Re: pcf2vpnc-patches

On 02/07/2007, at 14.25, wolfram@... wrote:

>> I believe the issue was unintentional: Namely that I forgot to
>> respond. I'll look at your patches shortly; until then, thanks for
>> the reminding me ;)
> Thanks. :) But this still leaves the question, why those mails are  
> not in
> the mailing-list-archive (like some other mails I only have in my
> mailbox). Is/was there something broken?

If the mails appear on the web archive, but you never received them  
yourself, the issue is quite likely one with a default setting: By  
default, the vpnc mailer does not forward mails sent *by* yourself  
*to* yourself. Personally, I find this quite annoying as it leads to  
'holes' in the folder list view in my mailer.

If people keep running into this, it might be worth it to consider  
changing the default for new users.

--

Dan Villiom Podlaski Christiansen
stud.scient., danchr@...

On 02/07/2007, at 14.25, wolfram@... wrote:

>> I believe the issue was unintentional: Namely that I forgot to

Re: pcf2vpnc-patches

> If the mails appear on the web archive, but you never received them
> yourself, the issue is quite likely one with a default setting:
Sorry, it is the other way around. :)

I got my own mail (changed the settings before) through the list, but
they are not in the web-archieve. Although they used to be there right
after I sent the mail. I checked this.

Likewise with the original mail of the topic "vpnc 0.4.0 disconnects".
I only see your reply in the web-archieve, although the original mail
is in my mailbox.

Cheers,

   Wolfram

[patch] Fix the route-del-default call

#include <hallo.h>

As seen in the patch below, there is an invalid argument to the route
command. Please apply.

Eduard.

Index: vpnc-script
===================================================================
--- vpnc-script (Revision 179)
+++ vpnc-script (Arbeitskopie)
 <at>  <at>  -185,7 +185,7  <at>  <at> 
        set_default_route() {
                DEFAULTGW="`get_default_gw`"
                echo "$DEFAULTGW" > "$DEFAULT_ROUTE_FILE"
-               route $route_syntax_del default "$DEFAULTGW"
+               route $route_syntax_del default
                route add default $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
        }

vpnc-nortel

Hi all,

I have try the vnpc-nortel branch to see if i can connect to my office,
but as other users i got this error

./vpnc: response was invalid [1]: INVALID_EXCHANGE_TYPE

i look the src code and the problem seem to be here:

if (reject == 0 && r->exchange_type != ISAKMP_EXCHANGE_AGGRESSIVE)

the exchange_type i received is in fact ISAKMP_EXCHANGE_INFORMATIONAL

With the apani client which work here is what i get by tcpdumping my
network interface:

	ME				DEST

1. phase 1 I agg      ---->
                      <----     2.phase 1 R inf
3. phase 1 I agg      ---->
                      <----     4. phase 1 R inf
5. phase 1 I agg      ---->
                      <----     6. phase 1 R agg
[...]

So i think there is really a ISAKMP_EXCHANGE_INFORMATIONAL receive
first. 

Hum. ok i dont know if this can help someone but ...

Patch: update comment about setting port to 500

it's not just a pix pecularity....
-- 
Joerg Mayer                                           <jmayer@...>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

it's not just a pix pecularity....
--

-- 
Joerg Mayer                                           <jmayer@...>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

vpnc disconnects immediately

Hi!

When I try to connect, it looks like everything works fine, but the
server disconnects right after the connection is brought up.

My version, running on Ubuntu gutsy AMD64:

martin <at> garrett:~$ vpnc --version
vpnc version 0.4.0-179M
Copyright (C) 2002-2006 Geoffrey Keating, Maurice Massar, others
vpnc comes with NO WARRANTY, to the extent permitted by law.
You may redistribute copies of vpnc under the terms of the GNU General
Public License.  For more information about these matters, see the files
named COPYING.

Supported DH-Groups: nopfs dh1 dh2 dh5
Supported Hash-Methods: md5 sha1
Supported Encryptions: null des 3des aes128 aes192 aes256
Supported Auth-Methods: psk psk+xauth

Attached is the output with --no-detach and --debug 3. Looks like the
server disconnects safely, but there is no information about the cause.

Ciao

Martin

hex_test: 00010203
vpnc version 0.4.0-179M

Bug in "isakmp payload type enum" definition

Hello everyone,

We upgraded our Cisco 3845 IOS VPN Server from 12.4.11T2 to 12.4.15.
Since then the vpnc client version 0.4.0 does not work anymore.
We have the following error :

	rejecting invalid payload type 20
	/usr/local/sbin/vpnc: response was invalid [2]:
	(ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)

in the ISAKMP phase 1 negociation.

IOS 12.4.15 is trying to negociate NAT-D payload type number 0x14 (20).

I looked at the code and saw that the "payload type" definition in the
isakmp.h file is not correct. It misses the payload type defined in the
RFC 3547. The consequence is that the value of ISAKMP_PAYLOAD_NAT_D
is not correct. It is 15 instead of 20.

Following is the complete list of payload type.

Value	Description		References
0	None.			RFC 2408
1	Security Association.	RFC 2408
2 	Proposal. 		RFC 2408
3 	Transform. 		RFC 2408
4 	Key Exchange. 		RFC 2408
5 	Identification. 	RFC 2408
6 	Certificate. 		RFC 2408
7 	Certificate Request. 	RFC 2408

[Patch] Bug in "isakmp payload type enum" definition

On Thu, Jul 12, 2007 at 05:56:19PM +0200, laurence MOINDROT wrote:
> IOS 12.4.15 is trying to negociate NAT-D payload type number 0x14 (20).

So which value do the older versions use? I don't want to break older
versions of the IOS. Nevertheless, I've created a small patch based on
your mail, please test.

thanks
    Joerg
-- 
Joerg Mayer                                           <jmayer@...>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

On Thu, Jul 12, 2007 at 05:56:19PM +0200, laurence MOINDROT wrote:
> IOS 12.4.15 is trying to negociate NAT-D payload type number 0x14 (20).

So which value do the older versions use? I don't want to break older
versions of the IOS. Nevertheless, I've created a small patch based on
your mail, please test.

thanks
    Joerg
--

-- 
Joerg Mayer                                           <jmayer@...>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

Re: [Patch] Bug in "isakmp payload type enum" definition

Joerg Mayer wrote:
> On Thu, Jul 12, 2007 at 05:56:19PM +0200, laurence MOINDROT wrote:
>> IOS 12.4.15 is trying to negociate NAT-D payload type number 0x14 (20).
> 
> So which value do the older versions use?

The value of the older version is 130 (0x82)
It is already defined as ISAKMP_PAYLOAD_NAT_D_OLD
in the isakmp.h file :

  ISAKMP_PAYLOAD_NAT_D_OLD = 0x82

> I don't want to break older
> versions of the IOS. Nevertheless, I've created a small patch based on
> your mail, please test.

The patch works fine.

Thank you.

Laurence
> 
> thanks
>     Joerg
> 
> 
> ------------------------------------------------------------------------
> 
> Created after infos in a text mail from

vpnc 0.4.0 - cygwin - adress alreay in use

Hello,

I use vpnc 0.4.0 with cygwin under XP SP2, tap-adapter is from OpenVPN
2.0.9, after answering these questions:
Enter IPSec gateway address
Enter IPSec ID for
Enter IPSec secret for
Enter username for
Enter password for

I got only this
binding to 0.0.0.0:62465: Address already in use

Problem: the port is not used (netstat -ano didn't show this port as
listening)

greetings
Carsten