# vpnc stopped working

## swingkyd

I've been putting this off trying to fix it but I really need some help now. vpnc was working fine following the guide last year, then all of the sudden, (after a major upgrade I think) it stopped working. I have followed the vpnc guide again and I have the kernel tun compiled in and it is loaded and choosing the same settings that worked in that other OS, it stopped working... just says I cannot access. I cannot figure out what would be the problem.

```
# dmesg |grep tun

[    0.276579] tun: Universal TUN/TAP device driver, 1.6

[    0.276689] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>

[    2.021210] IPv6 over IPv4 tunneling driver
```

now ...could it be that I'm using some sort of IPv6 when i don't have one?

```
# cat /usr/src/linux/.config|grep TUN

CONFIG_YENTA_ENE_TUNE=y

# CONFIG_INET_XFRM_TUNNEL is not set

CONFIG_INET_TUNNEL=y

# CONFIG_INET_XFRM_MODE_TUNNEL is not set

# CONFIG_INET6_XFRM_TUNNEL is not set

# CONFIG_INET6_TUNNEL is not set

CONFIG_INET6_XFRM_MODE_TUNNEL=y

# CONFIG_IPV6_TUNNEL is not set

CONFIG_TUN=y
```

I don't recall why the INET6_XFRM_MODE_TUNNEL is set...

could this be the problem?

```
# vpnc

vpnc: authentication unsuccessful
```

I don't even know what to post to help troubleshoot this! sorry.

----------

## ziggysquatch

Mine works and I have CONFIG_INET6_XFRM_MODE_TUNNEL set.  Does /var/log/messages show any further information when trying to run?

Also there is a --debug option when running it, try that for more output.

----------

## swingkyd

debug 2 output:

```
 # vpnc --debug=2

                                  

vpnc version 0.5.3                

S1 init_sockaddr

 [2010-01-05 13:47:57]

S2 make_socket

 [2010-01-05 13:47:57]

S3 setup_tunnel

 [2010-01-05 13:47:57]

   using interface tun0

S4 do_phase1_am

 [2010-01-05 13:47:57]

S4.1 create_nonce

 [2010-01-05 13:47:57]

S4.2 dh setup

 [2010-01-05 13:47:57]

S4.3 AM packet_1

 [2010-01-05 13:47:57]

S4.4 AM_packet2

 [2010-01-05 13:47:58]

   (Xauth)            

   (DPD)              

   (Cisco Unity)      

   (unknown) 

   (unknown)          

   (Nat-T 02N)        

   got ike lifetime attributes: 2147483 seconds

   IKE SA selected psk+xauth-3des-sha1         

   peer is DPD capable (RFC3706)               

   peer is NAT-T capable (draft-02)\n          

   peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads

   peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads

S4.5 AM_packet3

 [2010-01-05 13:47:58]

   NAT status: this end behind NAT? YES -- remote end behind NAT? no

   NAT-T mode, adding non-esp marker                                

S4.6 cleanup

 [2010-01-05 13:47:58]

S5 do_phase2_xauth

 [2010-01-05 13:47:58]

S5.1 xauth_start

 [2010-01-05 13:47:58]

S5.2 notice_check

 [2010-01-05 13:47:58]

   got ike lifetime attributes: 86400 seconds

S5.3 type-is-xauth check

 [2010-01-05 13:47:58]

S5.4 xauth type check

 [2010-01-05 13:47:58]

S5.5 do xauth authentication

 [2010-01-05 13:47:58]

   NAT-T mode, adding non-esp marker

S5.2 notice_check

 [2010-01-05 13:47:58]

S5.3 type-is-xauth check

 [2010-01-05 13:47:58]

S5.6 process xauth response

 [2010-01-05 13:47:58]

   NAT-T mode, adding non-esp marker

vpnc: authentication unsuccessful

```

...but I don't know what any of this meant...

----------

## ziggysquatch

Nothing stands out.  Do you have your password in the conf file?  If so, can you comment it out and see if it prompts for it?

----------

## swingkyd

yep...it prompts for it without any problems... other than it doesn't authenticate

... I'm playing around with kvpnc to see if anything else comes up from the same settings...apparently it's asking for the "group password"...which I don't know what it is... but after copying the "IPSec secret" password from the extracted pcf file, it's then asking for the user password...which I type in and then says it fails on the user password.

strange that it still works under Windows (I type in the same password) but not under Linux for the same pcf file!

It also bugs me that it was working and then all of the sudden stopped. *sigh*.

----------

## lucky_rooster

What version of gcc are you compiling it with? I could not get a connection when I emerged vpnc with gcc 4.3.4. I switched to 4.1.2, reemerged vpnc and was able to connect.  Use 

```
gcc-config -l 
```

 to see what versions you have available.

----------

