Description of problem -- 1 -- Router AVM FritzBox 4790 setup as (CISCO) VPN server. Trying to connect to 7490 from Mageia5 box, vpnc 0.5.3-11. FritzBox VPN reachable from Raspbarry with Raspbian, as well as from SuSE Leap 42.2 64bit, but connection from MGA5 leads to error: "vpnc: response was invalid [2]: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)". This is reproducable. Tried to build vpnc binary based on vpnc source from MGA6, vpnc 0.5.3-13, leads to same error. ==> So, Mageia6 is also affected. Version-Release number of selected component (if applicable): vpnc 0.5.3-11 / vpnc 0.5.3-13 How reproducible: Always Steps to Reproduce: 1. Set up VPN server on FritzBox side 2. create config file for VPN and store it in /etc/vpnc/fritzbox.conf 3. start vpnc client on MGA5 or MGA6 box: cd /etc/vpnc ; vpnc fritzbox.conf Description of problem -- 2 -- Connection to original CISCO Concentrator 3000 VPN server drops connection randomly, latest after approximately 8 hours. VPN connection to same CISCO VPN server is not dropped when using vpnc binary based on source from SuSE Leap 42.2 64bit. See source and binary in https://www.dipl-ing-kessler.de/developer/test/linux-src/mageia5/vpnc/ Version-Release number of selected component (if applicable): vpnc 0.5.3-11 / vpnc 0.5.3-13 How reproducible: Always Steps to Reproduce: 1. create config file for VPN and store it in /etc/vpnc/default.conf 2. start vpnc client on MGA5 or MGA6 box: vpnc 3. use connection until it is dropped
Summary: AVM Fritzbox 7490 as VPN server: no connection possible ; CISCO 3000: connection drops randomly => VPNC -- AVM Fritzbox 7490 as VPN server: no connection possible ; CISCO 3000: connection drops randomly
You did also try vpnc-0.5.3-13.mga6 from our repositories on a Mageia 6 box, right? Assigning to all packagers collectively, since there is no registered maintainer for this package. CC'ing a possible Fritz!Box user.
CC: (none) => alfred.kretschmer, marja11Source RPM: vpnc-0.5.3-11.mga5.src.rpm => vpnc-0.5.3-11.mga5, vpnc-0.5.3-13.mga6Assignee: bugsquad => pkg-bugsVersion: 5 => 6Whiteboard: (none) => MGA5TOO
No, not on MGA6. Well, I don't understand every detail in SuSE's patches, but what they released obviously works perfectly. So, if it was my decision, I'd simply take their source and make an own Mageia 5/6 package out of it. As I did for own use, see files on server, "URL".
Additional remark regarding problem 2: When vpnc is invoked in debug mode, level 2, it says S7.6 QM_packet2 check and process proposal [2018-02-08 09:19:37] got ipsec lifetime attributes: 2147483 seconds IPSEC SA selected 3des-sha1 got ipsec lifetime attributes: 28800 seconds got ipsec lifetime attributes: 4608000 kilobyte NAT-T mode, adding non-esp marker 28800 seconds refers to 8 hours as reported. But, the same entry is also found in the SuSE trace, and there is no such "auto termination". So, I suspect that they implemented some kind of "auto prolongation".
Mga5 is EOL, so ignore that... The SuSE patch basically restarts the connection when it times out ... (and is commented in spec as "worst hack ever" ... :) )
Source RPM: vpnc-0.5.3-11.mga5, vpnc-0.5.3-13.mga6 => vpnc-0.5.3-13.mga6CC: (none) => tmbWhiteboard: MGA5TOO => (none)
Hi Thomas, yes, the patch for restarting is called "ugly" by SuSE themselves. Full ack :) But, in addition this patch and several others add modifications needed for correctly interworking with AVM FritzBox routers. So, the malfunction when interacting with FritzBoxes is not a surprise, as long as these patches are missing. Thanks, best regards, Markus
==> Marja: Just tested on native MGA6/64 with same error: "vpnc: response was invalid [2]: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)" Any update on this?
(In reply to Markus Robert Keßler from comment #6) > ==> Marja: > > Just tested on native MGA6/64 with same error: > "vpnc: response was invalid [2]: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)" > > Any update on this? this means the concentrator did not like what we had to offer. so a configuration mismatch of some sorts...
