Archive for November, 2007

vpnc: no response from target finally solved: AuthType=5

November 23, 2007

Hi,

I used vpnc instead of CISCO’s vpnclient for a long time. This way I could update my box without rebuilding any kernel modules vpnclient relies on.

Everything worked fine.

But suddenly I could not connect to my companies network any longer. I got:

vpnc: no response from target

Activating debug output did not help me. Fortunately a colleague of mine found a solution.

If you find

AuthType=5
CertStore=1

in the relevant pcf-file (vpnclient configuration file, which will be provided by your organization), you cannot use vpnc 0.4.0 or older any longer. You must get vpnc 0.5.1 and it must be compiled to use libcrypto (SSL).

For me ldd gives me:


lulu:/home/bav> ldd /usr/sbin/vpnc
...
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7dfa000)
...

So after getting the source package, you will have to change to makefile to read:


OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
OPENSSLLIBS = -lcrypto

My configuration looks like this:


IPSec ID foo
IPSec obfuscated secret barbarbarbar
IPSec gateway 1.2.3.4
IKE DH Group dh2
Xauth username MYUSERNAME
IKE Authmode hybrid
CA-File /etc/vpnc/rootcert.pem

The file /etc/vpnc/rootcert.pem holds the appropriate certificate.

Gerd

Advertisements

Using DSL with pppd and pppoe in Feisty with suspend and resume

November 19, 2007

Hi,

the other day I set up a Feisty box directly connected to a DSL modem. So I had to use pppd and pppoe. The setup utility pppoeconf was already on the system (in /usr/sbin), but the package pppoe was missing (does that make sense: pppoeconf without pppoe ???). I installed pppoe and ran pppoeconf.

A minute later I was online.

After rebooting I was online again. But after suspending the box to disk and resuming there was pppd still kind of running – but useless. IMHO this is ok.

But the user expects to be online again of course.

This is what I did:


lulu:/etc/acpi/suspend.d> cat 01-poff.sh
#!/bin/sh
poff

and


lulu:/etc/acpi/resume.d> cat 99-pon.sh
#!/bin/sh
pon

I intended to terminate pppd via poff when suspending and start a fresh pppd when resuming was nearly finished.

This did not really work. I found an error message telling me that the interface was not up. So I added

ifconfig eth0 up

to the script. I thought I was done now, but at least occasionally the link was not up when I started to access the net.

With

lulu:/etc/acpi/resume.d> cat 99-pon.sh
#!/bin/sh
ifconfig eth0 up
sleep 2
pon
sleep 2

this works now fine.

Using

sudo netstat -nlp --inet

I finally closed all ports. (System | Services).

Gerd