Updating IPSec VPN client vpnc from 0.4.0 from 0.3.3 using the
attached diff appears to have solved the problems I did experience
with keep-alives and previously missing re-keying (VPN tunnels froze
within minutes resp. after 6-7 hours) when connecting to a Cisco 3005
from OpenBSD i386 4.1-current. I might still test from sparc64 and
eventually get rid of the four type mismatch warnings. It appears that
most patches from 0.3.3 made it into the upstream distribution, e.g.
0.4.0 builds without patches (but warnings).
Rolf
diff -urN --exclude=CVS vpnc/Makefile vpnc0.4.0/Makefile
--- vpnc/Makefile Fri Aug 4 01:28:12 2006
+++ vpnc0.4.0/Makefile Sun Apr 22 20:06:09 2007
@@ -2,8 +2,8 @@
COMMENT= "client for Cisco 3000 VPN concentrators"
-DISTNAME= vpnc-0.3.3
-PKGNAME= ${DISTNAME}p1
+DISTNAME= vpnc-0.4.0
+PKGNAME= ${DISTNAME}
CATEGORIES= security net
HOMEPAGE= http://www.unix-ag.uni-kl.de/~massar/vpnc/
diff -urN --exclude=CVS vpnc/patches/patch-Makefile
vpnc0.4.0/patches/patch-Makefile
--- vpnc/patches/patch-Makefile Fri Nov 11 20:38:07 2005
+++ vpnc0.4.0/patches/patch-Makefile Thu Jan 1 01:00:00 1970
@@ -1,16 +0,0 @@
-$OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $
---- Makefile.orig Sun May 1 22:30:35 2005
-+++ Makefile Fri Nov 4 00:03:54 2005
-@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc
- SBINDIR=$(PREFIX)/sbin
- MANDIR=$(PREFIX)/share/man
-
--CC=gcc
--CFLAGS=-W -Wall -O -g '-DVERSION="$(shell cat VERSION)"' $(shell
libgcrypt-config --cflags)
--LDFLAGS=-g $(shell libgcrypt-config --libs)
-+CC?=gcc
-+CFLAGS+=-W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config
--cflags)
-+LDFLAGS+=$(shell libgcrypt-config --libs)
-
- ifeq ($(shell uname -s), Linux)
- SYSDEP=sysdep-linux.o
diff -urN --exclude=CVS vpnc/patches/patch-tunip_c
vpnc0.4.0/patches/patch-tunip_c
--- vpnc/patches/patch-tunip_c Fri Nov 11 20:38:07 2005
+++ vpnc0.4.0/patches/patch-tunip_c Thu Jan 1 01:00:00 1970
@@ -1,21 +0,0 @@
-$OpenBSD: patch-tunip_c,v 1.3 2005/11/11 19:38:07 sturm Exp $
---- tunip.c.orig Thu May 5 12:25:00 2005
-+++ tunip.c Fri Nov 4 00:09:30 2005
-@@ -436,7 +436,7 @@ int update_sa_addr(struct sa_desc *p)
- if (new_addr.sin_addr.s_addr != p->source.sin_addr.s_addr) {
- char addr1[16];
- p->source.sin_addr = new_addr.sin_addr;
-- strcpy(addr1, inet_ntoa(p->dest.sin_addr));
-+ strlcpy(addr1, inet_ntoa(p->dest.sin_addr), sizeof(addr1));
- syslog(LOG_NOTICE,
- "local address for %s is %s", addr1,
inet_ntoa(p->source.sin_addr));
- return 1;
-@@ -844,7 +844,7 @@ static void vpnc_main_loop(struct peer_d
- || from.sin_addr.s_addr !=
peer->remote_sa->dest.sin_addr.s_addr) {
- /* remote end changed address */
- char addr1[16];
-- strcpy(addr1,
inet_ntoa(peer->remote_sa->dest.sin_addr));
-+ strlcpy(addr1,
inet_ntoa(peer->remote_sa->dest.sin_addr), sizeof(addr1));
- syslog(LOG_NOTICE,
- "spi %u: remote address changed from %s
to %s",
- peer->remote_sa->spi, addr1,
inet_ntoa(from.sin_addr));
diff -urN --exclude=CVS vpnc/patches/patch-vpnc-script
vpnc0.4.0/patches/patch-vpnc-script
