Mailing List Archive: vpnc: devel

have to type password twice now

Index | Next | Previous | View Threaded

serrs at theserrs

May 13, 2008, 12:06 PM

Post #1 of 12 (423 views)
Permalink

have to type password twice now

I've upgraded Linux distros and now I have to ALWAYS type my password
twice. The new distro, Ubuntu 8.04, uses vpnc 5.1.0. The old one,
Ubuntu 7.10, uses vpnc 4.0. I've verified that the problem is vpnc --
by compiling both versions on CentOS and seeing the same results.

I don't know what Cisco equipment my company has, but I'm sure someone
else has had this problem. Is there a configuration fix?

What to do next? Thanks! (I'd like to help others with vpnc... and
rather not have to tell them you have to type it in twice every time)
-Scott
_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

jmvpnc at loplof

Jun 10, 2008, 10:24 PM

Post #2 of 12 (334 views)
Permalink

Re: have to type password twice now [In reply to]

On Tue, May 13, 2008 at 01:06:46PM -0600, Scott Serr wrote:
> I've upgraded Linux distros and now I have to ALWAYS type my password
> twice. The new distro, Ubuntu 8.04, uses vpnc 5.1.0. The old one,
> Ubuntu 7.10, uses vpnc 4.0. I've verified that the problem is vpnc --
> by compiling both versions on CentOS and seeing the same results.
>
> I don't know what Cisco equipment my company has, but I'm sure someone
> else has had this problem. Is there a configuration fix?

Hmm, I don't have that problem. Can you please send the output of
vpnc --debug 3 ....

Thanks
Joerg

--
Joerg Mayer <jmayer[at]loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

farjumper at mail

Jun 11, 2008, 7:35 AM

Post #3 of 12 (334 views)
Permalink

Re: have to type password twice now [In reply to]

> > I've upgraded Linux distros and now I have to ALWAYS type my password
> > twice. The new distro, Ubuntu 8.04, uses vpnc 5.1.0. The old one,
> > Ubuntu 7.10, uses vpnc 4.0. I've verified that the problem is vpnc --
> > by compiling both versions on CentOS and seeing the same results.
> >
> > I don't know what Cisco equipment my company has, but I'm sure someone
> > else has had this problem. Is there a configuration fix?
>
> Hmm, I don't have that problem. Can you please send the output of
> vpnc --debug 3 ....

I have the same issue with Nortel. It looks like:

-----------------------
Enter password for sg9XXXXX[at]xxvpn.xxxxx.com:
Enter Synchronous Response:
Passcode for VPN sg909577[at]151.193.XXX.XXX:
VPNC started in foreground...
-----------------------

I hope your case is the same as mine.

--- start of logs ---
sudo ./vpnc --no-detach --debug 3
Enter password for sgXXXXXX[at]xxvpn.xxxxx.com:

vpnc version 0.5.1-291M
hex_test: 00010203

S1 init_sockaddr
[2008-06-11 17:01:32]

S2 make_socket
[2008-06-11 17:01:33]

S3 setup_tunnel
[2008-06-11 17:01:33]
using interface tun0

S4 do_phase1
[2008-06-11 17:01:33]

S4.1 create_nonce
[2008-06-11 17:01:33]
i_cookie: a3d297ee 3b2965af
i_nonce:
0a81e617 cfca2ec9 7f9bcf24 3db3276d 982ff19f

S4.2 dh setup
[2008-06-11 17:01:33]
dh_public:
06e741ad 9bdaaed3 3143ff3a 60086f3c acaa2a42 2fd2a715 9c6fca6f a2ae4e09
bbbcfa7f c41766c0 f14b02cf a62fe70d 20f4d338 ecd3dad1 135ec4d2 c387fb2c
bfe4fa6d 7790a954 a7612c67 e37982f0 a9617cff b95ced17 819694cb 2860cf3c
af006b56 7f76531a 2ccd2974 4f155b1b 2531488e e88502d8 53427089 d9585b3e

S4.3 AM packet_1
[2008-06-11 17:01:33]

sending: ========================>
BEGIN_PARSE
Recieved Packet Len: 748
i_cookie: a3d297ee 3b2965af
r_cookie: 00000000 00000000
payload: 01 (ISAKMP_PAYLOAD_SA)
isakmp_version: 10
exchange_type: 04 (ISAKMP_EXCHANGE_AGGRESSIVE)
flags: 00
message_id: 00000000
len: 000002ec

PARSING PAYLOAD type: 01 (ISAKMP_PAYLOAD_SA)
next_type: 04 (ISAKMP_PAYLOAD_KE)
length: 017c
sa.doi: 00000001 (ISAKMP_DOI_IPSEC)
sa.situation: 00000001 (ISAKMP_IPSEC_SIT_IDENTITY_ONLY)

PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0170
p.number: 00
p.prot_id: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
p.spi_size: 00
length: 0c
p.spi:

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 03 (ISAKMP_PAYLOAD_T)
length: 0020
t.number: 00
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
(not dumping xauth data)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 03 (ISAKMP_PAYLOAD_T)
length: 0020
t.number: 01
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
(not dumping xauth data)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0001 (IKE_HASH_MD5)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 03 (ISAKMP_PAYLOAD_T)
length: 0020
t.number: 02
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
(not dumping xauth data)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 03 (ISAKMP_PAYLOAD_T)
length: 0020
t.number: 03
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
(not dumping xauth data)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0001 (IKE_HASH_MD5)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 03 (ISAKMP_PAYLOAD_T)
length: 0020
t.number: 04
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
(not dumping xauth data)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 03 (ISAKMP_PAYLOAD_T)
length: 0020
t.number: 05
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 000e (IKE_ATTRIB_KEY_LENGTH)
(not dumping xauth data)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0007 (IKE_ENC_AES_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0001 (IKE_HASH_MD5)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 03 (ISAKMP_PAYLOAD_T)
length: 001c
t.number: 06
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0005 (IKE_ENC_3DES_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 03 (ISAKMP_PAYLOAD_T)
length: 001c
t.number: 07
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0005 (IKE_ENC_3DES_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0001 (IKE_HASH_MD5)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 03 (ISAKMP_PAYLOAD_T)
length: 001c
t.number: 08
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0001 (IKE_ENC_DES_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 03 (ISAKMP_PAYLOAD_T)
length: 001c
t.number: 09
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0001 (IKE_ENC_DES_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0001 (IKE_HASH_MD5)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 03 (ISAKMP_PAYLOAD_T)
length: 001c
t.number: 0a
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0000 (IKE_ENC_NO_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 001c
t.number: 0b
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0000 (IKE_ENC_NO_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0001 (IKE_HASH_MD5)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
DONE PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
DONE PARSING PAYLOAD type: 01 (ISAKMP_PAYLOAD_SA)

PARSING PAYLOAD type: 04 (ISAKMP_PAYLOAD_KE)
next_type: 0a (ISAKMP_PAYLOAD_NONCE)
length: 0084
ke.data:
06e741ad 9bdaaed3 3143ff3a 60086f3c acaa2a42 2fd2a715 9c6fca6f a2ae4e09
bbbcfa7f c41766c0 f14b02cf a62fe70d 20f4d338 ecd3dad1 135ec4d2 c387fb2c
bfe4fa6d 7790a954 a7612c67 e37982f0 a9617cff b95ced17 819694cb 2860cf3c
af006b56 7f76531a 2ccd2974 4f155b1b 2531488e e88502d8 53427089 d9585b3e
DONE PARSING PAYLOAD type: 04 (ISAKMP_PAYLOAD_KE)

PARSING PAYLOAD type: 0a (ISAKMP_PAYLOAD_NONCE)
next_type: 05 (ISAKMP_PAYLOAD_ID)
length: 0018
ke.data:
0a81e617 cfca2ec9 7f9bcf24 3db3276d 982ff19f
DONE PARSING PAYLOAD type: 0a (ISAKMP_PAYLOAD_NONCE)

PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID)
next_type: 0d (ISAKMP_PAYLOAD_VID)
length: 0020
id.type: 0b (ISAKMP_IPSEC_ID_KEY_ID)
id.protocol: 11
id.port: 01f4
id.data:
1ac0fcb2 3563ed3e 66916a65 79e944db dd3fd39e 00000000
DONE PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID)

PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
next_type: 0d (ISAKMP_PAYLOAD_VID)
length: 000c
ke.data: 09002689 dfd6b712
(Xauth)
DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)

PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
next_type: 0d (ISAKMP_PAYLOAD_VID)
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
(Cisco Unity)
DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)

PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
next_type: 0d (ISAKMP_PAYLOAD_VID)
length: 0014
ke.data: 4a131c81 07035845 5c5728f2 0e95452f
(Nat-T RFC)
DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)

PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
next_type: 0d (ISAKMP_PAYLOAD_VID)
length: 0014
ke.data: 90cb8091 3ebb696e 086381b5 ec427b1f
(Nat-T 02N)
DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)

PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
next_type: 0d (ISAKMP_PAYLOAD_VID)
length: 0014
ke.data: cd604643 35df21f8 7cfdb2fc 68b6a448
(Nat-T 02)
DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)

PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
next_type: 0d (ISAKMP_PAYLOAD_VID)
length: 0014
ke.data: 16f6ca16 e4a4066d 83821a0f 0aeaa862
(Nat-T 01)
DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)

PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
next_type: 0d (ISAKMP_PAYLOAD_VID)
length: 0014
ke.data: 4485152d 18b6bbcd 0be8a846 9579ddcc
(Nat-T 00)
DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)

PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0014
ke.data: afcad713 68a1f1c9 6b8696fc 77570100
(DPD)
DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
PARSE_OK

receiving: <========================
[2008-06-11 17:01:34]

S4.4 AM_packet2
[2008-06-11 17:01:34]
BEGIN_PARSE
Recieved Packet Len: 300
i_cookie: a3d297ee 3b2965af
r_cookie: 696245c5 c9963a9a
payload: 01 (ISAKMP_PAYLOAD_SA)
isakmp_version: 10
exchange_type: 04 (ISAKMP_EXCHANGE_AGGRESSIVE)
flags: 00
message_id: 00000000
len: 0000012c

PARSING PAYLOAD type: 01 (ISAKMP_PAYLOAD_SA)
next_type: 04 (ISAKMP_PAYLOAD_KE)
length: 0030
sa.doi: 00000001 (ISAKMP_DOI_IPSEC)
sa.situation: 00000001 (ISAKMP_IPSEC_SIT_IDENTITY_ONLY)

PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0024
p.number: 00
p.prot_id: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
p.spi_size: 00
length: 01
p.spi:

PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 001c
t.number: 06
t.id: 01 (ISAKMP_IPSEC_KEY_IKE)
t.attributes.type: 0001 (IKE_ATTRIB_ENC)
t.attributes.u.attr_16: 0005 (IKE_ENC_3DES_CBC)
t.attributes.type: 0002 (IKE_ATTRIB_HASH)
t.attributes.u.attr_16: 0002 (IKE_HASH_SHA)
t.attributes.type: 0003 (IKE_ATTRIB_AUTH_METHOD)
t.attributes.u.attr_16: 0001 (IKE_AUTH_PRESHARED)
t.attributes.type: 0004 (IKE_ATTRIB_GROUP_DESC)
t.attributes.u.attr_16: 0002 (IKE_GROUP_MODP_1024)
t.attributes.type: 7fff (IKE_ATTRIB_NORTEL_UNKNOWN)
t.attributes.u.attr_16: 000a
DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
DONE PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
DONE PARSING PAYLOAD type: 01 (ISAKMP_PAYLOAD_SA)

PARSING PAYLOAD type: 04 (ISAKMP_PAYLOAD_KE)
next_type: 0a (ISAKMP_PAYLOAD_NONCE)
length: 0084
ke.data:
45078eb4 ee66b880 35c80edd 648fb4e9 55675193 590760de 02558ecf cf8e6a61
05b15fb9 238c4a9e a4d7256f 9d162f96 f458109a e00e681e 722d1a37 141098bb
031b54e9 7da177a6 f06efb4d 5cf29bcb 90f9a159 ed46cba7 cbd8316a 420045e2
6df4b2e5 b71d0bcd 17cf40e6 54421337 c9a386d1 f2aa7d0d ccb3bf6a 1c837ccb
DONE PARSING PAYLOAD type: 04 (ISAKMP_PAYLOAD_KE)

