debian/0000775000000000000000000000000011740633641007175 5ustar debian/vpnc.postinst0000664000000000000000000000016711740633014011746 0ustar #!/bin/sh set -e dpkg-maintscript-helper rm_conffile /etc/vpnc/example.conf 0.5.3r449-3 -- "$@" #DEBHELPER# exit 0 debian/watch0000664000000000000000000000010711740633014010216 0ustar version=3 http://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-(.*)\.tar\.gz debian/vpnc.postrm0000664000000000000000000000016711740633014011407 0ustar #!/bin/sh set -e dpkg-maintscript-helper rm_conffile /etc/vpnc/example.conf 0.5.3r449-3 -- "$@" #DEBHELPER# exit 0 debian/vpnc.docs0000664000000000000000000000001411740633014011002 0ustar README TODO debian/source/0000775000000000000000000000000011740633641010475 5ustar debian/source/format0000664000000000000000000000001411740633014011675 0ustar 3.0 (quilt) debian/README.Debian0000664000000000000000000001024411740633014011231 0ustar vpnc for Debian =============== The Debian version of vpnc has a few improvements compared to the upstream version, mainly in the daemon invocation script. The vpnc-connect script works with multiple "profile" files, so you can manage multiple configurations easily. See the vpnc-connect manpage for details. UPGRADE NOTES ============= If you have been using Debian-specific extensions with "Target networks" and "DNSupdate" directives, consider changing your praxis to use the official upstream configuration way now. See /usr/share/doc/vpnc/README.gz file for details about replacing network routes with custom ones using the variables of vpnc-script. You can either wrap /etc/vpnc/vpnc-script into a custom script which presets those variables (like documented in the example in README.gz) or use vpnc-script-connect-action and vpnc-script-disconnect-action scripts to set them separately (see below), which may or may not be wanted depending on your setup. Or you can symlink them to have the same config in both phases. The same applies to the disabling of DNS data updates. The old methods are preserved with compatibility wrappers until after the release of wheezy, and should be avoided with new installations. NETWORK MANAGER AND VPNC ======================== NetworkManager does not play well with other programs that modify routes and interfaces outside of its framework. This means your VPN will go down as soon as NetworkManager decides to reconfigure your internet connection, possibly in response to discovering the newly-established VPN. Please install the network-manager-vpnc package for proper NetworkManager integration. CONFIGURATION ============= /etc/vpnc/default.conf contains a sample config for vpnc/vpnc-connect. You can uncomment and adjust the settings, or create a different configuration by copying it to, say, myvpn.conf and then select that by calling vpnc myvpn Or use the pcf2vpnc script to convert existing pcf files (Cisco client configuration), running the following command: /usr/share/vpnc/pcf2vpnc myvpn.pcf > /etc/vpnc/myvpn.conf You may edit the resulting file to add the remote username. In order to use the DNS server reported by the VPN server, please install the resolvconf package. vpnc-script, which handles routing and DNS updates, can be customized by adding scripts to be run before and after connecting and disconnecting, respectively. The names of the scripts that will be sourced by /etc/vpnc/vpnc-script are: /etc/vpnc/vpnc-script-connect-action /etc/vpnc/vpnc-script-post-connect-action /etc/vpnc/vpnc-script-disconnect-action /etc/vpnc/vpnc-script-post-disconnect-action See the comments at the top of vpnc-script for the environment variables you have access to. (IN)SECURITY WARNING ==================== As described at this URL: , which references a Bugtraq thread starting at: ("ISSUE 2") simple XAUTH relying only on pre-shared keys ("group password" method), is not