--- vpnc/patches/patch-vpnc-script Fri Nov 11 20:38:07 2005
+++ vpnc0.4.0/patches/patch-vpnc-script Thu Jan 1 01:00:00 1970
@@ -1,64 +0,0 @@
-$OpenBSD: patch-vpnc-script,v 1.1 2005/11/11 19:38:07 sturm Exp $
---- vpnc-script.orig Thu Nov 3 23:39:23 2005
-+++ vpnc-script Thu Nov 3 23:51:02 2005
-@@ -70,7 +70,7 @@ do_ifconfig() {
- ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp
"$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu 1412 up
- }
-
--if [ -n "$IPROUTE" ]; then
-+if [ -x "$IPROUTE" ]; then
- fix_ip_get_output () {
- sed 's/cache//;s/metric[0-9]\+ [0-9]\+//g'
- }
-@@ -117,7 +117,11 @@ if [ -n "$IPROUTE" ]; then
- }
- else
- get_default_gw() {
-- netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
-+ if [ "$OS" = "OpenBSD" ]; then
-+ netstat -r -n | grep '^default' | awk '{print $2}'
-+ else
-+ netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
-+ fi
- }
-
- set_vpngateway_route() {
-@@ -215,15 +219,21 @@ do_connect() {
- echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ;
done
- echo
- fi
--
-+
-+ if [ ! -d /var/run/vpnc ]; then
-+ mkdir /var/run/vpnc || exit $?
-+ fi
-+
- do_ifconfig
- set_vpngateway_route
- if [ -n "$CISCO_SPLIT_INC" ]; then
-- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
-+ i=0
-+ while [ $i -lt $CISCO_SPLIT_INC ]; do
- eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
- eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
- eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
- set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
-+ i=`expr $i + 1`
- done
- for i in $INTERNAL_IP4_DNS ; do
- set_network_route "$i" "255.255.255.255" "32"
-@@ -239,11 +249,13 @@ do_connect() {
-
- do_disconnect() {
- if [ -n "$CISCO_SPLIT_INC" ]; then
-- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
-+ i=0
-+ while [ $i -lt $CISCO_SPLIT_INC ]; do
- eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
- eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
- eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
- del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
-+ i=`expr $i + 1`
- done
- for i in $INTERNAL_IP4_DNS ; do
- del_network_route "$i" "255.255.255.255" "32"
diff -urN --exclude=CVS vpnc/patches/patch-vpnc_c vpnc0.4.0/patches/patch-vpnc_c
--- vpnc/patches/patch-vpnc_c Fri Nov 11 20:38:07 2005
+++ vpnc0.4.0/patches/patch-vpnc_c Thu Jan 1 01:00:00 1970
@@ -1,19 +0,0 @@
-$OpenBSD: patch-vpnc_c,v 1.2 2005/11/11 19:38:07 sturm Exp $
---- vpnc.c.orig Fri Nov 4 00:09:49 2005
-+++ vpnc.c Fri Nov 4 00:11:03 2005
-@@ -196,10 +196,11 @@ static void addenv(const void *name, con
-
- oldval = getenv(name);
- if (oldval != NULL) {
-- strbuf = xallocc(strlen(oldval) + 1 + strlen(value) + 1);
-- strcat(strbuf, oldval);
-- strcat(strbuf, " ");
-- strcat(strbuf, value);
-+ size_t sz = strlen(oldval) + 1 + strlen(value) + 1;
-+ strbuf = xallocc(sz);
-+ strlcpy(strbuf, oldval, sz);
-+ strlcat(strbuf, " ", sz);
-+ strlcat(strbuf, value, sz);
- }
-
- setenv(name, strbuf ? strbuf : value, 1);
