I've carried this homemade patch for a very long time, maybe it could be usefull to others.. They are needed to connect to an Alcatel-Lucent Brick VPN Concentrator, I've made them after reading the post on vpnc-devel from Paolo Fiorillo in 2010: I'm trying to connect VPNC client with Alcatel-Lucent Brick VPN Concentrator. The result is: response was invalid [2]: (ISAKMP_N_INVALID_SPI)(11) The SPI size of the reply is 8. In the VPNC code: if (reject == 0 && rp->u.sa.proposals->u.p.spi_size != 0) reject = ISAKMP_N_INVALID_SPI; if (reject == 0 && rp->u.sa.proposals->u.p.spi_size != 4) reject = ISAKMP_N_INVALID_SPI; Does it means that value different form 0 and 4 are invalid?? From the RFC 2407, section 3.5 Proposal Payload: the SPI Size is irrelevant and MAY be from zero (0) to sixteen (16)
Created attachment 808165 [details] vpnc-0.5.3-17.fix-alcatel.patch
(Disclaimer: I'm no vpnc expert nor the Fedora vpnc maintainer) Did you try to submit your patch upstream? As per Fedora's policies this should be done first. Adding a Fedora patch might be acceptable to bridge the time until the next upstream release or to fix a critical issue but as a package maintainer I'd be uneasy to just add a new patch.
No I didn't because it is a very quick and dirty patch: I removed what got in the way to allow connection. It's nowhere near ready for uptream, but I thought it could be usefull to people having the same issue as me. I have no more access to the alcatel concentrator => mark as CLOSED ?
Thank you very much for your feedback. It's not my call (as I'm not a vpnc maintainer) but personally I'd say that Fedora packages should only ship upstream-ready code unless for a very good reason (=> not a valid Fedora bug IMHO). Now vpnc upstream might be difficult to work with (not much communication, no releases, no bug tracker) but maybe you could send your patch+info on the upstream mailing list (https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel) with a short notice about the current state. I guess that way you'd help most people because future developers will check that more likely than the Fedora bugzilla.
As I co-maintain vpnc now I close this bug as we should not ship hacky patches. Still I'd encourage you to post your changes upstream.
acked, I'll try to find time to report it upstream