vpnc on ubuntu - works with network manager but not from the command line

I am attempting to connect ot a corporate Cisco PIX from my Ubuntu 8.04 LTS client.

In the past I have always used the command line to connect to various client VPNs. In this instance I received a pcf file, user name and user password. If I import the populated pcf file into the network manager I can connect successfully. If I use the command line (after running pcf2vpnc against the pcf file and getting a vpnc configuration file into /etc/vpnc) I get propmted for the user password.

When I enter the user password I am prompted again, enter the user password again and the I get a failure message "vpnc: authentication unsuccessful"

I would like to be able to continue to connect using the command line.

I use the following from the command line "vpnc <config file name> --local-port 0" as I have done with many clients in the past.

I need to know why this configuration works from network manager but not from the command line.

Who is Participating?
TobiasHolmConnect With a Mentor Commented:
It looks like you have an extra space before the domain name. Can you verify if this is the case?
You need to bring interface "down" in networkmanager to do any manual configuration.
jvosslerAuthor Commented:
I did remove the interface from network manager when I was working on this issue.

I'm working on attempting connection from the command line with various options even if these options are specified in the config file.

I'll report back what I find
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

jvosslerAuthor Commented:
I ended up find the solution but I do not understand it.

My /etc/vpnc/<client>.conf file includes the line

"Domain <NT domain>"

But the vpnc client will not connect unless I specify it on the command line.

So the line "vpnc <client> --local-port 0" will still prompt for a password and fail even when I enter the password correctly.

But the line "vpnc <client> --domain <NT domain> --local-port 0" will connect correctly and not prompt for any password.

I will run with this but I would like to know why vpnc is behaving this way.

Does anyone have any ideas?


The configuration file for vpnc connection settings can be located in a couple places, depending on how many profiles you want to setup. By default, vpnc looks first for /etc/vpnc/default.conf for its connection settings. If it doesn't find that file, then it looks for /etc/vpnc.conf. Have you checked if a default.conf exists or other conf files that might confuse the vpnc client?

Have you tested to use quotes or double quotes when using the "Domain" entry in the .conf file? Is Domain using a capital 'D' in the .conf file?

Regards, Tobias
jvosslerAuthor Commented:
All my config files are in /etc/vpnc, but I have nothing called default.conf

I also do not have a default.conf or any other *.conf related to vpnc in /etc

In examining all the other working conf files I discovered that the one I am having issues with is the only one with a "Domain <NT domain>" line in it.  All the other clients I connect to do not have that line.

All the working vpnc conf files include the domain as part of the username as: <NT domain>\<username>

The <client>.conf file I am using was generated by pcf2vpnc which I have used for years successfully.

When I specify the domain as part of the user name as: "<NT domain>\<user name>" and remove the "Domain <NT domain>" line then attempt to connect I get the following error message.

vpnc: server requested domain, but none set (use "Domain ..." in config or --domain

So I still do not understand why vpnc is behaving this way.

jvosslerAuthor Commented:
Also, leaving in the "Domain <NT domain>" line AND specifying the domain as part of the user name it still fails.

But in this case I get the prompt for the password which always fails even when I put in the correct password.

So it appears that for this client I just need to specify the domain as part of the command line.

Does this appear to possibly be a bug in vpnc?

Try to escape the backslash in the .conf file

jvosslerAuthor Commented:
escaping the backslash did not fix the issue. I have three other clients I use vpnc to access and have no issues with these clients using the <NT domain>\<user name>

ok! That's good! Can you compare the config files and vpnc files between those machines?
jvosslerAuthor Commented:
I have set up the current client exactly like any of the three that works and when I attempt to connect it prompts me twice for the user password and always fails using the correct password.

The only way to get it to work is to specify the domain on the command line.

It works, but I do not understand why it is not getting that domain information from the config file; either from the Domain line or from the domain specified witht he user name.

I've checked the vpnc source code. Didn't see anything strange.
Ref: http://www.sfr-fresh.com/unix/privat/vpnc-0.5.3.tar.gz:a/vpnc-0.5.3/vpnc.c
Ref: http://www.sfr-fresh.com/unix/privat/vpnc-0.5.3.tar.gz:a/vpnc-0.5.3/config.c

Do you have any characters beside a-z and 0-9 in your domain name?

Do you use Domain "mydomain.com" with a capital 'D' in the .conf file?

Can you input --print-config on the command line and check that vpnc sets the domain from your .conf file?

Can you run vpnc in debug mode - might get more info: vpnc --debug 99 {conf file}

Ref: http://manpages.ubuntu.com/manpages/karmic/man8/vpnc.8.html
jvosslerAuthor Commented:
The vpnc --print-config shows exactly what I would expect based on the file.

The domain is three lower case characters, I can get it to work when specifying the domain on the command line.

The conf file does have the capital D in Domain.

Running vpnc in debug mode shows the password getting prompted for twice. Entering the correct password each time still results in failure.

Here is the debug output.

<Deleted by AnnieMod>
jvosslerAuthor Commented:
You are correct. The config file as generated by pcf2conf had two spaces between the word "Domain" and the domain name.

Thanks for the sharp eye.
jvosslerAuthor Commented:
Very sharp eye in scanning the log file
Glad I could help! :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.