misc/116949: Some Cisco Concentrators refuse Connection
(ISAKMP_N_INVALID_PAYLOAD_TYPE(1))
Raffaele De Lorenzo
raffaele.delorenzo at libero.it
Fri Oct 5 03:40:02 PDT 2007
>Number: 116949
>Category: misc
>Synopsis: Some Cisco Concentrators refuse Connection (ISAKMP_N_INVALID_PAYLOAD_TYPE(1))
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 05 10:40:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Raffaele De Lorenzo
>Release: FreeBSD 6.2-STABLE-200706
>Organization:
>Environment:
FreeBSD noel.localhost 6.2-STABLE-200706 FreeBSD 6.2-STABLE-200706 #0: Sun Jun 3 13:54:03 UTC 2007 root at dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Some Cisco Concentrator refuse connection if the Presentation Version String is not the same like Official "Cisco VPN Client". This patch maskered the version to "Cisco Systems VPN Client 4.8.00 (0490):Linux", and solve this problem.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# vpnc
# vpnc/Makefile
# vpnc/distinfo
# vpnc/pkg-descr
# vpnc/files
# vpnc/files/patch-Makefile
# vpnc/files/patch-config.c
# vpnc/files/patch-vpnc-disconnect
# vpnc/files/patch-vpnc-script
# vpnc/files/vpnc.in
#
echo c - vpnc
mkdir -p vpnc > /dev/null 2>&1
echo x - vpnc/Makefile
sed 's/^X//' >vpnc/Makefile << 'END-of-vpnc/Makefile'
X# New ports collection makefile for: vpnc
X# Date created: 15 December 2003
X# Whom: Christian Lackas
X#
X# $FreeBSD: ports/security/vpnc/Makefile,v 1.26 2007/09/23 12:47:55 rafan Exp $
X#
X
XPORTNAME= vpnc
XPORTVERSION= 0.4.0
XPORTREVISION= 3
XCATEGORIES= security
XMASTER_SITES= http://www.unix-ag.uni-kl.de/~massar/vpnc/
X
XMAINTAINER= delta at lackas.net
XCOMMENT= Client for Cisco 3000 VPN Concentrator
X
XLIB_DEPENDS= gcrypt.13:${PORTSDIR}/security/libgcrypt
X
XUSE_GMAKE= yes
XALL_TARGET= vpnc
X
XUSE_RC_SUBR= vpnc
XUSE_PERL5_BUILD= yes
X
XPLIST_FILES= sbin/vpnc \
X sbin/vpnc-script \
X sbin/vpnc-disconnect \
X etc/vpnc.conf.sample
X
XPORTDOCS= README TODO
XMAN8= vpnc.8
X
X.include <bsd.port.pre.mk>
X
Xpost-patch:
X @${REINPLACE_CMD} -e \
X 's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/config.c
X @${REINPLACE_CMD} -e \
X 's|%%PREFIX%%|${PREFIX}|;s|%%CC%%|${CC}|;s|%%CFLAGS%%|${CFLAGS}|' \
X ${WRKSRC}/Makefile
X
Xdo-install:
X @${INSTALL_PROGRAM} -m 751 ${WRKSRC}/vpnc ${PREFIX}/sbin/vpnc
X @${INSTALL_SCRIPT} -m 751 ${WRKSRC}/vpnc-script ${PREFIX}/sbin/vpnc-script
X @${INSTALL_SCRIPT} -m 751 ${WRKSRC}/vpnc-disconnect ${PREFIX}/sbin/vpnc-disconnect
X @${INSTALL_DATA} -m 600 ${WRKSRC}/vpnc.conf ${PREFIX}/etc/vpnc.conf.sample
X.if !defined(NO_INSTALL_MANPAGES)
X @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/vpnc.8
X @${INSTALL_MAN} ${WRKSRC}/vpnc.8 ${PREFIX}/man/man8
X.endif
X.if !defined(NOPORTDOCS)
X ${MKDIR} ${DOCSDIR}
X @cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
X.endif
X
X.include <bsd.port.post.mk>
END-of-vpnc/Makefile
echo x - vpnc/distinfo
sed 's/^X//' >vpnc/distinfo << 'END-of-vpnc/distinfo'
XMD5 (vpnc-0.4.0.tar.gz) = 604807e7dd90fce00a4e2344ee29c76d
XSHA256 (vpnc-0.4.0.tar.gz) = f91c6bc2547cb503fde4f244ba82304553fec3954c65521482f8db2491700586
XSIZE (vpnc-0.4.0.tar.gz) = 75491
END-of-vpnc/distinfo
echo x - vpnc/pkg-descr
sed 's/^X//' >vpnc/pkg-descr << 'END-of-vpnc/pkg-descr'
XVPNC - Client for Cisco 3000 VPN Concentrator, IOS and PIX
X
XVpnc is a VPN client for the Cisco 3000 VPN Concentrator, creating a
XIPSec-like connection as a tunneling network device for the local
Xsystem. The created connection is presented as a tunneling network
Xdevice to the local system. The daemon runs entirely in userspace.
