Add vpnc patches to ease usage of VPN for FRITZ box users

As asked here on TJC


and here as well

This tiny little patch

— /root/rpmbuild/SOURCES/vpnc-0.5.3/vpnc.c.orig+++ /root/rpmbuild/SOURCES/vpnc-0.5.3/vpnc.c@@ -93,7 +93,11 @@0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E,0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F};-const unsigned char VID_NATT_RFC[] = { /* “RFC 3947” /+const unsigned char VID_NATT_03[] = { / “draft-ietf-ipsec-nat-t-ike-03” /+ 0x7d, 0x94, 0x19, 0xa6, 0x53, 0x10, 0xca, 0x6f,+ 0x2c, 0x17, 0x9d, 0x92, 0x15, 0x52, 0x9d, 0x56+};+const unsigned char VID_NATT_RFC[] = { / “RFC 3947” */0x4A, 0x13, 0x1C, 0x81, 0x07, 0x03, 0x58, 0x45,0x5C, 0x57, 0x28, 0xF2, 0x0E, 0x95, 0x45, 0x2F};@@ -146,6 +150,7 @@{ VID_NATT_01, sizeof(VID_NATT_01), “Nat-T 01” },{ VID_NATT_02, sizeof(VID_NATT_02), “Nat-T 02” },{ VID_NATT_02N, sizeof(VID_NATT_02N), “Nat-T 02N” },+ { VID_NATT_03, sizeof(VID_NATT_03), “Nat-T 03” },{ VID_NATT_RFC, sizeof(VID_NATT_RFC), “Nat-T RFC” },{ VID_DWR, sizeof(VID_DWR), “Delete With Reason” },{ VID_CISCO_FRAG, sizeof(VID_CISCO_FRAG), “Cisco Fragmentation” },@@ -1086,7 +1092,8 @@a->af = isakmp_attr_lots;a->u.lots.length = 4;a->u.lots.data = xallocc(a->u.lots.length);- *((uint32_t ) a->u.lots.data) = htonl(2147483);+ //((uint32_t *) a->u.lots.data) = htonl(2147483);+ *((uint32_t *) a->u.lots.data) = htonl(3600);a = new_isakmp_attribute_16(IKE_ATTRIB_LIFE_TYPE, IKE_LIFE_TYPE_SECONDS, a);a = new_isakmp_attribute_16(IKE_ATTRIB_AUTH_METHOD, auth, a);a = new_isakmp_attribute_16(IKE_ATTRIB_GROUP_DESC, dh_group, a);@@ -1272,6 +1279,8 @@l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,VID_NATT_RFC, sizeof(VID_NATT_RFC));l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,+ VID_NATT_03, sizeof(VID_NATT_03));+ l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,VID_NATT_02N, sizeof(VID_NATT_02N));@@ -1497,6 +1506,12 @@seen_natt_vid = 1;if (natt_draft < 1) natt_draft = 2;DEBUG(2, printf(“peer is NAT-T capable (RFC3947)\n”));+ } else if (rp->u.vid.length == sizeof(VID_NATT_03)+ && memcmp(rp->u.vid.data, VID_NATT_03,+ sizeof(VID_NATT_03)) == 0) {+ seen_natt_vid = 1;+ if (natt_draft < 1) natt_draft = 2;+ DEBUG(2, printf(“peer is NAT-T capable (draft-03)\n”));} else if (rp->u.vid.length == sizeof(VID_NATT_02N)&& memcmp(rp->u.vid.data, VID_NATT_02N,sizeof(VID_NATT_02N)) == 0) {@@ -2498,7 +2513,8 @@a->af = isakmp_attr_lots;a->u.lots.length = 4;a->u.lots.data = xallocc(a->u.lots.length);- *((uint32_t ) a->u.lots.data) = htonl(2147483);+ //((uint32_t *) a->u.lots.data) = htonl(2147483);+ *((uint32_t *) a->u.lots.data) = htonl(3600);a = new_isakmp_attribute_16(ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE, IPSEC_LIFE_SECONDS, a);if (dh_group)

would fix that.
For now you would need to check version of vpnc (SFOS3.2 ~ 0.5.3) and download sources, apply patch, compile and install to /usr/sbin to allow configuring and using with GUI. Or install some nokius provided package from sailfishmods.de.

Would you please consider?

3 Likes

Dear Peter,

would you please tell me more about the package from Nokius? I can’t find it, the download doesn’t seem to work on this site:
https://sailfishmods.de/2019/05/tippstricks-fritzbox-vpn-unter-sailfishos-einrichten/

Cheers!

What would you like to know?
I am not using it nor did I check it.

But I am sure my first mentioned TJC thread above holds all info you are looking for.

1 Like

Dear dexic, yep, you are right. The built packages are no longer available. But it’s not big loss since they were built for SF 3.3 anyway.

The most recent packages from Nokius can be found here:

I use them to connect my Xperia 10plus (firmware 3.4) with vpnc to an FritzBox. They are working fine for me. The description mentioned above on sailfimods.de is for an old version of the gui. The packages seem to be updated for 3.4 now. The previous package for 3.3 was working too, but always lost parts of the configuration after being used. Saving the PSK or authentication was not working. With the version from November 23. I can simply reconnect to my FritzBox and everything is working fine.

1 Like