[Announce] vpn9c -- vpnc client with launch GUI for n9...I - Page 4 - maemo.org - Talk

Maemo Community e.V. Donation

Community Seamless Software Update

Coding Competition

Active Topics

Phone Camera Competition April 2021: "Funny & Foolish" (33)
to General by Fellfrosch - 3 hrs, 20 mins ago
What's the best Handheld gnu/linux machine for 20XX? (78)
to Competitors by clort - 8 hrs, 6 mins ago
Unofficial Storage for camera phone competition... (62)
to General by catbus - 16 hrs, 26 mins ago
Maemo-Leste pre-alpha announcement (512)
to Maemo 7 / Leste by nonsuch - 1 day, 17 hrs ago
The Intel RealSense Smartphone prototype (0)
to Competitors by n950 - 1 day, 20 hrs ago
Maemo Leste Playground (57)
to Maemo 7 / Leste by clort - 2 days, 17 hrs ago
A Palm OS thread ... and a thank you to the community (23)
to Alternatives by bradvesp - 3 days, 16 hrs ago
SailfishOS on Sony Z3 Compact Tablet (180)
to SailfishOS by ogustbiller - 6 days, 20 hrs ago
more...

Page 4 of 9

4

Reply

imagomundi	2012-08-29 , 17:40
Posts: 13 \| Thanked: 8 times \| Joined on Jun 2012	#31

Originally Posted by too

View Post

As you know so much,

Thx for the flowers

can you also dig the exact configuration
file that Android vpnc client uses. For reference, the current
configuration vpn9c feeds to vpnc is:
Code:
IPSec gateway %s
IPSec ID %s
IPSec secret %s
IKE AuthMode psk
IKE DH Group dh2
Xauth username %s
Xauth password %s
[Domain %s

I don't have an Android device at hand for a few weeks. Maybe it is possible you have a look at it yourself? The user in the IPPhone-Forum said that he used a vpnc client downloaded from android market which he altered in the way I described before.

Unfortunately my local time is 7,5 hrs. behind Helsinki - so I can only answer when it is midnight or even later in Helsinki and it will always take two full days to post and answer. I try to speed this up a little answering from my office's PC.

I would guess one or the other problem and therefore ask:

1. What is the IPSec ID? I never saw such a data in none of my working NOKIA (Symbian) vpn clients and I do not see it in the vpn server's (FRITZBox) configuration either.

2. Is "IKE DH Group dh2" identical with "GROUP_DESCRIPTION_II: MODP_1024" or/and "GROUP_DESCRIPTION: MODP_1024" as in the working Nokia vpn client's configuration?
I will post the 701's vpn client config later

3. "Domain" is the DDNS domain of the gateway? If my gateway is "My.dyndns.org" the domain is "dyndns.org"?

Finally: I read somewhere that the use of @ is not allowed in a vpnc user name? False or true?

Last edited by imagomundi; 2012-08-29 at 17:48.

Quote & Reply |

The Following User Says Thank You to imagomundi For This Useful Post:
peterleinchen

	too	2012-08-30 , 09:50
	Posts: 122 \| Thanked: 135 times \| Joined on Dec 2009 @ Helsinki	#32

Originally Posted by imagomundi

View Post

Thx for the flowers

I don't have an Android device at hand for a few weeks. Maybe it is possible you have a look at it yourself? The user in the IPPhone-Forum said that he used a vpnc client downloaded from android market which he altered in the way I described before.

Unfortunately my local time is 7,5 hrs. behind Helsinki - so I can only answer when it is midnight or even later in Helsinki and it will always take two full days to post and answer. I try to speed this up a little answering from my office's PC.

Well, If you're not in hurry this speed is OK to me -- and I think we
don't need too many iterations to solve this...

Originally Posted by imagomundi

View Post

I would guess one or the other problem and therefore ask:

1. What is the IPSec ID? I never saw such a data in none of my working NOKIA (Symbian) vpn clients and I do not see it in the vpn server's (FRITZBox) configuration either.

It might be that is server is not interested on any id then this
can be empty...

Originally Posted by imagomundi

View Post

2. Is "IKE DH Group dh2" identical with "GROUP_DESCRIPTION_II: MODP_1024" or/and "GROUP_DESCRIPTION: MODP_1024" as in the working Nokia vpn client's configuration?
I will post the 701's vpn client config later

I'm lazy to check out atm. If everything else fails then let's look this
option further...

Originally Posted by imagomundi

View Post

3. "Domain" is the DDNS domain of the gateway? If my gateway is "My.dyndns.org" the domain is "dyndns.org"?

Frankly I don't know what this is. Maybe some microsoft thing :O -- In
my config that is empty.

Originally Posted by imagomundi

View Post

Finally: I read somewhere that the use of @ is not allowed in a vpnc user name? False or true?

No idea. My vpn[c] user name is just plain login name.

---

Anyway, I'll compile a vpnc binary where

IKE_ATTRIB_LIFE_DURATION = 3600 (instead of 2147483)

and draft-ietf-ipsec-nat-t-ike-03 code is patched in place
of draft-ietf-ipsec-nat-t-ike-02. Whenever I get it done
I put it avalable somewhere -- let's hope that is enough
to solve this issue.

