info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#842850: vpnc: please support main mode
22 views
Skip to first unread message
Benoit Panizzon
Nov 1, 2016, 2:30:03 PM11/1/16
to
Package: vpnc
Version: 0.5.3r550-2
Severity: wishlist
Dear Maintainer,
While debugging an issue connecting with vpnc to a mikrotik firewall, I more
or less pinpointed the problem in vpnc only trying aggressive mode
and not 'main' mode.
Could a config option be added to also allow main mode?
-Benoit-
-- System Information:
Debian Release: 8.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages vpnc depends on:
ii dpkg 1.17.27
ii libc6 2.19-18+deb8u6
ii libgcrypt20 1.6.3-2+deb8u2
ii libgnutls-deb0-28 3.3.8-6+deb8u3
ii perl 5.20.2-3+deb8u6
ii vpnc-scripts 0.1~git20140806-1
Versions of packages vpnc recommends:
ii iproute 1:3.16.0-2
Versions of packages vpnc suggests:
ii resolvconf 1.76.1
-- Configuration Files:
/etc/vpnc/default.conf [Errno 13] Keine Berechtigung: u'/etc/vpnc/default.conf'
-- no debconf information
Version: 0.5.3r550-2
Severity: wishlist
Dear Maintainer,
While debugging an issue connecting with vpnc to a mikrotik firewall, I more
or less pinpointed the problem in vpnc only trying aggressive mode
and not 'main' mode.
Could a config option be added to also allow main mode?
-Benoit-
-- System Information:
Debian Release: 8.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages vpnc depends on:
ii dpkg 1.17.27
ii libc6 2.19-18+deb8u6
ii libgcrypt20 1.6.3-2+deb8u2
ii libgnutls-deb0-28 3.3.8-6+deb8u3
ii perl 5.20.2-3+deb8u6
ii vpnc-scripts 0.1~git20140806-1
Versions of packages vpnc recommends:
ii iproute 1:3.16.0-2
Versions of packages vpnc suggests:
ii resolvconf 1.76.1
-- Configuration Files:
/etc/vpnc/default.conf [Errno 13] Keine Berechtigung: u'/etc/vpnc/default.conf'
-- no debconf information
Florian Schlichting
Nov 23, 2016, 4:40:03 PM11/23/16
to
Hi Benoit,
> While debugging an issue connecting with vpnc to a mikrotik firewall, I more
> or less pinpointed the problem in vpnc only trying aggressive mode
> and not 'main' mode.
>
> Could a config option be added to also allow main mode?
I'm not sure what 'aggressive mode' is and I cannot find anything about
that in the source. But if you're able to develop a patch (and if
possible, post that patch to the upstream development list in addition
to this bug report), I can certainly add that patch to the Debian
package.
Florian
> While debugging an issue connecting with vpnc to a mikrotik firewall, I more
> or less pinpointed the problem in vpnc only trying aggressive mode
> and not 'main' mode.
>
> Could a config option be added to also allow main mode?
that in the source. But if you're able to develop a patch (and if
possible, post that patch to the upstream development list in addition
to this bug report), I can certainly add that patch to the Debian
package.
Florian
Thomas Uhle
Sep 17, 2022, 4:40:03 PM9/17/22
to
documents on the internet (among others) may explain the difference
between main mode and aggressive mode:
* https://www.ipsec-howto.org/x202.html#AEN283
* https://www.internet-computer-security.com/VPN-Guide/Aggressive-Mode.html
* https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/217432-understand-ipsec-ikev1-protocol.html
I've searched the internet because I am not quite sure about it; but if I
remember correctly then Cisco has preferred or used by default aggressive
mode. Please remember that vpnc was developed as a replacement to Cisco's
proprietary client to have a free alternative for connecting to Cisco
IPSec/VPN servers from any platform having similar simplicity in terms of
configuration and usage.
Yet you may decide for a different VPN software that provides much more
features for tweaking the IPSec connection exactly the way you need or
want it, libreswan or strongswan for instance. Both support main mode and
aggressive mode and are packaged for Debian.
Best regards,
Thomas Uhle
0 new messages