Bug 172145 - amd64 devel build of vpnc doesn't work
amd64 devel build of vpnc doesn't work
Product: Fedora
Classification: Fedora
Component: vpnc (Show other bugs)
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks: FE5Target
  Show dependency treegraph
Reported: 2005-10-31 15:11 EST by Alexandre Oliva
Modified: 2007-11-30 17:11 EST (History)
11 users (show)

See Also:
Fixed In Version: vpnc-0.3.3-9
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-06-07 10:02:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Alexandre Oliva 2005-10-31 15:11:51 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8b5) Gecko/20051008 Fedora/1.5-0.5.0.beta2 Firefox/1.4.1

Description of problem:
The x86_64 build of vpnc for development extras does not work for me.  If I downgrade to the latest FC4 build, vpnc-0.3.3-3.4, it works.  vpnc-0.3.3-3, the previous build that I used on both FC4 and devel, works fine on both.  vpnc-0.3.3-4.i386 works fine on devel/i386; I hadn't thought of testing it on the AMD64 box.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.connect vpnc to a vpn server (from behind a NAT firewall, but I'm not sure that makes any difference)

Actual Results:  It authenticates successfully, but no packets make it to the other end (or rather I never get replies to my pings)

Expected Results:  With the earlier builds, it works just fine

Additional info:
Comment 1 Tomas Mraz 2005-11-01 03:32:35 EST
The vpnc-0.3.3-3.4 and 0.3.3-4 are identical except release number and build
environment. Have you tried to rebuild the src.rpm if it helps? Maybe the devel
build environment was somehow broken when vpnc-0.3.3-4 was built.
Comment 2 Alexandre Oliva 2005-11-01 09:07:17 EST
I haven't tried that yet (was going to try next), but I have just tried
vpnc-0.3.3-4.i386.rpm on the AMD64 box, and it's working perfectly.
Comment 3 Tomas Mraz 2005-11-01 09:21:21 EST
Please try to recompile it as x86_64. I don't have any rawhide x86_64 box
available where I could test vpnc.
Comment 4 Alexandre Oliva 2005-11-01 10:45:51 EST
Rebuilding vpnc-0.3.3-4 (or -3.4, for that matter) on FC devel results a
non-working binary.  Looks like we got a toolchain bug.  I can only see a few
minor differences between the assembly code generated on FC4 from that generated
on FC devel.  I'm looking into them.
Comment 5 Alexandre Oliva 2005-11-01 11:53:48 EST
I can actually see many more differences if I compile with the same command-line
options that rpmbuild uses :-)  If I compile everything with rpmbuild on FC
devel, and then recompile vpnc.o without -fstack-protector, it works.  If I use
the rpmbuild-built binary, then it appears to work to some extent, as in,
packets go out on port 4500, but nothing ever comes back.
Comment 6 Tomas Mraz 2005-11-02 07:19:29 EST
Hmm what about comparing the first packet sent from the working and non-working
vpncs? How do they differ?
Comment 7 Alexandre Oliva 2005-11-02 10:29:08 EST
I thought about that.  The authentication proceeds correctly (AFAICT).  There's
a short packet exchange that goes all right.  It's only after authentication
completes and normal data starts flowing that replies stop being delivered, and
at that point the packets are supposed to be all encrypted, and with different
keys, so comparing them is of no use :-(
Comment 8 Alexandre Oliva 2005-12-16 13:12:19 EST
For the record, rebuilding vpnc with gcc 4.1.0-0.8 does NOT fix the problem :-(
Comment 9 Chris Kloiber 2006-03-01 01:10:55 EST
FYI, its working for me now. Thank you.

Comment 10 Tomas Mraz 2006-03-01 02:22:19 EST
So that was a gcc problem because nothing else changed.
Comment 11 Alexandre Oliva 2006-03-10 19:46:52 EST
The breakage is back in 0.3.3-7.x86_64 :-(  .i386 works.
Comment 12 Ben Levenson 2006-03-14 00:34:05 EST
Broken for me too.
Comment 13 Ben Levenson 2006-03-14 00:57:47 EST
just rebuilt vpnc locally from source and now it works:
Comment 14 Jesus M. Rodriguez 2006-03-31 20:19:20 EST
I'm having the exact same problem as described in Comment #7.  I'm using

I tried rebuilding the src rpm with no help.  I built vpnc from the subversion
repo and it works just fine.  http://svn.unix-ag.uni-kl.de/vpnc/trunk/

The biggest differences I see between the subversion code is the rekeying
patch.  But removing the rekeying patch from the src rpm and rebuilding doesn't
fix the problem either.

Vpnc connects fine, but can't ping or do anything afterwards.
Comment 15 Tomas Mraz 2006-04-03 03:22:04 EDT
The difference which makes it work between the vpnc from extras and your build
from the subversion repo is most probably the -fstack-protector option which is
not there if you build it from the subversion repo.
Comment 16 Chris Kloiber 2006-04-03 09:24:52 EDT
Noticed something new the other day... with 0.3.3-7 on FC5, vpnc tried got all
the routing wrong, tried to change the default route to go over tun0 device and
never set up routes to internal networks correctly. Upshot was you could ping
the external ip of the vpn gateway, but nothing else internal or external.
Comment 17 Christopher Aillon 2006-04-15 14:08:53 EDT
I can confirm that disabling stack protector makes vpnc work again.  I disabled
stack protector in /usr/lib/rpm/redhat/macros , revved the spec, and rebuilt.  I
can now pass packets through.  Obviously disabling stack protector is the wrong
fix.  We should do this better, but for those who need a working vpnc, RPMs are
temporarily available at: http://people.redhat.com/caillon/RPMS/rawhide/vpnc/
Comment 18 Tomas Mraz 2006-05-30 18:20:42 EDT
I wasn't able to isolate the problem so I've disabled stack-protector on x86_64
build in FE5 and FE devel.
Comment 19 David Juran 2006-06-06 16:52:02 EDT
Close, but no cigar... the compiler directive that breaks vpnc is 
-fstack-protector as opposed of -f-stack-protector (-:

Comment 20 Tomas Mraz 2006-06-07 10:02:04 EDT
vpnc-0.3.3-7.2 and vpnc-0.3.3-9 should be finally OK.
Comment 21 Alexandre Oliva 2006-06-07 10:03:51 EDT
Oddly, vpnc-0.3.3-8 was working fine for me on rawhide/x86_64.  Maybe the GCC
bug got fixed or latent?
Comment 22 David Juran 2006-06-07 15:21:19 EDT
Now that's even more odd since gcc for the moment is identical on FC-5 and 

Note You need to log in before you can comment on or make changes to this bug.