FFe vpnc with Hybrid-Auth enabled?

As far as I can say, the previous versions of vpnc where compiled with this option activated ... I would just do it, and see if anybody complains. The way it is at the moment is a bit annoying, as most people probably use it in hybrid-auth mode.

Kind regards,
Lee Garrett

That would be a solution until vpnc gets patched.
Someone on vpnc-devel wanted to rewrite it using NSS.

For all the people who compiled vpnc with hybrid auth themself I patched network-manager-vpnc to enable hybrid auth configuration.
See my ppa:
https://launchpad.net/~sroecker/+archive

Hi Lee,

Have you compiled a .deb with vpnc hybrid authentication just like Steffen Röcker did with nm-vpnc? Because I would be interested to use it...
Thanks!

Hi Lee,

I'm also interested in your pre-compiled .deb with vpnc hybrid authentication.

Thanks,

Make sure you have the following packages installed before you compile:

debhelper (>= 4.0.0)
dpatch
libgcrypt11-dev

and

libssl-dev

Thanks,

*bump*

Is there any definite yes or no regarding this issue? Would be nice to solve it soon as it affects quite a lot of people in university environments, and the solution is basically there.

Jaunty is out and we don't have an answer for this. Is it possible to deliver vpnc with HybridAuth out of the box?

The OpenSSL license and the GPL are incompatible (because of the advertising clause also known from the old BSD license). If you distribute software which contains GPLed code, you have to GPL this software too. As the OpenSSL license is incompatible we can't do this because we would not respect the license of the OpenSSL library and therefore would loose our right to distribute it. If we don't apply the GPL to the vpnc package we loose our right to distribute the GPLed part. So either way we can't do this.
There are two solutions which both require a fix from the vpnc project:
1) The copyright holders (i.e. each person who has contributed to vpnc) allow for a exception clause, stating that their software may be linked to the OpenSSL library
2) vpnc is rewritten to use another SSL library (e.g. GnuTLS)

Dan Williams patched vpnc so that it can either use OpenSSL or GnuTLS,
he posted the patch to vpnc-devel:
http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-May/003073.html

I already tried it but it didn't work for me.

I'd love to see this fixed.

I posted another patch (based on Dan Williams) on vpnc-devel which worked for me at least.

http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-July/003129.html

New version of my patch: PKCS#1 padding check is more strict

Thanks Laurent.
I cleaned up your patch so that I can apply it to vpnc-0.5.3-1 and removed test-crypto.

I uploaded vpnc with gnutls support to my ppa so people can test it.

Had to disable certificate issuer verifying to accept my cert.

Thank you for your work on this bug. I just tested the patch on ubuntu jaunty with our corporate vpn using hybrid authentication and it seems to work fine. It would be great if this worked out of the box in karmic.

I'm using your PPA on Karmic, and it works great with my university (Karlsruhe) network.

Patch merged upstream. Is it possible to update to latest SVN revision before Karmic is released?

Stepped over this one recently, there's a fine working gnutls-version of vpnc available in upstreams svn, though no release. I'd suggest Ubuntu makes a package of vpnc from the svn snapshot (Gentoo does so), development seems quite inactive so probably no release soon.

I rebuilt the vpnc package from Debian sid, and it works fine. Would be great if it could be uploaded for Lucid.

I can confirm that 0.5.3r449-2 packages from Debian sid are working fine. Corporate and university users would benefit tremendously from vpnc supporting hybrid auth out of the box, especially as Lucid being a LTS release. So please, consider uploading the new version.

I totally agree!

for a buildlog & diff see: https://launchpad.net/~bojo42/+archive/testing/+sourcepub/1005722/+listing-archive-extra

is there no chance left getting 0.5.3r449-2 into Lucid?
Shifting the buttons to the left (Bug #532633), introducing hereby a huge experimental UI change, just made it into Lucid weeks before the final release of Lucid.
So please, be consistent with the new let's-get-experimental-changes-weeks-before-LTS-release-policy that has been introduced with Bug #532633 and sync the "experimental" version of vpnc from debian sid.

But seriously: version 0.5.3r449-2 of vpnc is well tested and far being from "unstable".

vpnc 0.5.3r449-2 is already in squeeze (testing) so lucid (LTS) will ship an older version that's out-of-sync with Debian 6.0 and misses a key feature that larger institutions really need. so please, please consider a FFe.

May be there is a chance to get this into lucid, but just asking here won't bring this to the attention of the release team. And on the 15. April is final freeze so it gets more complicated every day.

If you sure the change fulfils the requirements please follow the procedure for freeze exception: https://wiki.ubuntu.com/FreezeExceptionProcess

This looks appropriate for an FFe, but someone needs to provide the required information for an FFe per the link in the previous comment.

Thanks for the hint, FreezeException Bug has been filed: Bug #561467

This bug is *already* marked as a freeze exception bug, please provide the information here.

OK, my fault.
-----------------------------------------------------------------------------
the new version of vpnc in debian testing fixes this bug.

see also the debian bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440318

version currently in lucid: 0.5.3-1
current version upstream (and now in debian testing): 0.5.3r449 (latest svn snapshot)

the upstream changelog contains _no_ differences as there has been just mostly bugfixes since the last release. Therefore the attached changelog.diff contains the diff of debian/changelog.

for build logs, please refer to the following files:
i386: http://launchpadlibrarian.net/41768783/buildlog_ubuntu-lucid-i386.vpnc_0.5.3r449-2~ppa1~lucid1_FULLYBUILT.txt.gz
amd64: http://launchpadlibrarian.net/41795989/buildlog_ubuntu-lucid-amd64.vpnc_0.5.3r449-2~ppa1~lucid1_FULLYBUILT.txt.gz

thanks to bojo42 for providing these!
(see also: https://launchpad.net/~bojo42/+archive/testing/+sourcepub/1005722/+listing-archive-extra )

You say the upstream changelog contains "mostly" bugfixes. Are there any other non-bugfix changes, aside from the GnuTLS port?

According to svn changelog, the only major change is the GnuTLS port. Other changes are cosmetics (typos/whitespaces), bug fixes and compilations fixes

See svn log -r449:372 http://svn.unix-ag.uni-kl.de/vpnc/trunk

FFe granted.

[Updating] vpnc (0.5.3-1 [Ubuntu] < 0.5.3r449-2 [Debian])
 * Trying to add vpnc...
2010-04-13 09:29:47 INFO - <vpnc_0.5.3r449-2.dsc: downloading from http://ftp.debian.org/debian/>
2010-04-13 09:29:47 INFO - <vpnc_0.5.3r449.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
2010-04-13 09:29:47 INFO - <vpnc_0.5.3r449-2.diff.gz: downloading from http://ftp.debian.org/debian/>
I: vpnc [universe] -> vpnc_0.5.3-1 [universe].

really great this got into lucid, thanks. now it would make sense to consider a FFe to fix Bug #300628