On Monday 02 Mar 2015 22:13:05 Petric Frank wrote: > Hello, > > Am Montag, 2. März 2015, 21:01:48 schrieb Mick:
> The homepage on vpnc in chapter TODO tells: > "phase2-rekeying is now supported as of svn revision 126!" > > Changelog states for 0.5.2: > "Fix Phase 2 rekeying, by various authors" > > I don't know whether this is along your statement above. > > So it seems not to be completely fixed. The homepage is not updated the > last 7 years. OK, then yes, it has been fixed and your problem is not related to that old bug, but could it be a more recent regression? > > BTW, have you tried more actively developed VPN software like strongswan > > (it has a networkmanager plugin) or even ipsec-tools instead of vpnc, to > > see if you're getting the same problem? I think that they should work > > with Cisco VPN gateways, although it may be fiddly to set them up. > > i can find only ebuilds of (networkmanager-)openswan in the official tree. No, this only good for the SSL VPN solution of Cisco. > strongswan is in the stable tree but not the networkmanager plugin. Are you sure? This is what I see here for strongswan-5.2.2 [+caps +constraints curl debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager ^^^^^^^^^^^^^^ +non-root +openssl pam pkcs11 sqlite strongswan_plugins_blowfish strongswan_plugins_ccm strongswan_plugins_ctr strongswan_plugins_gcm strongswan_plugins_ha strongswan_plugins_ipseckey +strongswan_plugins_led +strongswan_plugins_lookip strongswan_plugins_ntru strongswan_plugins_padlock strongswan_plugins_rdrand +strongswan_plugins_systime-fix strongswan_plugins_unbound +strongswan_plugins_unity +strongswan_plugins_vici strongswan_plugins_whitelist] The latest version 5.2.2 has a bug with some IKEv1 implementations. There is a patch proposed which works and will be included in the next version 5.2.3 when released. If your VPN server is affected then you'll have to apply the patch yourself in a local overlay: https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/479632 -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