PARSING PAYLOAD type: 0a (ISAKMP_PAYLOAD_NONCE)
next_type: 05 (ISAKMP_PAYLOAD_ID)
length: 0018
ke.data:
2d63d1ee 80ac4d1b d75e233b 8067391b 0a4b714f
DONE PARSING PAYLOAD type: 0a (ISAKMP_PAYLOAD_NONCE)

PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID)
next_type: 08 (ISAKMP_PAYLOAD_HASH)
length: 000c
id.type: 01 (ISAKMP_IPSEC_ID_IPV4_ADDR)
id.protocol: 00
id.port: 0000
id.data: 97c180fd
DONE PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID)

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0d (ISAKMP_PAYLOAD_VID)
length: 0018
ke.data:
c45227ff 129cf5e7 0774a537 066a703e b0136438
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
next_type: 0d (ISAKMP_PAYLOAD_VID)
length: 000c
ke.data: 424e4553 0000000a
(unknown)
DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)

PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0014
ke.data: afcad713 68a1f1c9 6b8696fc 77570100
(DPD)
DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
PARSE_OK
IKE SA selected psk-3des-sha1
unknown ISAKMP_PAYLOAD_VID: 424e4553 0000000a
peer is DPD capable (RFC3706)
dh_shared_secret:
e7fb2c07 c962f9ea a0cdc4aa 7b5be231 c5cffdb3 b4910f0e 4979a1f9 ae846e96
e9d47a09 d31ee8b0 7f63b4a2 40b25049 3ef31569 c042e6ba 94eb352b 24bd2687
15922b11 148924d4 4803f0e9 644cf78d c10f18a7 c68fb073 ca808575 ee004e49
96b9895d cb48fae0 aec477ab 7b734709 322de7a4 195fc7bf b59713a0 2c62821b
skeyid:
bfe5df52 a159cf06 d6b1969c 49f1a029 21430b54
expected hash:
c45227ff 129cf5e7 0774a537 066a703e b0136438
received hash:
c45227ff 129cf5e7 0774a537 066a703e b0136438
returned_hash:
2c62cbae 4ca9fcb4 1072629a e1b50d11 4ef3e6aa
psk_hash:
024bd40d 82ac7dcc 2e707ba6 f9a8162a baf6bd6e
dh_shared_secret:
e7fb2c07 c962f9ea a0cdc4aa 7b5be231 c5cffdb3 b4910f0e 4979a1f9 ae846e96
e9d47a09 d31ee8b0 7f63b4a2 40b25049 3ef31569 c042e6ba 94eb352b 24bd2687
15922b11 148924d4 4803f0e9 644cf78d c10f18a7 c68fb073 ca808575 ee004e49
96b9895d cb48fae0 aec477ab 7b734709 322de7a4 195fc7bf b59713a0 2c62821b
skeyid_d:
ab15cc7b bbe48b5c ed5eeb97 1c645a54 cdd591ae
skeyid_a:
e4451ed0 3c535a95 04d6634d 2a7728f8 54a52515
skeyid_e:
94f11915 88ef677f 2faf83ee 14201301 0b9f2a88
enc-key:
e90df34e a6734473 80fcc769 78ca84c3 8dbfa669 779aa6dd
current_iv: e1853832 c9e0f597

S4.5 AM_packet3
[2008-06-11 17:01:34]
NAT status: no NAT-T VID seen
size = 92, blksz = 8, padding = 4

sending: ========================>
BEGIN_PARSE
Recieved Packet Len: 124
i_cookie: a3d297ee 3b2965af
r_cookie: 696245c5 c9963a9a
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 04 (ISAKMP_EXCHANGE_AGGRESSIVE)
flags: 01
message_id: 00000000
len: 0000007c

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0b (ISAKMP_PAYLOAD_N)
length: 0018
ke.data:
2c62cbae 4ca9fcb4 1072629a e1b50d11 4ef3e6aa
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
next_type: 0d (ISAKMP_PAYLOAD_VID)
length: 001c
n.doi: 00000001 (ISAKMP_DOI_IPSEC)
n.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
n.spi_length: 10
n.type: 6002 (ISAKMP_N_IPSEC_INITIAL_CONTACT)
n.spi: a3d297ee 3b2965af 696245c5 c9963a9a
n.data:
DONE PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)

PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
next_type: 0d (ISAKMP_PAYLOAD_VID)
length: 0014
ke.data: 126e1f57 7291153b 20485f7f 155b4bc8
(unknown)
DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)

PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
(Cisco Unity)
DONE PARSING PAYLOAD type: 0d (ISAKMP_PAYLOAD_VID)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
PARSE_OK
initial_iv: f39d8b86 a12c3e36

receiving: <========================
[2008-06-11 17:01:34]

S4.6 cleanup
[2008-06-11 17:01:34]

S5 do_phase2_xauth
[2008-06-11 17:01:34]

S5.1 xauth_start
[2008-06-11 17:01:34]

S5.2 notice_check
[2008-06-11 17:01:34]
BEGIN_PARSE
Recieved Packet Len: 76
i_cookie: a3d297ee 3b2965af
r_cookie: 696245c5 c9963a9a
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
flags: 01
message_id: 4232b533
len: 0000004c

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
length: 0018
ke.data:
3291b2d4 fe25acbb 266e2a24 b25c5731 b59785ad
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0014
modecfg.type: 01 (ISAKMP_MODECFG_CFG_REQUEST)
modecfg.id: e3cb
t.attributes.type: 000d (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET)
t.attributes.u.attr_16: 0000
t.attributes.type: 000e (ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES)
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 000f (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_SUBNET)
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
PARSE_OK
hashlen: 20
u.hash.length: 20
expected_hash:
3291b2d4 fe25acbb 266e2a24 b25c5731 b59785ad
h->u.hash.data:
3291b2d4 fe25acbb 266e2a24 b25c5731 b59785ad

S5.3 type-is-xauth check
[2008-06-11 17:01:34]

S5.4 xauth type check
[2008-06-11 17:01:34]

S5.5 do xauth authentication
[2008-06-11 17:01:34]
size = 62, blksz = 8, padding = 2

sending: ========================>
BEGIN_PARSE
Recieved Packet Len: 92
i_cookie: a3d297ee 3b2965af
r_cookie: 696245c5 c9963a9a
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
flags: 01
message_id: 4232b533
len: 0000005c

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
length: 0018
ke.data:
48339057 41c87bfa 2218a1b1 6a758a18 e21a4027
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0026
modecfg.type: 02 (ISAKMP_MODECFG_CFG_REPLY)
modecfg.id: e3cb
t.attributes.type: 000d (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET)
(not dumping xauth data)
t.attributes.type: 000e (ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES)
(not dumping xauth data length)
(not dumping xauth data)
t.attributes.type: 0010 (ISAKMP_XAUTH_ATTRIB_NORTEL_PASSCODE)
(not dumping xauth data length)
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
PARSE_OK

receiving: <========================
[2008-06-11 17:01:34]

S5.2 notice_check
[2008-06-11 17:01:34]
BEGIN_PARSE
Recieved Packet Len: 108
i_cookie: a3d297ee 3b2965af
r_cookie: 696245c5 c9963a9a
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
flags: 01
message_id: 4232b533
len: 0000006c

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
length: 0018
ke.data:
82337e35 aafddbfc e0a38506 25feb25b a4c21ba9
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0035
modecfg.type: 01 (ISAKMP_MODECFG_CFG_REQUEST)
modecfg.id: e3cb
t.attributes.type: 000d (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET)
(not dumping xauth data)
t.attributes.type: 000e (ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES)
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0010 (ISAKMP_XAUTH_ATTRIB_NORTEL_PASSCODE)
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0011 (ISAKMP_XAUTH_ATTRIB_NORTEL_MESSAGE)
(not dumping xauth data length)
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
PARSE_OK
hashlen: 20
u.hash.length: 20
expected_hash:
82337e35 aafddbfc e0a38506 25feb25b a4c21ba9
h->u.hash.data:
82337e35 aafddbfc e0a38506 25feb25b a4c21ba9

S5.3 type-is-xauth check
[2008-06-11 17:01:34]

S5.4 xauth type check
[2008-06-11 17:01:34]
Enter Synchronous Response:

S5.5 do xauth authentication
[2008-06-11 17:01:34]
Passcode for VPN sgXXXXXX[at]151.193.XXX.XXX:
size = 62, blksz = 8, padding = 2

sending: ========================>
BEGIN_PARSE
Recieved Packet Len: 92
i_cookie: a3d297ee 3b2965af
r_cookie: 696245c5 c9963a9a
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
flags: 01
message_id: 4232b533
len: 0000005c

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
length: 0018
ke.data:
9ff930df 6e460cf6 1f2486f8 4a3c684a cc027560
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0026
modecfg.type: 02 (ISAKMP_MODECFG_CFG_REPLY)
modecfg.id: e3cb
t.attributes.type: 000d (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET)
(not dumping xauth data)
t.attributes.type: 0010 (ISAKMP_XAUTH_ATTRIB_NORTEL_PASSCODE)
(not dumping xauth data length)
(not dumping xauth data)
t.attributes.type: 000e (ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES)
(not dumping xauth data length)
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
PARSE_OK

receiving: <========================
[2008-06-11 17:01:39]

S5.2 notice_check
[2008-06-11 17:01:39]
BEGIN_PARSE
Recieved Packet Len: 60
i_cookie: a3d297ee 3b2965af
r_cookie: 696245c5 c9963a9a
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
flags: 01
message_id: 4232b533
len: 0000003c

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
length: 0018
ke.data:
60dc71cc 5b57018a b2bd689a 208728dd 6314ab4d
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0008
modecfg.type: 05 (unknown)
modecfg.id: e3cb
DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
PARSE_OK
hashlen: 20
u.hash.length: 20
expected_hash:
60dc71cc 5b57018a b2bd689a 208728dd 6314ab4d
h->u.hash.data:
60dc71cc 5b57018a b2bd689a 208728dd 6314ab4d

S5.3 type-is-xauth check
[2008-06-11 17:01:39]

S5.6 process xauth response
[2008-06-11 17:01:39]

S5.7 xauth done
[2008-06-11 17:01:39]

....
--- end of logs ---

Thanks
Vladimir
_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

robertfwest at gmail

Jun 13, 2008, 3:07 PM

Post #4 of 12 (317 views)
Permalink

Re: have to type password twice now [In reply to]

There are some details related to this over at
https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/214399

As I mentioned in the bug report, this breaks kvpnc's interaction with vpnc.

Ubuntu 8.04 (Hardy Heron) is actually using revision 275 from subversion.

I can gather and e-mail the debug output if you want.

jmvpnc at loplof

Jun 15, 2008, 4:03 AM

Post #5 of 12 (313 views)
Permalink

Re: have to type password twice now [In reply to]

On Fri, Jun 13, 2008 at 06:07:36PM -0400, Rob West wrote:
> There are some details related to this over at
> https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/214399
>
> As I mentioned in the bug report, this breaks kvpnc's interaction with vpnc.
>
> Ubuntu 8.04 (Hardy Heron) is actually using revision 275 from subversion.
>
> I can gather and e-mail the debug output if you want.

OK, after reading that bug a few other bug reports start to make more sense.
The unfortunate thing is: I can't reproduce it on my system (opensuse-factory
on 32 bit x86). I tried the (cat ...; echo ...) >u ; vpnc ./u and it worked
as I expected it to. No extra prompt. Any ideas why I can't reproduce it?
I'm using trunk of course but I don't remember adding any patches that would
be relevant to this problem.

ciao
Joerg
--
Joerg Mayer <jmayer[at]loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

robertfwest at gmail

Jun 17, 2008, 11:21 AM

Post #6 of 12 (297 views)
Permalink

Re: have to type password twice now [In reply to]

Joerg,

Thanks for giving it a try.

I checked out revision 317 and built trunk. It still has the problem with
our VPN.

So, I ran it with debug level 3 to give you more info. The output is
attached.

Thanks,
Rob

On Sun, Jun 15, 2008 at 6:03 AM, Joerg Mayer <jmvpnc[at]loplof.de> wrote:

