Red Hat Bugzilla – Bug 1015803
patch to allow to connect to an alcatel vpn concentrator
Last modified: 2014-11-08 15:19:56 EST
I've carried this homemade patch for a very long time, maybe it could be usefull to others..
They are needed to connect to an Alcatel-Lucent Brick VPN Concentrator, I've made them after reading the post on vpnc-devel from Paolo Fiorillo in 2010:
I'm trying to connect VPNC client with Alcatel-Lucent Brick VPN Concentrator.
The result is: response was invalid : (ISAKMP_N_INVALID_SPI)(11)
The SPI size of the reply is 8.
In the VPNC code:
if (reject == 0 && rp->u.sa.proposals->u.p.spi_size != 0) reject = ISAKMP_N_INVALID_SPI;
if (reject == 0 && rp->u.sa.proposals->u.p.spi_size != 4) reject = ISAKMP_N_INVALID_SPI;
Does it means that value different form 0 and 4 are invalid??
From the RFC 2407, section 3.5 Proposal Payload:
the SPI Size is irrelevant and MAY be from zero (0) to sixteen (16)
Created attachment 808165 [details]
(Disclaimer: I'm no vpnc expert nor the Fedora vpnc maintainer)
Did you try to submit your patch upstream? As per Fedora's policies this should be done first. Adding a Fedora patch might be acceptable to bridge the time until the next upstream release or to fix a critical issue but as a package maintainer I'd be uneasy to just add a new patch.
No I didn't because it is a very quick and dirty patch: I removed what got in the way to allow connection. It's nowhere near ready for uptream, but I thought it could be usefull to people having the same issue as me.
I have no more access to the alcatel concentrator => mark as CLOSED ?
Thank you very much for your feedback.
It's not my call (as I'm not a vpnc maintainer) but personally I'd say that Fedora packages should only ship upstream-ready code unless for a very good reason (=> not a valid Fedora bug IMHO).
Now vpnc upstream might be difficult to work with (not much communication, no releases, no bug tracker) but maybe you could send your patch+info on the upstream mailing list (https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel) with a short notice about the current state. I guess that way you'd help most people because future developers will check that more likely than the Fedora bugzilla.
As I co-maintain vpnc now I close this bug as we should not ship hacky patches. Still I'd encourage you to post your changes upstream.
acked, I'll try to find time to report it upstream