1 |
Hello Mick, |
2 |
|
3 |
Am Dienstag, 3. März 2015, 00:00:17 schrieb Mick: |
4 |
> > The homepage on vpnc in chapter TODO tells: |
5 |
> > "phase2-rekeying is now supported as of svn revision 126!" |
6 |
> > |
7 |
> > Changelog states for 0.5.2: |
8 |
> > "Fix Phase 2 rekeying, by various authors" |
9 |
> > |
10 |
> > I don't know whether this is along your statement above. |
11 |
> > |
12 |
> > So it seems not to be completely fixed. The homepage is not updated the |
13 |
> > last 7 years. |
14 |
> |
15 |
> OK, then yes, it has been fixed and your problem is not related to that old |
16 |
> bug, but could it be a more recent regression? |
17 |
|
18 |
maybe. |
19 |
|
20 |
> > > BTW, have you tried more actively developed VPN software like |
21 |
> > > strongswan (it has a networkmanager plugin) or even ipsec-tools |
22 |
> > > instead of vpnc, to see if you're getting the same problem? I think |
23 |
> > > that they should work with Cisco VPN gateways, although it may be |
24 |
> > > fiddly to set them up. |
25 |
> > |
26 |
> > i can find only ebuilds of (networkmanager-)openswan in the official |
27 |
> > tree. |
28 |
> |
29 |
> No, this only good for the SSL VPN solution of Cisco. |
30 |
|
31 |
good to know. |
32 |
|
33 |
> > strongswan is in the stable tree but not the networkmanager plugin. |
34 |
> |
35 |
> Are you sure? This is what I see here for strongswan-5.2.2 |
36 |
> |
37 |
> [+caps +constraints curl debug dhcp eap farp gcrypt +gmp ldap mysql |
38 |
> networkmanager |
39 |
> ^^^^^^^^^^^^^^ |
40 |
> +non-root +openssl pam pkcs11 sqlite strongswan_plugins_blowfish |
41 |
> strongswan_plugins_ccm strongswan_plugins_ctr strongswan_plugins_gcm |
42 |
> strongswan_plugins_ha strongswan_plugins_ipseckey +strongswan_plugins_led |
43 |
> +strongswan_plugins_lookip strongswan_plugins_ntru |
44 |
> strongswan_plugins_padlock strongswan_plugins_rdrand |
45 |
> +strongswan_plugins_systime-fix |
46 |
> strongswan_plugins_unbound +strongswan_plugins_unity |
47 |
> +strongswan_plugins_vici strongswan_plugins_whitelist] |
48 |
|
49 |
True, strongswan is in tree, but not networkmanager-strongswan (NetworkManager |
50 |
plugin). |
51 |
|
52 |
> The latest version 5.2.2 has a bug with some IKEv1 implementations. There |
53 |
> is a patch proposed which works and will be included in the next version |
54 |
> 5.2.3 when released. If your VPN server is affected then you'll have to |
55 |
> apply the patch yourself in a local overlay: |
56 |
> |
57 |
> https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/479632 |
58 |
|
59 |
Stable strongswan is already compiled and installed on my system. Any of the |
60 |
"strongswan_plugins_*" use flags i have to enable here ? |
61 |
|
62 |
But it could take some days (because of my business job). |
63 |
|
64 |
regards |
65 |
Petric |