1 |
On Monday 02 Mar 2015 18:07:45 Petric Frank wrote: |
2 |
> Hello, |
3 |
> |
4 |
> this is not a Gentoo problem per se, but i'm getting it under Gentoo. |
5 |
> |
6 |
> Runninng KDE + Networkmanager |
7 |
> (net-misc/networkmanager-0.9.10.1_pre20141101) together with vpnc plugin |
8 |
> (net-misc/networkmanager-vpnc-0.9.10.0). |
9 |
> |
10 |
> I have set up a VPN connection to a AVM FritzBox (which is using - as far |
11 |
> as i can evaluate - a Cisco like IPSec tunnel). |
12 |
> |
13 |
> This is running very well, but after exactly 1 hour the connection is |
14 |
> dropped. I can reconnect, but it also lasts 1 hour. |
15 |
> |
16 |
> After som crawlng though the net it seems that a key validity runs ot of |
17 |
> time at the client side. I t looks like this one |
18 |
> https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/479632 |
19 |
> |
20 |
> The nmcli output for this connection reads like this (some obfusicated): |
21 |
> ------------------------ cut ----------------------------- |
22 |
> =========================================================================== |
23 |
> ==== Details des Verbindungsprofils (XX) |
24 |
> =========================================================================== |
25 |
> ==== connection.id: XX |
26 |
> connection.uuid: |
27 |
> 11111111111111-2222-33333333333333333 connection.interface-name: |
28 |
> -- |
29 |
> connection.type: vpn |
30 |
> connection.autoconnect: no |
31 |
> connection.timestamp: 1425319416 |
32 |
> connection.read-only: no |
33 |
> connection.permissions: |
34 |
> connection.zone: |
35 |
> connection.master: -- |
36 |
> connection.slave-type: -- |
37 |
> connection.secondaries: |
38 |
> connection.gateway-ping-timeout: 0 |
39 |
> --------------------------------------------------------------------------- |
40 |
> ---- ipv4.method: auto |
41 |
> ipv4.dns: |
42 |
> ipv4.dns-search: |
43 |
> ipv4.addresses: |
44 |
> ipv4.routes: |
45 |
> ipv4.ignore-auto-routes: yes |
46 |
> ipv4.ignore-auto-dns: no |
47 |
> ipv4.dhcp-client-id: -- |
48 |
> ipv4.dhcp-send-hostname: yes |
49 |
> ipv4.dhcp-hostname: -- |
50 |
> ipv4.never-default: yes |
51 |
> ipv4.may-fail: no |
52 |
> --------------------------------------------------------------------------- |
53 |
> ---- ipv6.method: ignore |
54 |
> ipv6.dns: |
55 |
> ipv6.dns-search: |
56 |
> ipv6.addresses: |
57 |
> ipv6.routes: |
58 |
> ipv6.ignore-auto-routes: no |
59 |
> ipv6.ignore-auto-dns: no |
60 |
> ipv6.never-default: no |
61 |
> ipv6.may-fail: yes |
62 |
> ipv6.ip6-privacy: 0 (deaktiviert) |
63 |
> ipv6.dhcp-hostname: -- |
64 |
> --------------------------------------------------------------------------- |
65 |
> ---- vpn.service-type: |
66 |
> org.freedesktop.NetworkManager.vpnc vpn.user-name: |
67 |
> -- |
68 |
> vpn.data: Local Port = 0, IKE DH Group = dh2, |
69 |
> Perfect Forward Secrecy = server, Xauth password-flags = 1, IPSec ID = |
70 |
> user@××××.loc, IPSec gateway = open.nsupdate.info, Xauth username = |
71 |
> user@××××.loc, Cisco UDP Encapsulation Port = 0, Vendor = cisco, IPSec |
72 |
> secret- flags = 1, NAT Traversal Mode = natt |
73 |
> vpn.secrets: |
74 |
> |
75 |
> ------------------------ cut ----------------------------- |
76 |
> |
77 |
> Any hints ? |
78 |
> |
79 |
> regards |
80 |
> Petric |
81 |
|
82 |
Going from memory here, but I recall that the VPNC client had problems |
83 |
rekeying SAs in Phase 2. I seem to recall there was bug but can't recall if |
84 |
it was ever patched. |
85 |
|
86 |
Yep - see here, a regression problem with version net-misc/vpnc-0.5.3: |
87 |
|
88 |
http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-July/003127.html |
89 |
|
90 |
I see that portage has 0.5.3_p527-r1 as stable, but I don't know if this |
91 |
includes any necessary patches. You could check the changelog. |
92 |
|
93 |
BTW, have you tried more actively developed VPN software like strongswan (it |
94 |
has a networkmanager plugin) or even ipsec-tools instead of vpnc, to see if |
95 |
you're getting the same problem? I think that they should work with Cisco VPN |
96 |
gateways, although it may be fiddly to set them up. |
97 |
|
98 |
-- |
99 |
Regards, |
100 |
Mick |