vpnc ignores xauth password in conf file

I get the same problem.

It seems that vpnc is using the Xauth password to respond to the prompt that comes just before the "Enter Username and Password." output:
   Enter password for west@1.2.3.4:

In my setup, I can enter anything or nothing for that prompt as long as I then enter the correct PIN+SecurID at the "Passcode for VPN west@1.2.3.4:" prompt.

Another computer I use at home is running Ubuntu 7.10 with version 0.4.0-3ubuntu2 of vpnc. It does not prompt for the Passcode when I provide a password. In other words, the same as Reece sees with 0.5.1.

I have tracked down the change that causes this to happen for us. It is a single line that was added since 0.5.1. For reference, I am attaching the diff showing where I commented out the code causing the trouble.

Is it possible to get the vpnc maintainers to explain the change and/or revert it?

Thanks,
Rob

For purposes of any potential downgrade, the change happened in revision 270.

The way this also affects kvpnc is that it only expects and responds to the password prompt, not the passcode prompt.

Hi,

I may have misread the bug report, but is your proposed patch
reverting a change introduced upstream in revision 270?

If that is the case then I would be wary of including the patch
as it would be going against upstream. Have you contacted the
author to ask about their rationale and suggested reverting the
change?

Thanks,

James

The patch does comment out one line of a change that happened in revision 270.

I understand your wariness. I was hoping that the maintainer of the package for Ubuntu would work it out with the author(s) as to the best way to solve the issue. I figured there was some relationship there since Ubuntu is using an unreleased version (i.e. it's a checkout from subversion). That said, I can join the vpnc-devel list and see what I can do.

I've noticed on the archives of the list that others are seeing the same problem. Joerg Mayer expressed some interest in the problem at http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2008-June/002336.html. The original poster follows up with with suggesting adding 'Xauth password ' (with the space on the end) to make it stop prompting twice at http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2008-June/002323.html. However, I think that will not solve the problem with the interaction with kvpnc.

On Fri, 2008-06-13 at 21:29 +0000, Rob West wrote:
> The patch does comment out one line of a change that happened in
> revision 270.
>

Thanks for the links below, it made it easier to fish out the exact
change.

http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2007-November/002040.html

So, it looks like the author wasn't specifically changing this
behaviour, and this may well be a bug he wasn't aware of.

> I understand your wariness. I was hoping that the maintainer of the
> package for Ubuntu would work it out with the author(s) as to the best
> way to solve the issue. I figured there was some relationship there
> since Ubuntu is using an unreleased version (i.e. it's a checkout from
> subversion). That said, I can join the vpnc-devel list and see what I
> can do.

I'm not the Ubuntu maintainer, I'm just looking at the bug as you
raised it, so I don't think I'm the person to do that.

Looking at the source package history and launchpad information doesn't
show anyone that specifically cares for this package, so if you
could bring it up on the vpnc-devel list I would be grateful.

The svn snapshot was actually uploaded by the Debian maintainer, so
it would seem that this bug is also present in Debian, and so another
option would be to forward the bug there.

Thanks,

James

I believe I have the same issue here. I emailed the development team, and have not received a response back.

Is there a way to get vpnc to pass along my authentication code (PIN+SecurID), so I can connect? Is there such a workaround? I'd hate to have to go back to Windows just to use my VPN service.

http://ubuntuforums.org/showthread.php?p=5221188

user@user-desktop:/usr/share/vpnc$ sudo
vpnc /home/user/vpn/myConfig.conf
[sudo] password for user:
Enter password for user@[IPSec Gateway]:
Passcode for VPN user@[IPSec Gateway]: <--- (variation)
vpnc: authentication unsuccessful

Here is my config file, that worked prior to the upgrade to Hardy:

IPSec gateway [gateway IP]
IPSec ID [group id]
IPSec obfuscated secret [hex code string]
Xauth username user
target networks [target network]

Yes, the workaround is to type anything for the Enter password prompt (or add Xauth password <some_text> to the config) and then type in the PIN+SecurID for the Passcode prompt.

Joerg Mayer has committed my patch to the vpnc svn trunk. I have tested revision 325. Both command-line and kvpnc work now.

When I asked Joerg about his desired resolution for this bug in Hardy/Intrepid, he said:

"There are some additional problems fixed, but they are not
serious, so just applying your patch and then go for 0.5.2 once it is released
should be as good as using current trunk. If they go for trunk it will be
easier to find possible regressions before a 0.5.2 release :-) "

Is it possible to get either the patch or some revision of the trunk >= 325 put into Hardy?

Hi,

Sorry for the delay in getting back to you on this.

Firstly, I am closing the kvpnc component of this bug, as I don't think
we need a fix there, is that correct?

I found the messages on the mailing list

  http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2008-June/002425.html

and the commit upstream

  http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2008-June/002423.html

so I'm happy for this to go in.

The rules for a stable update (https://wiki.ubuntu.com/StableReleaseUpdates/)
say that it must be fixed in the development release first, so I'll get that part done.

Meanwhile I would appreciate your help preparing this bug to go through the
SRU process. If you could edit the description of the bug to contain the following
information I would be very grateful:

  Update the bug report description and make sure it contains the following information:

     1. A statement explaining the impact of the bug on users and justification for backporting the fix to the
         stable release
     2. An explanation of how the bug has been addressed in the development branch, including the relevant
         version numbers of packages modified in order to implement the fix.
     3. A minimal patch applicable to the stable version of the package. If preparing a patch is likely to be
         time-consuming, it may be preferable to get a general approval from the SRU team first.
     4. Detailed instructions how to reproduce the bug. These should allow someone who is not familiar with
         the affected package to reproduce the bug and verify that the updated package fixes the problem.
         Please mark this with a line "TEST CASE:".
     5. A discussion of the regression potential of the patch and how users could get inadvertently effected.

Thanks,

James

Hi,

Please consider sponsorship for including this patch in to Intrepid.

Thanks,

James

This bug was fixed in the package vpnc - 0.5.1r275-1ubuntu1

---------------
vpnc (0.5.1r275-1ubuntu1) intrepid; urgency=low

  * Cherry-pick patch from upstream so that vpnc doesn't ignore the password
    in the configuration file. (LP: #214399)
    - This is debian/patches/07_fix_double_password_prompt.dpatch
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492981

 -- James Westby <email address hidden> Wed, 30 Jul 2008 13:26:10 +0100

Hi people.

Working on a new, full updated Ubuntu Mate 16.04 and this bug is still present. I am getting the two times, useless passwords that do nothing no matter what. No difference if I set a text or not in "Xauth password" field.

vpnc version is 0.5.3r550-2build1

Regards.

I experience the same as axelhc with Lubuntu 16.04's vpnc.