Red Hat Bugzilla – Bug 172145
amd64 devel build of vpnc doesn't work
Last modified: 2007-11-30 17:11:16 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8b5) Gecko/20051008 Fedora/1.5-0.5.0.beta2 Firefox/1.4.1
Description of problem:
The x86_64 build of vpnc for development extras does not work for me. If I downgrade to the latest FC4 build, vpnc-0.3.3-3.4, it works. vpnc-0.3.3-3, the previous build that I used on both FC4 and devel, works fine on both. vpnc-0.3.3-4.i386 works fine on devel/i386; I hadn't thought of testing it on the AMD64 box.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.connect vpnc to a vpn server (from behind a NAT firewall, but I'm not sure that makes any difference)
Actual Results: It authenticates successfully, but no packets make it to the other end (or rather I never get replies to my pings)
Expected Results: With the earlier builds, it works just fine
The vpnc-0.3.3-3.4 and 0.3.3-4 are identical except release number and build
environment. Have you tried to rebuild the src.rpm if it helps? Maybe the devel
build environment was somehow broken when vpnc-0.3.3-4 was built.
I haven't tried that yet (was going to try next), but I have just tried
vpnc-0.3.3-4.i386.rpm on the AMD64 box, and it's working perfectly.
Please try to recompile it as x86_64. I don't have any rawhide x86_64 box
available where I could test vpnc.
Rebuilding vpnc-0.3.3-4 (or -3.4, for that matter) on FC devel results a
non-working binary. Looks like we got a toolchain bug. I can only see a few
minor differences between the assembly code generated on FC4 from that generated
on FC devel. I'm looking into them.
I can actually see many more differences if I compile with the same command-line
options that rpmbuild uses :-) If I compile everything with rpmbuild on FC
devel, and then recompile vpnc.o without -fstack-protector, it works. If I use
the rpmbuild-built binary, then it appears to work to some extent, as in,
packets go out on port 4500, but nothing ever comes back.
Hmm what about comparing the first packet sent from the working and non-working
vpncs? How do they differ?
I thought about that. The authentication proceeds correctly (AFAICT). There's
a short packet exchange that goes all right. It's only after authentication
completes and normal data starts flowing that replies stop being delivered, and
at that point the packets are supposed to be all encrypted, and with different
keys, so comparing them is of no use :-(
For the record, rebuilding vpnc with gcc 4.1.0-0.8 does NOT fix the problem :-(
FYI, its working for me now. Thank you.
So that was a gcc problem because nothing else changed.
The breakage is back in 0.3.3-7.x86_64 :-( .i386 works.
Broken for me too.
just rebuilt vpnc locally from source and now it works:
I'm having the exact same problem as described in Comment #7. I'm using
I tried rebuilding the src rpm with no help. I built vpnc from the subversion
repo and it works just fine. http://svn.unix-ag.uni-kl.de/vpnc/trunk/
The biggest differences I see between the subversion code is the rekeying
patch. But removing the rekeying patch from the src rpm and rebuilding doesn't
fix the problem either.
Vpnc connects fine, but can't ping or do anything afterwards.
The difference which makes it work between the vpnc from extras and your build
from the subversion repo is most probably the -fstack-protector option which is
not there if you build it from the subversion repo.
Noticed something new the other day... with 0.3.3-7 on FC5, vpnc tried got all
the routing wrong, tried to change the default route to go over tun0 device and
never set up routes to internal networks correctly. Upshot was you could ping
the external ip of the vpn gateway, but nothing else internal or external.
I can confirm that disabling stack protector makes vpnc work again. I disabled
stack protector in /usr/lib/rpm/redhat/macros , revved the spec, and rebuilt. I
can now pass packets through. Obviously disabling stack protector is the wrong
fix. We should do this better, but for those who need a working vpnc, RPMs are
temporarily available at: http://people.redhat.com/caillon/RPMS/rawhide/vpnc/
I wasn't able to isolate the problem so I've disabled stack-protector on x86_64
build in FE5 and FE devel.
Close, but no cigar... the compiler directive that breaks vpnc is
-fstack-protector as opposed of -f-stack-protector (-:
vpnc-0.3.3-7.2 and vpnc-0.3.3-9 should be finally OK.
Oddly, vpnc-0.3.3-8 was working fine for me on rawhide/x86_64. Maybe the GCC
bug got fixed or latent?
Now that's even more odd since gcc for the moment is identical on FC-5 and