a secure way to set up a trusted connection. In addition to giving away the confidentiality of the VPN session (man-in-the-middle attack), this configuration may disclose the user's password and thus enable the attacker to establish future VPN connections on his own and/or access other services protected by that password (identity theft). Cisco has implemented a different authentication mechanism that requires the use of a certificate in the client in order to securely establish the identity of the VPN server ("Hybrid Auth", "Mutual Group Authentication"). This mechanism is not known to be vulnerable. In short: If a simple configuration file with a group key and your password is enough to establish a VPN connection (auth-mode psk), you're vulnerable. Don't use a password that can also be used in other places, and don't assume your connection to be more secure. If however establishing a VPN connection requires a certificate identifying the server in addition to a group key and your password (auth-mode hybrid), you should be safe. -- Eduard Bloch -- Fri, 14 Apr 2006 23:08:54 +0200 -- Florian Schlichting -- Fri, 13 Jan 2012 19:56:41 +0200 debian/vpnc.links0000664000000000000000000000025411740633014011200 0ustar usr/sbin/vpnc usr/sbin/vpnc-connect usr/share/man/man8/vpnc.8.gz usr/share/man/man8/vpnc-connect.8.gz usr/share/man/man8/vpnc.8.gz usr/share/man/man8/vpnc-disconnect.8.gz debian/copyright0000664000000000000000000000411711740633014011125 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Source: http://svn.unix-ag.uni-kl.de/vpnc/ Upstream-Name: vpnc Upstream-Contact: vpnc-devel@unix-ag.uni-kl.de Files: * Copyright: 1999, Pierre Beyssac 2002, Geoffrey Keating 2003, Christian Lackas 2003, Damion K. Wilson 2003, Eduard Bloch 2003-2011, Maurice Massar 2003-2005, OpenVPN Solutions LLC 2004, Martin von Gagern 2004, Tomas Mraz 2004, Stefan Tomanek 2005, Michael Tilstra 2006, Daniel Roethlisberger 2006-2007, Dan Villiom Podlaski Christiansen 2006-2007, Wolfram Sang 2007-2011, Joerg Mayer 2007, Paolo Zarpellon 2009-2012, Antonio Borneo License: GPL-2+ Files: dh.* math_group.* Copyright: 1998, Niels Provos 1999-2000 Niklas Hallqvist License: BSD-2-clause Files: debian/* Copyright: 2003-2008, Eduard Bloch 2008-2010, Eric Warmenhoven 2010, Reinhard Tartler 2011-2012, Florian Schlichting License: GPL-2+ License: BSD-2-clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. . On Debian systems, the complete text of version 2 of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. debian/vpnc.lintian-overrides0000664000000000000000000000026011740633014013513 0ustar # restrictive permissions to protect password in config file vpnc: non-standard-dir-perm etc/vpnc/ 0700 != 0755 vpnc: non-standard-file-perm etc/vpnc/default.conf 0600 != 0644 debian/patches/0000775000000000000000000000000011740633641010624 5ustar debian/patches/series0000664000000000000000000000015611740633131012035 0ustar 03_vpnc.8.patch 04_debianitis.patch fix_make_test.patch fix_makefile_VERSION.patch fetch-split-dns-prop.patch debian/patches/04_debianitis.patch0000664000000000000000000000745411740633014014267 0ustar Description: "Debian specific" changes: DNS_UPDATE, TARGET_NETWORKS, /etc/vpnc/vpnc-script-post-[dis]connect-action Author: Eduard Bloch Forwarded: no --- a/config.c +++ b/config.c @@ -205,6 +205,16 @@ return "0.0.0.0/0.0.0.0"; } +static const char *config_def_networks_list(void) +{ + return ""; +} + +static const char *config_def_dns_update(void) +{ + return "Yes"; +} + static const struct config_names_s { enum config_enum nm; const int needsArgument; @@ -468,7 +478,27 @@ "", "Target network in dotted decimal or CIDR notation\n", config_def_target_network - }, { + }, + { + CONFIG_DNS_UPDATE, 1, 1, + "--dns-update", + "DNSUpdate", + "", + "DEPRECATED extension, see README.Debian for details", + config_def_dns_update + }, + + { + CONFIG_TARGET_NETWORKS, 1, 1, + "--target-networks", + "Target Networks", + NULL, + "DEPRECATED extension, see README.Debian for details", + config_def_networks_list + }, + + + { 0, 0, 0, NULL, NULL, NULL, NULL, NULL } }; --- a/config.h +++ b/config.h @@ -59,6 +59,11 @@ CONFIG_AUTH_MODE, CONFIG_CA_FILE, CONFIG_CA_DIR, + + + CONFIG_DNS_UPDATE, + CONFIG_TARGET_NETWORKS, + LAST_CONFIG }; --- a/vpnc-script +++ b/vpnc-script @@ -557,6 +558,27 @@ } do_connect() { + # Debian specific, insert your code there to avoid modification of + # conffiles like this script + if [ -r /etc/vpnc/vpnc-script-connect-action ] ; then + . /etc/vpnc/vpnc-script-connect-action + fi + # backwards compatibility mapping for old extensions + if test "$TARGET_NETWORKS" ; then + i=0 + for network in $TARGET_NETWORKS ; do + eval CISCO_SPLIT_INC_${i}_ADDR=`echo $network | cut -f1 -d/` + eval CISCO_SPLIT_INC_${i}_MASKLEN=`echo $network | cut -f2 -d/` + eval CISCO_SPLIT_INC_${i}_MASK=$( perl -e '$ARGV[0]=~s,.*/,,;$m=(2**$ARGV[0]-1)<<(32-$ARGV[0]);printf "%d.%d.%d.%d\n", $m>>24 & 0xff, $m>>16 & 0xff, $m>>8 & 0xff, $m & 0xff;' $network ) + eval CISCO_SPLIT_INC_${i}_PROTOCOL=0 + eval CISCO_SPLIT_INC_${i}_SPORT=0 + eval CISCO_SPLIT_INC_${i}_DPORT=0 + i=`expr $i + 1` + done + CISCO_SPLIT_INC=$i + fi + ## end Debian specific + if [ -n "$CISCO_BANNER" ]; then echo "Connect Banner:" echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done @@ -607,12 +629,30 @@ set_ipv6_default_route fi - if [ -n "$INTERNAL_IP4_DNS" ]; then - $MODIFYRESOLVCONF + case "$DNS_UPDATE" in + *no|*NO|*No|*nO) + ;; + *) + if [ -n "$INTERNAL_IP4_DNS" ]; then + $MODIFYRESOLVCONF + fi + ;; + esac + + if [ -r /etc/vpnc/vpnc-script-post-connect-action ] ; then + . /etc/vpnc/vpnc-script-post-connect-action fi + } do_disconnect() { + + # Debian specific, insert your code there to avoid modification of + # conffiles like this script + if [ -r /etc/vpnc/vpnc-script-disconnect-action ] ; then + . /etc/vpnc/vpnc-script-disconnect-action + fi + if [ -n "$CISCO_SPLIT_INC" ]; then i=0 while [ $i -lt $CISCO_SPLIT_INC ] ; do @@ -655,8 +695,17 @@ del_vpngateway_route - if [ -n "$INTERNAL_IP4_DNS" ]; then - $RESTORERESOLVCONF + case "$DNS_UPDATE" in + *no|*NO|*No|*nO) + ;; + *) + if [ -n "$INTERNAL_IP4_DNS" ]; then + $RESTORERESOLVCONF + fi + ;; + esac + if [ -r /etc/vpnc/vpnc-script-post-disconnect-action ] ; then + . /etc/vpnc/vpnc-script-post-disconnect-action fi destroy_tun_device } --- a/vpnc.c +++ b/vpnc.c @@ -377,6 +377,9 @@ { setenv("VPNGATEWAY", inet_ntoa(s->dst), 1); setenv("reason", "connect", 1); + // DEPRECATED, Debian specific + setenv("DNS_UPDATE", config[CONFIG_DNS_UPDATE], 1); + setenv("TARGET_NETWORKS", config[CONFIG_TARGET_NETWORKS], 1); system(config[CONFIG_SCRIPT]); } debian/patches/fix_makefile_VERSION.patch0000664000000000000000000000134211740633014015467 0ustar Description: ensure that Makefile defines a proper vpnc version, including SVN revision mk-version contains multiple bashisms and needs to be called inside an svn checkout (or full git-svn clone) in order to report the correct SVN revision. Since we have this info in debian/changelog, take it from there instead. Author: Florian Schlichting Forwarded: not-needed --- a/Makefile +++ b/Makefile @@ -57,7 +57,7 @@ CRYPTO_OBJS = $(addsuffix .o,$(basename $(CRYPTO_SRCS))) BINOBJS = $(addsuffix .o,$(BINS)) BINSRCS = $(addsuffix .c,$(BINS)) -VERSION := $(shell sh mk-version) +VERSION=$(shell dpkg-parsechangelog | sed -rne 's,^Version: ([^-]+).