Posts Tagged ‘certificate’

vpnc: no response from target finally solved: AuthType=5

November 23, 2007

Hi,

I used vpnc instead of CISCO’s vpnclient for a long time. This way I could update my box without rebuilding any kernel modules vpnclient relies on.

Everything worked fine.

But suddenly I could not connect to my companies network any longer. I got:

vpnc: no response from target

Activating debug output did not help me. Fortunately a colleague of mine found a solution.

If you find

AuthType=5
CertStore=1

in the relevant pcf-file (vpnclient configuration file, which will be provided by your organization), you cannot use vpnc 0.4.0 or older any longer. You must get vpnc 0.5.1 and it must be compiled to use libcrypto (SSL).

For me ldd gives me:


lulu:/home/bav> ldd /usr/sbin/vpnc
...
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7dfa000)
...

So after getting the source package, you will have to change to makefile to read:


OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
OPENSSLLIBS = -lcrypto

My configuration looks like this:


IPSec ID foo
IPSec obfuscated secret barbarbarbar
IPSec gateway 1.2.3.4
IKE DH Group dh2
Xauth username MYUSERNAME
IKE Authmode hybrid
CA-File /etc/vpnc/rootcert.pem

The file /etc/vpnc/rootcert.pem holds the appropriate certificate.

Gerd

Advertisements