1 |
On Monday 02 Mar 2015 22:13:05 Petric Frank wrote: |
2 |
> Hello, |
3 |
> |
4 |
> Am Montag, 2. März 2015, 21:01:48 schrieb Mick: |
5 |
|
6 |
> The homepage on vpnc in chapter TODO tells: |
7 |
> "phase2-rekeying is now supported as of svn revision 126!" |
8 |
> |
9 |
> Changelog states for 0.5.2: |
10 |
> "Fix Phase 2 rekeying, by various authors" |
11 |
> |
12 |
> I don't know whether this is along your statement above. |
13 |
> |
14 |
> So it seems not to be completely fixed. The homepage is not updated the |
15 |
> last 7 years. |
16 |
|
17 |
OK, then yes, it has been fixed and your problem is not related to that old |
18 |
bug, but could it be a more recent regression? |
19 |
|
20 |
|
21 |
> > BTW, have you tried more actively developed VPN software like strongswan |
22 |
> > (it has a networkmanager plugin) or even ipsec-tools instead of vpnc, to |
23 |
> > see if you're getting the same problem? I think that they should work |
24 |
> > with Cisco VPN gateways, although it may be fiddly to set them up. |
25 |
> |
26 |
> i can find only ebuilds of (networkmanager-)openswan in the official tree. |
27 |
|
28 |
No, this only good for the SSL VPN solution of Cisco. |
29 |
|
30 |
|
31 |
> strongswan is in the stable tree but not the networkmanager plugin. |
32 |
|
33 |
Are you sure? This is what I see here for strongswan-5.2.2 |
34 |
|
35 |
[+caps +constraints curl debug dhcp eap farp gcrypt +gmp ldap mysql |
36 |
networkmanager |
37 |
^^^^^^^^^^^^^^ |
38 |
+non-root +openssl pam pkcs11 sqlite strongswan_plugins_blowfish |
39 |
strongswan_plugins_ccm strongswan_plugins_ctr strongswan_plugins_gcm |
40 |
strongswan_plugins_ha strongswan_plugins_ipseckey +strongswan_plugins_led |
41 |
+strongswan_plugins_lookip strongswan_plugins_ntru strongswan_plugins_padlock |
42 |
strongswan_plugins_rdrand +strongswan_plugins_systime-fix |
43 |
strongswan_plugins_unbound +strongswan_plugins_unity +strongswan_plugins_vici |
44 |
strongswan_plugins_whitelist] |
45 |
|
46 |
The latest version 5.2.2 has a bug with some IKEv1 implementations. There is |
47 |
a patch proposed which works and will be included in the next version 5.2.3 |
48 |
when released. If your VPN server is affected then you'll have to apply the |
49 |
patch yourself in a local overlay: |
50 |
|
51 |
https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/479632 |
52 |
|
53 |
-- |
54 |
Regards, |
55 |
Mick |