X
XWWW: http://www.unix-ag.uni-kl.de/~massar/vpnc/
END-of-vpnc/pkg-descr
echo c - vpnc/files
mkdir -p vpnc/files > /dev/null 2>&1
echo x - vpnc/files/patch-Makefile
sed 's/^X//' >vpnc/files/patch-Makefile << 'END-of-vpnc/files/patch-Makefile'
X--- ./Makefile.orig 2007-02-19 21:51:12.000000000 +0100
X+++ ./Makefile 2007-07-24 16:45:36.000000000 +0200
X@@ -20,7 +20,7 @@
X # $Id: Makefile 148 2007-02-19 20:51:14Z Maurice Massar $
X
X DESTDIR=
X-PREFIX=/usr/local
X+PREFIX=%%PREFIX%%
X ETCDIR=/etc/vpnc
X BINDIR=$(PREFIX)/bin
X SBINDIR=$(PREFIX)/sbin
X@@ -34,8 +34,7 @@
X VERSION := $(shell sh mk-version)
X RELEASE_VERSION := $(shell cat VERSION)
X
X-CC=gcc
X-CFLAGS += -W -Wall -O3 -Wmissing-declarations -Wwrite-strings -g
X+CC=%%CC%%
X CPPFLAGS = -DVERSION=\"$(VERSION)\"
X LDFLAGS = -g $(shell libgcrypt-config --libs)
X CFLAGS += $(shell libgcrypt-config --cflags)
END-of-vpnc/files/patch-Makefile
echo x - vpnc/files/patch-config.c
sed 's/^X//' >vpnc/files/patch-config.c << 'END-of-vpnc/files/patch-config.c'
X--- config.c.orig Fri Feb 16 18:22:06 2007
X+++ config.c Fri Oct 5 11:52:49 2007
X@@ -241,22 +241,19 @@
X
X static const char *config_def_app_version(void)
X {
X- struct utsname uts;
X char *version;
X-
X- uname(&uts);
X- asprintf(&version, "Cisco Systems VPN Client %s:%s", VERSION, uts.sysname);
X+ asprintf(&version, "Cisco Systems VPN Client %s:%s", "4.8.00 (0490)", "Linux");
X return version;
X }
X
X static const char *config_def_script(void)
X {
X- return "/etc/vpnc/vpnc-script";
X+ return "/usr/local/sbin/vpnc-script";
X }
X
X static const char *config_def_pid_file(void)
X {
X- return "/var/run/vpnc/pid";
X+ return "/var/run/vpnc.pid";
X }
X
X static const char *config_def_vendor(void)
X@@ -485,7 +482,7 @@
X {
X char *realname;
X
X- asprintf(&realname, "%s%s%s", index(name, '/') ? "" : "/etc/vpnc/", name, add_dot_conf ? ".conf" : "");
X+ asprintf(&realname, "%s%s%s", index(name, '/') ? "" : "/usr/local/etc/vpnc/", name, add_dot_conf ? ".conf" : "");
X return realname;
X }
X
X@@ -701,8 +698,8 @@
X }
X
X if (!got_conffile) {
X- read_config_file("/etc/vpnc/default.conf", config, 1);
X- read_config_file("/etc/vpnc.conf", config, 1);
X+ read_config_file("/usr/local/etc/vpnc/default.conf", config, 1);
X+ read_config_file("/usr/local/etc/vpnc.conf", config, 1);
X }
X
X if (!print_config) {
END-of-vpnc/files/patch-config.c
echo x - vpnc/files/patch-vpnc-disconnect
sed 's/^X//' >vpnc/files/patch-vpnc-disconnect << 'END-of-vpnc/files/patch-vpnc-disconnect'
X--- vpnc-disconnect.orig Tue Mar 13 16:27:11 2007
X+++ vpnc-disconnect Tue Mar 13 16:27:17 2007
X@@ -1,6 +1,6 @@
X #!/bin/sh
X
X-pid=/var/run/vpnc/pid
X+pid=/var/run/vpnc.pid
X
X if [ $# -ne 0 ]; then
X echo "Usage: $0" 1>&2
END-of-vpnc/files/patch-vpnc-disconnect
echo x - vpnc/files/patch-vpnc-script
sed 's/^X//' >vpnc/files/patch-vpnc-script << 'END-of-vpnc/files/patch-vpnc-script'
X--- vpnc-script.orig Tue Mar 13 16:03:06 2007
X+++ vpnc-script Tue Mar 13 16:03:24 2007
X@@ -31,8 +31,8 @@
X ;;
X esac
X
X-DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute
X-RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup
X+DEFAULT_ROUTE_FILE=/var/run/vpnc.defaultroute
X+RESOLV_CONF_BACKUP=/var/run/vpnc.resolv.conf-backup
X
X # some systems, eg. Darwin & FreeBSD, prune /var/run on boot
X if ! [ -d "/var/run/vpnc" ]; then
END-of-vpnc/files/patch-vpnc-script
echo x - vpnc/files/vpnc.in
sed 's/^X//' >vpnc/files/vpnc.in << 'END-of-vpnc/files/vpnc.in'
X#!/bin/sh
X#
X# Author: kamikaze
X# Contact: LoN_Kamikaze at gmx.de
X#
X# If vpnc_conf is defined, it will be treated as a list of configuration files
X# in vpnc_conf_dir. This managed mode is useful where where vpnc tunnels have
X# to be established through other vpnc tunnels.
