Bug 731200
Summary: | vpnc stopped working completely | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Felipe Contreras <felipe.contreras> | ||||||
Component: | vpnc | Assignee: | Christian Krause <chkr> | ||||||
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | urgent | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 16 | CC: | rjones | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2012-02-02 18:45:34 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Felipe Contreras
2011-08-16 22:27:11 UTC
Actually, I downgraded to 0.5.3-9.fc15, and it works fine. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. Please can you run vpnc on the command line with "--debug 3" and attach the complete debug output? Please do the test with version 0.5.3-9.fc15 as well as with 0.5.3-12.svn457. Thank you very much in advance! from "vpnc --long-help": --debug <0/1/2/3/99> Show verbose debug messages * 0: Do not print debug information. * 1: Print minimal debug information. * 2: Show statemachine and packet/payload type information. * 3: Dump everything exluding authentication data. * 99: Dump everything INCLUDING AUTHENTICATION data (e.g. PASSWORDS). conf-variable: Debug <0/1/2/3/99> Created attachment 521935 [details]
Log for old vpnc
Created attachment 521936 [details]
Log for new vpnc
As you can see, there's clearly a regression, I say you should revert back to the old one. It's also interesting the fact that even though vpnc fails (it doesn't go to the background), the NetworkManager plug in think it does. I have looked at both attachments and it looks like that the differences start when dealing with NAT mode. 1. Please can you double-check that you have used in both tests (old and new vpnc version) exactly the same config file? 2. Please can you also attach the config file (please replace all private data like IP addresses, user names and passwords with xxxx or so)? 3. Please can you also try, whether changing the NAT mode helps by any chance? From the "man vpnc": -------------------------- --natt-mode <natt/none/force-natt/cisco-udp> Which NAT-Traversal Method to use: · natt -- NAT-T as defined in RFC3947 · none -- disable use of any NAT-T method · force-natt -- always use NAT-T encapsulation even without presence of a NAT device (useful if the OS captures all ESP traffic) · cisco-udp -- Cisco proprietary UDP encapsulation, com‐ monly over Port 10000 Note: cisco-tcp encapsulation is not yet supported Default: natt conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp> ------------------------- (In reply to comment #7) > I have looked at both attachments and it looks like that the differences start > when dealing with NAT mode. > > 1. Please can you double-check that you have used in both tests (old and new > vpnc version) exactly the same config file? Yes, I used the same configuration because I actually didn't use a configuration, I specified everything on the command line. > 2. Please can you also attach the config file (please replace all private data > like IP addresses, user names and passwords with xxxx or so)? No configuration: % vpnc --gateway $gw --id $id --username $user --debug 3 > 3. Please can you also try, whether changing the NAT mode helps by any chance? Yup, disabling NAT seemed to work, however, I noticed a difference between two different VPNs. One VPN works perfectly fine when I disable NAT from NetworkManager, but the other one never works. NM says it connected just fine, but it just doesn't work. Why no update? The new version is clearly breaking existing use-cases, if there is no fix, it should be reverted. Still happening on Fedora 16. Obviously nobody cares if vpn is broken. |