Mailing List Archive

On Tue, 15 Sep 2015 17:09:40 +0200
Fabian Jäger <fabian@feingeist.io> wrote:

> Hi there,
> I have some customers asking for a VPN client compatible with Fortinet endpoints. Can vpnc be used with these gateways?
>
> Best regards,
> Fabian

My company is using fortinet gateways and it does work, but the latest
endpoint sw update broke it. I think that the endpoint is sending a
bogus ipsec payload in one place and instead of ignoring it vpnc
asserts and crashes.

I sent a vpnc patch to the list in June to make it just ignore the bogus
payload instead of asserting and that works around the problem, but I
can't seem to get any response from the maintainers. Check the list
archives for the patch if you're interested.

--
Jeff Layton <jlayton@poochiereds.net>

_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

Thanks for your response.

I am definitely interested in that patch (I already saw it before), but it would be even better if it was integrated into the vpnc trunk.

Best regards,
Fabian

> On 17 Sep 2015, at 15:45, Jeff Layton <jlayton@poochiereds.net> wrote:
>
> On Tue, 15 Sep 2015 17:09:40 +0200
> Fabian Jäger <fabian@feingeist.io> wrote:
>
>> Hi there,
>> I have some customers asking for a VPN client compatible with Fortinet endpoints. Can vpnc be used with these gateways?
>>
>> Best regards,
>> Fabian
>
> My company is using fortinet gateways and it does work, but the latest
> endpoint sw update broke it. I think that the endpoint is sending a
> bogus ipsec payload in one place and instead of ignoring it vpnc
> asserts and crashes.
>
> I sent a vpnc patch to the list in June to make it just ignore the bogus
> payload instead of asserting and that works around the problem, but I
> can't seem to get any response from the maintainers. Check the list
> archives for the patch if you're interested.
>
> --
> Jeff Layton <jlayton@poochiereds.net>
>


_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

On Sat, 19 Sep 2015 14:00:11 +0200
Fabian Jäger <fabian@feingeist.io> wrote:

> Thanks for your response.
>
> I am definitely interested in that patch (I already saw it before), but it would be even better if it was integrated into the vpnc trunk.
>
> Best regards,
> Fabian
>

Agreed. I'd like to get this patch merged into Fedora as well, but they
won't touch it unless it's merged into the vpnc trunk either...

-- Jeff

> > On 17 Sep 2015, at 15:45, Jeff Layton <jlayton@poochiereds.net> wrote:
> >
> > On Tue, 15 Sep 2015 17:09:40 +0200
> > Fabian Jäger <fabian@feingeist.io> wrote:
> >
> >> Hi there,
> >> I have some customers asking for a VPN client compatible with Fortinet endpoints. Can vpnc be used with these gateways?
> >>
> >> Best regards,
> >> Fabian
> >
> > My company is using fortinet gateways and it does work, but the latest
> > endpoint sw update broke it. I think that the endpoint is sending a
> > bogus ipsec payload in one place and instead of ignoring it vpnc
> > asserts and crashes.
> >
> > I sent a vpnc patch to the list in June to make it just ignore the bogus
> > payload instead of asserting and that works around the problem, but I
> > can't seem to get any response from the maintainers. Check the list
> > archives for the patch if you're interested.
> >
> > --
> > Jeff Layton <jlayton@poochiereds.net>
> >
>


--
Jeff Layton <jlayton@poochiereds.net>

_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

What's the process of integrating patches into trunk? Looks like there's not that much activity at all. I'd also like to have the phase1 rekey and TOS copy that I've submitted in June included. Especially the p1 rekey is something that is quite helpful, imho since it's explicitly mentioned as '* implement phase1 rekeying (with or without xauth-reauthentication)' in the current TODO.

Thanks,
-ralph


On Sep 21, 2015, at 4:52 PM GMT+2, Jeff Layton <jlayton@poochiereds.net> wrote:

> On Sat, 19 Sep 2015 14:00:11 +0200
> Fabian Jäger <fabian@feingeist.io> wrote:
>
>> Thanks for your response.
>>
>> I am definitely interested in that patch (I already saw it before), but it would be even better if it was integrated into the vpnc trunk.
>>
>> Best regards,
>> Fabian
>>
>
> Agreed. I'd like to get this patch merged into Fedora as well, but they
> won't touch it unless it's merged into the vpnc trunk either...
>
> -- Jeff
>
>>> On 17 Sep 2015, at 15:45, Jeff Layton <jlayton@poochiereds.net> wrote:
>>>
>>> On Tue, 15 Sep 2015 17:09:40 +0200
>>> Fabian Jäger <fabian@feingeist.io> wrote:
>>>
>>>> Hi there,
>>>> I have some customers asking for a VPN client compatible with Fortinet endpoints. Can vpnc be used with these gateways?
>>>>
>>>> Best regards,
>>>> Fabian
>>>
>>> My company is using fortinet gateways and it does work, but the latest
>>> endpoint sw update broke it. I think that the endpoint is sending a
>>> bogus ipsec payload in one place and instead of ignoring it vpnc
>>> asserts and crashes.
>>>
>>> I sent a vpnc patch to the list in June to make it just ignore the bogus
>>> payload instead of asserting and that works around the problem, but I
>>> can't seem to get any response from the maintainers. Check the list
>>> archives for the patch if you're interested.
>>>
>>> --
>>> Jeff Layton <jlayton@poochiereds.net>
>>>
>>
>
>
> --
> Jeff Layton <jlayton@poochiereds.net>
>
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel@unix-ag.uni-kl.de
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/



_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

On Mon, 2015-09-21 at 17:18 +0200, Ralph Schmieder wrote:
> What's the process of integrating patches into trunk? Looks like there's not that much activity at all. I'd also like to have the phase1 rekey and TOS copy that I've submitted in June included. Especially the p1 rekey is something that is quite helpful, imho since it's explicitly mentioned as '* implement phase1 rekeying (with or without xauth-reauthentication)' in the current TODO.

The process is basically whenever Antonio has time he'll review the
patch and either request changes or merge it. But that's a very slow
process; it's probably worth asking if he would like help with that.

Dan

> Thanks,
> -ralph
>
>
> On Sep 21, 2015, at 4:52 PM GMT+2, Jeff Layton <jlayton@poochiereds.net> wrote:
>
> > On Sat, 19 Sep 2015 14:00:11 +0200
> > Fabian Jäger <fabian@feingeist.io> wrote:
> >
> >> Thanks for your response.
> >>
> >> I am definitely interested in that patch (I already saw it before), but it would be even better if it was integrated into the vpnc trunk.
> >>
> >> Best regards,
> >> Fabian
> >>
> >
> > Agreed. I'd like to get this patch merged into Fedora as well, but they
> > won't touch it unless it's merged into the vpnc trunk either...
> >
> > -- Jeff
> >
> >>> On 17 Sep 2015, at 15:45, Jeff Layton <jlayton@poochiereds.net> wrote:
> >>>
> >>> On Tue, 15 Sep 2015 17:09:40 +0200
> >>> Fabian Jäger <fabian@feingeist.io> wrote:
> >>>
> >>>> Hi there,
> >>>> I have some customers asking for a VPN client compatible with Fortinet endpoints. Can vpnc be used with these gateways?
> >>>>
> >>>> Best regards,
> >>>> Fabian
> >>>
> >>> My company is using fortinet gateways and it does work, but the latest
> >>> endpoint sw update broke it. I think that the endpoint is sending a
> >>> bogus ipsec payload in one place and instead of ignoring it vpnc
> >>> asserts and crashes.
> >>>
> >>> I sent a vpnc patch to the list in June to make it just ignore the bogus
> >>> payload instead of asserting and that works around the problem, but I
> >>> can't seem to get any response from the maintainers. Check the list
> >>> archives for the patch if you're interested.
> >>>
> >>> --
> >>> Jeff Layton <jlayton@poochiereds.net>
> >>>
> >>
> >
> >
> > --
> > Jeff Layton <jlayton@poochiereds.net>
> >
> > _______________________________________________
> > vpnc-devel mailing list
> > vpnc-devel@unix-ag.uni-kl.de
> > https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> > http://www.unix-ag.uni-kl.de/~massar/vpnc/
>
>
>
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel@unix-ag.uni-kl.de
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/


_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/