Bug ID 674569: F5 VPN can't restore default route on Fedora 26 when specific Network Access config is used

Last Modified: Mar 02, 2023

Bug Tracker

Affected Product:  See more info
APM-Clients APM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1

Opened: Jul 18, 2017
Severity: 2-Critical

Symptoms

F5 VPN can't restore default route on Fedora 26 when specific Network Access config is used. The issue manifests in a way that after disconnecting F5 VPN, there is no default route on the system. This seems to be Fedora 26 issue as 'route' CLI utility also can't add default route after deletion. Fedora 25 is not affected.

Impact

After disconnecting F5 VPN there is no default route in the system routing table causing no internet connectivity. LAN remains accessible.

Conditions

Fedora 25 is used along with F5 VPN Linux client. Network Access configuration has Full Tunnel configuration with Allow Local Subnet enabled.

Workaround

To mitigate the impact, bring the interface down and up: sudo ifconfig down <ifacename> sudo ifconfig up <ifacename> To workaround the issue: Reconfigure Network Access to emulate Full Tunnel with Split Tunneling. To do that: 1. Select 'Use split tunneling for traffic' in 'Traffic Options' option 2. Insert next routes into 'IPV4 LAN Address Space' 0.0.0.0/128.0.0.0 128.0.0.0/128.0.0.0 These two routes emulate one default route 0.0.0.0/0.0.0.0

Fix Information

None

Behavior Change