# VPNC ca_dir not yet supported

## Shelnutt2

I'm trying to setup a vpn with vpnc. However when I run it I am getting vpnc ca_dir not yet supported. I've googled but there seems to be no solution to this. I'm wondering if there are any possible workarounds? I know that ca_dir isn't supported but there has to be something I can do to figure this out.

The vpn service I am trying to connect to is, http://net-services.ufl.edu/provided_services/vpn/vpn-install.html#linux . I didn't want to use their cisco client, so i was trying to get vpnc from portage to work. I used pcf2vpnc to convert the provided .pcf file. I cat'd the vpnc file to /etc/vpnc/default.conf .

```
## generated by pcf2vpnc

IPSec ID vpn-auth-mga

IPSec gateway vpn.ufl.edu

IPSec secret 1t$as3cr3@t

Xauth password blahblah

Xauth username myuserblah

IKE Authmode hybrid

IKE DH Group dh2
```

However this is causing the error and then vpnc quits. I have all the needed network options enabled in my kernel. The only relevant information I found was talking about how vpnc needed openssl but their licenses didn't match, but it's been taken care of by using gnutls now, and I have the latest version which uses gnutls from portage.

I also tried to get their client working, and I had to apply this patch for 64bit support

http://forum.tuxx-home.at/viewtopic.php?f=15&t=589#p4187

However whenever I started their vpnc it locked my entire system up after a few minutes. I had to hard boot off, I tried twice to make sure it wasn't anything else.

I'm running ~AMD64, any advice is greatly appreciated.

Debug output of vpnc:

```
vpnc --debug 2

   

vpnc version 0.5.3_p449

S1 init_sockaddr

 [2010-06-19 17:58:33]

S2 make_socket

 [2010-06-19 17:58:33]

S3 setup_tunnel

 [2010-06-19 17:58:33]

   using interface tun0

S4 do_phase1_am

 [2010-06-19 17:58:33]

S4.1 create_nonce

 [2010-06-19 17:58:33]

S4.2 dh setup

 [2010-06-19 17:58:33]

S4.3 AM packet_1

 [2010-06-19 17:58:33]

S4.4 AM_packet2

 [2010-06-19 17:58:33]

   (Cisco Unity)

   (Xauth)

   (DPD)

   (Nat-T 02N)

   (unknown)

   (unknown)

   (unknown)

   got ike lifetime attributes: 2147483 seconds

   IKE SA selected hybrid(rsa)-aes128-sha1

   peer is DPD capable (RFC3706)

   peer is NAT-T capable (draft-02)\n

   peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads

   peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads

vpnc: ca_dir not yet supported

```

----------