*,\1,p') RELEASE_VERSION := $(shell cat VERSION) CC=gcc debian/patches/03_vpnc.8.patch0000664000000000000000000000100311740633014013247 0ustar Description: Remove obsolete TODO from vpnc(8) manpage Author: Florian Schlichting Forwarded: no --- a/vpnc.8.template +++ b/vpnc.8.template @@ -187,12 +187,6 @@ disabling /etc/resolv.conf rewriting is documented in the README of the vpnc package. -.SH TODO -.PD 0 -Certificate support (Pre-Shared-Key + XAUTH is known to be insecure). -.P -Further points can be found in the TODO file. -.PD .SH AUTHOR This man-page has been written by Eduard Bloch and debian/patches/fix_make_test.patch0000664000000000000000000000113211740633014014456 0ustar Description: fix 'make test' failure due to expired certificate cert0.pem Author: Antonio Borneo Origin: http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2011-September/003609.html --- a/Makefile +++ b/Makefile @@ -114,7 +114,7 @@ rm -rf vpnc-$* test : all - ./test-crypto test/cert.pem test/cert0.pem test/cert1.pem test/cert2.pem test/root.pem + ./test-crypto test/cert.pem test/cert1.pem test/cert2.pem test/root.pem #./test-crypto test/cert.pem test/cert0.crt test/cert1.crt test/cert2.crt test/root.crt dist : VERSION vpnc.8 vpnc-$(RELEASE_VERSION).tar.gz debian/patches/fetch-split-dns-prop.patch0000664000000000000000000000432711740633131015627 0ustar Description: Fetch split DNS information from Cisco servers Cisco servers can optionally include a list of domain names that are configured using split DNS. . Request that list, and then export it to the vpnc-script Origin: http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2012-March/003738.html Author: Evan Broder Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/954747 Forwarded: yes Index: vpnc-0.5.3r512/vpnc.c =================================================================== --- vpnc-0.5.3r512.orig/vpnc.c 2012-03-13 23:21:45.000000000 -0700 +++ vpnc-0.5.3r512/vpnc.c 2012-03-13 23:37:09.495911698 -0700 @@ -1086,6 +1086,18 @@ } break; + case ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_DNS: + if (a->af != isakmp_attr_lots) { + reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED; + break; + } + strbuf = xallocc(a->u.lots.length + 1); + memcpy(strbuf, a->u.lots.data, a->u.lots.length); + addenv("CISCO_SPLIT_DNS", strbuf); + free(strbuf); + DEBUG(2, printf("Split DNS: %s\n", a->u.lots.data)); + break; + case ISAKMP_MODECFG_ATTRIB_CISCO_SAVE_PW: DEBUG(2, printf("got save password setting: %d\n", a->u.attr_16)); break; @@ -2433,6 +2445,7 @@ a->u.lots.data = xallocc(a->u.lots.length); memcpy(a->u.lots.data, uts.nodename, a->u.lots.length); + a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_DNS, a); a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_INC, a); a = new_isakmp_attribute(ISAKMP_MODECFG_ATTRIB_CISCO_SAVE_PW, a); Index: vpnc-0.5.3r512/vpnc-script =================================================================== --- vpnc-0.5.3r512.orig/vpnc-script 2012-03-13 23:21:45.000000000 -0700 +++ vpnc-0.5.3r512/vpnc-script 2012-03-13 23:21:45.000000000 -0700 @@ -15,6 +15,7 @@ #* INTERNAL_IP6_DNS -- IPv6 list of dns servers #* CISCO_DEF_DOMAIN -- default domain name #* CISCO_BANNER -- banner from server +#* CISCO_SPLIT_DNS -- comma-separated list of domain names with split DNS #* CISCO_SPLIT_INC -- number of networks in split-network-list #* CISCO_SPLIT_INC_%d_ADDR -- network address #* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0) debian/vpnc.preinst0000664000000000000000000000016711740633014011547 0ustar #!/bin/sh set -e dpkg-maintscript-helper rm_conffile /etc/vpnc/example.conf 0.5.3r449-3 -- "$@" #DEBHELPER# exit 0 debian/compat0000664000000000000000000000000211740633014010365 0ustar 9 debian/control0000664000000000000000000000167211740633131010600 0ustar Source: vpnc Section: net Priority: extra Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Florian Schlichting Build-Depends: debhelper (>= 9), libgnutls-dev, pkg-config Standards-Version: 3.9.3 Homepage: http://www.unix-ag.uni-kl.de/~massar/vpnc/ Package: vpnc Architecture: any Suggests: resolvconf Pre-Depends: dpkg (>= 1.15.7.2) Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} Recommends: iproute Description: Cisco-compatible VPN client vpnc is a VPN client compatible with cisco3000 VPN Concentrator (also known as Cisco's EasyVPN equipment). vpnc runs entirely in userspace and does not require kernel modules except for the tun driver to communicate with the network layer. . It supports most of the features needed to establish connection to the VPN concentrator: MD5 and SHA1 hashes, 3DES and AES ciphers, PFS and various IKE DH group settings. debian/rules0000775000000000000000000000126311740633014010251 0ustar #!