FFe [PATCH] please add fields for hybrid authentication

Is there any decision on this issue? Would be nice to know, as it affects a lot of people in university environments.

This should be fixed upstream when vpnc gets gnutls support.

Until then you can use the version from my ppa:
https://launchpad.net/~sroecker/+archive/ppa

vpnc with gnutls is now available

Is there some way that this patch can also be applied to KNetworkManager for Kubuntu? I know that the KDE nm applet is a plasma-applet but it would be nice to have the changes made there as well. The fix supplied for the Gnome nm applet work great by the way.. Thanks!

As vpnc now has hybrid auth support via gnutls, can we add these patches from Steffen Röcker? It built fine and is working for me without problems. Would be great to get it in Lucid before it's too late.

I fully agree, it would be great to get it in Lucid before it's too late, i.e. together with vpnc 0.5.3r449-2 from Debian

As Bug #195848 got fixed it's about time to enable this functionality also in the GUI of NM. We would need a FFe for that:

I repackaged lucid latest package 0.8-0ubuntu2 with the 3 patches from Steffen Röcker. Works great, like his PPA packages for older Ubuntu releases.

Diff: https://launchpad.net/~bojo42/+archive/vpn/+files/network-manager-vpnc_0.8-0ubuntu2_0.8-0ubuntu3~llhybridauth1.diff.gz

Buildlogs:
i386: https://launchpad.net/~bojo42/+archive/vpn/+build/1689850
amd64: https://launchpad.net/~bojo42/+archive/vpn/+build/1689849

For more information on the build see https://launchpad.net/~bojo42/+archive/vpn/+sourcepub/1076594/+listing-archive-extra

(setting back to new so that it appears on the worklist of ubuntu-release. also rejecting the nominations, we use only FFe bug reports, not nominations)

Does this mean it's in the works? It would be a pity if this one doesn't manage it for lucid. It's been independently verified by various people (Steffen, Todd, me) that these patches work, and they're not disruptive in any way. They just give the vpnc GUI a long overdue functionality.

Regards,
Lee

It means that someone needs to look at it ;).

Sebastien, can you take a look please?

the change has not been reviewed and approved by upstream apparently and add new labels which will not be translated nor translatable since universe don't use launchpad translations, seems rather something that should wait next cycle and be distributed in a ppa for those who need the option

ok, thanks, let's defer that for lucid + 1 then, unsubscribing ubuntu-release.

Upstream has always been very slow on this bug. I'm interested in getting this to work. So this is mainly a translation issue? What changes do need to be made so this gets into ubuntu (lucid or lucid-updates)?

you will need to get the new string translated in the locates which have translations for this software, look to the po directory you will see the list there, if you can coordinate with translators for all those and get a patch which change the code and update the translations that should be better, will probably easier to get a build in a ppa for those who need to feature though

The latest patch of John Haxby on the related upstream bug seems to include an additional "Application Version" string input field and all the three initially mentioned patches by Steffen Roecker.

https://bugzilla.gnome.org/attachment.cgi?id=148886

Good, supporting "Application Version" in the GUI would be appreciated. For example, my employer's VPN rejects vpnc connections unless you specify (in ~/.gconf/system/networking/connections/*/vpn/%gconf.xml):

<entry name="Application@32@Version" mtime="1273097719" type="string">
  <stringvalue>Cisco Systems VPN Client 4.8.01 (0640):Linux</stringvalue>
</entry>

Can this please be added to maverick 10.10, it's really useful for corporate users.

It's already too late to be added in time for the Maverick release (given it involves UI changes), as mentioned at the point were it was considered for Lucid. This really should get into NM upstream and be pulled in this way, so let's aim for it to be included in the next version of NM.

It is so sad that this is not fixed. Steffen is providing a PPA with a working version for more than one year so there can't be any serious work left. Hybrid Auth is widely used in university environments and useful in corporate environments as well.

A patched version for maverick is now available at my PPA.

I swear that I replied to this bug track saying I had it working. If I had
not then I apologize. It was not long after the first reply that I tried it.

-----Original Message-----
From: Steffen Röcker
Sent: Saturday, October 23, 2010 11:48 AM
To: <email address hidden>
Subject: [Bug 300628] Re: FFe [PATCH] please add fields for
hybridauthentication

A patched version for maverick is now available at my PPA.

--
FFe [PATCH] please add fields for hybrid authentication
https://bugs.launchpad.net/bugs/300628
You received this bug notification because you are a direct subscriber
of the bug.

Status in NetworkManager: In Progress
Status in “network-manager-vpnc” package in Ubuntu: New

Bug description:
Binary package hint: network-manager-vpnc

There are three patches posted on the upstream mailing list which add some
fields for hybrid authentication. It would be nice to include them in a new
package aimed for intrepid-updates.

