[Bug 445153] New: vpnc cannot connect
https://bugzilla.novell.com/show_bug.cgi?id=445153 Summary: vpnc cannot connect Product: openSUSE 11.1 Version: Beta 5 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: nice@titanic.nyme.hu QAContact: qa@suse.de Found By: Other vpnc (not trough knetworkmanager as in https://bugzilla.novell.com/show_bug.cgi?id=439742) doesn't seem to work. I easily used it with success in openSUSE 10.3 (but in that opensuse version knetworkmanager alwys crashed when i tried to connect with it as a vpnc frontend). Now even the plain commandline vpnc fails this way: milleniumfalcon:~ # vpnc /home/tamas/vpnc.conf vpnc version 0.5.1 S1 init_sockaddr S2 make_socket S3 setup_tunnel using interface tun0 S4 do_phase1 S4.1 create_nonce S4.2 dh setup S4.3 AM packet_1 S4.4 AM_packet2 got ike lifetime attributes: 2147483 seconds IKE SA selected psk+xauth-aes128-sha1 peer is DPD capable (RFC3706) peer is NAT-T capable (draft-02)\n peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads S4.5 AM_packet3 NAT status: NAT-T VID seen, no NAT device detected Rijndael-128 test encryption failed. S4.6 cleanup S5 do_phase2_xauth S5.1 xauth_start S5.2 notice_check payload too short or not padded: len=184, min=28 (ivlen=16) S5.3 type-is-xauth check ---!!!!!!!!! entering phase2_fatal !!!!!!!!!--- vpnc: expected xauth packet; rejected: (ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS)(30) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User nice@titanic.nyme.hu added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c1 --- Comment #1 from Tamás Németh <nice@titanic.nyme.hu> 2008-11-14 09:10:55 MST --- Isn't it related to this? http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2008-June/002330.html -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User nice@titanic.nyme.hu added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c2 --- Comment #2 from Tamás Németh <nice@titanic.nyme.hu> 2008-11-14 09:12:32 MST --- By the way, I can give you (via private e-mail) the vpnc config file I used. The connection. defined by it, makes nothing possible but to watch our website: http://www.nyme.hu (using our DNS servers of course). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 Andreas Jaeger <aj@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |lmuelle@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User lmuelle@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c3 Lars Müller <lmuelle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |nice@titanic.nyme.hu --- Comment #3 from Lars Müller <lmuelle@novell.com> 2008-11-14 10:26:11 MST --- I no longer have access to the required Cisco (VPN concentrator 3000 Series, IOS routers, PIX / ASA Zecurity Appliances) or Juniper/Netscreen hardware and I'm not sure how to handle this issue. @Deckel: Do we have such a device? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 Lars Müller <lmuelle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Info Provider|nice@titanic.nyme.hu |deckel@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User deckel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c4 Christian Deckelmann <deckel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|deckel@novell.com | --- Comment #4 from Christian Deckelmann <deckel@novell.com> 2008-11-14 11:03:05 MST --- No, we don't have a gateway which requires vpnc as client. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User nice@titanic.nyme.hu added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c5 --- Comment #5 from Tamás Németh <nice@titanic.nyme.hu> 2008-11-16 08:31:25 MST --- Yes, yes, that's what I'm talking about. I've created a test account for you on a Cisco ASA 5520. I'm gonna send the connection details in private e-mail if you want me to do so. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User nice@titanic.nyme.hu added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c6 --- Comment #6 from Tamás Németh <nice@titanic.nyme.hu> 2008-11-16 09:49:05 MST --- BTW, I tested that mentioned test account on an openSUSE 10.3 test system just now, and it works! I don't know what, but something went wrong between 10.3 and 11.1. The vpnc commands on these two openSUSE versions behave differently on the first sight. (Even the man page is different.) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User lmuelle@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c7 Lars Müller <lmuelle@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|lmuelle@novell.com |seife@novell.com --- Comment #7 from Lars Müller <lmuelle@novell.com> 2009-01-08 05:43:59 MST --- Sorry Tamás I had not time to work on this and vpnc has now found a new maintainer. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User nice@titanic.nyme.hu added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c8 --- Comment #8 from Tamás Németh <nice@titanic.nyme.hu> 2009-01-15 01:35:20 MST --- Hooray, this seems to work in the final version (tested on 64 bit). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User nice@titanic.nyme.hu added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c9 Tamás Németh <nice@titanic.nyme.hu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Version|Beta 5 |Final Resolution| |FIXED --- Comment #9 from Tamás Németh <nice@titanic.nyme.hu> 2009-01-15 01:37:09 MST --- It seems to be solved by someone despite being unassigned. Thanks guys! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User seife@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c10 --- Comment #10 from Stefan Seyfried <seife@novell.com> 2009-01-16 04:29:55 MST --- It's actually probably pure luck ;-) Note that I upgraded vpnc in FACTORY to the latest version of the "nortel" SVN branch, so be careful when upgrading and keep the old package around, since I might have broken something. Thanks for testing and reporting. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User nice@titanic.nyme.hu added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c11 --- Comment #11 from Tamás Németh <nice@titanic.nyme.hu> 2009-01-16 10:05:46 MST --- (In reply to comment #10)
Note that I upgraded vpnc in FACTORY to the latest version of the "nortel" SVN branch, so be careful when upgrading and keep the old package around, since I might have broken something.
