Description of problem: The recent update to iproute-2.6.16-1.fc5 broke vpnc (more accurately, it broke /etc/vpnc/vpnc-script). The new iproute adds a "hoplimit" value to the output of "ip route get <ipsec_gw_address>". Because fix_ip_get_output doesn't know to remove it (and it isn't a valid parameter to "ip route add"), the attempt to add a route to the VPN concentrator fails with "Error: either "to" is duplicate, or "hoplimit" is a garbage." The fix is easy, just modify fix_ip_get_output to strip the hoplimit value. Patch will be attached shortly. Version-Release number of selected component (if applicable): vpnc-0.3.3-7.2 How reproducible: 100% since updating to iproute-2.6.16-1.fc5. Steps to Reproduce: 1. Update to iproute-2.6.16-1.fc5 2. Try to connect to a VPN concentrator 3. Enjoy not being able to pass any packets Actual results: Error adding route to VPN concentrator Expected results: Sucessful addition of route to VPN concentrator
Created attachment 135916 [details] Patch to strip hoplimit from output of ip route get
Bug reproduces for me on two different VPN concentrators. Reverted for now to iproute-2.6.15-1.2.
Just to confirm that vpnc-0.3.3-7.3 and newer iproute work fine together.
This is confirmation that vpnc-0.3.3-7.3 works properly on RHEL5 beta 1, whereas -7.2 does not.