/usr/bin/make -f VERSION=$(shell dpkg-parsechangelog | sed -rne 's,^Version: ([^-]+).*,\1,p') SVN_REV=$(shell dpkg-parsechangelog | sed -rne 's,^Version: .*r([^-]+).*,\1,p') SVN_URL=http://svn.unix-ag.uni-kl.de/vpnc/trunk/ ORIGDIR=vpnc-$(VERSION) TARNAME=vpnc_$(VERSION).orig.tar.gz get-orig-source: rm -rf $(ORIGDIR) git svn clone -r $(SVN_REV) $(SVN_URL) $(ORIGDIR) rm -rf $(ORIGDIR)/.git tar czf ../$(TARNAME) $(ORIGDIR) rm -rf $(ORIGDIR) %: dh $@ override_dh_auto_install: dh_auto_install -- PREFIX=/usr install rm ./debian/vpnc/usr/share/doc/vpnc/COPYING override_dh_fixperms: dh_fixperms chmod 700 ./debian/vpnc/etc/vpnc chmod 600 ./debian/vpnc/etc/vpnc/default.conf debian/changelog0000664000000000000000000003670311740633577011070 0ustar vpnc (0.5.3r512-2ubuntu1) precise; urgency=low * Added fetch-split-dns-prop.patch to fetch split DNS property from Cisco VPN servers. (LP: #954747) -- Evan Broder Tue, 13 Mar 2012 23:26:42 -0700 vpnc (0.5.3r512-2) unstable; urgency=low * Turned maintainer scripts into proper shell scripts (thanks, Johannes Schauer!). Closes: #663206 * Added a pre-dependency on dpkg (>= 1.15.7.2) for dpkg-maintscript-helper. * Bumped Standards-Version to 3.9.3. -- Florian Schlichting Tue, 13 Mar 2012 18:50:35 +0100 vpnc (0.5.3r512-1) unstable; urgency=low * Imported new upstream SVN snapshot with support for Fritz!Box routers (closes: #629646), fixed MTU when no default route (closes: #525389). * Refreshed patches, dropped 07_bug496718.patch, 08_bug640978.patch (applied upstream). * Added missing ${perl:Depends}. * Updated debian/copyright to reflect recent work in SVN. * Updated README.Debian, clarified security warning (closes: #442629) and added a note on NetworkManager integration. * Properly remove obsolete conffile example.conf on upgrade. * Simplify debian/rules (PREFIX ony needed for install - thanks gregoa). * Added a get-orig-source target to debian/rules. * Bumped debhelper compatibility to level 9 for extra hardening build flags. * Added fix_makefile_VERSION.patch so that vpnc will report the correct version including SVN revision. -- Florian Schlichting Wed, 15 Feb 2012 23:34:20 +0100 vpnc (0.5.3r449-3) unstable; urgency=low * New maintainer. * Use source "3.0 (quilt)", dh 8 and minimal debian/rules. + Converted patch system from dpatch to quilt. + Added DEP-3 headers and refreshed 07_bug496718.patch. * Don't ship duplicate sample config in examples, and go with upstream's default.conf. * Install cisco-decrypt and pcf2vpnc into /usr/bin like upstream does, increasing visibility. * debian/control: Added Homepage field. * Added fix_make_test.patch: cert0.pem has expired, remove it from test. * Rewrote debian/copyright according to DEP-5. * Added debian/watch. * Bumped Standards-Version to 3.9.2 (no changes necessary). -- Florian Schlichting Mon, 09 Jan 2012 00:14:49 +0100 vpnc (0.5.3r449-2.2) unstable; urgency=low * Non-maintainer upload. * Bug fix: "more verbose iproute makes vpnc fail connecting", taken from http://git.infradead.org/users/dwmw2/vpnc-scripts.git/commitdiff/4deaaf9a32 Closes: #624203, #640978, LP: #805435. -- Florian Schlichting Thu, 24 Nov 2011 15:06:35 +0000 vpnc (0.5.3r449-2.1) unstable; urgency=low * Non-maintainer upload. * Bug fix: "Disconnects after an hour and loops trying to reconnect", thanks to Daniel