Debian Bug report logs - #496718
vpnc: Disconnects after an hour and loops trying to reconnect

version graph

Package: vpnc; Maintainer for vpnc is Florian Schlichting <fschlich@zedat.fu-berlin.de>; Source for vpnc is src:vpnc.

Reported by: Daniel Schepler <dschepler@scalable-networks.com>

Date: Wed, 27 Aug 2008 00:21:01 UTC

Severity: serious

Tags: patch

Found in version vpnc/0.5.1r334-1

Fixed in version vpnc/0.5.3r449-2.1

Done: Reinhard Tartler <siretart@tauware.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Eduard Bloch <blade@debian.org>:
Bug#496718; Package vpnc. Full text and rfc822 format available.

Acknowledgement sent to SNT Development Account <snt@frobnitz.homelinux.net>:
New Bug report received and forwarded. Copy sent to Eduard Bloch <blade@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: SNT Development Account <snt@frobnitz.homelinux.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: vpnc: Disconnects after an hour and loops trying to reconnect
Date: Tue, 26 Aug 2008 17:19:20 -0700
[Message part 1 (text/plain, inline)]
Package: vpnc
Version: 0.5.1r334-1
Severity: important

When I use vpnc to connect to my company's VPN, I only stay connected
for an hour.  After that, vpnc sometimes stays up for a bit of time,
but I can't access the VPN during that time.  Eventually, the client
will usually give up and exit.

I'm attaching a log of debug output using 'vpnc-connect --debug 2
--no-detach snt'.  This time the client hung at a time I needed to do
more on the VPN, so I needed to kill it using vpnc-disconnect.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages vpnc depends on:
ii  libc6                         2.7-13     GNU C Library: Shared libraries
ii  libgcrypt11                   1.4.1-1    LGPL Crypto library - runtime libr

Versions of packages vpnc recommends:
ii  iproute                       20080725-2 networking and traffic control too
ii  resolvconf                    1.42       name server information handler

vpnc suggests no packages.

-- no debconf information

-- 
Daniel Schepler
[vpnc-log.lzma (application/octet-stream, attachment)]

Changed Bug submitter from SNT Development Account <snt@frobnitz.homelinux.net> to Daniel Schepler <dschepler@scalable-networks.com>. Request was from "Daniel Schepler" <dschepler@scalable-networks.com> to control@bugs.debian.org. (Wed, 27 Aug 2008 00:36:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Eduard Bloch <blade@debian.org>:
Bug#496718; Package vpnc. (Thu, 02 Oct 2008 11:21:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Alexandra N. Kossovsky" <sasha@oktetlabs.ru>:
Extra info received and forwarded to list. Copy sent to Eduard Bloch <blade@debian.org>. (Thu, 02 Oct 2008 11:21:02 GMT) Full text and rfc822 format available.

Message #12 received at 496718@bugs.debian.org (full text, mbox):

From: "Alexandra N. Kossovsky" <sasha@oktetlabs.ru>
To: 496718@bugs.debian.org
Subject: vpnc: Disconnects after an hour: me too
Date: Thu, 2 Oct 2008 15:19:21 +0400
I also have the same problem, feel free to ask for details.
My log is almost the same as already posted one.
vpnc = 0.5.1r334-1
My config:

IPSec ID XXX
IPSec gateway 111.111.111.111
IPSec secret XXX

Xauth username XXX
Xauth password XXX
IKE Authmode psk

Target networks 10.10.0.0/16
DNSUpdate no

Thank you for your work!

-- 
Alexandra N. Kossovsky
OKTET Labs (http://www.oktetlabs.ru/)
Phones: +7(921)956-42-86(mobile) +7(812)783-21-91(office)
e-mail: sasha@oktetlabs.ru




Information forwarded to debian-bugs-dist@lists.debian.org, Eric Warmenhoven <warmenhoven@debian.org>:
Bug#496718; Package vpnc. (Wed, 18 Mar 2009 10:16:33 GMT) Full text and rfc822 format available.

Acknowledgement sent to Geoff Clare <debbugs@gclare.org.uk>:
Extra info received and forwarded to list. Copy sent to Eric Warmenhoven <warmenhoven@debian.org>. (Wed, 18 Mar 2009 10:17:01 GMT) Full text and rfc822 format available.

