[vpnc-devel] vpnc disconnect/reconnect issues [fixed]

Anton Altaparmakov aia21 at cam.ac.uk
Wed Jun 22 15:57:08 CEST 2005 

On Tue, 2005-06-21 at 17:33 -0500, Brian Kroth wrote:
> For ages now I've had a problem where after issuing vpnc-disconnect I
> was able to reconnect to the VPN but not actually do anything.  The
> system I've been logging into uses pre-shared+xauth, silly I know, but I
> have no control over it.  Here's a similar config so you know what I'm
> talking about:
> 
>     IPSec gateway a.b.c.d
>     IPSec ID vpnGroupName
>     IPSec secret vpnGroupSecret
>     Xauth username vpnUserName
>     UDP Encapsulate
> 
> The problem I found was that while the Windows Cisco client actually
> generates a whole bunch of disconnect messages and clears some info from
> the VPN box, the vpnc-disconnect script simply kills the daemon which
> results in a "bad hash" message on the VPN box and a connection that
> doesn't get cleared for a period of time - I believe the default is 24
> hours.  This does not mean that vpnc can't authenticate, unfortunately,
> it just means that it can't do anything once inside.
> 
> THE FIX:
> After you've disconnected using vpnc-disconnect try to reconnect:
>     vpnc profile.conf
> Now when prompted (you may have to change that part), enter the correct
> group password (if necessary), and the _*/wrong/*_ password for your
> user.  This should clear the connection on the VPN box and vpnc should
> error out with "authentication unsuccessful."
> 
> Now connect and authenticate as usual.

Correct.  If you had read the mailing list archives you would have found
that out already.  This is a know problem/solution.

In fact, here at Cambridge University I distribute a modified vpnc which
accepts a command line argument for the password which overrides the one
in the config file.  And vpnc-connect is also modified to first connect
with an incorrect password using the new command line argument and only
then to do the proper connect with the correct password.  That way our
users do not need to know/worry about the problem.

Best regards,

        Anton
-- 
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK
Linux NTFS maintainer / IRC: #ntfs on irc.freenode.net
WWW: http://linux-ntfs.sf.net/ & http://www-stu.christs.cam.ac.uk/~aia21/

More information about the vpnc-devel mailing list