vpnc: no response from target finally solved: AuthType=5

Hi,

I used vpnc instead of CISCO’s vpnclient for a long time. This way I could update my box without rebuilding any kernel modules vpnclient relies on.

Everything worked fine.

But suddenly I could not connect to my companies network any longer. I got:

vpnc: no response from target

Activating debug output did not help me. Fortunately a colleague of mine found a solution.

If you find

AuthType=5
CertStore=1

in the relevant pcf-file (vpnclient configuration file, which will be provided by your organization), you cannot use vpnc 0.4.0 or older any longer. You must get vpnc 0.5.1 and it must be compiled to use libcrypto (SSL).

For me ldd gives me:


lulu:/home/bav> ldd /usr/sbin/vpnc
...
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7dfa000)
...

So after getting the source package, you will have to change to makefile to read:


OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
OPENSSLLIBS = -lcrypto

My configuration looks like this:


IPSec ID foo
IPSec obfuscated secret barbarbarbar
IPSec gateway 1.2.3.4
IKE DH Group dh2
Xauth username MYUSERNAME
IKE Authmode hybrid
CA-File /etc/vpnc/rootcert.pem

The file /etc/vpnc/rootcert.pem holds the appropriate certificate.

Gerd

Advertisements

Tags: , , ,

8 Responses to “vpnc: no response from target finally solved: AuthType=5”

  1. candace Says:

    I want to thank you so much for this post. I was struggling to get my eee to connect to my campus VPN until I read this post, and it set me right in the end. Thanks!

  2. Luigi Says:

    Excellent post!!!
    You solved my connection problem to my campus VPN

    Thanks a lot!!

  3. Slava Says:

    Hello. I am trying to setup vpn connection to my work. The instructions that my work provides are for cisco vpn client on a windows os. I am trying to translate the instructions to vpnc. In an effort to enroll for a certificate the first step is to create a base-64 key file. The only options that have to do with certificates that I have found in vpnc help are –ca-file and –ca-dir. May I ask you for a guiding direction of what I should do?

  4. linos Says:

    Slava,

    this worked for me:

    openssl x509 -in rootcert -inform der -out rootcert.pem -outform pem

    Gerd

  5. Sam Cook Says:

    Thanks for the help!

    this has taken me at least 4 hours of frustrated battling with my laptop and you helped save me!

    just so you now this method works on ubuntu ibex.
    this script:
    http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc
    is very helpful for moving pcf files to vpnc conf files – if you have encrypted group passwords etc this page:
    http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode?enc=&.submit=decode!
    will decode them rather than installing the cisco decrypter package

    hope this helps!

  6. linos Says:

    Currently changing to Natty, I still had to use my recompiled version, i.e. out of the box vpnc in Ubuntu Natty stiil does not refer to libcrypto for some reason.

    When I tried the Natty vpnc binary in the first place, I got following error message:

    vpnc: certificate signer not found

  7. Lavon Says:

    Why users still use to read news papers when in this
    technological world the whole thing is existing on web?

  8. Gonzalo Oviedo Lambert Says:

    I resolved my problem connecting with another service provider and the connection pass, so i’ve call to my original ISP and they “reset” the modem and Wuola!, problem solved!.

    By the way vpnc –debug 99 could be useful

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: