I used vpnc instead of CISCO’s vpnclient for a long time. This way I could update my box without rebuilding any kernel modules vpnclient relies on.
Everything worked fine.
But suddenly I could not connect to my companies network any longer. I got:
vpnc: no response from target
Activating debug output did not help me. Fortunately a colleague of mine found a solution.
If you find
in the relevant pcf-file (vpnclient configuration file, which will be provided by your organization), you cannot use vpnc 0.4.0 or older any longer. You must get vpnc 0.5.1 and it must be compiled to use libcrypto (SSL).
For me ldd gives me:
lulu:/home/bav> ldd /usr/sbin/vpnc
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7dfa000)
So after getting the source package, you will have to change to makefile to read:
OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
OPENSSLLIBS = -lcrypto
My configuration looks like this:
IPSec ID foo
IPSec obfuscated secret barbarbarbar
IPSec gateway 18.104.22.168
IKE DH Group dh2
Xauth username MYUSERNAME
IKE Authmode hybrid
The file /etc/vpnc/rootcert.pem holds the appropriate certificate.