[vpnc-devel] no response from target / hybrid auth does not read certificate
Christoph Vedder
Christoph.Vedder at HS-Karlsruhe.de
Wed Sep 24 15:31:05 CEST 2008
Hi List,
I experience a strange situation when I try to connect to my vpn
concentrator.
There is no evidence that the concentrator certificate is loaded by vpnc.
When I start vpnc using the config below, it starts the tap device (which
stops acquiring an ip address after a very short time (1-2s))
and then vpnc aborts after 10-15s with "no response from target".
Let's talk about my system first.
I'm running XP x64 (AMD64) and have compiled vpnc 0.5.1 using cygwin
(2.573.2.2) and openssl support.
The current version of the openvpn tap drivers (9.0.0.4/2.1_rc11) are also
installed.
The concentrator I want to connect is the vpn concentrator of the university
of Karlsruhe,
which uses hybrid authentication.
As shown in other threads it is possible to use vpnc to connect to this
concentrator
(sorry, german only:
http://christoph-langner.de/2007/05/vpn-der-universitat-karlsruhe-uber-vpnc/
)
My config looks like this:
---
IPSec ID vpn-split
IPSec gateway vpn.uni-karlsruhe.de
IPSec secret <sorry>
IKE Authmode hybrid
## To add your username and password,
## use the following lines:
Xauth username <sorry>
Interface name TAP-Win32-0901
Interface mode tap
Local Port 0
# Script /etc/vpnc/custom-script.sh
CA-File /etc/vpnc/dfnpca-02.pem
---
When I monitor vpnc using strace or sysinternals filemonitor, it doesn't
seem to access the CA-File.
And without the certificate it truely cannot connect to the vpn
concentrator.
I already checked the library dependencies using 'objdump -p' and
'depends.exe' and both show up the dependency to cyggcrypt-11.dll,
thus openssl should be available to vpnc, but why isn't it using the
certificate?
I've attached a debug-3 output for convenience, but couldn't find any errors
in it.
Hope, you folks can find something I missed.
Best regards
Christoph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debug.3.log
Type: application/octet-stream
Size: 15027 bytes
Desc: not available
Url : http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/attachments/20080924/bd6c85a1/attachment.obj
More information about the vpnc-devel
mailing list