Schepler (Closes: #496718, LP: #479632). Patch taken from upstream: http://www.gossamer-threads.com/lists/vpnc/devel/3442 -- Reinhard Tartler Tue, 09 Nov 2010 12:03:17 +0100 vpnc (0.5.3r449-2) unstable; urgency=low * Add pkg-config build-dependency. (closes: #574715) -- Eric Warmenhoven Sat, 20 Mar 2010 21:07:07 -0700 vpnc (0.5.3r449-1) unstable; urgency=low * New upstream SVN snapshot with GnuTLS support (closes: #513645, #440318) * Change resolvconf from "Recommends" to "Suggests (closes: #519947) * Since /var/run/vpnc is automatically created, no need to have it as part of vpnc.dirs (fixes lintian error) -- Eric Warmenhoven Wed, 17 Mar 2010 21:09:06 -0700 vpnc (0.5.3-1) unstable; urgency=low * New maintainer (closes: #508590) * New upstream release (closes: #506265) + fixes bug in pcf2vpnc which causes too many spaces (closes: #456550) + fixes prompting for password even though it's in the configuration file (closes: #492981) -- Eric Warmenhoven Mon, 15 Dec 2008 17:52:20 -0800 vpnc (0.5.1r334-1) unstable; urgency=low * New upstream SVN snapshot with various bugfixes * removed the warning section from our manpage patch, was adopted upstream (closes: 469865) -- Eduard Bloch Sat, 19 Jul 2008 01:18:36 +0200 vpnc (0.5.1r275-1) unstable; urgency=low * New upstream SVN snapshot with various bugfixes * A very very very very urgent "fix" from Nicolas Duboc to put cisco-decrypt into /usr/lib/vpnc (closes: #454236) -- Eduard Bloch Sun, 23 Dec 2007 15:42:52 +0100 vpnc (0.5.1r254-1) unstable; urgency=low * New upstream release (with updates from trunk) + removes bash specific function keyword (closes: #441045, #444859) * adding cisco-decrypt to vpnc tool (closes: #444631) -- Eduard Bloch Thu, 18 Oct 2007 09:42:08 +0200 vpnc (0.5.0-1) unstable; urgency=low * New upstream release + lots of add-ons and fixes moved into official source + Dead Peer Detection improvements (closes: #416180) + Fixes in net-tools usage (closes: #430799) + unsuccessfull error code on authentication failure (closes: #414437) * put resolvconf and iproute into Recommends -- Eduard Bloch Thu, 30 Aug 2007 20:51:37 +0200 vpnc (0.4.0-3) unstable; urgency=low * 06_stolen_from_head.dpatch: sync with SVN revision 174, including fixes for DPD (closes: #416180) and also most likely solves the keepalive problems (closes: #418906, reopen if not) * 04_debianitis.dpatch: ifconfig call with full path (closes: 423146) -- Eduard Bloch Wed, 23 May 2007 22:45:46 +0200 vpnc (0.4.0-2) unstable; urgency=medium * proper increment variable picking when emulating Target networks directive (closes: #412784) * small bug in resolv.conf update forbidding directive handling fixed, it was causing unuseable resolv.conf in certain cases * 06_stolen_from_head.dpatch: upstream fixes in Revision 159 (closes: #411668) -- Eduard Bloch Sun, 11 Mar 2007 18:48:27 +0100 vpnc (0.4.0-1) unstable; urgency=low * New upstream release + GNU/kFreeBSD related fixes (closes: #400740) + Supports phase2 rekeying (closes: #411108) + auto-creating /var/run/vpnc (closes: #403783) * Old config handling extensions replaced with wrappers to upstream vpnc-script function variables which are declared official now (closes: #399131) * more connect/shutdown hooks (closes: #366257) * not depending on iproute, though old extensions may not work without it but users are warned in that case (closes: #393848) -- Eduard Bloch Mon, 19 Feb 2007 22:33:12 +0100 vpnc (0.3.3+SVN20051028-3) unstable; urgency=low * 08_keepalive_and_rekeying.dpatch: patch for basic rekeying and keepalive support from Tomas Mraz * stronger permissions of /etc/vpnc/ and /etc/vpnc/example.conf to protect careless users from making their login data world-readable (closes: #340105) * documented connect/disconnect hooks in README.Debian, thanks to Elmar Hoffmann (closes: #360704) -- Eduard Bloch Fri, 14 Apr 2006 23:30:36 +0200 vpnc (0.3.3+SVN20051028-2) unstable; urgency=low * TARGET_NETWORKS code was accidentaly removed in 04_debianitis.dpatch, now restored (closes: #336532) -- Eduard Bloch Wed, 02 Nov 2005 09:07:12 +0100 vpnc (0.3.3+SVN20051028-1) unstable; urgency=low * new upstream snapshot + includes a password string deobfuscater + a bash specific loop construct has been rewritten (closes: #335989) * inserts another default default value into setup variables (now really closes: #334203, #335518) * fallback to $configname.conf file scheme (closes: #335383) * vpnc-script tries to open the device for 10 seconds after the module has been loaded, to work around udev's timing problems (closes: #281663) -- Eduard Bloch Fri, 28 Oct 2005 16:08:00 +0200 vpnc (0.3.3+SVN20050909-5) unstable; urgency=low * set the default string "No" for DNS_UPDATE (closes: #334699) * do not see any additional routes sent by the server when the TARGET_NETWORKS is set (closes: #334203) -- Eduard Bloch Thu, 13 Oct 2005 22:14:39 +0200 vpnc (0.3.3+SVN20050909-4) unstable; urgency=low * added the magic [ words to the test commands in the new hooks (closes: #333813) -- Eduard Bloch Thu, 13 Oct 2005 12:47:15 +0200 vpnc (0.3.3+SVN20050909-3) unstable; urgency=low * this should be the "good third revision" of 0.3.3 (closes: #314941) * correct fixes for the DNSUpdate option check (for every corner case) and patch merge errors in the TARGET_NETWORKS execution (closes: #333312) * added a hook to vpnc-script to execute /etc/vpnc/vpnc-script-disconnect-action on disconnect, if found. Create it or even modify vpnc-script as needed. (closes: #254032) * also added a hook for /etc/vpnc/vpnc-script-disconnect-action to add custom stuff there (closes: #299472) -- Eduard Bloch Thu, 13 Oct 2005 12:43:23 +0200 vpnc (0.3.3+SVN20050909-2) unstable; urgency=low * fixed typo in vpnc-script patch which was causing the resolv.conf update though disabled in the config -- Eduard Bloch Wed, 12 Oct 2005 01:11:44 +0200 vpnc (0.3.3+SVN20050909-1) unstable; urgency=low * New upstream release + all functionality of vpnc-connect moved to vpnc and vpnc-script * migrated additional vpnc-connect functionality (resolvconf, Target Networks, DNSUpdate options) to vpnc-script and vpnc source * set transitional symlink vpnc-connect (-> vpnc) * reduced default MTU to 1390 to work around problems seen while testing -- Eduard Bloch Mon, 10 Oct 2005 12:22:42 +0200 vpnc (0.3.2+SVN20050326-2) unstable; urgency=high * added a check for having a slash in the config file specification (now it really accepts absolute paths only and not some random, or even malicious, script from the current directory). Before, it was like having "." on the first place in root's $PATH. * also reverted the vpnc binary lookup order to limit possible effects of a similar problem -- Eduard Bloch Thu, 05 May 2005 19:39:05 +0200 vpnc (0.3.2+SVN20050326-1) unstable; urgency=low * New upstream SVN snapshot + reported to solve 64bit problems (closes: #282732) -- Eduard Bloch Sat, 26 Mar 2005 10:58:35 +0100 vpnc (0.3.2+SVN20041123-1) unstable; urgency=low * New upstream release and update * Changed the example gateway IP to one from the official example net * do not try to run modprobe if there is no module support (closes: #281606) -- Eduard Bloch Tue, 23 Nov 2004 18:43:43 +0100 vpnc (0.3.1-1) unstable; urgency=low * New upstream release * removed Interface name from the example config file - upstream request, too many users tried to use this on kernel 2.2 :( * added $@ to the vpnc call in vpnc-connect (closes: #274202) * added /sbin to the PATH to reach ifconfig (closes: #278049) -- Eduard Bloch Sat, 13 Nov 2004 15:43:46 +0100 vpnc (0.2-rm+zomb.1-8) unstable; urgency=low * Rebuilt for libgcrypt11 -- Eduard Bloch Thu, 17 Jun 2004 16:37:41 +0200 vpnc (0.2-rm+zomb.1-7) unstable; urgency=low * pre-release