Red Hat Bugzilla – Bug 477073
Aventail VPN client didn't work, and upgrading openssl fixed it
Last modified: 2009-06-30 06:50:26 EDT
Description of problem: Aventail VPN client didn't work, and upgrading openssl fixed it.
Version-Release number of selected component (if applicable): non-working version is openssl-0.9.8g-11.fc10.i686. I finally got it to work with 0.9.8i, see below.
How reproducible: always
Steps to Reproduce:
1. install f10
2. install the aventail vpn client
3. try to connect to my network and it fails as described by someone else here:
The problem seems to be in a handshake that fails somewhere along the line.
I was able to get the vpn client to work by downloading openssl-0.9.8i.tar.gz from openssl.org. I unpacked it, ran './config shared' and 'make'. I didn't install it. Instead, I know that the vpn client makes links in /lib to the libraries it needs. So I moved those to point to the libssl.so.0.9.8 in the directory where I built openssl-0.9.8i. Now the vpn client seems to be working.
I suspect that this particular vpn setup requires something that either doesn't work in the 0.9.8g version or was removed somehow when they built the rpm. I've been building and rebuilding the rpm all day and I can't get it to work, so I'm giving up now that I have this hack working.
I will update the openssl version in rawhide soon. But unfortunately it is not possible to update the F10 due to ABI changes. If you were able to find out which changes in which files in 0.9.8i make it work I would happily add them to the F10 0.9.8g package.
Well, here's some other info.
I downloaded openssl-0.9.8g from openssl.org and built that using just default build options and no patches, as in './config shared' and 'make' etc. I used symbolic links in /lib to get the aventail vpn client to use those libraries -- and it worked. So, there's either some configuration option or a patch in the 0.9.8g RPM that's breaking something and it's probably going to take me a long time to figure out which.
It might be missing algorithm or whatever. Perhaps you could first try removing the patches from the src.rpm and rebuilding it. Unfortunately I can hardly help you finding the cause because I do not have the Aventail VPN. So unless you're able to isolate what's causing the problem I am sorry but I will have to mark it CLOSED-CANTFIX.
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.
More information and reason for this action is here: