{"id":506,"date":"2025-08-13T15:55:53","date_gmt":"2025-08-13T13:55:53","guid":{"rendered":"https:\/\/vpn.univ-fcomte.fr\/?p=506"},"modified":"2025-08-13T15:55:53","modified_gmt":"2025-08-13T13:55:53","slug":"linux-le-tunnel-vpn-est-monte-mais-les-ressources-universitaires-ne-sont-pas-joignables","status":"publish","type":"post","link":"https:\/\/vpn.univ-fcomte.fr\/?p=506","title":{"rendered":"Linux : le tunnel vpn est mont\u00e9 mais les ressources universitaires ne sont pas joignables."},"content":{"rendered":"\n<p>Plusieurs cas de PC portables sous Linux (Ubuntu et Mint) nous ont \u00e9t\u00e9 remont\u00e9s pour lesquels le tunnel VPN monte correctement mais les ressources universitaires ne sont pas joignables. Nous avons d&rsquo;abord pens\u00e9 \u00e0 un probl\u00e8me de MTU souvent caract\u00e9ris\u00e9 par ce comportement. Mais en l&rsquo;occurrence, la MTU \u00e9tait bien param\u00e9tr\u00e9e.<\/p>\n\n\n\n<p>Apr\u00e8s consultation des logs des machines, on retrouve syst\u00e9matiquement les \u00e9l\u00e9ments suivants (<a href=\"https:\/\/www.mail-archive.com\/ubuntu-bugs@lists.ubuntu.com\/msg6086890.html\">https:\/\/www.mail-archive.com\/ubuntu-bugs@lists.ubuntu.com\/msg6086890.html<\/a>) :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ago 09 08:30:59 vmubuntu2404 kernel: nm-xfrm-1839711: Local routing loop <br>detected!<br>ago 09 08:30:59 vmubuntu2404 kernel: nm-xfrm-1839711: Local routing loop <br>detected!<br>ago 09 08:30:59 vmubuntu2404 kernel: nm-xfrm-1839711: Local routing loop <br>detected!<br>ago 09 08:30:59 vmubuntu2404 kernel: nm-xfrm-1839711: Local routing loop <br>detected!<br>ago 09 08:30:59 vmubuntu2404 kernel: nm-xfrm-1839711: Local routing loop <br>detected!<br>ago 09 08:30:59 vmubuntu2404 kernel: nm-xfrm-1839711: Local routing loop <br>detected!<\/code><\/pre>\n\n\n\n<p>La solution consiste \u00e0 arr\u00eater le service <strong>strongswan-starter<\/strong> (qui d\u00e9marre le service strongswan en tant que serveur) qui vient en conflit avec <strong>network-manager-strongswan<\/strong>.<br><br>Voici les instructions n\u00e9cessaires pour<strong> conna\u00eetre le status de ce service<\/strong> :<br><br><code>[sudo] systemctl status strongswan-starter<\/code><\/p>\n\n\n\n<p>ou :<\/p>\n\n\n\n<p><code>[sudo] service strongswan-starter status<\/code><\/p>\n\n\n\n<p>Voici les instructions n\u00e9cessaires pour <strong>arr\u00eater ce service<\/strong> :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>[sudo] systemctl stop strongswan-starter<\/code><\/pre>\n\n\n\n<p>ou :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>[sudo] service strongswan-starter stop<\/code><\/pre>\n\n\n\n<p>Le mieux consistera \u00e0 d\u00e9sinstaller ce paquet avec la commande suivante :<\/p>\n\n\n\n<p><code>[sudo] apt purge strongswan-starter<\/code><\/p>\n\n\n\n<p>Dans le cas d&rsquo;une installation \u00ab\u00a0vierge\u00a0\u00bb d&rsquo;Ubuntu 24.04, ce probl\u00e8me ne se pose a priori pas : le service <strong>strongswan-starter<\/strong> n&rsquo;est pas install\u00e9. Les paquets strictement n\u00e9cessaires au bon fonctionnement du vpn sont :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>network-manager-strongswan<\/li>\n\n\n\n<li>libcharon-extauth-plugins<\/li>\n\n\n\n<li>libcharon-extra-plugins<\/li>\n\n\n\n<li>libstrongswan-extra-plugins<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Plusieurs cas de PC portables sous Linux (Ubuntu et Mint) nous ont \u00e9t\u00e9 remont\u00e9s pour lesquels le tunnel VPN monte correctement mais les ressources universitaires ne sont pas joignables. Nous avons d&rsquo;abord pens\u00e9 \u00e0 un probl\u00e8me de MTU souvent caract\u00e9ris\u00e9 par ce comportement. Mais en l&rsquo;occurrence, la MTU \u00e9tait bien param\u00e9tr\u00e9e. Apr\u00e8s consultation des logs [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,20],"tags":[6,196,195],"class_list":["post-506","post","type-post","status-publish","format-standard","hentry","category-informations-techniques","category-problemes-utilisateurs","tag-linux","tag-network-manager-strongswan","tag-strongswan-starter"],"_links":{"self":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/506","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=506"}],"version-history":[{"count":7,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/506\/revisions"}],"predecessor-version":[{"id":513,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/506\/revisions\/513"}],"wp:attachment":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}