SSH and VPN Cisco connection working on one laptop but not on another. Both laptops using Ubuntu 14.04. Where is the difference?

Question

I'm trying to SSH to our university server using VPN and WIFI connection.

The bug is similar to this one, although different in details.

The problem is as follows:

Me and my colleague are using Ubuntu 14.04 on two different laptops.

I can SSH to the server using his laptop and my SSH login details, but not with my laptop and my SSH login details. We are both using VPN connected to the same WIFI (eduroam) network and we are in the same office. Configuration files /etc/sysctl.conf and /etc/ssh/ssh_config are identical on both laptops. Both of us are using Cisco VPNC plugin, which is required to connect to our VPN network.

WIFI and VPN connections work fine on both laptops. Both laptops say that VPN is successfully established, and the lock appears on the WIFI icon on the top-right corner of the screen.

But when I try to ssh to the cluster from my laptop I get the following message:

ssh: connect to host “xxx” port 22: Connection timed out

More information which may be useful to describe the problem:

1. My laptop can ssh to the required server when it is connected via LAN to the local network, but again cannot connect to the cluster when it is connected via WIFI and VPN.

2. I can successfully ping to the server from my laptop while using WIFI connection, both with and without using VPN.

3. My colleague cannot ssh to the cluster using his SSH details and my laptop. He gets the same message port 22: Connection time out.

4. My laptop can successfully SSH to another server while using my WIFI (eudoram) connection. But this server is different from the one I want to SSH and it belongs to another university which does not require VPN.

5. I have tried to reinstall packages network-manager-vpnc and openssh-client. None of these helped. Restarting did not help.

nmap Gives:

Starting Nmap 6.40 ( http://nmap.org ) at “xxx”
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.06 seconds

nmap -Pn Gives:

Starting Nmap 6.40 ( http://nmap.org ) at “xxx”
Nmap scan report for ...
Host is up.
All 1000 scanned ports on “xxx” are filtered

Nmap done: 1 IP address (1 host up) scanned in 201.43 seconds

ssh -vvv “xxx” Gives

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to “xxx” [“xxx”] port 22.
debug1: connect to address “xxx” port 22: Connection timed out
ssh: connect to host “xxx” port 22: Connection timed out

1. What is wrong with the configuration of my Ubuntu?

2. What other configuration files (such as /etc/sysctl.conf or /etc/ssh/ssh_config) can I compare with the files of my colleague's laptop to find out what is different?

3. How can I test that the VPN connection works apart from seeing the lock on the top-right corner indicating that the VPN is active?

Answer 1

To connect to vpnc without using the vpnc manager install vpnc using

sudo apt-get install vpnc

Then create a file mycnf.conf containing the following information

IPSec gateway xx.xx.xx.xx
IPSec ID xxx
IPSec secret xxx
Xauth username xxx.xxx
Xauth password xxx

where xxx need to be replaced by your network and account details. You may not need to use all the settings (all the lines), or you may need to add more settings (more lines) into that file. This depends on your network properties.

Then replace the default vpnc configration file by running

sudo mv mycnf.conf /etc/vpnc/default.conf

Then connect with

sudo vpnc-connect

To disconnect use

sudo vpnc-disconnect

This does not give the answer to the question, but it provides a solution to the problem. Apparently, there is something going wrong with the vpnc manager based on package network-manager-vpnc. Unfortunately, I was not able to find what. Also, note that this answer has already been posted here: CISCO VPN configuration steps. What is new here is that network-manager-vpnc may not work whereas vpnc may do.

Answer 2

1. No idea.

2. There are lots. man ssh lists some (~/.ssh/config comes to mind). Others can be discovered using e.g. dpkg -L network-manager-vpnc, which lists all the files installed by that package. You'll have to figure out which ones are config files.

3. Try https://dnsleaktest.com/. I think it's mainly aimed at people trying to steal movies safely, but I think it'll work for you.