vpnc on ubuntu - works with network manager but not from the command line

I am attempting to connect ot a corporate Cisco PIX from my Ubuntu 8.04 LTS client.

In the past I have always used the command line to connect to various client VPNs. In this instance I received a pcf file, user name and user password. If I import the populated pcf file into the network manager I can connect successfully. If I use the command line (after running pcf2vpnc against the pcf file and getting a vpnc configuration file into /etc/vpnc) I get propmted for the user password.

When I enter the user password I am prompted again, enter the user password again and the I get a failure message "vpnc: authentication unsuccessful"

I would like to be able to continue to connect using the command line.

I use the following from the command line "vpnc <config file name> --local-port 0" as I have done with many clients in the past.

I need to know why this configuration works from network manager but not from the command line.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You need to bring interface "down" in networkmanager to do any manual configuration.
jvosslerAuthor Commented:
I did remove the interface from network manager when I was working on this issue.

I'm working on attempting connection from the command line with various options even if these options are specified in the config file.

I'll report back what I find
jvosslerAuthor Commented:
I ended up find the solution but I do not understand it.

My /etc/vpnc/<client>.conf file includes the line

"Domain <NT domain>"

But the vpnc client will not connect unless I specify it on the command line.

So the line "vpnc <client> --local-port 0" will still prompt for a password and fail even when I enter the password correctly.

But the line "vpnc <client> --domain <NT domain> --local-port 0" will connect correctly and not prompt for any password.

I will run with this but I would like to know why vpnc is behaving this way.

Does anyone have any ideas?

Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.


The configuration file for vpnc connection settings can be located in a couple places, depending on how many profiles you want to setup. By default, vpnc looks first for /etc/vpnc/default.conf for its connection settings. If it doesn't find that file, then it looks for /etc/vpnc.conf. Have you checked if a default.conf exists or other conf files that might confuse the vpnc client?

Have you tested to use quotes or double quotes when using the "Domain" entry in the .conf file? Is Domain using a capital 'D' in the .conf file?

Regards, Tobias
jvosslerAuthor Commented:
All my config files are in /etc/vpnc, but I have nothing called default.conf

I also do not have a default.conf or any other *.conf related to vpnc in /etc

In examining all the other working conf files I discovered that the one I am having issues with is the only one with a "Domain <NT domain>" line in it.  All the other clients I connect to do not have that line.

All the working vpnc conf files include the domain as part of the username as: <NT domain>\<username>

The <client>.conf file I am using was generated by pcf2vpnc which I have used for years successfully.

When I specify the domain as part of the user name as: "<NT domain>\<user name>" and remove the "Domain <NT domain>" line then attempt to connect I get the following error message.

vpnc: server requested domain, but none set (use "Domain ..." in config or --domain

So I still do not understand why vpnc is behaving this way.

jvosslerAuthor Commented:
Also, leaving in the "Domain <NT domain>" line AND specifying the domain as part of the user name it still fails.

But in this case I get the prompt for the password which always fails even when I put in the correct password.

So it appears that for this client I just need to specify the domain as part of the command line.

Does this appear to possibly be a bug in vpnc?

Try to escape the backslash in the .conf file

jvosslerAuthor Commented:
escaping the backslash did not fix the issue. I have three other clients I use vpnc to access and have no issues with these clients using the <NT domain>\<user name>

ok! That's good! Can you compare the config files and vpnc files between those machines?
jvosslerAuthor Commented:
I have set up the current client exactly like any of the three that works and when I attempt to connect it prompts me twice for the user password and always fails using the correct password.

The only way to get it to work is to specify the domain on the command line.

It works, but I do not understand why it is not getting that domain information from the config file; either from the Domain line or from the domain specified witht he user name.

I've checked the vpnc source code. Didn't see anything strange.
Ref: http://www.sfr-fresh.com/unix/privat/vpnc-0.5.3.tar.gz:a/vpnc-0.5.3/vpnc.c
Ref: http://www.sfr-fresh.com/unix/privat/vpnc-0.5.3.tar.gz:a/vpnc-0.5.3/config.c

Do you have any characters beside a-z and 0-9 in your domain name?

Do you use Domain "mydomain.com" with a capital 'D' in the .conf file?

Can you input --print-config on the command line and check that vpnc sets the domain from your .conf file?

Can you run vpnc in debug mode - might get more info: vpnc --debug 99 {conf file}

Ref: http://manpages.ubuntu.com/manpages/karmic/man8/vpnc.8.html
jvosslerAuthor Commented:
The vpnc --print-config shows exactly what I would expect based on the file.

The domain is three lower case characters, I can get it to work when specifying the domain on the command line.

The conf file does have the capital D in Domain.

Running vpnc in debug mode shows the password getting prompted for twice. Entering the correct password each time still results in failure.

Here is the debug output.

<Deleted by AnnieMod>
It looks like you have an extra space before the domain name. Can you verify if this is the case?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jvosslerAuthor Commented:
You are correct. The config file as generated by pcf2conf had two spaces between the word "Domain" and the domain name.

Thanks for the sharp eye.
jvosslerAuthor Commented:
Very sharp eye in scanning the log file
Glad I could help! :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.