Date: Fri, 5 Oct 2007 10:38:33 GMT From: Raffaele De Lorenzo <raffaele.delorenzo@libero.it> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/116949: Some Cisco Concentrators refuse Connection (ISAKMP_N_INVALID_PAYLOAD_TYPE(1)) Message-ID: <200710051038.l95AcXrK031296@www.freebsd.org> Resent-Message-ID: <200710051040.l95Ae12Q033139@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 116949 >Category: misc >Synopsis: Some Cisco Concentrators refuse Connection (ISAKMP_N_INVALID_PAYLOAD_TYPE(1)) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Oct 05 10:40:01 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Raffaele De Lorenzo >Release: FreeBSD 6.2-STABLE-200706 >Organization: >Environment: FreeBSD noel.localhost 6.2-STABLE-200706 FreeBSD 6.2-STABLE-200706 #0: Sun Jun 3 13:54:03 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: Some Cisco Concentrator refuse connection if the Presentation Version String is not the same like Official "Cisco VPN Client". This patch maskered the version to "Cisco Systems VPN Client 4.8.00 (0490):Linux", and solve this problem. >How-To-Repeat: >Fix: Patch attached with submission follows: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # vpnc # vpnc/Makefile # vpnc/distinfo # vpnc/pkg-descr # vpnc/files # vpnc/files/patch-Makefile # vpnc/files/patch-config.c # vpnc/files/patch-vpnc-disconnect # vpnc/files/patch-vpnc-script # vpnc/files/vpnc.in # echo c - vpnc mkdir -p vpnc > /dev/null 2>&1 echo x - vpnc/Makefile sed 's/^X//' >vpnc/Makefile << 'END-of-vpnc/Makefile' X# New ports collection makefile for: vpnc X# Date created: 15 December 2003 X# Whom: Christian Lackas X# X# $FreeBSD: ports/security/vpnc/Makefile,v 1.26 2007/09/23 12:47:55 rafan Exp $ X# X XPORTNAME= vpnc XPORTVERSION= 0.4.0 XPORTREVISION= 3 XCATEGORIES= security XMASTER_SITES= http://www.unix-ag.uni-kl.de/~massar/vpnc/ X XMAINTAINER= delta@lackas.net XCOMMENT= Client for Cisco 3000 VPN Concentrator X XLIB_DEPENDS= gcrypt.13:${PORTSDIR}/security/libgcrypt X XUSE_GMAKE= yes XALL_TARGET= vpnc X XUSE_RC_SUBR= vpnc XUSE_PERL5_BUILD= yes X XPLIST_FILES= sbin/vpnc \ X sbin/vpnc-script \ X sbin/vpnc-disconnect \ X etc/vpnc.conf.sample X XPORTDOCS= README TODO XMAN8= vpnc.8 X X.include <bsd.port.pre.mk> X Xpost-patch: X @${REINPLACE_CMD} -e \ X 's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/config.c X @${REINPLACE_CMD} -e \ X 's|%%PREFIX%%|${PREFIX}|;s|%%CC%%|${CC}|;s|%%CFLAGS%%|${CFLAGS}|' \ X ${WRKSRC}/Makefile X Xdo-install: X @${INSTALL_PROGRAM} -m 751 ${WRKSRC}/vpnc ${PREFIX}/sbin/vpnc X @${INSTALL_SCRIPT} -m 751 ${WRKSRC}/vpnc-script ${PREFIX}/sbin/vpnc-script X @${INSTALL_SCRIPT} -m 751 ${WRKSRC}/vpnc-disconnect ${PREFIX}/sbin/vpnc-disconnect X @${INSTALL_DATA} -m 600 ${WRKSRC}/vpnc.conf ${PREFIX}/etc/vpnc.conf.sample X.if !defined(NO_INSTALL_MANPAGES) X @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/vpnc.8 X @${INSTALL_MAN} ${WRKSRC}/vpnc.8 ${PREFIX}/man/man8 X.endif X.if !defined(NOPORTDOCS) X ${MKDIR} ${DOCSDIR} X @cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR} X.endif X X.include <bsd.port.post.mk> END-of-vpnc/Makefile echo x - vpnc/distinfo sed 's/^X//' >vpnc/distinfo << 'END-of-vpnc/distinfo' XMD5 (vpnc-0.4.0.tar.gz) = 604807e7dd90fce00a4e2344ee29c76d XSHA256 (vpnc-0.4.0.tar.gz) = f91c6bc2547cb503fde4f244ba82304553fec3954c65521482f8db2491700586 XSIZE (vpnc-0.4.0.tar.gz) = 75491 END-of-vpnc/distinfo echo x - vpnc/pkg-descr sed 's/^X//' >vpnc/pkg-descr << 'END-of-vpnc/pkg-descr' XVPNC - Client for Cisco 3000 VPN Concentrator, IOS and PIX X XVpnc is a VPN client for the Cisco 3000 VPN Concentrator, creating a XIPSec-like connection as a tunneling network device for the local Xsystem. The created connection is presented as a tunneling network Xdevice to the local system. The daemon runs entirely in userspace. X XWWW: http://www.unix-ag.uni-kl.de/~massar/vpnc/ END-of-vpnc/pkg-descr echo c - vpnc/files mkdir -p vpnc/files > /dev/null 2>&1 echo x - vpnc/files/patch-Makefile sed 's/^X//' >vpnc/files/patch-Makefile << 'END-of-vpnc/files/patch-Makefile' X--- ./Makefile.orig 2007-02-19 21:51:12.000000000 +0100 X+++ ./Makefile 2007-07-24 16:45:36.000000000 +0200 X@@ -20,7 +20,7 @@ X # $Id: Makefile 148 2007-02-19 20:51:14Z Maurice Massar $ X X DESTDIR= X-PREFIX=/usr/local X+PREFIX=%%PREFIX%% X ETCDIR=/etc/vpnc X BINDIR=$(PREFIX)/bin X SBINDIR=$(PREFIX)/sbin X@@ -34,8 +34,7 @@ X VERSION := $(shell sh mk-version) X RELEASE_VERSION := $(shell cat VERSION) X X-CC=gcc X-CFLAGS += -W -Wall -O3 -Wmissing-declarations -Wwrite-strings -g X+CC=%%CC%% X CPPFLAGS = -DVERSION=\"$(VERSION)\" X LDFLAGS = -g $(shell libgcrypt-config --libs) X CFLAGS += $(shell libgcrypt-config --cflags) END-of-vpnc/files/patch-Makefile echo x - vpnc/files/patch-config.c sed 's/^X//' >vpnc/files/patch-config.c << 'END-of-vpnc/files/patch-config.c' X--- config.c.orig Fri Feb 16 18:22:06 2007 X+++ config.c Fri Oct 5 11:52:49 2007 X@@ -241,22 +241,19 @@ X X static const char *config_def_app_version(void) X { X- struct utsname uts; X char *version; X- X- uname(&uts); X- asprintf(&version, "Cisco Systems VPN Client %s:%s", VERSION, uts.sysname); X+ asprintf(&version, "Cisco Systems VPN Client %s:%s", "4.8.00 (0490)", "Linux"); X return version; X } X X static const char *config_def_script(void) X { X- return "/etc/vpnc/vpnc-script"; X+ return "/usr/local/sbin/vpnc-script"; X } X X static const char *config_def_pid_file(void) X { X- return "/var/run/vpnc/pid"; X+ return "/var/run/vpnc.pid"; X } X X static const char *config_def_vendor(void) X@@ -485,7 +482,7 @@ X { X char *realname; X X- asprintf(&realname, "%s%s%s", index(name, '/') ? "" : "/etc/vpnc/", name, add_dot_conf ? ".conf" : ""); X+ asprintf(&realname, "%s%s%s", index(name, '/') ? "" : "/usr/local/etc/vpnc/", name, add_dot_conf ? ".conf" : ""); X return realname; X } X X@@ -701,8 +698,8 @@ X } X X if (!got_conffile) { X- read_config_file("/etc/vpnc/default.conf", config, 1); X- read_config_file("/etc/vpnc.conf", config, 1); X+ read_config_file("/usr/local/etc/vpnc/default.conf", config, 1); X+ read_config_file("/usr/local/etc/vpnc.conf", config, 1); X } X X if (!print_config) { END-of-vpnc/files/patch-config.c echo x - vpnc/files/patch-vpnc-disconnect sed 's/^X//' >vpnc/files/patch-vpnc-disconnect << 'END-of-vpnc/files/patch-vpnc-disconnect' X--- vpnc-disconnect.orig Tue Mar 13 16:27:11 2007 X+++ vpnc-disconnect Tue Mar 13 16:27:17 2007 X@@ -1,6 +1,6 @@ X #!/bin/sh X X-pid=/var/run/vpnc/pid X+pid=/var/run/vpnc.pid X X if [ $# -ne 0 ]; then X echo "Usage: $0" 1>&2 END-of-vpnc/files/patch-vpnc-disconnect echo x - vpnc/files/patch-vpnc-script sed 's/^X//' >vpnc/files/patch-vpnc-script << 'END-of-vpnc/files/patch-vpnc-script' X--- vpnc-script.orig Tue Mar 13 16:03:06 2007 X+++ vpnc-script Tue Mar 13 16:03:24 2007 X@@ -31,8 +31,8 @@ X ;; X esac X X-DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute X-RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup X+DEFAULT_ROUTE_FILE=/var/run/vpnc.defaultroute X+RESOLV_CONF_BACKUP=/var/run/vpnc.resolv.conf-backup X X # some systems, eg. Darwin & FreeBSD, prune /var/run on boot X if ! [ -d "/var/run/vpnc" ]; then END-of-vpnc/files/patch-vpnc-script echo x - vpnc/files/vpnc.in sed 's/^X//' >vpnc/files/vpnc.in << 'END-of-vpnc/files/vpnc.in' X#!/bin/sh X# X# Author: kamikaze X# Contact: LoN_Kamikaze@gmx.de X# X# If vpnc_conf is defined, it will be treated as a list of configuration files X# in vpnc_conf_dir. This managed mode is useful where where vpnc tunnels have X# to be established through other vpnc tunnels. X# You can pass further command line options to vpnc by specifying X# them in vpnc_flags. X# X X# PROVIDE: vpnc X# REQUIRE: LOGIN X# KEYWORD: shutdown X X# Default settings - don't change this. X: ${vpnc_enable="NO"} X: ${vpnc_pid_dir="/var/run"} X: ${vpnc_conf_dir="%%PREFIX%%/etc"} X: ${vpnc_record="$vpnc_pid_dir/vpnc.record"} X X. %%RC_SUBR%% X Xname="vpnc" Xrcvar=`set_rcvar` X Xcommand="%%PREFIX%%/sbin/$name" X Xvpnc_start() { X if [ -z "$vpnc_conf" ]; then X #No configuration files given, run unmanaged. X $command $vpnc_flags X return $? X fi X X # A list of configurations is present. Connect managing X # what is required for a clean shutdown later. X X for config in $vpnc_conf; do X X # The current configuration file. X current="$vpnc_conf_dir/$config" X X # Start vpnc. X $command --local-port 0 $current $vpnc_flags X status=$? X if [ $status != 0 ]; then X # VPNC does not print a newline after an error. X echo X echo "Running 'vpnc $current --local-port 0 $vpnc_flags' failed." X return $status X fi X X # Move files to allow a clean shutdown X # of multiple connections. X X /bin/mv "$vpnc_pid_dir/vpnc.pid" "$vpnc_pid_dir/vpnc.$config.pid" X /bin/mv "$vpnc_pid_dir/vpnc.defaultroute" "$vpnc_pid_dir/vpnc.$config.defaultroute" 2> /dev/null X /bin/mv "$vpnc_pid_dir/vpnc.resolv.conf-backup" "$vpnc_pid_dir/vpnc.$config.resolv.conf-backup" 2> /dev/null X echo "$config" >> "$vpnc_record" X X # Wait for the system to catch up. X /bin/sleep 1 X done X} X Xvpnc_stop() { X if [ ! -e "$vpnc_record" ]; then X /bin/sleep 1 X # There's no record of connections, assume unmanaged shutdown. X $command-disconnect X return $? X fi X X # A record of vpnc connections is present. Attempt a X # managed shutdown. X X for config in `/usr/bin/tail -r "$vpnc_record"`; do X X # Wait to give the system a chance to catch up with X # recent changes. X X /bin/sleep 1 X X # Move the vpnc files back into position. X X /bin/mv "$vpnc_pid_dir/vpnc.$config.pid" "$vpnc_pid_dir/vpnc.pid" X /bin/mv "$vpnc_pid_dir/vpnc.$config.defaultroute" "$vpnc_pid_dir/vpnc.defaultroute" 2> /dev/null X /bin/mv "$vpnc_pid_dir/vpnc.$config.resolv.conf-backup" "$vpnc_pid_dir/vpnc.resolv.conf-backup" 2> /dev/null X X # Run the disconnect command. X $command-disconnect X done X X # Remove the connection record. X X /bin/rm "$vpnc_record" X} X Xstart_cmd=vpnc_start Xstop_cmd=vpnc_stop X Xload_rc_config $name Xrun_rc_command "$1" END-of-vpnc/files/vpnc.in exit >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710051038.l95AcXrK031296>