First Last Prev Next    This bug is not in your last search results.
Bug 1015803 - patch to allow to connect to an alcatel vpn concentrator
patch to allow to connect to an alcatel vpn concentrator
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: vpnc (Show other bugs)
19
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Christian Krause
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-05 12:15 EDT by Laurent Jacquot
Modified: 2014-11-08 15:19 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-11-08 06:36:39 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
vpnc-0.5.3-17.fix-alcatel.patch (2.08 KB, patch)
2013-10-05 12:15 EDT, Laurent Jacquot 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Laurent Jacquot 2013-10-05 12:15:05 EDT 
I've carried this homemade patch for a very long time, maybe it could be usefull to others..


They are needed to connect to an Alcatel-Lucent Brick VPN Concentrator, I've made them after reading the post on vpnc-devel from Paolo Fiorillo in 2010:

I'm trying to connect VPNC client with Alcatel-Lucent Brick VPN Concentrator.

The result is: response was invalid [2]:  (ISAKMP_N_INVALID_SPI)(11)

The SPI size of the reply is 8.
In the VPNC code:

if (reject == 0 && rp->u.sa.proposals->u.p.spi_size != 0) reject = ISAKMP_N_INVALID_SPI;
if (reject == 0 && rp->u.sa.proposals->u.p.spi_size != 4) reject = ISAKMP_N_INVALID_SPI;

Does it means that value different form 0 and 4 are invalid??

From the RFC 2407, section 3.5 Proposal Payload:

the SPI Size is irrelevant and MAY be from zero (0) to sixteen (16)
Comment 1 Laurent Jacquot 2013-10-05 12:15:43 EDT 
Created attachment 808165 [details]
vpnc-0.5.3-17.fix-alcatel.patch
Comment 2 Felix Schwarz 2014-11-02 09:10:45 EST 
(Disclaimer: I'm no vpnc expert nor the Fedora vpnc maintainer)

Did you try to submit your patch upstream? As per Fedora's policies this should be done first. Adding a Fedora patch might be acceptable to bridge the time until the next upstream release or to fix a critical issue but as a package maintainer I'd be uneasy to just add a new patch.
Comment 3 Laurent Jacquot 2014-11-02 16:05:53 EST 
No I didn't because it is a very quick and dirty patch: I removed what got in the way to allow connection. It's nowhere near ready for uptream, but I thought it could be usefull to people having the same issue as me.

I have no more access to the alcatel concentrator => mark as CLOSED ?
Comment 4 Felix Schwarz 2014-11-02 16:27:17 EST 
Thank you very much for your feedback.

It's not my call (as I'm not a vpnc maintainer) but personally I'd say that Fedora packages should only ship upstream-ready code unless for a very good reason (=> not a valid Fedora bug IMHO).

Now vpnc upstream might be difficult to work with (not much communication, no releases, no bug tracker) but maybe you could send your patch+info on the upstream mailing list (https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel) with a short notice about the current state. I guess that way you'd help most people because future developers will check that more likely than the Fedora bugzilla.
Comment 5 Felix Schwarz 2014-11-08 06:36:39 EST 
As I co-maintain vpnc now I close this bug as we should not ship hacky patches. Still I'd encourage you to post your changes upstream.
Comment 6 Laurent Jacquot 2014-11-08 15:19:56 EST 
acked, I'll try to find time to report it upstream
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.