Opened 10 years ago

Closed 10 years ago

Last modified 3 years ago

#2220 closed enhancement (fixed)

ipsec-tools should be compiled with --enable-hybrid

Reported by: lucaf3rr@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version:
Keywords: ipsec-tools racoon Cc:


ipsec-tools in kamikaze for Linux kernel 2.6 is compiled without the flag --enable-hybrid. This limits the types of connections available. Hybrid mode is required for successful interoperability with the Cisco VPN Client, for example.

The change to include --enable-hybrid in the Makefile has been tested successfully but should be included by default.

Attachments (0)

Change History (4)

comment:1 in reply to: ↑ description Changed 10 years ago by lucaf3rr@…

It seems that when using hybrid mode and the following configuration, together with Cisco VPN Client:

mode_cfg {
        network4;        # 1st address of VPN IPv4 pool
        pool_size 253;               # size of the VPN IP pool: 253 addresses
        auth_source system;          # validate logins against /etc/passwd
        dns4;            # IPv4 DNS server
        wins4;           # IPv4 WINS server
        banner "/etc/racoon/motd";   # Banner message for clients
        pfs_group 2;
        save_passwd on;

auth_source system, above, configures hybrid mode with /etc/passwd authentication. However, this authentication scheme depends on /etc/shadow. After some testing it can be verified that logins function if an /etc/shadow-file is created with the correct credentials.

Perhaps it is possible to patch ipsec-tools to use only /etc/passwd.

comment:2 follow-up: Changed 10 years ago by nico

  • Resolution set to fixed
  • Status changed from new to closed

Hybrid mode was enabled and shadow support was disabled in [8428], thanks for reporting!

comment:3 in reply to: ↑ 2 Changed 10 years ago by anonymous

Just a reminder: Kamikaze has the possibility to enable shadow passwords from menuconfig.

comment:4 Changed 3 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

as closed .
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.