XioXouS
n00b
Joined: 01 Apr 2005
Posts: 59
|
 Posted: Tue Jun 21, 2005 10:37 pm Post subject: vpnc disconnect/reconnect issues [fixed] |
 |
|
For ages now I've had a problem where after issuing vpnc-disconnect I
was able to reconnect to the VPN but not actually do anything. The
system I've been logging into uses pre-shared+xauth, silly I know, but I
have no control over it. Here's a similar config so you know what I'm
talking about:
| Code: |
IPSec gateway a.b.c.d
IPSec ID vpnGroupName
IPSec secret vpnGroupSecret
Xauth username vpnUserName
UDP Encapsulate
|
The problem I found was that while the Windows Cisco client actually
generates a whole bunch of disconnect messages and clears some info from
the VPN box, the vpnc-disconnect script simply kills the daemon which
results in a "bad hash" message on the VPN box and a connection that
doesn't get cleared for a period of time - I believe the default is 24
hours. This does not mean that vpnc can't authenticate, unfortunately,
it just means that it can't do anything once inside.
THE FIX:
After you've disconnected using vpnc-disconnect try to reconnect using "vpnc profile.conf".
Now when prompted (you may have to change that part), enter the correct
group password (if necessary), and the wrong password for your
user. This should clear the connection on the VPN box and vpnc should
error out with "authentication unsuccessful."
Now connect and authenticate as usual.
Note 1: too many unsuccessful attempts in a row will probably lock you
out for a time, which is just as useless.
Note 2: this is not a fix for the rekeying issue that forces you to
disconnect after 8 hours, or whatever it happens to be.
Hope that helps someone. |
|
Networking & Security