Message #17 received at 496718@bugs.debian.org (full text, mbox):

From: Geoff Clare <debbugs@gclare.org.uk>
To: 496718@bugs.debian.org
Subject: Re: vpnc: Disconnects after an hour and loops trying to reconnect
Date: Wed, 18 Mar 2009 10:14:21 +0000
After upgrading to lenny, I have the same problem.  Looks like
it is a rekeying problem.

Previously I was running a backport of 0.5.1r275-1 on etch, and this
did not have the problem.  I still had that .deb so I downgraded vpnc
by installing it with dpkg, and the problem has gone away.

This narrows down the breakage to sometime after r275.





Information forwarded to debian-bugs-dist@lists.debian.org, Eric Warmenhoven <warmenhoven@debian.org>:
Bug#496718; Package vpnc. (Tue, 12 Oct 2010 19:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jean Parpaillon <jean.parpaillon@free.fr>:
Extra info received and forwarded to list. Copy sent to Eric Warmenhoven <warmenhoven@debian.org>. (Tue, 12 Oct 2010 19:51:03 GMT) Full text and rfc822 format available.

Message #22 received at 496718@bugs.debian.org (full text, mbox):

From: Jean Parpaillon <jean.parpaillon@free.fr>
To: 496718@bugs.debian.org
Subject: Re: vpnc: Disconnects after an hour and loops trying to reconnect
Date: Tue, 12 Oct 2010 21:48:06 +0200
[Message part 1 (text/plain, inline)]
Dear all,
I have the same issue with version 0.5.3r449-2.
The problem has been reported on Fedora [0] and in this thread, it seems
that a patch exists to fix it [1].

Regards,
Jean

[0] https://bugs.launchpad.net/fedora/+source/vpnc/+bug/479632
[1] http://www.gossamer-threads.com/lists/vpnc/devel/3442

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Eric Warmenhoven <warmenhoven@debian.org>:
Bug#496718; Package vpnc. (Tue, 09 Nov 2010 15:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Reinhard Tartler <siretart@tauware.de>:
Extra info received and forwarded to list. Copy sent to Eric Warmenhoven <warmenhoven@debian.org>. (Tue, 09 Nov 2010 15:15:03 GMT) Full text and rfc822 format available.

Message #27 received at 496718@bugs.debian.org (full text, mbox):

From: Reinhard Tartler <siretart@tauware.de>
To: 496718@bugs.debian.org
Cc: michael@zerfleddert.net
Subject: vpnc: diff for NMU version 0.5.3r449-2.1
Date: Tue, 09 Nov 2010 15:50:35 +0100
tags 496718 + patch
tags 496718 + pending
severity 496718 serious
thanks

Justification: Seriously impacts functionality of the package for any user

Dear maintainer,

I've prepared an NMU for vpnc (versioned as 0.5.3r449-2.1) and uploaded
it to DELAYED/5.  Please feel free to tell me if I should delay it
longer.

Preview packages with buildlog can be downloaded here:
http://wiki.tauware.de/~siretart/upload-queue/

Regards,
	Reinhard.

diff -u vpnc-0.5.3r449/debian/changelog vpnc-0.5.3r449/debian/changelog
--- vpnc-0.5.3r449/debian/changelog
+++ vpnc-0.5.3r449/debian/changelog
@@ -1,3 +1,12 @@
+vpnc (0.5.3r449-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Bug fix: "Disconnects after an hour and loops trying to reconnect",
+    thanks to Daniel Schepler (Closes: #496718, LP: #479632). Patch taken
+    from upstream: http://www.gossamer-threads.com/lists/vpnc/devel/3442
+
+ -- Reinhard Tartler <siretart@tauware.de>  Tue, 09 Nov 2010 12:03:17 +0100
+
 vpnc (0.5.3r449-2) unstable; urgency=low
 
