[NTLUG:Discuss] vpnc rejects me

Chris Cox cjcox at acm.org
Wed Aug 25 10:05:00 CDT 2004 

Dennis Daupert wrote:
> On suse 9.1, after buncha tries at making vpnc,
> I installed the missing libgcrypt libraries, make'd ok, set up 
> my /etc/vpnc.conf, copied vpnc to /usr/local/sbin, set 
> LD_LIBRARY_PATH=/usr/local/lib, then typed
> 
>  ./vpnc-connect

I think you're talking about the open source Cisco VPN
client? Right?

Sample vpnc.conf (NOTE: In the script below, I hard coded some of these!!
Maybe it doesn't work quite right)

IPSec gateway YOUR-IP-AAA.BBB.CCC.DDD
IPSec ID YOUR-ID-HERE
IPSec secret YOUR-SECRET-HERE
Xauth username YOUR-USERNAME
Local Port YOUR-PORT

You have to know your ID and secret as well as the
IP of the Cisco VPN server and the port it will
use.

Then I created a script called vpnc.sh (my vpnc is in /usr/local/sbin):

: Start of vpnc.sh
PATH=/usr/local/sbin:$PATH
vpnc --gateway YOUR-IP-AAA.BBB.CCC.DDD --id "YOUR-ID-HERE" --local-port YOUR-PORT
# I think I hard coded several of the things from vpnc.conf because
# it wasn't reading them correctly from the vpnc.conf file!!  I think??
sleep 2
ip route add YOUR-IP-AAA.BBB.CCC.DDD via 192.168.1.1
# Replace 192.168.1.1 with whatever your local gateway is.
ip route delete default
ip route add default dev tun0
cp /etc/resolv.conf /etc/resolv.conf.save
# Save the original resolv.conf
cp /etc/resolv.conf.SCI /etc/resolv.conf
# resolv.conf.SCI contains the nameservers for my company's network.
# End of vpnc.sh

You can adjust your routing however you like.  The above will
make your admins happy... if you join your local (Internet
Accessible!!) network to your VPN network... you might violate some
kind of corporate policy.

> 
> But now I get:
> # expected xauth packet; rejected: INVALID_EXCHANGE_TYPE

Don't use vpnc-connnect.  Try what I listed above instead.


When done with your VPN connection (you have to run the
script as root since it sets up the tun0 device), just kill
the vpnc process and do an rcnetwork restart and (if necessary)
copy back your original /etc/resolv.conf from resolv.conf.save.

> 
> google has let me down on INVALID_EXCHANGE_TYPE, and I don't 
> comprehend enough about xauth to know how it factors in. I do 
> understand rejection, but that's another story.
> 
> Help?
> 
> /dennis

More information about the Discuss mailing list