vpnc: Fix AVM FritzBox VPN
This commit is contained in:
parent
628c5df121
commit
2c08a7db88
3 changed files with 82 additions and 1 deletions
81
srcpkgs/vpnc/patches/00-fix-fritzbox.diff
Normal file
81
srcpkgs/vpnc/patches/00-fix-fritzbox.diff
Normal file
|
@ -0,0 +1,81 @@
|
|||
Description: Fixes AVM's FritzBoxes not being able to connect
|
||||
Upstream: Yes
|
||||
Index: vpnc.c
|
||||
===================================================================
|
||||
--- vpnc.c (revision 466)
|
||||
+++ vpnc.c (revision 469)
|
||||
@@ -88,6 +88,10 @@
|
||||
0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E,
|
||||
0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F
|
||||
};
|
||||
+const unsigned char VID_NATT_03[] = { /* "draft-ietf-ipsec-nat-t-ike-03" */
|
||||
+ 0x7d, 0x94, 0x19, 0xa6, 0x53, 0x10, 0xca, 0x6f,
|
||||
+ 0x2c, 0x17, 0x9d, 0x92, 0x15, 0x52, 0x9d, 0x56
|
||||
+};
|
||||
const unsigned char VID_NATT_RFC[] = { /* "RFC 3947" */
|
||||
0x4A, 0x13, 0x1C, 0x81, 0x07, 0x03, 0x58, 0x45,
|
||||
0x5C, 0x57, 0x28, 0xF2, 0x0E, 0x95, 0x45, 0x2F
|
||||
@@ -141,6 +145,7 @@
|
||||
{ VID_NATT_01, sizeof(VID_NATT_01), "Nat-T 01" },
|
||||
{ VID_NATT_02, sizeof(VID_NATT_02), "Nat-T 02" },
|
||||
{ VID_NATT_02N, sizeof(VID_NATT_02N), "Nat-T 02N" },
|
||||
+ { VID_NATT_03, sizeof(VID_NATT_03), "Nat-T 03" },
|
||||
{ VID_NATT_RFC, sizeof(VID_NATT_RFC), "Nat-T RFC" },
|
||||
{ VID_DWR, sizeof(VID_DWR), "Delete With Reason" },
|
||||
{ VID_CISCO_FRAG, sizeof(VID_CISCO_FRAG), "Cisco Fragmentation" },
|
||||
@@ -1156,8 +1161,11 @@
|
||||
value = a->next->u.attr_16;
|
||||
else if (a->next->af == isakmp_attr_lots && a->next->u.lots.length == 4)
|
||||
value = ntohl(*((uint32_t *) a->next->u.lots.data));
|
||||
- else
|
||||
- assert(0);
|
||||
+ else {
|
||||
+ DEBUG(2, printf("got unknown ike lifetime attributes af %d len %d\n",
|
||||
+ a->next->af, a->next->u.lots.length));
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
DEBUG(2, printf("got ike lifetime attributes: %d %s\n", value,
|
||||
(a->u.attr_16 == IKE_LIFE_TYPE_SECONDS) ? "seconds" : "kilobyte"));
|
||||
@@ -1267,6 +1275,8 @@
|
||||
l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
|
||||
VID_NATT_RFC, sizeof(VID_NATT_RFC));
|
||||
l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
|
||||
+ VID_NATT_03, sizeof(VID_NATT_03));
|
||||
+ l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
|
||||
VID_NATT_02N, sizeof(VID_NATT_02N));
|
||||
l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
|
||||
VID_NATT_02, sizeof(VID_NATT_02));
|
||||
@@ -1501,6 +1511,12 @@
|
||||
seen_natt_vid = 1;
|
||||
if (natt_draft < 1) natt_draft = 2;
|
||||
DEBUG(2, printf("peer is NAT-T capable (RFC 3947)\n"));
|
||||
+ } else if (rp->u.vid.length == sizeof(VID_NATT_03)
|
||||
+ && memcmp(rp->u.vid.data, VID_NATT_03,
|
||||
+ sizeof(VID_NATT_03)) == 0) {
|
||||
+ seen_natt_vid = 1;
|
||||
+ if (natt_draft < 1) natt_draft = 2;
|
||||
+ DEBUG(2, printf("peer is NAT-T capable (draft-03)\n"));
|
||||
} else if (rp->u.vid.length == sizeof(VID_NATT_02N)
|
||||
&& memcmp(rp->u.vid.data, VID_NATT_02N,
|
||||
sizeof(VID_NATT_02N)) == 0) {
|
||||
@@ -1582,6 +1598,19 @@
|
||||
seen_natd_them = 1;
|
||||
}
|
||||
break;
|
||||
+ case ISAKMP_PAYLOAD_N:
|
||||
+ if (rp->u.n.type == ISAKMP_N_IPSEC_RESPONDER_LIFETIME) {
|
||||
+ if (rp->u.n.protocol == ISAKMP_IPSEC_PROTO_ISAKMP)
|
||||
+ lifetime_ike_process(s, rp->u.n.attributes);
|
||||
+ else if (rp->u.n.protocol == ISAKMP_IPSEC_PROTO_IPSEC_ESP)
|
||||
+ lifetime_ipsec_process(s, rp->u.n.attributes);
|
||||
+ else
|
||||
+ DEBUG(2, printf("got unknown lifetime notice, ignoring..\n"));
|
||||
+ } else {
|
||||
+ DEBUG(1, printf("rejecting ISAKMP_PAYLOAD_N, type is not lifetime\n"));
|
||||
+ reject = ISAKMP_N_INVALID_PAYLOAD_TYPE;
|
||||
+ }
|
||||
+ break;
|
||||
default:
|
||||
DEBUG(1, printf("rejecting invalid payload type %d\n", rp->type));
|
||||
reject = ISAKMP_N_INVALID_PAYLOAD_TYPE;
|
|
@ -1,7 +1,7 @@
|
|||
# Template file for 'vpnc'
|
||||
pkgname=vpnc
|
||||
version=0.5.3
|
||||
revision=6
|
||||
revision=7
|
||||
hostmakedepends="perl"
|
||||
makedepends="libgcrypt-devel"
|
||||
depends="net-tools"
|
||||
|
|
Loading…
Reference in a new issue