gofman.mike at gmail
May 6, 2009, 8:57 AM
Post #9 of 15
(3380 views)
Permalink
|
Antonio
You were right again.
VPNC does take all the DNS info from the VPN connection correctly.
The reason for that not working in my case was due to the fact that I was
using the latest Ubuntu 9.04.
There is, apparently, a problem with vpnc in that version.
I just tried this at work on 8.10 and it is working fine.
Thank you very much for all your help.
Mike.
On Mon, May 4, 2009 at 10:42 PM, Georges-Etienne Legendre <legege [at] legege
> wrote:
> Hi Antonio,
>
> - I tried to port back the patch a little while ago, but with no
> success. I have to give another try. Of course, any help is welcome.
> - I've not been able to confirm support of AH in Darwin/OS X. Not a
> lot information about that on Google.
> - I'm willing to test your version. If you want, send me your source
> and I'll check if it works on OS X.
>
> Thanks,
> --
> Georges-Etienne Legendre, ing. jr
>
> On 2-May-09, at 12:48 PM, Antonio Borneo wrote:
>
> > Hi Georges-Etienne,
> > I always skipped Mac related threads since neither user nor expert of
> > this platform.
> > Digging in the list I found messages confirming what you say, that
> > current vpnc-nortel cannot work on Mac.
> >
> > Possible options:
> > - port the patch made by Mattias in 2004 for kernel-ipsec, available
> > in
> >
> http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2004-September/000228.html
> > I did'n found any further development since then. Georges-Etienne, I
> > read some later mail from you. Do you confirm this is a viable option?
> > Anyone wants work on it?
> >
> > - port in vpnc the protocol AH, that is one alternative protocol to
> > ESP. Will MAC support AH? If also AH requires kernel-ipsec, no way.
> >
> > - I have an "almost" working version of vpnc-nortel with NATT through
> > UDP encapsulation. I should find time to finalize it in a working
> > patch. This mode does not requires ESP or AH.
> > There are already other patches pending for commit in SVN, and some
> > are quite invasive; I was waiting to have them committed before
> > posting a new one.
> >
> > If you are aware of ony other option, let us know.
> >
> > Best Regards,
> > Antonio Borneo
> >
> > On Sat, May 2, 2009 at 9:12 PM, Georges-Etienne Legendre
> > <legege [at] legege> wrote:
> >> Is it for Ubuntu or Mac? Because, to my knowledge, VPNC + Nortel is
> >> not working on Mac, because this platform doesn't support ESP socket.
> >>
> >> --
> >> Georges-Etienne Legendre, Jr Eng.
> >>
> >> On 1-May-09, at 11:38 PM, Antonio Borneo wrote:
> >>
> >>> Ciao Mike,
> >>>
> >>> seems your system does not have the development version of the
> >>> library
> >>> libgcrypt.
> >>> In Fedora is the RPM package libgcrypt-devel-...
> >>> In fact, is missing the shell command "libgcrypt-config", usually in
> >>> /usr/bin/libgcrypt-config, and the include file "gcrypt.h",
> >>> usually in
> >>> /usr/include/gcrypt.h.
> >>> Please install them, and try again.
> >>>
> >>> Best Regards,
> >>> Antonio Borneo
> >>>
> >>>
> >>> On Sat, May 2, 2009 at 3:31 AM, Michael Gofman
> >>> <gofman.mike [at] gmail> wrote:
> >>>> Antonio
> >>>> I am running Ubuntu 9.04
> >>>> Trying to compile the nortel branch.
> >>>> After I checkout out the latest from svn and applied the patch from
> >>>> the
> >>>> e-mail you mentioned
> >>>> ,(
> http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-January/002959.html
> >>>> )
> >>>>
> >>>> I'm getting the following error:
> >>>> make: libgcrypt-config: Command not found
> >>>> gcc -O3 -g -W -Wall -Wmissing-declarations -Wwrite-strings
> >>>> -DVERSION=\"0.5.2-394M\" -c -o isakmp-pkt.o isakmp-pkt.c
> >>>> In file included from isakmp-pkt.c:31:
> >>>> math_group.h:38:20: error: gcrypt.h: No such file or directory
> >>>> In file included from isakmp-pkt.c:31:
> >>>> math_group.h:62: error: expected specifier-qualifier-list before
> >>>> ‘gcry_mpi_t’
> >>>> In file included from vpnc.h:24,
> >>>> from isakmp-pkt.c:32:
> >>>> tunip.h:43: error: expected specifier-qualifier-list before
> >>>> ‘gcry_cipher_hd_t’
> >>>> make: *** [isakmp-pkt.o] Error 1
> >>>>
> >>>>
> >>>> On Fri, May 1, 2009 at 1:11 PM, Antonio Borneo <
> borneo.antonio [at] gmail
> >>>>>
> >>>> wrote:
> >>>>>
> >>>>> Ciao Phil,
> >>>>> I'm putting in copy vpnc-devel list. This reply could help
> >>>>> somebody else
> >>>>> too.
> >>>>>
> >>>>> You are right, before configuring split tunnel you need vpnc-
> >>>>> nortel
> >>>>> working.
> >>>>>
> >>>>> I believe the main issue you have is that you are NOT using the
> >>>>> right
> >>>>> code.
> >>>>> The code specific for Nortel is still not merged in the main
> >>>>> branch of
> >>>>> vpnc.
