On Wed, Jan 5, 2011 at 15:20, Christian Kildau <m...@chrisk.de> wrote:
> Hi all,
>
> I'm having a hard time getting vpnc (0.5.3) from packages to work on 4.8.
> I have it running on Mac OS X (and Linux also), but it just doesn't work(tm)
> on OpenBSD.
>
Oh good, I thought I was the only one.
> Everything get's set up properly (in my eyes). The tun device is created, the
> IP Address is assigned, the routes are set. But it looks like vpnc just
> doesn't forward anything.
>
> net.inet.esp.enable and net.inet.ah.enable are set to 0, as mentioned by the
> vpnc installation script.
>
> # ping sipgate.de
> PING sipgate.de (217.10.79.9): 56 data bytes
> ping: sendto: No buffer space available
> ping: wrote sipgate.de 64 chars, ret=-1
>
> Has anyone got this working on a recent OpenBSD?
>
I had to give up and use openconnect. It uses a vpnc script to create
the SSL tunnel I use. I submitted an update when the WANTLIB changes
came in, but I didn't see any inclusion to -current...
Here is the latest version of openconnect, it works to connect to my
Cisco AnyClient VPN at work. I've tested it on i386 and amd64
---------------------------------------------------------------
#more DESCR
OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco
SR500, 870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
and probably others.
OpenConnect is released under the GNU Lesser Public License, version
2.1.
Like vpnc, OpenConnect is not officially supported by, or associated in
any way with, Cisco Systems. It just happens to interoperate with their
equipment.
Development of OpenConnect was started after a trial of their "official"
client under Linux found it to have many deficiencies:
* Inability to use SSL certificates from a TPM, or even use
a passphrase.
* Lack of support for Linux platforms other than i386.
* Lack of integration with NetworkManager on the Linux desktop.
* Lack of proper (RPM/DEB) packaging for Linux distributions.
* "Stealth" use of libraries with dlopen(), even using the
development-only symlinks such as libz.so - making it hard to
properly discover the dependencies which proper packaging would
have expressed
* Tempfile races allowing unprivileged users to trick it into
overwriting arbitrary files, as root.
* Unable to run as an unprivileged user, which would have
reduced severity of the above bug.
* Inability to audit the source code for further such "Security
101" bugs.
Naturally, OpenConnect addresses all of the above issues, and more.
It's been tested on i386 and amd64. I updated it to work with the new
WANTLIB changes. This adds to Jiri's earlier work. I just added the
WANTLIB changes. He's short on bandwidth at the moment, so I made the
changes.
[demime 1.01d removed an attachment of type application/x-gzip which had a name
of openconnect.tar.gz]