> On Fri, Jun 13, 2008 at 06:07:36PM -0400, Rob West wrote:
> > There are some details related to this over at
> > https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/214399
> >
> > As I mentioned in the bug report, this breaks kvpnc's interaction with
> vpnc.
> >
> > Ubuntu 8.04 (Hardy Heron) is actually using revision 275 from subversion.
> >
> > I can gather and e-mail the debug output if you want.
>
> OK, after reading that bug a few other bug reports start to make more
> sense.
> The unfortunate thing is: I can't reproduce it on my system
> (opensuse-factory
> on 32 bit x86). I tried the (cat ...; echo ...) >u ; vpnc ./u and it worked
> as I expected it to. No extra prompt. Any ideas why I can't reproduce it?
> I'm using trunk of course but I don't remember adding any patches that
> would
> be relevant to this problem.
>
> ciao
> Joerg
> --
> Joerg Mayer <jmayer[at]loplof.de>
> We are stuck with technology when what we really want is just stuff that
> works. Some say that should read Microsoft instead of technology.
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel[at]unix-ag.uni-kl.de
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/<http://www.unix-ag.uni-kl.de/%7Emassar/vpnc/>
>

Attachments:

vpnc_debug_3_capture_scrubbed.txt (65.6 KB)

jmvpnc at loplof

Jun 17, 2008, 9:51 PM

Post #7 of 12 (295 views)
Permalink

Re: have to type password twice now [In reply to]

On Tue, Jun 17, 2008 at 01:21:46PM -0500, Rob West wrote:
> I checked out revision 317 and built trunk. It still has the problem with
> our VPN.
>
> So, I ran it with debug level 3 to give you more info. The output is
> attached.

OK, by looking at the trace I finally understood what this is all about:
SecurID and maybe other token cards showed that problem, normal password
prompts didn't. Your proposed fix seems correct in that it restores the
previous behaviour. I'm not quite sure that the previous behaviour is
correct in all cases but that's a different story.
Both, trunk and Nortel branch have your fix, so everyone who had this
problem: Please test. If possible: Can you test whether the NEXT_PIN mode
for SecurID still works?

Thanks for your analysis!

Joerg
_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

robertfwest at gmail

Jun 19, 2008, 3:08 PM

Post #8 of 12 (280 views)
Permalink

Re: have to type password twice now [In reply to]

Yesterday is a little hazy due to being at YAPC, but I'm fairly sure I tried
it and it worked. To be sure though, I'll try to update and retest again
tonight.

So, how can I test the NEXT_PIN mode? I think I've hit it in the past, but
don't know what I did to hit it.

Cheers,
Rob

On Wed, Jun 18, 2008 at 12:51 AM, Joerg Mayer <jmvpnc[at]loplof.de> wrote:

> On Tue, Jun 17, 2008 at 01:21:46PM -0500, Rob West wrote:
> > I checked out revision 317 and built trunk. It still has the problem with
> > our VPN.
> >
> > So, I ran it with debug level 3 to give you more info. The output is
> > attached.
>
> OK, by looking at the trace I finally understood what this is all about:
> SecurID and maybe other token cards showed that problem, normal password
> prompts didn't. Your proposed fix seems correct in that it restores the
> previous behaviour. I'm not quite sure that the previous behaviour is
> correct in all cases but that's a different story.
> Both, trunk and Nortel branch have your fix, so everyone who had this
> problem: Please test. If possible: Can you test whether the NEXT_PIN mode
> for SecurID still works?
>
> Thanks for your analysis!
>
> Joerg
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel[at]unix-ag.uni-kl.de
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/<http://www.unix-ag.uni-kl.de/%7Emassar/vpnc/>
>

jmvpnc at loplof

Jun 19, 2008, 6:31 PM

Post #9 of 12 (281 views)
Permalink

Re: have to type password twice now [In reply to]

Hello PHil,

after your patch that introduced NEXT_PIN support SecurID users needed to
enter a password that was not evaluated before being allowd to enter the
passcode. So I committed a small patch that fixes that problem but I don't
have any way to test whether next-pin mode still works.
Is it possible for you to test this?

Thanks
Joerg

On Thu, Jun 19, 2008 at 06:08:48PM -0400, Rob West wrote:
> > > So, I ran it with debug level 3 to give you more info. The output is
> > > attached.
> >
> > OK, by looking at the trace I finally understood what this is all about:
> > SecurID and maybe other token cards showed that problem, normal password
> > prompts didn't. Your proposed fix seems correct in that it restores the
> > previous behaviour. I'm not quite sure that the previous behaviour is
> > correct in all cases but that's a different story.
> > Both, trunk and Nortel branch have your fix, so everyone who had this
> > problem: Please test. If possible: Can you test whether the NEXT_PIN mode
> > for SecurID still works?

