| Summary: | VPNC -- AVM Fritzbox 7490 as VPN server: no connection possible ; CISCO 3000: connection drops randomly | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Markus Robert Keßler <mandrake> |
| Component: | RPM Packages | Assignee: | All Packagers <pkg-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | alfred.kretschmer, guillomovitch, marja11, rfox, tmb |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.dipl-ing-kessler.de/developer/test/linux-src/mageia5/vpnc/ | ||
| Whiteboard: | MGA6TOO | ||
| Source RPM: | vpnc-0.5.3-13.mga6 | CVE: | |
| Status comment: | |||
|
Description
Markus Robert Keßler
2018-02-05 22:58:36 CET
Markus Robert Keßler
2018-02-05 23:00:56 CET
Summary:
AVM Fritzbox 7490 as VPN server: no connection possible ; CISCO 3000: connection drops randomly =>
VPNC -- AVM Fritzbox 7490 as VPN server: no connection possible ; CISCO 3000: connection drops randomly You did also try vpnc-0.5.3-13.mga6 from our repositories on a Mageia 6 box, right? Assigning to all packagers collectively, since there is no registered maintainer for this package. CC'ing a possible Fritz!Box user. CC:
(none) =>
alfred.kretschmer, marja11 No, not on MGA6. Well, I don't understand every detail in SuSE's patches, but what they released obviously works perfectly. So, if it was my decision, I'd simply take their source and make an own Mageia 5/6 package out of it. As I did for own use, see files on server, "URL". Additional remark regarding problem 2: When vpnc is invoked in debug mode, level 2, it says S7.6 QM_packet2 check and process proposal [2018-02-08 09:19:37] got ipsec lifetime attributes: 2147483 seconds IPSEC SA selected 3des-sha1 got ipsec lifetime attributes: 28800 seconds got ipsec lifetime attributes: 4608000 kilobyte NAT-T mode, adding non-esp marker 28800 seconds refers to 8 hours as reported. But, the same entry is also found in the SuSE trace, and there is no such "auto termination". So, I suspect that they implemented some kind of "auto prolongation". Mga5 is EOL, so ignore that... The SuSE patch basically restarts the connection when it times out ... (and is commented in spec as "worst hack ever" ... :) ) Source RPM:
vpnc-0.5.3-11.mga5, vpnc-0.5.3-13.mga6 =>
vpnc-0.5.3-13.mga6 Hi Thomas, yes, the patch for restarting is called "ugly" by SuSE themselves. Full ack :) But, in addition this patch and several others add modifications needed for correctly interworking with AVM FritzBox routers. So, the malfunction when interacting with FritzBoxes is not a surprise, as long as these patches are missing. Thanks, best regards, Markus ==> Marja: Just tested on native MGA6/64 with same error: "vpnc: response was invalid [2]: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)" Any update on this? (In reply to Markus Robert Keßler from comment #6) > ==> Marja: > > Just tested on native MGA6/64 with same error: > "vpnc: response was invalid [2]: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)" > > Any update on this? this means the concentrator did not like what we had to offer. so a configuration mismatch of some sorts... > this means the concentrator did not like what we had to offer.
> so a configuration mismatch of some sorts...
Meanwhile I tested with a package based on SuSE's sources and can confirm this also works for MGA6/64
Hi all, any update so far? In the source repo there's still only the "official" one, ftp://distrib-coffee.ipsl.jussieu.fr/pub/linux/Mageia/distrib/6/SRPMS/core/release/vpnc-0.5.3-13.mga6.src.rpm none in update, or update testing. So, mga6's vpnc still doesn't interwork with AVM routers (but one day we should switch from mga5 to mga6, since maintenance period seems over). Thanks! Hi there,
in the meantime I took the source rpm from mga5 and created a version for mga6.
This is -- again -- based on SuSE Linux and was tested with
- Cisco 3000 concentrator
- AVM Fritzbox 7490
The software package is herewith confirmed as WORKING.
You find the source rpm, 32-bit binary rpm, Releasenote here:
https://www.dipl-ing-kessler.de/developer/test/linux-src/mageia6/vpnc/
I can highly recommend to put this in the repo, since the current one drops connection to Cisco randomly, and doe NOT work at all with AVM.
If the naming convention / numbering scheme needs to be adjusted, feel free to do so.
Best regards,
MarkusResolution:
(none) =>
FIXED Sorry, selected "fixed", but that's not -- yet -- true Status:
RESOLVED =>
REOPENED (In reply to Markus Robert Keßler from comment #10) > Hi there, > > in the meantime I took the source rpm from mga5 and created a version for > mga6. > > This is -- again -- based on SuSE Linux and was tested with > > - Cisco 3000 concentrator > > - AVM Fritzbox 7490 > > The software package is herewith confirmed as WORKING. > > You find the source rpm, 32-bit binary rpm, Releasenote here: > > https://www.dipl-ing-kessler.de/developer/test/linux-src/mageia6/vpnc/ > > I can highly recommend to put this in the repo, since the current one drops > connection to Cisco randomly, and doe NOT work at all with AVM. > > If the naming convention / numbering scheme needs to be adjusted, feel free > to do so. > > Best regards, > > Markus Thanks, Markus :-) Afaics, only 4 of our packagers have touched vpnc since Mageia was born, and only one of them (I'll CC him) still has time for packaging. His ToDo list might be too long to look into this, though :-/ @ guillomovitch Can you squeeze this into your soon-to-do list? @ Markus Did you ever consider becoming a Mageia packager? https://wiki.mageia.org/en/Becoming_a_Mageia_Packager As Mageia packager, you could maintain maintain vpnc yourself ;-) CC:
(none) =>
guillomovitch
Marja Van Waes
2018-08-26 22:15:18 CEST
Version:
6 =>
Cauldron Hi, I saw a new commit in the mailing list, and now the new version is available for mga7-alpha. I have it on my box: [root@Cauldron7 ~]# rpm -qa | grep vpnc vpnc-0.5.3-14.mga7 But...: [root@Cauldron7 ~]# vpnc /etc/vpnc/fritz vpnc: response was invalid [2]: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1) [root@Cauldron7 ~]# They same as before, be it rev.13 or rev.14. Please, tell me why we cannot just take SuSE's working version? It's great work they did, though they did not only add a patch, but instead they modified several source files directly. Actually, this is bad style, but obviously there's so much messed up in the original source, that simply "patching" seems not to be sufficient. I think, we are, nevertheless, allowed to use SuSE's solution, aren't we? Best regards, Markus As Marja said, you'll welcome to volonteer and become maintainer of this package, apply the patch, and assume any potential consequences for other users. That's more likely to result in a positive result than just complaining no one else want to do it for you. I've been having problems on Cauldron based machines getting vpnc over nw-manager to work (using Plasma) - although all settings are correct - no errors, just fails to connect (timeout) - Also connecting to a FritzBox (7490 & 7590) Under Linux Mint works just fine with exact same settings CC:
(none) =>
rfox *** Bug 31610 has been marked as a duplicate of this bug. *** Just to add: In latest Ubuntu Linux this also works out of the box. Right, just close the bugreport. Nobody needs this. Status:
REOPENED =>
RESOLVED |