Hello,
I am using vpnc version 0.5.3r550-2build1 and it does not initiate the
ipsec termination phase on Ubuntu 16.04.2. All versions prior to this
successfully initiate the ipsec term phase. This results in the Linux
vpnc client side terminating the tun0 interface as usual but the cisco
asa 5510 endpoint stays connected. The log below shows the proper term
phase from vpnc version 0.5.3.
/usr/lib/NetworkManager/nm-vpnc-service --debug
....
S7.11 send isakmp termination message
[2017-03-18 23:43:43]
size = 52, blksz = 8, padding = 4
sending: ========================>
BEGIN_PARSE
Recieved Packet Len: 84
i_cookie: 3d41b627 52d26507
r_cookie: b8cec35f 3d11b2b4
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
flags: 01
message_id: ac000000
len: 00000054
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0c (ISAKMP_PAYLOAD_D)
length: 0018
ke.data:
a5dd1514 d502a18f 1183ff5a 2b552fbb 342fa28b
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 001c
d.doi: 00000001 (ISAKMP_DOI_IPSEC)
d.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
d.spi_length: 10
d.num_spi: 0001
d.spi: 3d41b627 52d26507 b8cec35f 3d11b2b4
DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
PARSE_OK
NAT-T mode, adding non-esp marker
S8 close_tunnel
[2017-03-18 23:43:43]
S9 cleanup
[2017-03-18 23:43:43]
....
When using the new version the ipsec term phase does not display during
debugging using the command: /usr/lib/NetworkManager/nm-vpnc-service --debug
Please let me know if you need any more info to help debug this issue. I
have compiled vpnc version 0.5.3 and replaced the 0.5.3r550-2build1
version with that as a temporary workaround.
Thanks for your work on this software.
Rick
I am using vpnc version 0.5.3r550-2build1 and it does not initiate the
ipsec termination phase on Ubuntu 16.04.2. All versions prior to this
successfully initiate the ipsec term phase. This results in the Linux
vpnc client side terminating the tun0 interface as usual but the cisco
asa 5510 endpoint stays connected. The log below shows the proper term
phase from vpnc version 0.5.3.
/usr/lib/NetworkManager/nm-vpnc-service --debug
....
S7.11 send isakmp termination message
[2017-03-18 23:43:43]
size = 52, blksz = 8, padding = 4
sending: ========================>
BEGIN_PARSE
Recieved Packet Len: 84
i_cookie: 3d41b627 52d26507
r_cookie: b8cec35f 3d11b2b4
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
flags: 01
message_id: ac000000
len: 00000054
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0c (ISAKMP_PAYLOAD_D)
length: 0018
ke.data:
a5dd1514 d502a18f 1183ff5a 2b552fbb 342fa28b
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 001c
d.doi: 00000001 (ISAKMP_DOI_IPSEC)
d.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
d.spi_length: 10
d.num_spi: 0001
d.spi: 3d41b627 52d26507 b8cec35f 3d11b2b4
DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
PARSE_OK
NAT-T mode, adding non-esp marker
S8 close_tunnel
[2017-03-18 23:43:43]
S9 cleanup
[2017-03-18 23:43:43]
....
When using the new version the ipsec term phase does not display during
debugging using the command: /usr/lib/NetworkManager/nm-vpnc-service --debug
Please let me know if you need any more info to help debug this issue. I
have compiled vpnc version 0.5.3 and replaced the 0.5.3r550-2build1
version with that as a temporary workaround.
Thanks for your work on this software.
Rick