> >>>>> So, don't use the official version 0.5.3, but download from SVN
> >>>>> the
> >>>>> code in the Nortel branch
> >>>>> http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel/
> >>>>>
> >>>>> Before compiling it, it's important you apply the patch in this
> >>>>> mail
> >>>>>
> >>>>>
> http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-January/002959.html
> >>>>> that gives access to all the authentication modes supported by
> >>>>> Nortel.
> >>>>>
> >>>>> There are other patches not yet included in the Nortel branch,
> >>>>> listed
> >>>>> in this mail
> >>>>>
> http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-March/003010.html
> >>>>> but are not mandatory for your first steps. Skip them for the
> >>>>> moment.
> >>>>>
> >>>>> Compile the code.
> >>>>> In your mail I noticed you added openssl support. Nortel does not
> >>>>> need it.
> >>>>>
> >>>>> In the config file you didn't put the mandatory line
> >>>>> Vendor nortel
> >>>>> and you also need to provide information about the authentication
> >>>>> mode
> >>>>> required by your Nortel server. This options is also in the
> >>>>> configuration of your official Nortel client.
> >>>>> I guess in your case should be "Response Only Token" or "Group
> >>>>> Password Authentication".
> >>>>> The proper line in the config file will then be
> >>>>> IKE Authmode token
> >>>>> or
> >>>>> IKE Authmode gpassword
> >>>>>
> >>>>> Let me know the result, and don't hesitate contacting me if any
> >>>>> further
> >>>>> problem.
> >>>>>
> >>>>> Best Regards,
> >>>>> Antonio Borneo
> >>>>>
> >>>>> On Fri, May 1, 2009 at 10:08 AM, phil swenson <
> phil.swenson [at] gmail
> >>>>>>
> >>>>> wrote:
> >>>>>> Hi. Your name keeps popping up on google searches on "nortel
> >>>>>> VPNC".
> >>>>>> I hope you don't mind me asking for some help.
> >>>>>>
> >>>>>> I first came across this:
> >>>>>>
> >>>>>>
> http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-February/002990.html
> >>>>>>
> >>>>>> Split tunneling is my goal. But first I need to get VPNC working
> >>>>>> with
> >>>>>> Nortel. I haven't had much luck.
> >>>>>>
> >>>>>> Here is what I get on version:
> >>>>>> zeppelin:bin pswenson$ vpnc --version
> >>>>>> vpnc version 0.5.3
> >>>>>> Copyright (C) 2002-2006 Geoffrey Keating, Maurice Massar, others
> >>>>>> vpnc comes with NO WARRANTY, to the extent permitted by law.
> >>>>>> You may redistribute copies of vpnc under the terms of the GNU
> >>>>>> General
> >>>>>> Public License. For more information about these matters, see
> >>>>>> the files
> >>>>>> named COPYING.
> >>>>>> Built with openssl (certificate) support. Be aware of the
> >>>>>> license implications.
> >>>>>>
> >>>>>> Supported DH-Groups: nopfs dh1 dh2 dh5
> >>>>>> Supported Hash-Methods: md5 sha1
> >>>>>> Supported Encryptions: null des 3des aes128 aes192 aes256
> >>>>>> Supported Auth-Methods: psk psk+xauth hybrid(rsa)
> >>>>>>
> >>>>>> Here is what I get when I run it:
> >>>>>> zeppelin:bin pswenson$ sudo vpnc --local-port 0
> >>>>>> response was invalid [1]: (ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)
> >>>>>>
> >>>>>> my config looks something like:
> >>>>>>
> >>>>>> IPSec gateway mygatewaygoeshere
> >>>>>> IPSec ID mynortelgroupidgoeshere
> >>>>>> IPSec secret grouppwgoeshere
> >>>>>> IKE Authmode
> >>>>>> Xauth username ame\pswenson
> >>>>>> Xauth password mypassword
> >>>>>>
> >>>>>> I assume the problem is specifying Nortel auth somewhere, but I'm
> >>>>>> not
> >>>>>> sure how to do it. I do notice that IKE isn't in the supported
> >>>>>> authmodes. is that the issue?
> >>>>>>
> >>>>>> thanks for any thoughts.
> >>>>>> phil
> >>>>>>
> >>>>> _______________________________________________
> >>>>> vpnc-devel mailing list
> >>>>> vpnc-devel [at] unix-ag
> >>>>> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> >>>>> http://www.unix-ag.uni-kl.de/~massar/vpnc/<http://www.unix-ag.uni-kl.de/%7Emassar/vpnc/>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> vpnc-devel mailing list
> >>>> vpnc-devel [at] unix-ag
> >>>> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> >>>> http://www.unix-ag.uni-kl.de/~massar/vpnc/<http://www.unix-ag.uni-kl.de/%7Emassar/vpnc/>
> >>>>
> >>>>
> >>>
> >>> _______________________________________________
> >>> vpnc-devel mailing list
> >>> vpnc-devel [at] unix-ag
> >>> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> >>> http://www.unix-ag.uni-kl.de/~massar/vpnc/<http://www.unix-ag.uni-kl.de/%7Emassar/vpnc/>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> vpnc-devel mailing list
> >> vpnc-devel [at] unix-ag
> >> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> >> http://www.unix-ag.uni-kl.de/~massar/vpnc/<http://www.unix-ag.uni-kl.de/%7Emassar/vpnc/>
> >>
>
>
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel [at] unix-ag
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/<http://www.unix-ag.uni-kl.de/%7Emassar/vpnc/>
>
|