   * Add pkg-config build-dependency. (closes: #574715)
diff -u vpnc-0.5.3r449/debian/patches/00list vpnc-0.5.3r449/debian/patches/00list
--- vpnc-0.5.3r449/debian/patches/00list
+++ vpnc-0.5.3r449/debian/patches/00list
@@ -4,0 +5 @@
+07_bug496718.dpatch
only in patch2:
unchanged:
--- vpnc-0.5.3r449.orig/debian/patches/07_bug496718.dpatch
+++ vpnc-0.5.3r449/debian/patches/07_bug496718.dpatch
@@ -0,0 +1,88 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 07_bug496718.dpatch by Reinhard Tartler <siretart@tauware.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Do no disconnect after an hour and loop trying to reconnect
+
+@DPATCH@
+
+Index: vpnc.c
+===================================================================
+--- a/vpnc.c	(revision 449)
++++ b/vpnc.c	(working copy)
+@@ -3095,9 +3097,14 @@
+ 			 */
+ 			/* FIXME: any cleanup needed??? */
+ 
+-			free_isakmp_packet(r);
+-			do_phase2_qm(s);
+-			return;
++			if (rp->u.d.num_spi >= 1 && memcmp(rp->u.d.spi[0], &s->ipsec.tx.spi, 4) == 0) {
++				free_isakmp_packet(r);
++				do_phase2_qm(s);
++				return;
++			} else {
++				DEBUG(2, printf("got isakmp delete with bogus spi, ignoring...\n"));
++				continue;
++			}
+ 		}
+ 		/* skip ipsec-esp delete */
+ 		if (rp->u.d.protocol != ISAKMP_IPSEC_PROTO_ISAKMP) {
+Index: vpnc.c
+===================================================================
+--- a/vpnc.c	(revision 449)
++++ b/vpnc.c	(working copy)
+@@ -2779,32 +2779,34 @@
+ 		free(dh_shared_secret);
+ 		free_isakmp_packet(r);
+ 
+-		if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) {
+-			s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port);
+-			s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL;
+-			s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP;
+-		} else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) {
+-			s->esp_fd = s->ike_fd;
+-		} else {
++		if (s->esp_fd == 0) {
++			if ((opt_natt_mode == NATT_CISCO_UDP) && s->ipsec.peer_udpencap_port) {
++				s->esp_fd = make_socket(s, opt_udpencapport, s->ipsec.peer_udpencap_port);
++				s->ipsec.encap_mode = IPSEC_ENCAP_UDP_TUNNEL;
++				s->ipsec.natt_active_mode = NATT_ACTIVE_CISCO_UDP;
++			} else if (s->ipsec.encap_mode != IPSEC_ENCAP_TUNNEL) {
++				s->esp_fd = s->ike_fd;
++			} else {
+ #ifdef IP_HDRINCL
+-			int hincl = 1;
++				int hincl = 1;
+ #endif
+ 
+-			s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP);
+-			if (s->esp_fd == -1) {
+-				close_tunnel(s);
+-				error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)");
+-			}
++				s->esp_fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP);
++				if (s->esp_fd == -1) {
++					close_tunnel(s);
++					error(1, errno, "Couldn't open socket of ESP. Maybe something registered ESP already.\nPlease try '--natt-mode force-natt' or disable whatever is using ESP.\nsocket(PF_INET, SOCK_RAW, IPPROTO_ESP)");
++				}
+ #ifdef FD_CLOEXEC
+-			/* do not pass socket to vpnc-script, etc. */
+-			fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC);
++				/* do not pass socket to vpnc-script, etc. */
++				fcntl(s->esp_fd, F_SETFD, FD_CLOEXEC);
+ #endif
+ #ifdef IP_HDRINCL
+-			if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) {
+-				close_tunnel(s);
+-				error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)");
++				if (setsockopt(s->esp_fd, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl)) == -1) {
++					close_tunnel(s);
++					error(1, errno, "setsockopt(esp_fd, IPPROTO_IP, IP_HDRINCL, 1)");
++				}
++#endif
+ 			}
+-#endif
+ 		}
+ 
+ 		s->ipsec.rx.seq_id = s->ipsec.tx.seq_id = 1;




Added tag(s) patch. Request was from Reinhard Tartler <siretart@tauware.de> to control@bugs.debian.org. (Tue, 09 Nov 2010 15:15:04 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Reinhard Tartler <siretart@tauware.de> to control@bugs.debian.org. (Tue, 09 Nov 2010 15:15:05 GMT) Full text and rfc822 format available.

Severity set to 'serious' from 'important' Request was from Reinhard Tartler <siretart@tauware.de> to control@bugs.debian.org. (Tue, 09 Nov 2010 15:15:05 GMT) Full text and rfc822 format available.

Reply sent to Reinhard Tartler <siretart@tauware.de>:
You have taken responsibility. (Sun, 14 Nov 2010 15:36:04 GMT) Full text and rfc822 format available.

Notification sent to Daniel Schepler <dschepler@scalable-networks.com>:
Bug acknowledged by developer. (Sun, 14 Nov 2010 15:36:05 GMT) Full text and rfc822 format available.

Message #38 received at 496718-close@bugs.debian.org (full text, mbox):

From: Reinhard Tartler <siretart@tauware.de>
To: 496718-close@bugs.debian.org
Subject: Bug#496718: fixed in vpnc 0.5.3r449-2.1
Date: Sun, 14 Nov 2010 15:32:42 +0000
Source: vpnc
Source-Version: 0.5.3r449-2.1

We believe that the bug you reported is fixed in the latest version of
vpnc, which is due to be installed in the Debian FTP archive:

vpnc_0.5.3r449-2.1.diff.gz
  to main/v/vpnc/vpnc_0.5.3r449-2.1.diff.gz
vpnc_0.5.3r449-2.1.dsc
  to main/v/vpnc/vpnc_0.5.3r449-2.1.dsc
vpnc_0.5.3r449-2.1_i386.deb
  to main/v/vpnc/vpnc_0.5.3r449-2.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496718@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siretart@tauware.de> (supplier of updated vpnc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 09 Nov 2010 12:03:17 +0100
Source: vpnc
Binary: vpnc
Architecture: source i386
Version: 0.5.3r449-2.1
Distribution: unstable
Urgency: low
Maintainer: Eric Warmenhoven <warmenhoven@debian.org>
Changed-By: Reinhard Tartler <siretart@tauware.de>
Description: 
 vpnc       - Cisco-compatible VPN client
Closes: 496718
Changes: 
 vpnc (0.5.3r449-2.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Bug fix: "Disconnects after an hour and loops trying to reconnect",
     thanks to Daniel Schepler (Closes: #496718, LP: #479632). Patch taken
     from upstream: http://www.gossamer-threads.com/lists/vpnc/devel/3442
Checksums-Sha1: 
 56b6682d4b0c393a7cd1c73a2a9f992e9b21adba 1149 vpnc_0.5.3r449-2.1.dsc
 df0228a912caa7593320ffd7e1dfe39f1ad7541d 53551 vpnc_0.5.3r449-2.1.diff.gz
 51af34bb8e719f43d63c4fd1fc4eef584aa98b27 81222 vpnc_0.5.3r449-2.1_i386.deb
Checksums-Sha256: 
 d81e8bea1773d2fff28948c0533e387b001fc9661ff9b275ca13452993b5f06e 1149 vpnc_0.5.3r449-2.1.dsc
 fd037c3d069e4aa9ba59bd3ac10a61c39271966952198759372102c33ad83275 53551 vpnc_0.5.3r449-2.1.diff.gz
 ec26493ceeda570b2d1b0b32c34d379f7b118400574cd74a29ac7981f432a726 81222 vpnc_0.5.3r449-2.1_i386.deb
Files: 
 d53198a76663beb50f8f12da1303953b 1149 net extra vpnc_0.5.3r449-2.1.dsc
 05a9da0920b4fc0169ef55c8f446ec2b 53551 net extra vpnc_0.5.3r449-2.1.diff.gz
 0bc5436bbc1019e79054b548b0b8b446 81222 net extra vpnc_0.5.3r449-2.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Debian Powered!

iJwEAQECAAYFAkzZY0kACgkQ78RAoABp8o8rRgP+Lzildfo6of/Sb4/hTC53zK9O
lbQ5KDxCx7Fe7ZRnjP6ttPGvwsclUxfKlijVa96vzyf234uctiFDlwEZmvX1qCUI
22Nj1fXkQg1l9L/Le3Vyp3imudir9Qelf2c2Tbj01T0P+kWq8J5OwCBRQMlJ5eNZ
7AZsMUTCw7AC7RpWhnI=
=y3HN
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 07 Mar 2011 08:07:40 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 11:33:21 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.