Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 380399 - net-misc/vpnc-0.5.3: couldn't set up connection to remote server ...
Summary: net-misc/vpnc-0.5.3: couldn't set up connection to remote server ...
Status: RESOLVED OBSOLETE
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: Normal normal with 1 vote (vote)
Assignee: Lori
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-23 17:36 UTC by Eugene
Modified: 2015-09-23 13:05 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
vpnc --debug 99 log (vpnc_debug_99.log,40.00 KB, text/plain)
2011-08-23 17:37 UTC, Eugene
Details
Vpnc tcpdump for wireshark (vpnc_tcp_dump.dump,3.92 KB, text/plain)
2011-08-23 17:42 UTC, Eugene
Details
My kernel config (.config,79.92 KB, text/plain)
2011-08-24 18:01 UTC, Eugene
Details
new vpnc.conf but don't work too :( (vpnc.conf,207 bytes, text/plain)
2011-08-31 19:05 UTC, Eugene
Details
new vpnc debug for new vpnc.conf (vpnc_debug.log,36.00 KB, text/plain)
2011-08-31 19:06 UTC, Eugene
Details
vpnc --debug 3 log (vpnc-debug-3.log,40.00 KB, text/plain)
2011-09-20 19:52 UTC, Eugene
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Eugene 2011-08-23 17:36:02 UTC
Hello.
I have a big problem with vpnc.
--------
My environment:
[b]uname -a: [/b]
Linux dragon 3.0.1-pf #3 SMP PREEMPT Tue Aug 16 01:03:41 MSD 2011 x86_64 Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz GenuineIntel GNU/Linux
Vpnc version:  0.5.3 
-------
when I  run: vpnc, it try connect to remote server, but without success:
----------
vpnc --debug 1

vpnc version 0.5.3
IKE SA selected psk+xauth-3des-md5
NAT status: this end behind NAT? YES -- remote end behind NAT? YES
Enter Username and Password.
---------
My vpnc.conf:
---------
## generated by pcf2vpnc
IPSec ID XXX
IPSec gateway vpn.xxx.net
IPSec secret cisco_vpn_1357

IKE Authmode psk
------------

Q1: What I do wrong ?
Q2: Why vpnc hungs ?

P.S. I attached full debug 99 log and tcpdump.

Reproducible: Always

Steps to Reproduce:
1.run vpnc
2.it hungs 
3.


Expected Results:  
Vpnc must connect very quickly
Comment 1 Eugene 2011-08-23 17:37:38 UTC
Created attachment 284379 [details]
vpnc --debug 99 log

vpnc --debug 99 log
Comment 2 Eugene 2011-08-23 17:42:07 UTC
Created attachment 284381 [details]
Vpnc tcpdump for wireshark

Vpnc tcpdump for wireshark
Comment 3 Eugene 2011-08-23 18:49:57 UTC
grep "TUN" /usr/src/linux/.config
CONFIG_YENTA_ENE_TUNE=y
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_TUN=m
CONFIG_MEDIA_TUNER=m
CONFIG_MEDIA_TUNER_CUSTOMISE=y
CONFIG_MEDIA_TUNER_SIMPLE=m
CONFIG_MEDIA_TUNER_TDA8290=m
CONFIG_MEDIA_TUNER_TDA827X=m
CONFIG_MEDIA_TUNER_TDA18271=m
CONFIG_MEDIA_TUNER_TDA9887=m
CONFIG_MEDIA_TUNER_TEA5761=m
CONFIG_MEDIA_TUNER_TEA5767=m
CONFIG_MEDIA_TUNER_MT20XX=m
CONFIG_MEDIA_TUNER_MT2060=m
CONFIG_MEDIA_TUNER_MT2266=m
CONFIG_MEDIA_TUNER_MT2131=m
CONFIG_MEDIA_TUNER_QT1010=m
CONFIG_MEDIA_TUNER_XC2028=m
CONFIG_MEDIA_TUNER_XC5000=m
CONFIG_MEDIA_TUNER_MXL5005S=m
CONFIG_MEDIA_TUNER_MXL5007T=m
CONFIG_MEDIA_TUNER_MC44S803=m
CONFIG_MEDIA_TUNER_MAX2165=m
CONFIG_MEDIA_TUNER_TDA18218=m
CONFIG_MEDIA_TUNER_TDA18212=m

