[vpnc-devel] vpnc disconnect/reconnect issues [fixed]
Brian Kroth
bpkroth at wisc.edu
Wed Jun 22 00:33:20 CEST 2005
For ages now I've had a problem where after issuing vpnc-disconnect I
was able to reconnect to the VPN but not actually do anything. The
system I've been logging into uses pre-shared+xauth, silly I know, but I
have no control over it. Here's a similar config so you know what I'm
talking about:
IPSec gateway a.b.c.d
IPSec ID vpnGroupName
IPSec secret vpnGroupSecret
Xauth username vpnUserName
UDP Encapsulate
The problem I found was that while the Windows Cisco client actually
generates a whole bunch of disconnect messages and clears some info from
the VPN box, the vpnc-disconnect script simply kills the daemon which
results in a "bad hash" message on the VPN box and a connection that
doesn't get cleared for a period of time - I believe the default is 24
hours. This does not mean that vpnc can't authenticate, unfortunately,
it just means that it can't do anything once inside.
THE FIX:
After you've disconnected using vpnc-disconnect try to reconnect:
vpnc profile.conf
Now when prompted (you may have to change that part), enter the correct
group password (if necessary), and the _*/wrong/*_ password for your
user. This should clear the connection on the VPN box and vpnc should
error out with "authentication unsuccessful."
Now connect and authenticate as usual.
Note 1: too many unsuccessful attempts in a row will probably lock you
out for a time, which is just as useless.
Note 2: this is not a fix for the rekeying issue that forces you to
disconnect after 8 hours, or whatever it happens to be.
Hope that helps someone,
Brian Kroth
More information about the vpnc-devel
mailing list