Greetings Everyone,
I was having issues connecting to my work's Cisco VPN. Everyone was
saying "Windows/Mac only bro" and "I've never seen it work on linux",
but I would not be deterred.
I would see the message:
> Enter a response from your token with serial number XXXXXXXXXX.
followed by:
> vpnc: xauth packet unsupported: (ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED)(13)
without any prompting. Hard failure. This was happening after the
username/password prompt, during authentication phase. With --debug 99
set, I saw what the problem was:
PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0053
modecfg.type: 01 (ISAKMP_MODECFG_CFG_REQUEST)
[...]
t.attributes.type: 0015 (unknown)
t.attributes.u.attr_16: 0002
DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
t.attributes.type 0x0015? Surely that has a defined value somewhere! I
googled high-and-low, I tried the vpnc-nortel branch because it had an
enum value for that, I did everything I could think of but I could not
get past this phase until I finally said fuck it and made the
following change (to echo the attribute and value back to the server):
svn diff
Index: vpnc.c
===================================================================
--- vpnc.c (revision 517)
+++ vpnc.c (working copy)
@@ -2236,6 +2236,7 @@
case ISAKMP_XAUTH_06_ATTRIB_ANSWER:
case ISAKMP_XAUTH_06_ATTRIB_NEXT_PIN:
case ISAKMP_XAUTH_ATTRIB_CISCOEXT_VENDOR:
+ case 21:
break;
case ISAKMP_XAUTH_06_ATTRIB_MESSAGE:
if (opt_debug || seen_answer || config[CONFIG_XAUTH_INTERACTIVE]) {
@@ -2266,6 +2267,7 @@
switch (ap->type) {
case ISAKMP_XAUTH_06_ATTRIB_TYPE:
+ case 21:
{
na = new_isakmp_attribute_16(ap->type, ap->u.attr_16, NULL);
break;
And it worked. What is attribute type 21(0x15)? Does anyone have any
insight? Apparently my job's VPN was pleased, and currently that's
good enough for me.
Dan Motles
_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/
I was having issues connecting to my work's Cisco VPN. Everyone was
saying "Windows/Mac only bro" and "I've never seen it work on linux",
but I would not be deterred.
I would see the message:
> Enter a response from your token with serial number XXXXXXXXXX.
followed by:
> vpnc: xauth packet unsupported: (ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED)(13)
without any prompting. Hard failure. This was happening after the
username/password prompt, during authentication phase. With --debug 99
set, I saw what the problem was:
PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0053
modecfg.type: 01 (ISAKMP_MODECFG_CFG_REQUEST)
[...]
t.attributes.type: 0015 (unknown)
t.attributes.u.attr_16: 0002
DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
t.attributes.type 0x0015? Surely that has a defined value somewhere! I
googled high-and-low, I tried the vpnc-nortel branch because it had an
enum value for that, I did everything I could think of but I could not
get past this phase until I finally said fuck it and made the
following change (to echo the attribute and value back to the server):
svn diff
Index: vpnc.c
===================================================================
--- vpnc.c (revision 517)
+++ vpnc.c (working copy)
@@ -2236,6 +2236,7 @@
case ISAKMP_XAUTH_06_ATTRIB_ANSWER:
case ISAKMP_XAUTH_06_ATTRIB_NEXT_PIN:
case ISAKMP_XAUTH_ATTRIB_CISCOEXT_VENDOR:
+ case 21:
break;
case ISAKMP_XAUTH_06_ATTRIB_MESSAGE:
if (opt_debug || seen_answer || config[CONFIG_XAUTH_INTERACTIVE]) {
@@ -2266,6 +2267,7 @@
switch (ap->type) {
case ISAKMP_XAUTH_06_ATTRIB_TYPE:
+ case 21:
{
na = new_isakmp_attribute_16(ap->type, ap->u.attr_16, NULL);
break;
And it worked. What is attribute type 21(0x15)? Does anyone have any
insight? Apparently my job's VPN was pleased, and currently that's
good enough for me.
Dan Motles
_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/