secruity/vpnc port

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

secruity/vpnc port

Deanna Phillips-2
Does anyone use this port any more?

I've had a tough time getting it to work.  I'm not sure whether
it's because of misconfiguration by my employer, changes in
Cisco operation, or horrible documentation, and I can't really
work on it much since I get locked out after every few attempts.

Anyway, I've written a manual page for how it functions on
OpenBSD, and I suppose it could be added as a patch to the
dangerously out-date one supplied with the vpnc source, and added
to the pkg/PLIST.

The manual source is available at:

http://deanna.freeshell.org/vpnc.8

As an hopeful aside.. a record of my failure, using vpnc.sh -x
with no modifications except the conf file location and debug
level, is available at:

http://deanna.freeshell.org/vpnc.txt

Yes, I've tried changing the routing in vpnc.sh in several
ways.  Nothing seems to work.

I think that this port needs documentation and confirmation that
it actually works.


--
deanna at sdf


Reply | Threaded
Open this post in threaded view
|

Re: secruity/vpnc port

Alexander Hall
Deanna Phillips wrote:
> Does anyone use this port any more?

I use it regurarly. Some changes (for the better - simpler
configuration) in later updates. Only issue has been that it, for no
obvious reason, disconnects after 6-7 hours.

I only access one VPN using vpnc, though, and I do not know anything
above what I need to know just to get it running. But it (decently)
"just works". :-)

? Alexander

Reply | Threaded
Open this post in threaded view
|

Re: secruity/vpnc port

Nikolay Sturm-2
* Alexander Hall [2006-04-26]:
> configuration) in later updates. Only issue has been that it, for no
> obvious reason, disconnects after 6-7 hours.

The might be the rekeying, which vpnc does not support.

Nikolay

Reply | Threaded
Open this post in threaded view
|

Re: secruity/vpnc port

Nikolay Sturm-2
In reply to this post by Deanna Phillips-2
* Deanna Phillips [2006-04-23]:
> Does anyone use this port any more?

Not me. :)
 
> I've had a tough time getting it to work.  I'm not sure whether
> it's because of misconfiguration by my employer, changes in
> Cisco operation, or horrible documentation, and I can't really
> work on it much since I get locked out after every few attempts.

It still works out of the box for me. Make install, tweak config file
start vpnc. vpnc.sh is not needed anymore, for generic use just run
"vpnc".

> The manual source is available at:

I'll have a look at this over the weekend.
 
Nikolay

--
OpenPGP: 0x2036A3A7 - 64E4 7D77 F5C0 EA47 A901  51EF 6E54 6E4F 2036 A3A7
"The XFS you see in the kernel is not SGI-XFS but the X Font Server."
some user on [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: security/vpnc port

Deanna Phillips-2
Nikolay Sturm <[hidden email]> writes:

> * Deanna Phillips [2006-04-23]:
>> Does anyone use this port any more?
>
> Not me. :)
>  
>> I've had a tough time getting it to work.  I'm not sure whether
>> it's because of misconfiguration by my employer, changes in
>> Cisco operation, or horrible documentation, and I can't really
>> work on it much since I get locked out after every few attempts.
>
> It still works out of the box for me. Make install, tweak config file
> start vpnc. vpnc.sh is not needed anymore, for generic use just run
> "vpnc".

Yeah, none of that works for me.  Probably some mistake on my end.

>> The manual source is available at:
>
> I'll have a look at this over the weekend.

Don't bother -- it contains errors which I'd rather not correct,
else I be accused of being a perfectionist, or of trying too
hard. ;)

Joking aside, when I use a port and it doesn't have a manpage, I
feel compelled to write one.  It's my belief that every program
on the system, port or not, should have a decent manpage.  Am I
alone in this?

There are few things in unix that aggravate me more than:

man: no entry for <util> in the manual.

--
deanna at sdf

Reply | Threaded
Open this post in threaded view
|

Re: security/vpnc port

Ray Lai
On Thu, Apr 27, 2006 at 01:36:43PM +0000, Deanna Phillips wrote:

> Nikolay Sturm <[hidden email]> writes:
>
> > * Deanna Phillips [2006-04-23]:
> >> Does anyone use this port any more?
> >
> > Not me. :)
> >  
> >> I've had a tough time getting it to work.  I'm not sure whether
> >> it's because of misconfiguration by my employer, changes in
> >> Cisco operation, or horrible documentation, and I can't really
> >> work on it much since I get locked out after every few attempts.
> >
> > It still works out of the box for me. Make install, tweak config file
> > start vpnc. vpnc.sh is not needed anymore, for generic use just run
> > "vpnc".
>
> Yeah, none of that works for me.  Probably some mistake on my end.
>
> >> The manual source is available at:
> >
> > I'll have a look at this over the weekend.
>
> Don't bother -- it contains errors which I'd rather not correct,
> else I be accused of being a perfectionist, or of trying too
> hard. ;)
>
> Joking aside, when I use a port and it doesn't have a manpage, I
> feel compelled to write one.  It's my belief that every program
> on the system, port or not, should have a decent manpage.  Am I
> alone in this?
>
> There are few things in unix that aggravate me more than:
>
> man: no entry for <util> in the manual.

It's probably best to take it up upstream, unless you plan on
updating the man page every time the port changes.

-Ray-

Reply | Threaded
Open this post in threaded view
|

Re: security/vpnc port

Deanna Phillips-2
Ray Lai <[hidden email]> writes:

>>  Deanna Phillips [2006-04-23]:

>> Joking aside, when I use a port and it doesn't have a manpage, I
>> feel compelled to write one.  It's my belief that every program
>> on the system, port or not, should have a decent manpage.  Am I
>> alone in this?
>>
>> There are few things in unix that aggravate me more than:
>>
>> man: no entry for <util> in the manual.
>
> It's probably best to take it up upstream, unless you plan on
> updating the man page every time the port changes.

Yes, this is what I did with the recent transmission port.  That
doesn't solve the problem of ports being added without manual
pages, though, as it would normally take a release or two (and a
port update) for them to actually end up on an OpenBSD system.

I guess it'd be too draconian to ask that all porters add a
manual page (and submit it upstream) if their port is lacking
one -- but I think it would be nice.  The OpenBSD ports/packages
collection is smaller and neater than those provided by most
others, and something like this would make the difference more
evident.

Also, I've been following this project long enough to know that
such ideas are cheap, so I'll add that I'm perfectly willing
(and able) to write these manpages, and I'm sure there are
others who would be, as well.

--
deanna at sdf

Reply | Threaded
Open this post in threaded view
|

Re: security/vpnc port

Nikolay Sturm-2
* Deanna Phillips [2006-04-27]:
> I guess it'd be too draconian to ask that all porters add a
> manual page (and submit it upstream) if their port is lacking

Indeed, just think about ports with many binaries or, as the next
step, ports with crappy man pages. Then there's the question of quality,
would you expect committers to verify the man page as we do with the
port? That certainly wouldn't work. Last but not least, it would raise
the bar for new porters even higher. They just wouldn't have to learn
writing ports but writing man pages as well (if they were unlucky enough
to choose such a port as their first one).

Nikolay

--
OpenPGP: 0x2036A3A7 - 64E4 7D77 F5C0 EA47 A901  51EF 6E54 6E4F 2036 A3A7
"The XFS you see in the kernel is not SGI-XFS but the X Font Server."
some user on [hidden email]