|
»
»
« Return to Thread: vpnc or openvpn
Re: vpnc or openvpn
by Robert G. Brown
::
Rate this Message:
On Tue, 11 Mar 2008, Sean Dilda wrote:
> Robert G. Brown wrote:
>
>> e) I do in fact connect. By the time I'm entering username and
>> password, I'd better be connected to the server and the connection had
>> better already be bidirectionally encrypted.
>>
>
> Its quite possible for a program to ask for you username/password and store
> that in memory *before* ever opening a network connection. In fact, I
> believe that's what vpnc does. As a test, I changed the gateway line in my
> default.conf to an invalid host (but sadly, a hostname that does resolve due
> to earthlink's broken dns). This is what I found:
>
> [agrajag@athyra ~]$ sudo /usr/sbin/vpnc
> Enter username for duke-vpnlic.netcom.duke.edu: sdf
> Enter password for sdf@...:
> /usr/sbin/vpnc: receiving packet: Connection refused
That is almost exactly what I see, except that I get no response from
target. Cranking up tcpdump:
rgb@cain|B:1008#tcpdump -i wlan0 src or dst
duke-vpn-public.netcom.duke.edu
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes
14:59:12.567825 IP cain.rgb.private.net.isakmp >
duke-vpn-public.netcom.duke.edu.isakmp: isakmp: phase 1 I agg
14:59:12.899579 IP duke-vpn-public.netcom.duke.edu.isakmp >
cain.rgb.private.net.isakmp: isakmp: phase 1 R agg
14:59:12.920048 IP duke-vpn-public.netcom.duke.edu >
cain.rgb.private.net: udp
14:59:13.567140 IP cain.rgb.private.net.isakmp >
duke-vpn-public.netcom.duke.edu.isakmp: isakmp: phase 1 I agg
14:59:15.567148 IP cain.rgb.private.net.isakmp >
duke-vpn-public.netcom.duke.edu.isakmp: isakmp: phase 1 I agg
14:59:19.567137 IP cain.rgb.private.net.isakmp >
duke-vpn-public.netcom.duke.edu.isakmp: isakmp: phase 1 I agg
14:59:20.978365 IP duke-vpn-public.netcom.duke.edu.isakmp >
cain.rgb.private.net.isakmp: isakmp: phase 1 R agg
14:59:20.999587 IP duke-vpn-public.netcom.duke.edu >
cain.rgb.private.net: udp
14:59:29.071127 IP duke-vpn-public.netcom.duke.edu.isakmp >
cain.rgb.private.net.isakmp: isakmp: phase 1 R agg
14:59:29.091832 IP duke-vpn-public.netcom.duke.edu >
cain.rgb.private.net: udp
14:59:37.004829 IP duke-vpn-public.netcom.duke.edu.isakmp >
cain.rgb.private.net.isakmp: isakmp: phase 1 R agg
14:59:37.025527 IP duke-vpn-public.netcom.duke.edu >
cain.rgb.private.net: udp
14:59:44.970091 IP duke-vpn-public.netcom.duke.edu.isakmp >
cain.rgb.private.net.isakmp: isakmp: phase 2/others R inf[E]
14:59:44.970148 IP cain.rgb.private.net >
duke-vpn-public.netcom.duke.edu: ICMP cain.rgb.private.net udp port
isakmp unreachable, length 128
It looks like the isakmp packets are coming back from the vpn, but
possibly broken or in some form that vpnc is unhappy with -- alas it has
nothing like a verbose mode that I can see. I'm down to the point where
I have to suspect that e.g. Intrex has a MoM attack running that is
mucking with the packets in transit, or (given that they are UDP) that
some sort of corruption is occurring. But if so, it is strange that it
hits only the one laptop and not the other, both on wireless. Maybe it
is the wireless card -- intel on one and broadcom on the other. Who
knows.
At this point, my laptop has no firewall at all running, and my
household gateway even without all of the port forwarding works with
vpnclient with all the other older systems in the house. I am quite
sure of this. I have turned off the firewall both with
system-config-firewall and by running /etc/init.d/iptables stop. I've
verified with traceroute and tcpdump that I can hit my laptop on isakmp
from ganesh in the physics department:
15:20:18.871923 IP ganesh.phy.duke.edu.32853 > cain.rgb.private.net.isakmp: isakmp:
(from tcpdump on my laptop, indicating that packets to this port are
indeed getting through all intervening barriers).
I'm about done. This has eaten yet another hour or two. If anybody can
make sense of the above, please let me know. Otherwise I have to get
some work done.
rgb
--
Robert G. Brown Phone(cell): 1-919-280-8443
Duke University Physics Dept, Box 90305
Durham, N.C. 27708-0305
Web: http://www.phy.duke.edu/~rgb
Book of Lilith Website: http://www.phy.duke.edu/~rgb/Lilith/Lilith.php
Lulu Bookstore: http://stores.lulu.com/store.php?fAcctID=877977
_______________________________________________
Dulug mailing list
Dulug@...
https://lists.dulug.duke.edu/mailman/listinfo/dulug
> Robert G. Brown wrote:
>
>> e) I do in fact connect. By the time I'm entering username and
>> password, I'd better be connected to the server and the connection had
>> better already be bidirectionally encrypted.
