Bug#842850: vpnc: please support main mode
Control: tags -1 + wontfix On Sat, 17 Sep 2022 22:11:05 +0200 Thomas Uhle wrote: > [...] > > Well, maybe it's too late for some explanations. Anyway, these three > documents on the internet (among others) may explain the difference > between main mode and aggressive mode: > * https://www.ipsec-howto.org/x202.html#AEN283 > * https://www.internet-computer-security.com/VPN-Guide/Aggressive-Mode.html > * > https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/217432-understand-ipsec-ikev1-protocol.html > > I've searched the internet because I am not quite sure about it; but if I > remember correctly then Cisco has preferred or used by default aggressive > mode. Please remember that vpnc was developed as a replacement to Cisco's > proprietary client to have a free alternative for connecting to Cisco > IPSec/VPN servers from any platform having similar simplicity in terms of > configuration and usage. > Yet you may decide for a different VPN software that provides much more > features for tweaking the IPSec connection exactly the way you need or > want it, libreswan or strongswan for instance. Both support main mode and > aggressive mode and are packaged for Debian. With the explanation Thomas gave I tag this bug as wontfix. -- GPG Fingerprint 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585 signature.asc Description: This is a digitally signed message part
Bug#842850: vpnc: please support main mode
On Wed, 23 Nov 2016, Florian Schlichting wrote: Hi Benoit, > While debugging an issue connecting with vpnc to a mikrotik firewall, I more > or less pinpointed the problem in vpnc only trying aggressive mode > and not 'main' mode. > > Could a config option be added to also allow main mode? I'm not sure what 'aggressive mode' is and I cannot find anything about that in the source. But if you're able to develop a patch (and if possible, post that patch to the upstream development list in addition to this bug report), I can certainly add that patch to the Debian package. Florian Well, maybe it's too late for some explanations. Anyway, these three documents on the internet (among others) may explain the difference between main mode and aggressive mode: * https://www.ipsec-howto.org/x202.html#AEN283 * https://www.internet-computer-security.com/VPN-Guide/Aggressive-Mode.html * https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/217432-understand-ipsec-ikev1-protocol.html I've searched the internet because I am not quite sure about it; but if I remember correctly then Cisco has preferred or used by default aggressive mode. Please remember that vpnc was developed as a replacement to Cisco's proprietary client to have a free alternative for connecting to Cisco IPSec/VPN servers from any platform having similar simplicity in terms of configuration and usage. Yet you may decide for a different VPN software that provides much more features for tweaking the IPSec connection exactly the way you need or want it, libreswan or strongswan for instance. Both support main mode and aggressive mode and are packaged for Debian. Best regards, Thomas Uhle
Bug#842850: vpnc: please support main mode
Hi Benoit, > While debugging an issue connecting with vpnc to a mikrotik firewall, I more > or less pinpointed the problem in vpnc only trying aggressive mode > and not 'main' mode. > > Could a config option be added to also allow main mode? I'm not sure what 'aggressive mode' is and I cannot find anything about that in the source. But if you're able to develop a patch (and if possible, post that patch to the upstream development list in addition to this bug report), I can certainly add that patch to the Debian package. Florian
Bug#842850: vpnc: please support main mode
Package: vpnc Version: 0.5.3r550-2 Severity: wishlist Dear Maintainer, While debugging an issue connecting with vpnc to a mikrotik firewall, I more or less pinpointed the problem in vpnc only trying aggressive mode and not 'main' mode. Could a config option be added to also allow main mode? -Benoit- -- System Information: Debian Release: 8.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages vpnc depends on: ii dpkg 1.17.27 ii libc6 2.19-18+deb8u6 ii libgcrypt201.6.3-2+deb8u2 ii libgnutls-deb0-28 3.3.8-6+deb8u3 ii perl 5.20.2-3+deb8u6 ii vpnc-scripts 0.1~git20140806-1 Versions of packages vpnc recommends: ii iproute 1:3.16.0-2 Versions of packages vpnc suggests: ii resolvconf 1.76.1 -- Configuration Files: /etc/vpnc/default.conf [Errno 13] Keine Berechtigung: u'/etc/vpnc/default.conf' -- no debconf information