> this means the concentrator did not like what we had to offer. > so a configuration mismatch of some sorts... Meanwhile I tested with a package based on SuSE's sources and can confirm this also works for MGA6/64
Hi all, any update so far? In the source repo there's still only the "official" one, ftp://distrib-coffee.ipsl.jussieu.fr/pub/linux/Mageia/distrib/6/SRPMS/core/release/vpnc-0.5.3-13.mga6.src.rpm none in update, or update testing. So, mga6's vpnc still doesn't interwork with AVM routers (but one day we should switch from mga5 to mga6, since maintenance period seems over). Thanks!
Hi there, in the meantime I took the source rpm from mga5 and created a version for mga6. This is -- again -- based on SuSE Linux and was tested with - Cisco 3000 concentrator - AVM Fritzbox 7490 The software package is herewith confirmed as WORKING. You find the source rpm, 32-bit binary rpm, Releasenote here: https://www.dipl-ing-kessler.de/developer/test/linux-src/mageia6/vpnc/ I can highly recommend to put this in the repo, since the current one drops connection to Cisco randomly, and doe NOT work at all with AVM. If the naming convention / numbering scheme needs to be adjusted, feel free to do so. Best regards, Markus
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Sorry, selected "fixed", but that's not -- yet -- true
Status: RESOLVED => REOPENEDResolution: FIXED => (none)
(In reply to Markus Robert Keßler from comment #10) > Hi there, > > in the meantime I took the source rpm from mga5 and created a version for > mga6. > > This is -- again -- based on SuSE Linux and was tested with > > - Cisco 3000 concentrator > > - AVM Fritzbox 7490 > > The software package is herewith confirmed as WORKING. > > You find the source rpm, 32-bit binary rpm, Releasenote here: > > https://www.dipl-ing-kessler.de/developer/test/linux-src/mageia6/vpnc/ > > I can highly recommend to put this in the repo, since the current one drops > connection to Cisco randomly, and doe NOT work at all with AVM. > > If the naming convention / numbering scheme needs to be adjusted, feel free > to do so. > > Best regards, > > Markus Thanks, Markus :-) Afaics, only 4 of our packagers have touched vpnc since Mageia was born, and only one of them (I'll CC him) still has time for packaging. His ToDo list might be too long to look into this, though :-/ @ guillomovitch Can you squeeze this into your soon-to-do list? @ Markus Did you ever consider becoming a Mageia packager? https://wiki.mageia.org/en/Becoming_a_Mageia_Packager As Mageia packager, you could maintain maintain vpnc yourself ;-)
CC: (none) => guillomovitch
Version: 6 => CauldronWhiteboard: (none) => MGA6TOO
Hi, I saw a new commit in the mailing list, and now the new version is available for mga7-alpha. I have it on my box: [root@Cauldron7 ~]# rpm -qa | grep vpnc vpnc-0.5.3-14.mga7 But...: [root@Cauldron7 ~]# vpnc /etc/vpnc/fritz vpnc: response was invalid [2]: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1) [root@Cauldron7 ~]# They same as before, be it rev.13 or rev.14. Please, tell me why we cannot just take SuSE's working version? It's great work they did, though they did not only add a patch, but instead they modified several source files directly. Actually, this is bad style, but obviously there's so much messed up in the original source, that simply "patching" seems not to be sufficient. I think, we are, nevertheless, allowed to use SuSE's solution, aren't we? Best regards, Markus
As Marja said, you'll welcome to volonteer and become maintainer of this package, apply the patch, and assume any potential consequences for other users. That's more likely to result in a positive result than just complaining no one else want to do it for you.
I've been having problems on Cauldron based machines getting vpnc over nw-manager to work (using Plasma) - although all settings are correct - no errors, just fails to connect (timeout) - Also connecting to a FritzBox (7490 & 7590) Under Linux Mint works just fine with exact same settings
CC: (none) => rfox
*** Bug 31610 has been marked as a duplicate of this bug. ***
Just to add: In latest Ubuntu Linux this also works out of the box. Right, just close the bugreport. Nobody needs this.
Status: REOPENED => RESOLVEDResolution: (none) => FIXED