Mailing List Archive: vpnc: devel

Problem with 0.5.3

Index | Next | Previous | View Threaded

tom5760 at gmail

Dec 19, 2008, 5:29 PM

Post #1 of 6 (1550 views)
Permalink

Problem with 0.5.3

Hello all:

I am having a problem connecting to my job's VPN with version 0.5.3.
I'm running it on (Arch) Linux. My distribution had been using 0.5.1
for awhile, and that worked fine.

I checked out the SVN version, and tracked down the commit that seems
to have broken it. I can connect to my VPN with SVN revisions up to
and including revision 326. Revisions 327 and later fails after
printing my job's welcome message with the following error:

./vpnc: quick mode response rejected: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)
this means the concentrator did not like what we had to offer.
Possible reasons are:
* concentrator configured to require a firewall
this locks out even Cisco clients on any platform expect windows
which is an obvious security improvment. There is no workaround (yet).
* concentrator configured to require IP compression
this is not yet supported by vpnc.
Note: the Cisco Concentrator Documentation recommends against using
compression, expect on low-bandwith (read: ISDN) links, because it
uses much CPU-resources on the concentrator

The latest SVN revision (384) also fails with the same error. I have
looked at the diff between 326 and 327 and nothing jumps out at me as
a problem (though this is the first time I have looked at vpnc code,
so its pretty unfamiliar).

Does anyone have any ideas?

Thanks!
-Tom
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

jmvpnc at loplof

Dec 21, 2008, 2:22 AM

Post #2 of 6 (1470 views)
Permalink

Re: Problem with 0.5.3 [In reply to]

On Fri, Dec 19, 2008 at 08:29:56PM -0500, Tom Wambold wrote:
> I checked out the SVN version, and tracked down the commit that seems
> to have broken it. I can connect to my VPN with SVN revisions up to
> and including revision 326. Revisions 327 and later fails after
> printing my job's welcome message with the following error:
...
> The latest SVN revision (384) also fails with the same error. I have
> looked at the diff between 326 and 327 and nothing jumps out at me as
> a problem (though this is the first time I have looked at vpnc code,
> so its pretty unfamiliar).

Interesting :-(
IIRC the only thing that really changed is the order when config_tunnel(s) is
called: With r327 it is now called before any of the QM stuff is done, with
r326 it was called after packet 3 of QM was sent. Please apply the attached
patch to r327 and let me know if it makes any difference. If it does, please
add a line "set -x" near the top of vpnc-script and then run
vpnc --no-detach --debug 3 <profile>
once for r327 and once for r327 with patch and either find out the difference
or provide me with both logs so I may have a look at them. This only makes
sense if the patch helps :-)

Thanks!
Joerg
--
Joerg Mayer <jmayer [at] loplof>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

tom5760 at gmail

Dec 21, 2008, 10:33 AM

Post #3 of 6 (1465 views)
Permalink

Re: Problem with 0.5.3 [In reply to]

> Please apply the attached
> patch to r327 and let me know if it makes any difference.

I think you may have forgotten to attach the patch? I do not see it
on my mail client, or in the archive.

Once I get the patch, I will try this right away.

Thanks for your time!
-Tom

On Sun, Dec 21, 2008 at 5:22 AM, Joerg Mayer <jmvpnc [at] loplof> wrote:
> On Fri, Dec 19, 2008 at 08:29:56PM -0500, Tom Wambold wrote:
>> I checked out the SVN version, and tracked down the commit that seems
>> to have broken it. I can connect to my VPN with SVN revisions up to
>> and including revision 326. Revisions 327 and later fails after
>> printing my job's welcome message with the following error:
> ...
>> The latest SVN revision (384) also fails with the same error. I have
>> looked at the diff between 326 and 327 and nothing jumps out at me as
>> a problem (though this is the first time I have looked at vpnc code,
>> so its pretty unfamiliar).
>
> Interesting :-(
> IIRC the only thing that really changed is the order when config_tunnel(s) is
> called: With r327 it is now called before any of the QM stuff is done, with
> r326 it was called after packet 3 of QM was sent. Please apply the attached
> patch to r327 and let me know if it makes any difference. If it does, please
> add a line "set -x" near the top of vpnc-script and then run
> vpnc --no-detach --debug 3 <profile>
> once for r327 and once for r327 with patch and either find out the difference
> or provide me with both logs so I may have a look at them. This only makes
> sense if the patch helps :-)
>
> Thanks!
> Joerg
> --
> Joerg Mayer <jmayer [at] loplof>
> We are stuck with technology when what we really want is just stuff that
> works. Some say that should read Microsoft instead of technology.
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel [at] unix-ag
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/
>
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

jmvpnc at loplof

Dec 21, 2008, 12:43 PM

Post #4 of 6 (1466 views)
Permalink

Re: Problem with 0.5.3 [In reply to]

On Sun, Dec 21, 2008 at 01:33:33PM -0500, Tom Wambold wrote:
> > Please apply the attached
> > patch to r327 and let me know if it makes any difference.
>
> I think you may have forgotten to attach the patch? I do not see it
> on my mail client, or in the archive.

Sigh, you are right of course :-/
I hope it's better this time.

Ciao
Joerg
--
Joerg Mayer <jmayer [at] loplof>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

Attachments:

config-tunnel-move.diff (0.56 KB)

tom5760 at gmail

Dec 21, 2008, 1:53 PM

Post #5 of 6 (1466 views)
Permalink

Re: Problem with 0.5.3 [In reply to]

>> > Please apply the attached
>> > patch to r327 and let me know if it makes any difference.

The patch does seem to allow me to connect to the VPN, but I think the
vpnc-script is not setting routes correctly or something, because
after a few moments, vpnc exits with the error:

vpnc: can't send packet: Network is unreachable

Will the logs have any sort of identifing information in them? If
not, I'll attach them, if so, I could send them to you privately or
something.

-Tom

2008/12/21 Joerg Mayer <jmvpnc [at] loplof>:
> On Sun, Dec 21, 2008 at 01:33:33PM -0500, Tom Wambold wrote:
>> > Please apply the attached
>> > patch to r327 and let me know if it makes any difference.
>>
>> I think you may have forgotten to attach the patch? I do not see it
>> on my mail client, or in the archive.
>
> Sigh, you are right of course :-/
> I hope it's better this time.
>
> Ciao
> Joerg
> --
> Joerg Mayer <jmayer [at] loplof>
> We are stuck with technology when what we really want is just stuff that
> works. Some say that should read Microsoft instead of technology.
>
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel [at] unix-ag
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/
>
>
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

jmvpnc at loplof

Dec 21, 2008, 2:45 PM

Post #6 of 6 (1466 views)
Permalink

Re: Problem with 0.5.3 [In reply to]

On Sun, Dec 21, 2008 at 04:53:35PM -0500, Tom Wambold wrote:
> >> > Please apply the attached
> >> > patch to r327 and let me know if it makes any difference.
>
> The patch does seem to allow me to connect to the VPN, but I think the
> vpnc-script is not setting routes correctly or something, because
> after a few moments, vpnc exits with the error:
>
> vpnc: can't send packet: Network is unreachable
>
> Will the logs have any sort of identifing information in them? If
> not, I'll attach them, if so, I could send them to you privately or
> something.

They will contain the ip address and other information of the concentrator,
the only suppressed information will be the xauth authentication information
(username, password). If you want to keep that private, please send the
information to vpnc [at] unix-ag, which will reach only Maurice and me.

Ciao
Joerg
--
Joerg Mayer <jmayer [at] loplof>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads