From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id ADF3F138CBC for ; Tue, 3 Mar 2015 19:52:23 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B1054E0933; Tue, 3 Mar 2015 19:52:17 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4DA1DE08DD for ; Tue, 3 Mar 2015 19:52:16 +0000 (UTC) Received: from t520.localnet ([46.5.202.149]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0MO7Ca-1YNN5X0N2y-005Vki for ; Tue, 03 Mar 2015 20:52:15 +0100 From: Petric Frank To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Networkmanager VPNC key timeout Date: Tue, 3 Mar 2015 20:52:14 +0100 User-Agent: KMail/1.13.7 (Linux/3.14.14-gentoo; KDE/4.14.3; x86_64; ; ) References: <201503021907.45075.pfrank@gmx.de> <201503022313.05400.pfrank@gmx.de> <201503022300.26221.michaelkintzios@gmail.com> In-Reply-To: <201503022300.26221.michaelkintzios@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Message-Id: <201503032052.14508.pfrank@gmx.de> X-Provags-ID: V03:K0:BLSRDpBJjwCffNgCuZVIn0Zf3PhOkKXlD4RilM8RN9UMas+QFfA EBk7xNHaX73qn7lemV6y/komeJ0YqpdayRRsJ9NSYWb0JWLIyLRat8SJxqE/QQQ9AOW7L1J E4baVwv+S6uKKk2ugxThGquQdNtSr+o1O/7eYs7vTB35EAb4uTecN+r2u+PIwq8bxvT58nd hzSaizLNaK+MtXsKwt/ig== X-UI-Out-Filterresults: notjunk:1; X-Archives-Salt: 7fa1c88d-08f4-4b7f-87da-b8afcebe017f X-Archives-Hash: 3dc71acb6809906554909de2d540cdd7 Hello Mick, Am Dienstag, 3. M=E4rz 2015, 00:00:17 schrieb Mick: > > The homepage on vpnc in chapter TODO tells: > > "phase2-rekeying is now supported as of svn revision 126!" > >=20 > > Changelog states for 0.5.2: > > "Fix Phase 2 rekeying, by various authors" > >=20 > > I don't know whether this is along your statement above. > >=20 > > So it seems not to be completely fixed. The homepage is not updated the > > last 7 years. >=20 > OK, then yes, it has been fixed and your problem is not related to that o= ld > bug, but could it be a more recent regression? maybe. =20 > > > BTW, have you tried more actively developed VPN software like > > > strongswan (it has a networkmanager plugin) or even ipsec-tools > > > instead of vpnc, to see if you're getting the same problem? I think > > > that they should work with Cisco VPN gateways, although it may be > > > fiddly to set them up. > >=20 > > i can find only ebuilds of (networkmanager-)openswan in the official > > tree. >=20 > No, this only good for the SSL VPN solution of Cisco. good to know. > > strongswan is in the stable tree but not the networkmanager plugin. >=20 > Are you sure? This is what I see here for strongswan-5.2.2 > > [+caps +constraints curl debug dhcp eap farp gcrypt +gmp ldap mysql > networkmanager > ^^^^^^^^^^^^^^ > +non-root +openssl pam pkcs11 sqlite strongswan_plugins_blowfish > strongswan_plugins_ccm strongswan_plugins_ctr strongswan_plugins_gcm > strongswan_plugins_ha strongswan_plugins_ipseckey +strongswan_plugins_led > +strongswan_plugins_lookip strongswan_plugins_ntru > strongswan_plugins_padlock strongswan_plugins_rdrand > +strongswan_plugins_systime-fix > strongswan_plugins_unbound +strongswan_plugins_unity > +strongswan_plugins_vici strongswan_plugins_whitelist] True, strongswan is in tree, but not networkmanager-strongswan (NetworkMana= ger=20 plugin). =20 > The latest version 5.2.2 has a bug with some IKEv1 implementations. There > is a patch proposed which works and will be included in the next version > 5.2.3 when released. If your VPN server is affected then you'll have to > apply the patch yourself in a local overlay: >=20 > https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/479632 Stable strongswan is already compiled and installed on my system. Any of th= e=20 "strongswan_plugins_*" use flags i have to enable here ? But it could take some days (because of my business job). regards Petric