>>
>
> Its quite possible for a program to ask for you username/password and store
> that in memory *before* ever opening a network connection. In fact, I
> believe that's what vpnc does. As a test, I changed the gateway line in my
> default.conf to an invalid host (but sadly, a hostname that does resolve due
> to earthlink's broken dns). This is what I found:
>
> [agrajag@athyra ~]$ sudo /usr/sbin/vpnc
> Enter username for duke-vpnlic.netcom.duke.edu: sdf
> Enter password for sdf@...:
> /usr/sbin/vpnc: receiving packet: Connection refused
That is almost exactly what I see, except that I get no response from
target. Cranking up tcpdump:
rgb@cain|B:1008#tcpdump -i wlan0 src or dst
duke-vpn-public.netcom.duke.edu
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes
14:59:12.567825 IP cain.rgb.private.net.isakmp >
duke-vpn-public.netcom.duke.edu.isakmp: isakmp: phase 1 I agg
14:59:12.899579 IP duke-vpn-public.netcom.duke.edu.isakmp >
cain.rgb.private.net.isakmp: isakmp: phase 1 R agg
14:59:12.920048 IP duke-vpn-public.netcom.duke.edu >
cain.rgb.private.net: udp
14:59:13.567140 IP cain.rgb.private.net.isakmp >
duke-vpn-public.netcom.duke.edu.isakmp: isakmp: phase 1 I agg
14:59:15.567148 IP cain.rgb.private.net.isakmp >
duke-vpn-public.netcom.duke.edu.isakmp: isakmp: phase 1 I agg
14:59:19.567137 IP cain.rgb.private.net.isakmp >
duke-vpn-public.netcom.duke.edu.isakmp: isakmp: phase 1 I agg
14:59:20.978365 IP duke-vpn-public.netcom.duke.edu.isakmp >
cain.rgb.private.net.isakmp: isakmp: phase 1 R agg
14:59:20.999587 IP duke-vpn-public.netcom.duke.edu >
cain.rgb.private.net: udp
14:59:29.071127 IP duke-vpn-public.netcom.duke.edu.isakmp >
cain.rgb.private.net.isakmp: isakmp: phase 1 R agg
14:59:29.091832 IP duke-vpn-public.netcom.duke.edu >
cain.rgb.private.net: udp
14:59:37.004829 IP duke-vpn-public.netcom.duke.edu.isakmp >
cain.rgb.private.net.isakmp: isakmp: phase 1 R agg
14:59:37.025527 IP duke-vpn-public.netcom.duke.edu >
cain.rgb.private.net: udp
14:59:44.970091 IP duke-vpn-public.netcom.duke.edu.isakmp >
cain.rgb.private.net.isakmp: isakmp: phase 2/others R inf[E]
14:59:44.970148 IP cain.rgb.private.net >
duke-vpn-public.netcom.duke.edu: ICMP cain.rgb.private.net udp port
isakmp unreachable, length 128
It looks like the isakmp packets are coming back from the vpn, but
possibly broken or in some form that vpnc is unhappy with -- alas it has
nothing like a verbose mode that I can see. I'm down to the point where
I have to suspect that e.g. Intrex has a MoM attack running that is
mucking with the packets in transit, or (given that they are UDP) that
some sort of corruption is occurring. But if so, it is strange that it
hits only the one laptop and not the other, both on wireless. Maybe it
is the wireless card -- intel on one and broadcom on the other. Who
knows.
At this point, my laptop has no firewall at all running, and my
household gateway even without all of the port forwarding works with
vpnclient with all the other older systems in the house. I am quite
sure of this. I have turned off the firewall both with
system-config-firewall and by running /etc/init.d/iptables stop. I've
verified with traceroute and tcpdump that I can hit my laptop on isakmp
from ganesh in the physics department:
15:20:18.871923 IP ganesh.phy.duke.edu.32853 > cain.rgb.private.net.isakmp: isakmp:
(from tcpdump on my laptop, indicating that packets to this port are
indeed getting through all intervening barriers).
I'm about done. This has eaten yet another hour or two. If anybody can
make sense of the above, please let me know. Otherwise I have to get
some work done.
rgb
--
Robert G. Brown Phone(cell): 1-919-280-8443
Duke University Physics Dept, Box 90305
Durham, N.C. 27708-0305
Web: http://www.phy.duke.edu/~rgb
Book of Lilith Website: http://www.phy.duke.edu/~rgb/Lilith/Lilith.php
Lulu Bookstore: http://stores.lulu.com/store.php?fAcctID=877977
_______________________________________________
Dulug mailing list
Dulug@...
https://lists.dulug.duke.edu/mailman/listinfo/dulug
« Return to Thread: vpnc or openvpn
| Free embeddable forum powered by Nabble | Forum Help |
