I can confirm the following with Fedora 21
    * network connect stop working since upgrade to Kernel 3.19 x86_64
    * read this post
    * yum update, and got new kernel: from 3.19.1 => 3.19.3-200.fc21.x86_64
    * everything works

    Many thanks Colin!

  8. I had this same issue in the past,

    I now have again the same or a similar issue with kernel 4.5, where 4.4 was fine. Anyone else?

  9. facing the problem on ubuntu 15.04 with linux kernel – 3.19.0-15-generic.. thank god, this post saved my time

Leave a Reply to Mike Cancel reply

Your email address will not be published. Required fields are marked *