X# You can pass further command line options to vpnc by specifying
X# them in vpnc_flags.
X#
X
X# PROVIDE: vpnc
X# REQUIRE: LOGIN
X# KEYWORD: shutdown
X
X# Default settings - don't change this.
X: ${vpnc_enable="NO"}
X: ${vpnc_pid_dir="/var/run"}
X: ${vpnc_conf_dir="%%PREFIX%%/etc"}
X: ${vpnc_record="$vpnc_pid_dir/vpnc.record"}
X
X. %%RC_SUBR%%
X
Xname="vpnc"
Xrcvar=`set_rcvar`
X
Xcommand="%%PREFIX%%/sbin/$name"
X
Xvpnc_start() {
X if [ -z "$vpnc_conf" ]; then
X #No configuration files given, run unmanaged.
X $command $vpnc_flags
X return $?
X fi
X
X # A list of configurations is present. Connect managing
X # what is required for a clean shutdown later.
X
X for config in $vpnc_conf; do
X
X # The current configuration file.
X current="$vpnc_conf_dir/$config"
X
X # Start vpnc.
X $command --local-port 0 $current $vpnc_flags
X status=$?
X if [ $status != 0 ]; then
X # VPNC does not print a newline after an error.
X echo
X echo "Running 'vpnc $current --local-port 0 $vpnc_flags' failed."
X return $status
X fi
X
X # Move files to allow a clean shutdown
X # of multiple connections.
X
X /bin/mv "$vpnc_pid_dir/vpnc.pid" "$vpnc_pid_dir/vpnc.$config.pid"
X /bin/mv "$vpnc_pid_dir/vpnc.defaultroute" "$vpnc_pid_dir/vpnc.$config.defaultroute" 2> /dev/null
X /bin/mv "$vpnc_pid_dir/vpnc.resolv.conf-backup" "$vpnc_pid_dir/vpnc.$config.resolv.conf-backup" 2> /dev/null
X echo "$config" >> "$vpnc_record"
X
X # Wait for the system to catch up.
X /bin/sleep 1
X done
X}
X
Xvpnc_stop() {
X if [ ! -e "$vpnc_record" ]; then
X /bin/sleep 1
X # There's no record of connections, assume unmanaged shutdown.
X $command-disconnect
X return $?
X fi
X
X # A record of vpnc connections is present. Attempt a
X # managed shutdown.
X
X for config in `/usr/bin/tail -r "$vpnc_record"`; do
X
X # Wait to give the system a chance to catch up with
X # recent changes.
X
X /bin/sleep 1
X
X # Move the vpnc files back into position.
X
X /bin/mv "$vpnc_pid_dir/vpnc.$config.pid" "$vpnc_pid_dir/vpnc.pid"
X /bin/mv "$vpnc_pid_dir/vpnc.$config.defaultroute" "$vpnc_pid_dir/vpnc.defaultroute" 2> /dev/null
X /bin/mv "$vpnc_pid_dir/vpnc.$config.resolv.conf-backup" "$vpnc_pid_dir/vpnc.resolv.conf-backup" 2> /dev/null
X
X # Run the disconnect command.
X $command-disconnect
X done
X
X # Remove the connection record.
X
X /bin/rm "$vpnc_record"
X}
X
Xstart_cmd=vpnc_start
Xstop_cmd=vpnc_stop
X
Xload_rc_config $name
Xrun_rc_command "$1"
END-of-vpnc/files/vpnc.in
exit
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list