Vpnc error Assertion `a->next->type == IKE_ATTRIB_LIFE_DURATION' failed


(Gor) #1
Hardware information
System:    Host: chakra-pc Kernel: 4.18.12-1-CHAKRA x86_64 bits: 64 Desktop: KDE Plasma 5.14.4 
           Distro: Chakra 
Machine:   Type: Desktop Mobo: ASUSTeK model: P7P55D DELUXE v: Rev 1.xx serial: <filter> 
           BIOS: American Megatrends v: 2101 date: 09/28/2012 
CPU:       Topology: Dual Core model: Intel Core i5 660 bits: 64 type: MT MCP L2 cache: 4096 KiB 
           Speed: 3226 MHz min/max: 1200/3334 MHz Core speeds (MHz): 1: 2691 2: 2630 3: 3077 4: 2631 
Graphics:  Card-1: NVIDIA GP108 [GeForce GT 1030] driver: nvidia v: 410.57 
           Display: x11 server: X.Org 1.20.3 driver: nvidia 
           resolution: 1920x1080~60Hz, 1920x1080~60Hz 
           OpenGL: renderer: GeForce GT 1030/PCIe/SSE2 v: 4.6.0 NVIDIA 410.57 
Audio:     Card-1: Intel 5 Series/3400 Series High Definition Audio driver: snd_hda_intel 
           Card-2: NVIDIA GP108 High Definition Audio driver: snd_hda_intel 
           Card-3: Logitech Webcam C270 type: USB driver: uvcvideo,snd-usb-audio 
           Sound Server: ALSA v: k4.18.12-1-CHAKRA 
Network:   Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet driver: r8169 
           IF: enp2s0 state: down mac: <filter> 
           Card-2: Realtek RTL-8110SC/8169SC Gigabit Ethernet driver: r8169 
           IF: enp7s4 state: up speed: 1000 Mbps duplex: full mac: <filter> 
Drives:    HDD Total Size: 1.02 TiB used: 432.80 GiB (41.5%) 
           ID-1: /dev/sda vendor: Samsung model: SSD 840 EVO 120GB size: 111.79 GiB 
           ID-2: /dev/sdb vendor: Western Digital model: WD5000AAKS-00UU3A0 size: 465.76 GiB 
           ID-3: /dev/sdc vendor: Western Digital model: WD5000AAKS-00UU3A0 size: 465.76 GiB 
RAID:      Device-1: md0 type: mdraid status: active raid: mirror report: 2/1 U_ Components: 
           online: sdc1~c0 
Partition: ID-1: / size: 21.89 GiB used: 15.57 GiB (71.2%) fs: ext4 dev: /dev/sda3 
           ID-2: /home size: 84.04 GiB used: 40.33 GiB (48.0%) fs: ext4 dev: /dev/sda4 
           ID-3: swap-1 size: 3.91 GiB used: 493.1 MiB (12.3%) fs: swap dev: /dev/sda2 
Sensors:   System Temperatures: cpu: 51.0 C mobo: N/A gpu: nvidia temp: 36 C 
           Fan Speeds (RPM): N/A 
Info:      Processes: 190 Uptime: 14d 18h 56m Memory: 3.85 GiB used: 2.10 GiB (54.7%) Shell: bash 
           inxi: 3.0.10 

Having problems with VPNC connection which errors out after being connected.
In Journal i can see connection is successful and i get the IP address from VPN server,
but it will disconnect in the next millisecond.
After research looks like one line needs to be changed in vpnc.c and package recompiled.
in vpnc.c

-       assert(a->next->type == IKE_ATTRIB_LIFE_DURATION);
+       /* assert(a->next->type == IKE_ATTRIB_LIFE_DURATION); */

No problem there but once the update of vpnc comes along it would overwrite recompiled package.

What would be the best solution to this issue ?

