vpnc client is failing to connect if routing list which the server passes to the client has more than 100 entries

[lv426]

Trying to login into my university network using vpnc 0.4.0 on a Linksys WRT 54 GL running dd-wrt v24 RC4 vpn ends with the error message "configuration response rejected: (ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS)(30)".

According to this link (​http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2007-February/001170.html) the problem is that the routing list proposed by the remote concentrator is longer than 100 entries, vpnc is not able to handle this unless you patch it (see ​http://www.gossamer-threads.com/lists/vpnc/devel/1175). This seems to be a packet size problem. The packet size of vpnc is set by the "static uint8_t r_packet" variable.

So I looked at the code a bit closer In Version 0.4.0 line 57 you find this entry: Code:

 static uint8_t r_packet[2048]

In Version 0.5.1 line 129 Code:

 static uint8_t r_packet[8192]

This variable specifies the maximum packet size which vpnc can handle. So I made a little experiment

1. I downloaded vpnc-0.4.0 and built it, when I run it it gives the error: "(ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS)(30)", then I changed the variable mentioned above from 2048 to 8192 and rebuilt the client, having changed it to 8192 gives a clean run!
2. I downloaded vpnc-0.5.1 and built it (the variable ist set to 8192 by default), it gives a clean run and a connection can be established. I changed the variable to 2048, rebuildung and running it gives again this error "(ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS)(30)".

So far I think, this error is tracked down. I suggest one of the following solutions for dd-wrt, either patch the existing client according to my experiment or use vpnc 0.5.0 or newer.

I hope this solution finds its way into final v24!

Greets

Robert Rottscholl (lv426@…)

[BrainSlayer]

static arrays are never a good solution. but i will update vpnc and will do a modification for dynamic allocated lists

[Sash]

we dont support the feature officially