> Yesterday is a little hazy due to being at YAPC, but I'm fairly sure I tried
> it and it worked. To be sure though, I'll try to update and retest again
> tonight.
>
> So, how can I test the NEXT_PIN mode? I think I've hit it in the past, but
> don't know what I did to hit it.

--
Joerg Mayer <jmayer[at]loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

robertfwest at gmail

Jun 19, 2008, 8:29 PM

Post #10 of 12 (273 views)
Permalink

Re: have to type password twice now [In reply to]

OK, tried with revision 325. Both command-line and kvpnc work now.

So, what is your favored way to handle Ubuntu? Get them to apply the patch
or to grab a revision from svn?

Thanks,
Rob

On Thu, Jun 19, 2008 at 6:08 PM, Rob West <robertfwest[at]gmail.com> wrote:

> Yesterday is a little hazy due to being at YAPC, but I'm fairly sure I
> tried it and it worked. To be sure though, I'll try to update and retest
> again tonight.
>
> So, how can I test the NEXT_PIN mode? I think I've hit it in the past, but
> don't know what I did to hit it.
>
> Cheers,
> Rob
>
>
> On Wed, Jun 18, 2008 at 12:51 AM, Joerg Mayer <jmvpnc[at]loplof.de> wrote:
>
>> On Tue, Jun 17, 2008 at 01:21:46PM -0500, Rob West wrote:
>> > I checked out revision 317 and built trunk. It still has the problem
>> with
>> > our VPN.
>> >
>> > So, I ran it with debug level 3 to give you more info. The output is
>> > attached.
>>
>> OK, by looking at the trace I finally understood what this is all about:
>> SecurID and maybe other token cards showed that problem, normal password
>> prompts didn't. Your proposed fix seems correct in that it restores the
>> previous behaviour. I'm not quite sure that the previous behaviour is
>> correct in all cases but that's a different story.
>> Both, trunk and Nortel branch have your fix, so everyone who had this
>> problem: Please test. If possible: Can you test whether the NEXT_PIN mode
>> for SecurID still works?
>>
>> Thanks for your analysis!
>>
>> Joerg
>> _______________________________________________
>> vpnc-devel mailing list
>> vpnc-devel[at]unix-ag.uni-kl.de
>> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
>> http://www.unix-ag.uni-kl.de/~massar/vpnc/<http://www.unix-ag.uni-kl.de/%7Emassar/vpnc/>
>>
>
>

jmvpnc at loplof

Jun 20, 2008, 8:29 AM

Post #11 of 12 (269 views)
Permalink

Re: have to type password twice now [In reply to]

On Thu, Jun 19, 2008 at 11:29:16PM -0400, Rob West wrote:
> OK, tried with revision 325. Both command-line and kvpnc work now.
>
> So, what is your favored way to handle Ubuntu? Get them to apply the patch
> or to grab a revision from svn?

It's either way. There are some additoinal problems fixed, but they are not
serious, so just applying your patch and then go for 0.5.2 once it is released
should be as good as using current trunk. If they go for trunk it will be
easier to find possible regressions before a 0.5.2 release :-)

Ciao
Joerg

--
Joerg Mayer <jmayer[at]loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

phil at ipom

Jun 21, 2008, 4:05 PM

Post #12 of 12 (253 views)
Permalink

Re: have to type password twice now [In reply to]

Joerg Mayer wrote:
> Hello PHil,
>
> after your patch that introduced NEXT_PIN support SecurID users needed to
> enter a password that was not evaluated before being allowd to enter the
> passcode. So I committed a small patch that fixes that problem but I don't
> have any way to test whether next-pin mode still works.
> Is it possible for you to test this?

Joerg,

Can you give me a revision before and after your commit I can give to my
co-worker who agreed to test this feature?

Thanks
--
Phil Dibowitz phil[at]ipom.com
Open Source software and tech docs Insanity Palace of Metallica
http://www.phildev.net/ http://www.ipom.com/

"Never write it in C if you can do it in 'awk';
Never do it in 'awk' if 'sed' can handle it;
Never use 'sed' when 'tr' can do the job;
Never invoke 'tr' when 'cat' is sufficient;
Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming

Attachments:

signature.asc (0.25 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com