[Bug 445153] New: vpnc cannot connect
https://bugzilla.novell.com/show_bug.cgi?id=445153 Summary: vpnc cannot connect Product: openSUSE 11.1 Version: Beta 5 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: nice@titanic.nyme.hu QAContact: qa@suse.de Found By: Other vpnc (not trough knetworkmanager as in https://bugzilla.novell.com/show_bug.cgi?id=439742) doesn't seem to work. I easily used it with success in openSUSE 10.3 (but in that opensuse version knetworkmanager alwys crashed when i tried to connect with it as a vpnc frontend). Now even the plain commandline vpnc fails this way: milleniumfalcon:~ # vpnc /home/tamas/vpnc.conf vpnc version 0.5.1 S1 init_sockaddr S2 make_socket S3 setup_tunnel using interface tun0 S4 do_phase1 S4.1 create_nonce S4.2 dh setup S4.3 AM packet_1 S4.4 AM_packet2 got ike lifetime attributes: 2147483 seconds IKE SA selected psk+xauth-aes128-sha1 peer is DPD capable (RFC3706) peer is NAT-T capable (draft-02)\n peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads S4.5 AM_packet3 NAT status: NAT-T VID seen, no NAT device detected Rijndael-128 test encryption failed. S4.6 cleanup S5 do_phase2_xauth S5.1 xauth_start S5.2 notice_check payload too short or not padded: len=184, min=28 (ivlen=16) S5.3 type-is-xauth check ---!!!!!!!!! entering phase2_fatal !!!!!!!!!--- vpnc: expected xauth packet; rejected: (ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS)(30) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153
User nice@titanic.nyme.hu added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c1
--- Comment #1 from Tamás Németh
https://bugzilla.novell.com/show_bug.cgi?id=445153
User nice@titanic.nyme.hu added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c2
--- Comment #2 from Tamás Németh
https://bugzilla.novell.com/show_bug.cgi?id=445153
Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=445153
User lmuelle@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c3
Lars Müller
https://bugzilla.novell.com/show_bug.cgi?id=445153
Lars Müller
https://bugzilla.novell.com/show_bug.cgi?id=445153
User deckel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c4
Christian Deckelmann
https://bugzilla.novell.com/show_bug.cgi?id=445153
User nice@titanic.nyme.hu added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c5
--- Comment #5 from Tamás Németh
https://bugzilla.novell.com/show_bug.cgi?id=445153
User nice@titanic.nyme.hu added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c6
--- Comment #6 from Tamás Németh
https://bugzilla.novell.com/show_bug.cgi?id=445153
User lmuelle@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c7
Lars Müller
https://bugzilla.novell.com/show_bug.cgi?id=445153
User nice@titanic.nyme.hu added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c8
--- Comment #8 from Tamás Németh
https://bugzilla.novell.com/show_bug.cgi?id=445153
User nice@titanic.nyme.hu added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c9
Tamás Németh
https://bugzilla.novell.com/show_bug.cgi?id=445153
User seife@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c10
--- Comment #10 from Stefan Seyfried
https://bugzilla.novell.com/show_bug.cgi?id=445153
User nice@titanic.nyme.hu added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c11
--- Comment #11 from Tamás Németh
Note that I upgraded vpnc in FACTORY to the latest version of the "nortel" SVN branch, so be careful when upgrading and keep the old package around, since I might have broken something.
No, please, don't break it! I've found a working component of openSUSE at last, and you want replace it? But - to speak seriously - how does the factory affect the stable version? (Now openSUSE 11.1.) I thought, that the FACTORY is the repository which eventually becomes the next version. Anyway, in spite of the fact that I mass-produce the bugreports, only a few fixes find their way to the version I made the report for. Status is changed to fixed, but I usually don't benefit from it. OK, I enough of complaining. Finally I accepted that the whole openSUSE thing is just a testbed for SLES/SLED and Novell endorsed upstream development. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153
User seife@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c12
--- Comment #12 from Stefan Seyfried
No, please, don't break it! I've found a working component of openSUSE at last, and you want replace it?
This is why I warned you that you should keep the rpm of your now working package around ;-) And it really seems to be a heisenbug - the package in 11.1 was last changed January 17. _2008_, so there is no real reason for it suddenly working in 11.1 final, after it not working in the betas. It was probably recompiled, and maybe fixes in libgcrypt, which is used by vpnc, got in, but it still seems unlikely.
But - to speak seriously - how does the factory affect the stable version?
It does not at all, unless I would submit the new version for a 11.1 online update. I will not do this, because I assume that it will break more stuff than it might fix (the FACTORY version is from an experimental SVN branch, after all) and because I do not know enough about vpnc to judge if that would be a safe thing to do. You can of course try the newer version from my buildservice repo home:seife:Factory/vpnc, it is also built for 11.1 there.
(Now openSUSE 11.1.) I thought, that the FACTORY is the repository which eventually becomes the next version. Anyway, in spite of the fact that I mass-produce the bugreports, only a few fixes find their way to the version I made the report for. Status is changed to fixed, but I usually don't benefit from it. OK, I enough of complaining. Finally I accepted that the whole openSUSE thing is just a testbed for SLES/SLED and Novell endorsed upstream development.
To go a little bit off-topic here :-) vpnc is actually special, because it is reverse-engineered software that works with the partially proprietary protocol extensions that Cisco and other vendors use. Even on the upstream mailing list, success reports are mixed with "it does not work at all" and often, all one can do is to try fixing it and submitting a patch. I for myself know nothing about vpnc - and I do not even use it. I just saved the package from being dropped from the distribution, because I had added Support for nortel gateways, which some of my colleagues need, and I did not want that work to vanish into the void. So voila - I was the new package maintainer :-) I hope this explains the situation a bit. If you are really interested in using vpnc, it would probably be a good idea to work together with the vpnc developers on the upstream code base, which will then automatically result in a better package for openSUSE (and every other distro out there, which is the real benefit). Thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=445153
User nice@titanic.nyme.hu added comment
https://bugzilla.novell.com/show_bug.cgi?id=445153#c13
--- Comment #13 from Tamás Németh
(In reply to comment #11)
I hope this explains the situation a bit. If you are really interested in using vpnc, it would probably be a good idea to work together with the vpnc developers on the upstream code base, which will then automatically result in a better package for openSUSE (and every other distro out there, which is the real benefit).
Since I am just a simple minded sysadmin and not a programmer, all I can do is testing and sending reports, which I already do. My problem is that making a bugreport often only has a positive effect only on the factory / next version (or in the even more distant future), while every openSUSE version introduces serious bugs to be fixed in this manner. Despite this I still appreciate your efforts and continue to use it - for free. Thanks, and have a nice day! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com