Gentoo Archives: gentoo-user

From: Mick <michaelkintzios@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Networkmanager VPNC key timeout
Date: Mon, 02 Mar 2015 20:02:09
Message-Id: 201503022001.58511.michaelkintzios@gmail.com
In Reply to: [gentoo-user] Networkmanager VPNC key timeout by Petric Frank
On Monday 02 Mar 2015 18:07:45 Petric Frank wrote:
> Hello, > > this is not a Gentoo problem per se, but i'm getting it under Gentoo. > > Runninng KDE + Networkmanager > (net-misc/networkmanager-0.9.10.1_pre20141101) together with vpnc plugin > (net-misc/networkmanager-vpnc-0.9.10.0). > > I have set up a VPN connection to a AVM FritzBox (which is using - as far > as i can evaluate - a Cisco like IPSec tunnel). > > This is running very well, but after exactly 1 hour the connection is > dropped. I can reconnect, but it also lasts 1 hour. > > After som crawlng though the net it seems that a key validity runs ot of > time at the client side. I t looks like this one > https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/479632 > > The nmcli output for this connection reads like this (some obfusicated): > ------------------------ cut ----------------------------- > =========================================================================== > ==== Details des Verbindungsprofils (XX) > =========================================================================== > ==== connection.id: XX > connection.uuid: > 11111111111111-2222-33333333333333333 connection.interface-name: > -- > connection.type: vpn > connection.autoconnect: no > connection.timestamp: 1425319416 > connection.read-only: no > connection.permissions: > connection.zone: > connection.master: -- > connection.slave-type: -- > connection.secondaries: > connection.gateway-ping-timeout: 0 > --------------------------------------------------------------------------- > ---- ipv4.method: auto > ipv4.dns: > ipv4.dns-search: > ipv4.addresses: > ipv4.routes: > ipv4.ignore-auto-routes: yes > ipv4.ignore-auto-dns: no > ipv4.dhcp-client-id: -- > ipv4.dhcp-send-hostname: yes > ipv4.dhcp-hostname: -- > ipv4.never-default: yes > ipv4.may-fail: no > --------------------------------------------------------------------------- > ---- ipv6.method: ignore > ipv6.dns: > ipv6.dns-search: > ipv6.addresses: > ipv6.routes: > ipv6.ignore-auto-routes: no > ipv6.ignore-auto-dns: no > ipv6.never-default: no > ipv6.may-fail: yes > ipv6.ip6-privacy: 0 (deaktiviert) > ipv6.dhcp-hostname: -- > --------------------------------------------------------------------------- > ---- vpn.service-type: > org.freedesktop.NetworkManager.vpnc vpn.user-name: > -- > vpn.data: Local Port = 0, IKE DH Group = dh2, > Perfect Forward Secrecy = server, Xauth password-flags = 1, IPSec ID = > user@××××.loc, IPSec gateway = open.nsupdate.info, Xauth username = > user@××××.loc, Cisco UDP Encapsulation Port = 0, Vendor = cisco, IPSec > secret- flags = 1, NAT Traversal Mode = natt > vpn.secrets: > > ------------------------ cut ----------------------------- > > Any hints ? > > regards > Petric
Going from memory here, but I recall that the VPNC client had problems rekeying SAs in Phase 2. I seem to recall there was bug but can't recall if it was ever patched. Yep - see here, a regression problem with version net-misc/vpnc-0.5.3: http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-July/003127.html I see that portage has 0.5.3_p527-r1 as stable, but I don't know if this includes any necessary patches. You could check the changelog. BTW, have you tried more actively developed VPN software like strongswan (it has a networkmanager plugin) or even ipsec-tools instead of vpnc, to see if you're getting the same problem? I think that they should work with Cisco VPN gateways, although it may be fiddly to set them up. -- Regards, Mick

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-user] Networkmanager VPNC key timeout Petric Frank <pfrank@×××.de>