Thank You

this is from journalctl

....
Dec 09 13:52:12 mypc systemd-networkd[410]: tun0: Gained carrier
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.7006] vpn-connection[0x55f7995960e0,35e4ecf6-e721-49ed-8e2b-817b93a0431a,"VPNC_NAME",11:(tun0)]: VPN connection: (IP Config Get) complete
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.7012] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Dec 09 13:52:12 mypc kdeinit5[736]: plasma-nm: Unhandled VPN connection state change:  4
Dec 09 13:52:12 mypc dbus[421]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Dec 09 13:52:12 mypc kdeconnectd[794]: kdeconnect.core: Broadcasting identity packet
Dec 09 13:52:12 mypc systemd[1]: Starting Network Manager Script Dispatcher Service...
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.7394] keyfile: add connection in-memory (a192f09d-6f22-4d14-b69e-fad59c0940b8,"tun0")
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.7405] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.7419] device (tun0): Activation: starting connection 'tun0' (a192f09d-6f22-4d14-b69e-fad59c0940b8)
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.7423] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.7430] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.7434] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.7439] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.7450] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.7453] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.7523] device (tun0): Activation: successful, device activated.
Dec 09 13:52:12 mypc dbus[421]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Dec 09 13:52:12 mypc systemd[1]: Started Network Manager Script Dispatcher Service.
Dec 09 13:52:12 mypc NetworkManager[422]: vpnc: vpnc.c:1206: lifetime_ike_process: Assertion `a->next->type == IKE_ATTRIB_LIFE_DURATION' failed.
Dec 09 13:52:12 mypc audit[19860]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=19860 comm="vpnc" exe="/usr/sbin/vpnc" sig=6 res=1
Dec 09 13:52:12 mypc nm-dispatcher[19869]: req:1 'vpn-up' [tun0]: new request (1 scripts)
Dec 09 13:52:12 mypc nm-dispatcher[19869]: req:1 'vpn-up' [tun0]: start running ordered scripts...
Dec 09 13:52:12 mypc kernel: audit: type=1701 audit(1544359932.761:14): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=19860 comm="vpnc" exe="/usr/sbin/vpnc" sig=6 res=1
Dec 09 13:52:12 mypc nm-dispatcher[19869]: req:2 'up' [tun0]: new request (1 scripts)
Dec 09 13:52:12 mypc nm-dispatcher[19869]: req:2 'up' [tun0]: start running ordered scripts...
Dec 09 13:52:12 mypc systemd[1]: Started Process Core Dump (PID 19873/UID 0).
Dec 09 13:52:12 mypc systemd[1]: Starting Network Time Service...
Dec 09 13:52:12 mypc kdeconnectd[794]: kdeconnect.core: Broadcasting identity packet
Dec 09 13:52:12 mypc ntpd[19878]: ntpd 4.2.8p10@1.3728-o Sat Apr  1 13:35:44 UTC 2017 (1): Starting
Dec 09 13:52:12 mypc ntpd[19878]: Command line: /usr/bin/ntpd -g -u ntp:ntp
Dec 09 13:52:12 mypc systemd[1]: Started Network Time Service.
Dec 09 13:52:12 mypc ntpd[19880]: proto: precision = 0.079 usec (-24)
Dec 09 13:52:12 mypc ntpd[19880]: Listen and drop on 0 v6wildcard [::]:123
Dec 09 13:52:12 mypc ntpd[19880]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Dec 09 13:52:12 mypc ntpd[19880]: Listen normally on 2 lo 127.0.0.1:123
Dec 09 13:52:12 mypc ntpd[19880]: Listen normally on 3 enp7s4 myIP
Dec 09 13:52:12 mypc ntpd[19880]: Listen normally on 4 tun0 tunnel_IP
Dec 09 13:52:12 mypc ntpd[19880]: Listen normally on 5 enp7s4 [my_IPV6]:123
Dec 09 13:52:12 mypc ntpd[19880]: Listening on routing socket on fd #22 for interface updates
Dec 09 13:52:12 mypc systemd-networkd[410]: tun0: Lost carrier
Dec 09 13:52:12 mypc NetworkManager[422]: <info>  [1544359932.9983] device (tun0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Dec 09 13:52:13 mypc nm-dispatcher[19869]: req:3 'down' [tun0]: new request (1 scripts)
Dec 09 13:52:13 mypc nm-dispatcher[19869]: req:3 'down' [tun0]: start running ordered scripts...
Dec 09 13:52:13 mypc NetworkManager[422]: <info>  [1544359933.0336] vpn-connection[0x55f7995960e0,35e4ecf6-e721-49ed-8e2b-817b93a0431a,"VPNC_NAME",11:(tun0)]: VPN plugin: state changed: stopping (5)
Dec 09 13:52:13 mypc NetworkManager[422]: <info>  [1544359933.0337] vpn-connection[0x55f7995960e0,35e4ecf6-e721-49ed-8e2b-817b93a0431a,"VPNC_NAME",11:(tun0)]: VPN plugin: state changed: stopped (6)
Dec 09 13:52:13 mypc systemd[1]: Stopping Network Time Service...
Dec 09 13:52:13 mypc ntpd[19880]: ntpd exiting on signal 15 (Terminated)
Dec 09 13:52:13 mypc NetworkManager[422]: <info>  [1544359933.0500] vpn-connection[0x55f7995960e0,35e4ecf6-e721-49ed-8e2b-817b93a0431a,"VPNC_NAME",0]: VPN service disappeared
Dec 09 13:52:13 mypc systemd-coredump[19877]: Process 19860 (vpnc) of user 0 dumped core.
                                                   
                                                   Stack trace of thread 19860:
                                                   #0  0x00007f1527956d10 raise (libc.so.6)
                                                   #1  0x00007f152794199f abort (libc.so.6)
                                                   #2  0x00007f152794185f __assert_fail_base.cold.0 (libc.so.6)
                                                   #3  0x00007f152794f5f2 __assert_fail (libc.so.6)
                                                   #4  0x000000000040e631 n/a (vpnc)
                                                   #5  0x0000000000412663 n/a (vpnc)
                                                   #6  0x00000000004044f4 n/a (vpnc)
                                                   #7  0x00007f15279434be __libc_start_main (libc.so.6)
                                                   #8  0x0000000000405aea n/a (vpnc)
Dec 09 13:52:13 mypc nm-dispatcher[19869]: req:4 'vpn-down' [tun0]: new request (1 scripts)
Dec 09 13:52:13 mypc nm-dispatcher[19869]: req:4 'vpn-down' [tun0]: start running ordered scripts...

(Luca Giambonini) #2

Hm… do you have a Fortigate firewall?
seems a known problem, but nor Arch or Fedora applied a patch for workaround it.

Would be ok to include this patch, but I want to know why other distro didn’t included that. What is the reason? security issues?

https://lists.gt.net/vpnc/devel/4181
https://wiki.archlinux.org/index.php/Vpnc#Troubleshooting
https://bugzilla.opensuse.org/show_bug.cgi?id=971539
http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2015-June/004160.html


(Gor) #3

Thanks for reply,
I checked and i am connecting to a Fortigate firewall.
Firewaall is not under my control so any fix i will have to apply to vpnc client.

I tested with another vpnc connection to a Cisco ASA firewall.
Connection to Cisco is working just fine and is stable.

I also tried vpnc connection on Ubuntu 12.04 distribution which is working fine
connecting to the same fortigate fw.

So I’ thinking to follow what is on the page:
https://wiki.archlinux.org/index.php/Vpnc#Troubleshooting
I will rebuild vpnc package and exclude it from pacman updates
on mypc

Thanks


(Luca Giambonini) #4

better to implement it :wink: