«
»

vpnc: no response from target finally solved: AuthType=5

By linos

Hi,

I used vpnc instead of CISCO’s vpnclient for a long time. This way I could update my box without rebuilding any kernel modules vpnclient relies on.

Everything worked fine.

But suddenly I could not connect to my companies network any longer. I got:

vpnc: no response from target

Activating debug output did not help me. Fortunately a colleague of mine found a solution.

If you find

AuthType=5
CertStore=1

in the relevant pcf-file (vpnclient configuration file, which will be provided by your organization), you cannot use vpnc 0.4.0 or older any longer. You must get vpnc 0.5.1 and it must be compiled to use libcrypto (SSL).

For me ldd gives me:


lulu:/home/bav> ldd /usr/sbin/vpnc
...
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7dfa000)
...

So after getting the source package, you will have to change to makefile to read:


OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
OPENSSLLIBS = -lcrypto

My configuration looks like this:


IPSec ID foo
IPSec obfuscated secret barbarbarbar
IPSec gateway 1.2.3.4
IKE DH Group dh2
Xauth username MYUSERNAME
IKE Authmode hybrid
CA-File /etc/vpnc/rootcert.pem

The file /etc/vpnc/rootcert.pem holds the appropriate certificate.

Gerd

Possibly related posts: (automatically generated)

Tags: , , ,

This entry was posted on November 23, 2007 at 1:42 pm and is filed under Linux Server. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “vpnc: no response from target finally solved: AuthType=5”

  1. candace Says:
    November 27, 2007 at 8:52 pm

    I want to thank you so much for this post. I was struggling to get my eee to connect to my campus VPN until I read this post, and it set me right in the end. Thanks!

  2. Luigi Says:
    December 6, 2007 at 10:32 pm

    Excellent post!!!
    You solved my connection problem to my campus VPN

    Thanks a lot!!

  3. Slava Says:
    December 13, 2007 at 2:41 am

    Hello. I am trying to setup vpn connection to my work. The instructions that my work provides are for cisco vpn client on a windows os. I am trying to translate the instructions to vpnc. In an effort to enroll for a certificate the first step is to create a base-64 key file. The only options that have to do with certificates that I have found in vpnc help are –ca-file and –ca-dir. May I ask you for a guiding direction of what I should do?

  4. linos Says:
    December 14, 2007 at 10:42 am

    Slava,

    this worked for me:

    openssl x509 -in rootcert -inform der -out rootcert.pem -outform pem

    Gerd

  5. Sam Cook Says:
    October 29, 2008 at 3:28 pm

    Thanks for the help!

    this has taken me at least 4 hours of frustrated battling with my laptop and you helped save me!

    just so you now this method works on ubuntu ibex.
    this script:
    http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc
    is very helpful for moving pcf files to vpnc conf files – if you have encrypted group passwords etc this page:
    http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode?enc=&.submit=decode!
    will decode them rather than installing the cisco decrypter package

    hope this helps!

Leave a Reply