Quote & Reply |

The Following User Says Thank You to too For This Useful Post:
peterleinchen

imagomundi	2012-08-30 , 10:41
Posts: 13 \| Thanked: 8 times \| Joined on Jun 2012	#33

Originally Posted by too

View Post

Anyway, I'll compile a vpnc binary where

IKE_ATTRIB_LIFE_DURATION = 3600 (instead of 2147483)

and draft-ietf-ipsec-nat-t-ike-03 code is patched in place
of draft-ietf-ipsec-nat-t-ike-02. Whenever I get it done
I put it avalable somewhere -- let's hope that is enough
to solve this issue.

Thx - and please let me (us) know about this "somewhere".

Quote & Reply |

	too	2012-08-30 , 11:56
	Posts: 122 \| Thanked: 135 times \| Joined on Dec 2009 @ Helsinki	#34

I applied a patch that adds natt 03 and lifetime negotiations (I think)

(vpnc-fritzbox.patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629646 , modified to apply on 0.5.3)

get

http://www.guru-group.fi/~too/tmp/vp....548_armel.deb

and try to see whe whether this works.

Tomi

Quote & Reply |

The Following 2 Users Say Thank You to too For This Useful Post:
imagomundi, peterleinchen

imagomundi	2012-08-30 , 18:36
Posts: 13 \| Thanked: 8 times \| Joined on Jun 2012	#35

YES - IT WORKS! (with my FRITZBox 7390)

THANK YOU SOOO MUCH, Tomi, MUCHAS GRACIAS - you are my personal N9 hero - and surely the one of many other N9 users, too. Till today I always travelled with my N9 and additionally my 701 only for VPN reasons. From today on the N9 will travel alone.

EDIT: it WORKED the whole afternoon and now I'm getting again (different) error messages - I will try first to sort out possible errors on my server config and if necessary come back here

Last edited by imagomundi; 2012-08-31 at 05:13.

Quote & Reply |

The Following User Says Thank You to imagomundi For This Useful Post:
too

chilango	2012-08-31 , 20:38
Posts: 508 \| Thanked: 623 times \| Joined on Jul 2012 @ Mexico/Germany	#36

Hy Imagomundi,

how is your configurationfile? Like you described before here or you made some changes?

Quote & Reply |

imagomundi	2012-09-01 , 03:38
Posts: 13 \| Thanked: 8 times \| Joined on Jun 2012	#37

VPN on my N9 is working again on my FRITZBox 7390 as it should with this configuration:

Code:

enabled = yes;
                conn_type = conntype_user;
                name = "name@name";
                always_renew = no;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip = 0.0.0.0;
                local_virtualip = 0.0.0.0;
                remoteip = 0.0.0.0;
                remote_virtualip = 192.168.174.202;
                remoteid {
                        key_id = "name@name";
                }
                mode = phase1_mode_aggressive;
                phase1ss = "all/all/all";
                keytype = connkeytype_pre_shared;
                key = "keykeykeykey";
                cert_do_server_auth = no;
                use_nat_t = yes;
                use_xauth = yes;
                xauth {
                        valid = yes;
                        username = "name@name";
                        passwd = "passwordpassword";
                }
                use_cfgmode = yes;
                phase2localid {
                        ipnet {
                                ipaddr = 0.0.0.0;
                                mask = 0.0.0.0;
                        }
                }
                phase2remoteid {
                        ipaddr = 192.168.174.202;
                }
                phase2ss = "esp-all-all/ah-all/comp-all/no-pfs";
                accesslist = 
                             "permit ip 192.168.174.0 255.255.255.0 192.168.174.202 255.255.255.255", 
                             "permit ip any 192.168.174.202 255.255.255.255";

VPN9C :

Gateway:	mein.dyndns.org
Group Name:       name@name
Group Pwd:          keykeykeykey
Username:           name@name
Password:            passwordpassword

Thanks once more to TOMI

Last edited by imagomundi; 2012-09-01 at 10:55.

Quote & Reply |

	too	2012-09-03 , 12:22
	Posts: 122 \| Thanked: 135 times \| Joined on Dec 2009 @ Helsinki	#38

Great that this works for imagomundi now.
New version now available at

https://www.nixuopen.org/projects/too/vpn9c/

Quote & Reply |

sammyl	2012-09-06 , 03:19
Posts: 8 \| Thanked: 1 time \| Joined on Nov 2011	#39

Is it possible to add PPTP support?

Quote & Reply |

	too	2012-09-07 , 13:11
	Posts: 122 \| Thanked: 135 times \| Joined on Dec 2009 @ Helsinki	#40

Originally Posted by sammyl

View Post

Is it possible to add PPTP support?

Unfortunately the "built-in" vpnc software does not have any
reference to pptp, so it is not just a configuration issue.

If someone(tm) provides an user-space software capable of
pptp communication and configuration examples then the
vpn9c gui could be adjusted to use that -- in a new package.

Quote & Reply |

Reply

Page 4 of 9

4

« Previous Thread | Next Thread »

Thread Tools
Show Printable Version Email this Page

Forum Jump

All times are GMT. The time now is 13:18.