upstream update + keeping the same syslog facility after fork (closes: #251228) + insecurity warnings in README.Debian and vpnc.8 (closes: #251935) + general PIX support was added in the previous release (closes: #220233) * changes to use dpatch * upstream TODO file re-added (closes: #254034) * patch from Wolfgang Ratzka to add direct gateway route even if Target networks is set (closes: #253051) -- Eduard Bloch Wed, 26 May 2004 16:57:52 +0200 vpnc (0.2-rm+zomb.1-6) unstable; urgency=low * Made checks for tun_init be less precise to match on kernel 2.4 -- Eduard Bloch Wed, 26 May 2004 16:16:16 +0200 vpnc (0.2-rm+zomb.1-5) unstable; urgency=low * Fix of the fix of the last tree RC bugs, also use the right command [tm] to display the help text, thanks to Michael Farmbauer (closes: #250839) * More alternative checks for the tun driver presence -- Eduard Bloch Mon, 24 May 2004 18:12:05 +0200 vpnc (0.2-rm+zomb.1-4) unstable; urgency=low * Moved the config file argument into the quotes when specifying the configuration script argument (closes: #250695, #250673, #240766) * installing example config file into /etc/vpnc/ (closes: #246714) * checking $1 before shift to not confuse dash * made vpnc-connect be quiet if CONFIG_TUN=y was found in the guessed kernel config file (closes: #250237) -- Eduard Bloch Mon, 17 May 2004 17:55:22 +0200 vpnc (0.2-rm+zomb.1-3) unstable; urgency=low * the third-time-lucky revision * removed surrounding quotes in the DNS server list -- Eduard Bloch Sat, 15 May 2004 21:31:15 +0200 vpnc (0.2-rm+zomb.1-2) unstable; urgency=low * vpnc.c: Only warn about additional ("unknown") config directives in debug mode (as it was done in -pre8 before) * vpnc-connect: adding explicite routes to VPNed DNS servers if needed * avoiding multi-line if-statements, report to break with some shell -- Eduard Bloch Fri, 14 May 2004 15:18:52 +0200 vpnc (0.2-rm+zomb.1-1) unstable; urgency=low * New upstream release * resolvconf integration to implement DNS data update mechanism -- Eduard Bloch Fri, 14 May 2004 09:04:26 +0200 vpnc (0.2-rm+zomb-pre8-1) unstable; urgency=low * New upstream release * added Interface name to the manpage example and a default value to the vpnc-connect script -- Eduard Bloch Sun, 25 Apr 2004 10:56:01 +0200 vpnc (0.2-rm+zomb-pre7-4) unstable; urgency=low * Multiple config management patch by Tobias Oetiker * Manpage updates based on the patch above * Fixed the route check on the defaultroute restoring (thanks to Thomas Deselaers, closes: #230806) -- Eduard Bloch Thu, 29 Jan 2004 11:06:00 +0100 vpnc (0.2-rm+zomb-pre7-3) unstable; urgency=low * Does not clobber the default route if custom routes have been defined (successor of the #225776 fix), thanks to Steven Ihde (closes: #230201) -- Eduard Bloch Wed, 28 Jan 2004 20:23:10 +0100 vpnc (0.2-rm+zomb-pre7-2) unstable; urgency=low * vpnc-connect: allow customizable target routes in vpnc.conf (closes: #225776) * vpnc.c: don't bother about unknown options unless --debug is used * merged relevant parts of the FreeBSD manpage Debian into out Linux version, replaced hyphens with minus signs (\-) and stopped using the SGML template. It just sucked. -- Eduard Bloch Thu, 18 Dec 2003 21:14:11 +0100 vpnc (0.2-rm+zomb-pre7-1) unstable; urgency=low * New upstream release + vpnc-connect filters weird ip output (closes: #220495) * Builds with the new libgcrypt generation, Build-Deps adjusted * Typo in description fixed (closes: #220172) -- Eduard Bloch Thu, 18 Dec 2003 20:28:02 +0100 vpnc (0.2-rm+zomb-pre5-2) unstable; urgency=low * Fixed the test condition when looking for the tun device node * vpnc.c: fixed --local-port description * provisoric manpage written -- Eduard Bloch Mon, 3 Nov 2003 22:41:04 +0100 vpnc (0.2-rm+zomb-pre5-1) unstable; urgency=low * Initial Release (closes: #217838) -- Eduard Bloch Thu, 30 Oct 2003 07:08:26 +0100