No, please, don't break it! I've found a working component of openSUSE at last, and you want replace it? But - to speak seriously - how does the factory affect the stable version? (Now openSUSE 11.1.) I thought, that the FACTORY is the repository which eventually becomes the next version. Anyway, in spite of the fact that I mass-produce the bugreports, only a few fixes find their way to the version I made the report for. Status is changed to fixed, but I usually don't benefit from it. OK, I enough of complaining. Finally I accepted that the whole openSUSE thing is just a testbed for SLES/SLED and Novell endorsed upstream development. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User seife@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c12 --- Comment #12 from Stefan Seyfried <seife@novell.com> 2009-01-19 02:17:28 MST --- (In reply to comment #11)
No, please, don't break it! I've found a working component of openSUSE at last, and you want replace it?
This is why I warned you that you should keep the rpm of your now working package around ;-) And it really seems to be a heisenbug - the package in 11.1 was last changed January 17. _2008_, so there is no real reason for it suddenly working in 11.1 final, after it not working in the betas. It was probably recompiled, and maybe fixes in libgcrypt, which is used by vpnc, got in, but it still seems unlikely.
But - to speak seriously - how does the factory affect the stable version?
It does not at all, unless I would submit the new version for a 11.1 online update. I will not do this, because I assume that it will break more stuff than it might fix (the FACTORY version is from an experimental SVN branch, after all) and because I do not know enough about vpnc to judge if that would be a safe thing to do. You can of course try the newer version from my buildservice repo home:seife:Factory/vpnc, it is also built for 11.1 there.
(Now openSUSE 11.1.) I thought, that the FACTORY is the repository which eventually becomes the next version. Anyway, in spite of the fact that I mass-produce the bugreports, only a few fixes find their way to the version I made the report for. Status is changed to fixed, but I usually don't benefit from it. OK, I enough of complaining. Finally I accepted that the whole openSUSE thing is just a testbed for SLES/SLED and Novell endorsed upstream development.
To go a little bit off-topic here :-) vpnc is actually special, because it is reverse-engineered software that works with the partially proprietary protocol extensions that Cisco and other vendors use. Even on the upstream mailing list, success reports are mixed with "it does not work at all" and often, all one can do is to try fixing it and submitting a patch. I for myself know nothing about vpnc - and I do not even use it. I just saved the package from being dropped from the distribution, because I had added Support for nortel gateways, which some of my colleagues need, and I did not want that work to vanish into the void. So voila - I was the new package maintainer :-) I hope this explains the situation a bit. If you are really interested in using vpnc, it would probably be a good idea to work together with the vpnc developers on the upstream code base, which will then automatically result in a better package for openSUSE (and every other distro out there, which is the real benefit). Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153 User nice@titanic.nyme.hu added comment https://bugzilla.novell.com/show_bug.cgi?id=445153#c13 --- Comment #13 from Tamás Németh <nice@titanic.nyme.hu> 2009-01-19 04:29:39 MST --- (In reply to comment #12)
(In reply to comment #11)
I hope this explains the situation a bit. If you are really interested in using vpnc, it would probably be a good idea to work together with the vpnc developers on the upstream code base, which will then automatically result in a better package for openSUSE (and every other distro out there, which is the real benefit).
Since I am just a simple minded sysadmin and not a programmer, all I can do is testing and sending reports, which I already do. My problem is that making a bugreport often only has a positive effect only on the factory / next version (or in the even more distant future), while every openSUSE version introduces serious bugs to be fixed in this manner. Despite this I still appreciate your efforts and continue to use it - for free. Thanks, and have a nice day! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com