# dmesg | grep TUN
tun: Universal TUN/TAP device driver, 1.6
Comment 4 Eugene 2011-08-24 18:01:54 UTC
Created attachment 284509 [details]
My kernel config
Comment 5 Eugene 2011-08-24 18:03:13 UTC
Hello
I tried to connect to the server, but to no avail
I checkout last vpnc :
It hungs:
---
vpnc version 0.5.3-464
IKE SA selected psk+xauth-3des-md5
NAT status: this end behind NAT? YES -- remote end behind NAT? YES
Enter Username and Password.

----
iptables don't install at my computer.
I attach my kernel config.
What can it mean?
Comment 6 Lori 2011-08-29 10:15:18 UTC
Have you tried adding your username and password to the config file?

IKE Authmode psk
Xauth username user
Xauth password pass

Should make any difference, but just in case.

Another option would be to try forcing Cisco-UDP NAT traversal mode:
NAT Traversal Mode cisco-udp

The vpnc log you attached is cut in the middle at some point. This is what stays on disc? In that case, you should try running vpnc in the foreground, because the exact point where it crashes is not visible in the log (write buffer is not flushed).
Comment 7 Eugene 2011-08-31 19:05:08 UTC
Created attachment 285173 [details]
new vpnc.conf but don't work too :(
Comment 8 Eugene 2011-08-31 19:06:40 UTC
Created attachment 285175 [details]
new vpnc debug for new vpnc.conf
Comment 9 Eugene 2011-08-31 19:07:32 UTC
I have added 2 files.
I have tried use your recommendations, but without success. :(
Comment 10 Eugene 2011-09-01 17:55:17 UTC
Why vpnc write:
NAT status: no NAT-T VID seen
??
Comment 11 Martin Mokrejš 2011-09-01 18:06:17 UTC
(In reply to comment #10)
> Why vpnc write:
> NAT status: no NAT-T VID seen
> ??

Please ask for help at the vpnc email list. We are subscribed to it. https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
Comment 12 Martin Mokrejš 2011-09-01 18:25:28 UTC
(In reply to comment #10)
> Why vpnc write:
> NAT status: no NAT-T VID seen
> ??

And BTW, I am getting against my remote Cisco same message so I do not think it is a problem for you. Try maybe another cipher (no 3des but a different one)? Ask remote administrator.

   PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
   PARSE_OK
   got ike lifetime attributes: 3600 seconds
   IKE SA selected psk+xauth-3des-sha1
   unknown ISAKMP_PAYLOAD_VID: 12f5f28c 457168a9 702d9fe2 74cc0100
   ignoring that peer is DPD capable (RFC3706)
   unknown ISAKMP_PAYLOAD_VID:
   4048b7d5 6ebce885 25e7de7f 00d6c2d3 c0000000
   unknown ISAKMP_PAYLOAD_VID: 1f07f70e aa6514d3 b0fa9654 2a500100
   dh_shared_secret:
   40e6efc2 f87e8ade 0710f126 fb4c0558 afde0b92 525d2af8 9270f270 e3d28598
   38a2912a 1a4ccae6 831e5a0b f97fd968 14ff6587 13aa1fc2 4ad0a43d 20f7845b
   34bf5803 8faafac9 288ce8ba f416fe86 a536d2c4 9084e65e 638ad045 0ce9190a
   73420a7b beab1eec eaa7fd6e 19e74246 ea0bef25 5bdda3f8 76254d44 7d067182
   (not dumping psk hash)
   skeyid:
   789546fb 818f5c69 d09c1da0 4346f243 603edad5
   expected hash:
   fdb13154 421282d0 4b4df23a 2d3cf5ad 31074800
   received hash:
   fdb13154 421282d0 4b4df23a 2d3cf5ad 31074800
   returned_hash:
   dd2fea76 32e3befc a2a2dd30 24add70c 77bb88d7
   psk_hash:
   b61f1721 6b3292f0 7668b376 ac5781d1 29a7f6a2
   dh_shared_secret:
   40e6efc2 f87e8ade 0710f126 fb4c0558 afde0b92 525d2af8 9270f270 e3d28598
   38a2912a 1a4ccae6 831e5a0b f97fd968 14ff6587 13aa1fc2 4ad0a43d 20f7845b
   34bf5803 8faafac9 288ce8ba f416fe86 a536d2c4 9084e65e 638ad045 0ce9190a
   73420a7b beab1eec eaa7fd6e 19e74246 ea0bef25 5bdda3f8 76254d44 7d067182
   skeyid_d:
   4ac71a0f 96ff6db2 ca4e22b3 2804d322 29beacbb
   skeyid_a:
   d4bf979d 9bbed70b 50224726 71e9a376 a271b6fa
   skeyid_e:
   776e53c6 61c48cec cf4e4ce2 b27fd339 e4fed010
   enc-key:
   c0ab26e5 625f931f 8c74e3c5 6bca9c1a b59f7075 65f6f609
   current_iv: 0661e19a cad64e43
   NAT status: no NAT-T VID seen



And repeating previous advice from comment #6: post a full log and describe where it fails. I have "Debug 3", btw.
Comment 13 Eugene 2011-09-20 19:51:49 UTC
Hello again.
I want to fresh state ofthis problem.

1. vpnc hungs at phase:

S6.1 phase2_config send modecfg

-------------------
2. tcpdump during connect to vpn...
tcpdump host vpn.cti.ru -vv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
23:46:53.264150 IP (tos 0x0, ttl 64, id 53785, offset 0, flags [DF], proto UDP (17), length 1207) 192.168.1.26.40961 > vpn.cti.ru.isakmp: isakmp 1.0 msgid  cookie ->: phase 1 I agg: [|sa]
23:46:53.618668 IP (tos 0x0, ttl 111, id 62662, offset 0, flags [none], proto UDP (17), length 416) vpn.cti.ru.isakmp > 192.168.1.26.40961: isakmp 1.0 msgid  cookie ->: phase 1 R agg: [|sa]
23:46:53.639534 IP (tos 0x0, ttl 64, id 53786, offset 0, flags [DF], proto UDP (17), length 144) 192.168.1.26.40961 > vpn.cti.ru.isakmp: isakmp 1.0 msgid  cookie ->: phase 1 I agg[E]: [encrypted hash]
23:46:53.655068 IP (tos 0x0, ttl 111, id 50792, offset 0, flags [none], proto UDP (17), length 128) vpn.cti.ru.isakmp > 192.168.1.26.40961: isakmp 1.0 msgid  cookie ->: phase 2/others R #6[E]: [encrypted hash]
23:46:53.655409 IP (tos 0x0, ttl 64, id 53787, offset 0, flags [DF], proto UDP (17), length 120) 192.168.1.26.40961 > vpn.cti.ru.isakmp: isakmp 1.0 msgid  cookie ->: phase 2/others I #6[E]: [encrypted hash]
23:46:53.985314 IP (tos 0x0, ttl 111, id 56032, offset 0, flags [none], proto UDP (17), length 88) vpn.cti.ru.isakmp > 192.168.1.26.40961: isakmp 1.0 msgid  cookie ->: phase 2/others R #6[E]: [encrypted hash]
23:46:53.985673 IP (tos 0x0, ttl 64, id 53788, offset 0, flags [DF], proto UDP (17), length 88) 192.168.1.26.40961 > vpn.cti.ru.isakmp: isakmp 1.0 msgid  cookie ->: phase 2/others I #6[E]: [encrypted hash]
23:46:53.985834 IP (tos 0x0, ttl 64, id 53789, offset 0, flags [DF], proto UDP (17), length 192) 192.168.1.26.40961 > vpn.cti.ru.isakmp: isakmp 1.0 msgid  cookie ->: phase 2/others I #6[E]: [encrypted hash]
23:46:55.987383 IP (tos 0x0, ttl 64, id 53790, offset 0, flags [DF], proto UDP (17), length 192) 192.168.1.26.40961 > vpn.cti.ru.isakmp: isakmp 1.0 msgid  cookie ->: phase 2/others I #6[E]: [encrypted hash]
23:46:59.987708 IP (tos 0x0, ttl 64, id 53791, offset 0, flags [DF], proto UDP (17), length 192) 192.168.1.26.40961 > vpn.cti.ru.isakmp: isakmp 1.0 msgid  cookie ->: phase 2/others I #6[E]: [encrypted hash]
23:47:07.995427 IP (tos 0x0, ttl 64, id 53792, offset 0, flags [DF], proto UDP (17), length 192) 192.168.1.26.40961 > vpn.cti.ru.isakmp: isakmp 1.0 msgid  cookie ->: phase 2/others I #6[E]: [encrypted hash]
23:47:16.005475 IP (tos 0x0, ttl 111, id 44611, offset 0, flags [none], proto UDP (17), length 104) vpn.cti.ru.isakmp > 192.168.1.26.40961: isakmp 1.0 msgid  cookie ->: phase 2/others R inf[E]: [encrypted hash]
Comment 14 Eugene 2011-09-20 19:52:44 UTC
Created attachment 287197 [details]
vpnc --debug 3 log
Comment 15 Eugene 2011-11-08 20:33:09 UTC
In current time vpnc hungs with thiw messages:
--
S6.2 phase2_config receive modecfg
 [2011-11-09 00:28:28]
   BEGIN_PARSE
   Recieved Packet Len: 76
   i_cookie: 7dae628c 2079291c
   r_cookie: ed693287 14758e87
   payload: 08 (ISAKMP_PAYLOAD_HASH)
   isakmp_version: 10
   exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
   flags: 01
   message_id: ff92ac3b
   len: 0000004c
   
   PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
   next_type: 0c (ISAKMP_PAYLOAD_D)
   length: 0014
   ke.data: 8b04b8cf 98b76ed9 0d97955a e0adc2b2
   DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
   
   PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
   next_type: 00 (ISAKMP_PAYLOAD_NONE)
   length: 001c
   d.doi: 00000001 (ISAKMP_DOI_IPSEC)
   d.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
   d.spi_length: 10
   d.num_spi: 0001
   d.spi: 7dae628c 2079291c ed693287 14758e87
   DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
   
   PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
   PARSE_OK
   hashlen: 16
   u.hash.length: 16
   expected_hash: 8b04b8cf 98b76ed9 0d97955a e0adc2b2
   h->u.hash.data: 8b04b8cf 98b76ed9 0d97955a e0adc2b2
   got delete for old connection, ignoring..
--

I hope, this help with resolving this problem.
I want to know that vpnc wait from remote server ?
Comment 16 Justin Lecher gentoo-dev 2012-02-14 19:14:32 UTC
Is this fixed in latest version?
Comment 17 Martin Mokrejš 2013-02-07 15:22:30 UTC
I think you should really ask at vpnc-devel {{}} unix-ag.uni-kl.de. Maybe also test the other vpnc branches? Please refer to bug 444420#c18.
Comment 18 Justin Lecher gentoo-dev 2015-09-23 13:05:07 UTC
commit 2ae6a66dbaf6fc2440beefff98bc7f30a14128be
Author: Justin Lecher <jlec@gentoo.org>
Date:   Wed Sep 23 14:59:52 2015 +0200
    
    net-misc/vpnc: Drop old
    
    obsoletes:
    
    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=380399
    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=518254
    
    Package-Manager: portage-2.2.21
    Signed-off-by: Justin Lecher <jlec@gentoo.org>
    
    https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ae6a66dbaf6fc2440beefff98bc7f30a14128be