  * add hybrid auth patch:
    - nm-vpn.c http://bugzilla.gnome.org/attachment.cgi?id=122811
    - nm-vpnc-service.c http://bugzilla.gnome.org/attachment.cgi?id=121766
    - nm-vpnc-dialog.glade
http://bugzilla.gnome.org/attachment.cgi?id=121768

The upstream bug report is here:
http://bugzilla.gnome.org/show_bug.cgi?id=495893

There are also some patches for newer versions of network-manager-vpnc

To unsubscribe from this bug, go to:
https://bugs.launchpad.net/network-manager/+bug/300628/+subscribe

I'll be looking at getting this in shape for Natty.

That are good news.

I posted a patch today on the NetworkManager mailing list: http://mail.gnome.org/archives/networkmanager-list/2011-March/msg00136.html

Package builds fine for Natty, but I haven't uploaded it yet since I don't have hardware to test it with. I'll upload packages to my PPA soon.

Fine, I am ready to test it.

I just uploaded network-manager-vpnc - 0.8.1+git.20110207t151002.6a2b2d6-0ubuntu3~mtrudel1 to my PPA (https://edge.launchpad.net/~mathieu-tl/+archive/ppa). It should build and be available in a couple of hours.

Note: I've only build packages for Natty. You'll need to run natty already or use a live-cd and apply the packages on top of that... Although it's possible the package would work on Maverick too. As usual for PPAs, it's at your own risks ;)

I tested the Package in a natty Virtual Machine and got the same Error as with command line vpnc. Both abort with 'isakmp length does not match packet length: isakmp = 1947 != datalen = 1458'. The vpnc on the maverick host works fine (and I simply copied the configuration files). So could be Virtualbox or the natty package vpnc. It seem that nm-vpnc invokes vpnc right.

Here is the end of what NetworkManager started with 'VPNC_DEBUG=1' saws:

 receiving: <========================
 [2011-04-03 17:39:11]

S4.4 AM_packet2
 [2011-04-03 17:39:11]
   BEGIN_PARSE
   Recieved Packet Len: 1458
   i_cookie: ade3a358 2b1f1d07
   r_cookie: 8574e238 3e84b0a5
   payload: 01 (ISAKMP_PAYLOAD_SA)
   isakmp_version: 10
   exchange_type: 04 (ISAKMP_EXCHANGE_AGGRESSIVE)
   flags: 00
   message_id: 00000000
   len: 0000079b
   isakmp length does not match packet length: isakmp = 1947 != datalen = 1458
/usr/sbin/vpnc: response was invalid [1]: (ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS)(30)
NetworkManager[2157]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tun0, iface: tun0)

** (nm-vpnc-service:2216): WARNING **: <WARN> vpnc_watch_cb(): vpnc exited with error code 1

NetworkManager[2157]: <warn> VPN plugin failed: 1
NetworkManager[2157]: <info> VPN plugin state changed: 6
NetworkManager[2157]: <info> VPN plugin state change reason: 0
NetworkManager[2157]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
NetworkManager[2157]: <info> Policy set 'Auto eth0' (eth0) as default for IPv4 routing and DNS.
NetworkManager[2157]: <info> VPN service 'vpnc' disappeared

Mathieu, I tested your PPA with Hybrid Authentication successfully on Natty at my University's VPN Network. Thank you for your work.

Is there a minimal chance to see this in Natty's Final Release, so that users don't need your PPA to get Hybrid Auth ?

Not really. This patch means added strings, and we're past String Freeze. We're also past Feature Freeze, which already complicates pushing things for new features such as adding configuration fields for VPN plugins.

Moreover, I've not yet received much review for the patch upstream, so I'm still waiting for the patch to be approved and hopefully merged in straight into network-manager-vpnc upstream (e.g. so it's the same on all distros).

Note, this will be carried in a PPA until it's upstream, and in another PPA from then on as well; in other words, I'll push a package with that patch in to the ~network-manager team PPAs as soon as possible.

So the patch just made it upstream; I'll update the package in *Oneiric* shortly so this will be in the next Ubuntu release (11.10).

Good to see that the fix is on the way.

This bug was fixed in the package network-manager-vpnc - 0.8.999+git.20110717t135336.904dc2f-0ubuntu1

---------------
network-manager-vpnc (0.8.999+git.20110717t135336.904dc2f-0ubuntu1) oneiric; urgency=low

  * upstream snapshot 2011-07-17 13:53:36 (GMT)
    + 904dc2f07bd3cb21ee903cdea6ba880b5bf7231d
    - core: don't claim default route when explicit routes are passed
    - core/ui: add support for Hybrid authentication (LP: #300628)
  * debian/rules: re-add code to grab git snapshots.
  * debian/rules, debian/control: use dh-autoreconf.
 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 18 Jul 2011 16:18:21 -0400

supporting "Application Version" in the GUI would be appreciated.
Still not in Ubuntu 11.10 available. Is it going to be in 12.04 release?

"Application Version" is not in 12.04. I filed a fresh RFE for tracking purposes: bug #1000006.