Add vpnc patches to ease usage of VPN for FRITZ box users

As asked here on TJC

and here as well

This tiny little patch

— /root/rpmbuild/SOURCES/vpnc-0.5.3/vpnc.c.orig+++ /root/rpmbuild/SOURCES/vpnc-0.5.3/vpnc.c@@ -93,7 +93,11 @@0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E,0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F};-const unsigned char VID_NATT_RFC[] = { /* “RFC 3947” /+const unsigned char VID_NATT_03[] = { / “draft-ietf-ipsec-nat-t-ike-03” /+ 0x7d, 0x94, 0x19, 0xa6, 0x53, 0x10, 0xca, 0x6f,+ 0x2c, 0x17, 0x9d, 0x92, 0x15, 0x52, 0x9d, 0x56+};+const unsigned char VID_NATT_RFC[] = { / “RFC 3947” */0x4A, 0x13, 0x1C, 0x81, 0x07, 0x03, 0x58, 0x45,0x5C, 0x57, 0x28, 0xF2, 0x0E, 0x95, 0x45, 0x2F};@@ -146,6 +150,7 @@{ VID_NATT_01, sizeof(VID_NATT_01), “Nat-T 01” },{ VID_NATT_02, sizeof(VID_NATT_02), “Nat-T 02” },{ VID_NATT_02N, sizeof(VID_NATT_02N), “Nat-T 02N” },+ { VID_NATT_03, sizeof(VID_NATT_03), “Nat-T 03” },{ VID_NATT_RFC, sizeof(VID_NATT_RFC), “Nat-T RFC” },{ VID_DWR, sizeof(VID_DWR), “Delete With Reason” },{ VID_CISCO_FRAG, sizeof(VID_CISCO_FRAG), “Cisco Fragmentation” },@@ -1086,7 +1092,8 @@a->af = isakmp_attr_lots;a->u.lots.length = 4;a->u.lots.data = xallocc(a->u.lots.length);- *((uint32_t ) a->u.lots.data) = htonl(2147483);+ //((uint32_t *) a->u.lots.data) = htonl(2147483);+ *((uint32_t *) a->u.lots.data) = htonl(3600);a = new_isakmp_attribute_16(IKE_ATTRIB_LIFE_TYPE, IKE_LIFE_TYPE_SECONDS, a);a = new_isakmp_attribute_16(IKE_ATTRIB_AUTH_METHOD, auth, a);a = new_isakmp_attribute_16(IKE_ATTRIB_GROUP_DESC, dh_group, a);@@ -1272,6 +1279,8 @@l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,VID_NATT_RFC, sizeof(VID_NATT_RFC));l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,+ VID_NATT_03, sizeof(VID_NATT_03));+ l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,VID_NATT_02N, sizeof(VID_NATT_02N));@@ -1497,6 +1506,12 @@seen_natt_vid = 1;if (natt_draft < 1) natt_draft = 2;DEBUG(2, printf(“peer is NAT-T capable (RFC3947)\n”));+ } else if (rp->u.vid.length == sizeof(VID_NATT_03)+ && memcmp(rp->u.vid.data, VID_NATT_03,+ sizeof(VID_NATT_03)) == 0) {+ seen_natt_vid = 1;+ if (natt_draft < 1) natt_draft = 2;+ DEBUG(2, printf(“peer is NAT-T capable (draft-03)\n”));} else if (rp->u.vid.length == sizeof(VID_NATT_02N)&& memcmp(rp->u.vid.data, VID_NATT_02N,sizeof(VID_NATT_02N)) == 0) {@@ -2498,7 +2513,8 @@a->af = isakmp_attr_lots;a->u.lots.length = 4;a->u.lots.data = xallocc(a->u.lots.length);- *((uint32_t ) a->u.lots.data) = htonl(2147483);+ //((uint32_t *) a->u.lots.data) = htonl(2147483);+ *((uint32_t *) a->u.lots.data) = htonl(3600);a = new_isakmp_attribute_16(ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE, IPSEC_LIFE_SECONDS, a);if (dh_group)

would fix that.
For now you would need to check version of vpnc (SFOS3.2 ~ 0.5.3) and download sources, apply patch, compile and install to /usr/sbin to allow configuring and using with GUI. Or install some nokius provided package from sailfishmods.de.

Would you please consider?

Dear Peter,

would you please tell me more about the package from Nokius? I can’t find it, the download doesn’t seem to work on this site:
https://sailfishmods.de/2019/05/tippstricks-fritzbox-vpn-unter-sailfishos-einrichten/

Cheers!

What would you like to know?
I am not using it nor did I check it.

But I am sure my first mentioned TJC thread above holds all info you are looking for.

Dear dexic, yep, you are right. The built packages are no longer available. But it’s not big loss since they were built for SF 3.3 anyway.

The most recent packages from Nokius can be found here:

I use them to connect my Xperia 10plus (firmware 3.4) with vpnc to an FritzBox. They are working fine for me. The description mentioned above on sailfimods.de is for an old version of the gui. The packages seem to be updated for 3.4 now. The previous package for 3.3 was working too, but always lost parts of the configuration after being used. Saving the PSK or authentication was not working. With the version from November 23. I can simply reconnect to my FritzBox and everything is working fine.

Bumping this up.

As there is still no reply at all after 2 years (in this forum) and 4-5 years on TJC.

This affects a lot of Germans (where AVM, FritzBox is quite often used).
Everybody is happy to download a binary from internet location and use this?

And in 4.3.0 the Cisco / VPNC client is still not able to connect to a FRITZ Box

I think VPNC has Cisco specific features (and limitations).
I think there should be IPSec/IKEv1 (&IKEv2) VPN setup that uses StrongSwan (or Openswan, Libreswan)

We now track this issue internally.

Is there a compiled binary to downloaf sonewhere for the latest SFOS version? It seems that the links above are not working anymore. Thanks in advance.

The working link to the actual files is here VPN Connection to a Fritz Box - #8 by jpa

Fritz!OS does apparently support Wireguard VPN too now.

Maybe this can solve this issue as well?

Unfortunately, for my device (5530) there is only v7.29 available yet. I will report back if vpn through wireguard works with Sailfish once a compatible release is available for my box!

Good news, hopefully that will help. I have a 7590 with Freetz on it and don’t want to fiddle too much with it as the system works and does what it should.
The 7490 could get the update as well.

There has been Wireguard support in FreetzNG for a while, but I know exactely what you mean regarding fiddling:) Never change a running system (and FreetzNG is even more experimental:-)).

It seems the latest Wireguard package 0.4 (WireGuard for Sailfish (Settings UI) | OpenRepos.net — Community Repository System) works well together with official FritzOS 7.50!

Great! No 7.5 release for the Fritz!Box 5530 available yet, but I can’t wait to check it out!

It seems the 5530 had the 7.30 update just released in September, maybe it takes some more time to update this specific device?

We’ll see… There might be some experimental lab firmware available but well - I can wait a bit. Support has been announced eventually, so I’m confident it will arrive rather sooner than later…
It’s a very nice box anyways.

I forgot to mention that the patches found above work on an XA2+ and I could connect via Cisco protocol to a FritzBox 7490. Thank you all for the tips and @Nokius for the patches.

This bug is fixed now as of 4.5.0.16: