Bug 1015803 - patch to allow to connect to an alcatel vpn concentrator
Summary: patch to allow to connect to an alcatel vpn concentrator
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: vpnc
Version: 19
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Christian Krause
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-10-05 16:15 UTC by Laurent Jacquot
Modified: 2014-11-08 20:19 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-11-08 11:36:39 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
vpnc-0.5.3-17.fix-alcatel.patch (2.08 KB, patch)
2013-10-05 16:15 UTC, Laurent Jacquot 		no flags Details | Diff
View All

Description Laurent Jacquot 2013-10-05 16:15:05 UTC 
I've carried this homemade patch for a very long time, maybe it could be usefull to others..


They are needed to connect to an Alcatel-Lucent Brick VPN Concentrator, I've made them after reading the post on vpnc-devel from Paolo Fiorillo in 2010:

I'm trying to connect VPNC client with Alcatel-Lucent Brick VPN Concentrator.

The result is: response was invalid [2]:  (ISAKMP_N_INVALID_SPI)(11)

The SPI size of the reply is 8.
In the VPNC code:

if (reject == 0 && rp->u.sa.proposals->u.p.spi_size != 0) reject = ISAKMP_N_INVALID_SPI;
if (reject == 0 && rp->u.sa.proposals->u.p.spi_size != 4) reject = ISAKMP_N_INVALID_SPI;

Does it means that value different form 0 and 4 are invalid??

From the RFC 2407, section 3.5 Proposal Payload:

the SPI Size is irrelevant and MAY be from zero (0) to sixteen (16)
Comment 1 Laurent Jacquot 2013-10-05 16:15:43 UTC 
Created attachment 808165 [details]
vpnc-0.5.3-17.fix-alcatel.patch
Comment 2 Felix Schwarz 2014-11-02 14:10:45 UTC 
(Disclaimer: I'm no vpnc expert nor the Fedora vpnc maintainer)

Did you try to submit your patch upstream? As per Fedora's policies this should be done first. Adding a Fedora patch might be acceptable to bridge the time until the next upstream release or to fix a critical issue but as a package maintainer I'd be uneasy to just add a new patch.
Comment 3 Laurent Jacquot 2014-11-02 21:05:53 UTC 
No I didn't because it is a very quick and dirty patch: I removed what got in the way to allow connection. It's nowhere near ready for uptream, but I thought it could be usefull to people having the same issue as me.

I have no more access to the alcatel concentrator => mark as CLOSED ?
Comment 4 Felix Schwarz 2014-11-02 21:27:17 UTC 
Thank you very much for your feedback.

It's not my call (as I'm not a vpnc maintainer) but personally I'd say that Fedora packages should only ship upstream-ready code unless for a very good reason (=> not a valid Fedora bug IMHO).

Now vpnc upstream might be difficult to work with (not much communication, no releases, no bug tracker) but maybe you could send your patch+info on the upstream mailing list (https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel) with a short notice about the current state. I guess that way you'd help most people because future developers will check that more likely than the Fedora bugzilla.
Comment 5 Felix Schwarz 2014-11-08 11:36:39 UTC 
As I co-maintain vpnc now I close this bug as we should not ship hacky patches. Still I'd encourage you to post your changes upstream.
Comment 6 Laurent Jacquot 2014-11-08 20:19:56 UTC 
acked, I'll try to find time to report it upstream
Note You need to log in before you can comment on or make changes to this bug.