Good morning Florian,
thank you very much for your response and for opening the bug in the BTS.
I've compiled the binary in a build VM on my Debian 11 workstation and
tried it against our Cisco VPN concentrator appliance VM
using dh14 for DH key-exchange. Unfortunately we do not have public
accounts for testing, but I could test the new packages here.
So far, I'm not aware of any public Cisco IPSec servers for general
testing. Guess due to the licensing and maintenance it
might be difficult to find any.
If it helps, I could assist you in the testing of new vpnc packages.
Thanks, best regards
Andreas
On 16.05.22 05:37, Florian Schlichting wrote:
Package: vpnc
Version: 0.5.3+git20210125-1
Hi Andreas,
the canonical way would be to open a bug against vpnc in the Debian BTS,
which I'm doing right now (Cc:).
I've had a brief look at the current upstream git version, and I think
it should be easy to update the Debian package. However, as I've lost
access to any ipsec VPN concentrator, once it compiles I have no way to
test the resulting package. Do you know of any publicly available
services, by chance?
I guess I should make it more clear that I need to pass on maintenance
of vpnc in Debian...
Florian
On Tue, May 10, 2022 at 02:59:56PM +0200, Andreas Erhard wrote:
Hi Florian,
thank you very much for maintaining so many Debian packages. Concerning the
VPN-Client vpnc, I'd have an update proposal and could not find another
point of contact (such as "report outdated package" for Arch Linux) so
sorry for bothering you with this request.
In the latest version, vpnc supports way stronger key exchange security. The
Modular Exponential (MODP) Diffie-Hellman groups 14 to 18 (2048 bits to 8192
bits) as specified in RFC3526 are now supported. We also tested the enhanced
key exchange on a Cisco IPSec VPN appliance.
The new version is already packaged in the extra repo for Arch Linux[1],
I've opened an issue for OpenWRT[2] as well which is pending at the moment.
As the patches greatly improve the security and interoperability of vpnc, it
would be great to get this update included in Debian. How would be the best
procedure for that?
Thank you very much, best regards from Tyrol
Andreas Erhard
[1] https://archlinux.org/packages/?name=vpnc
[2] https://github.com/openwrt/packages/issues/18477
