I've been using vpnc 0.3.3 and then 0.5.1 for about the last 3 years to connect to my VPN at work. This week, it stopped working.
/usr/sbin/vpnc-connect: quick mode response rejected: (ISAKMP_N_INVALID_MESSAGE_ID)(9) this means the concentrator did not like what we had to offer. Possible reasons are: * concentrator configured to require a firewall this locks out even Cisco clients on any platform expect windows which is an obvious security improvment. There is no workaround (yet). * concentrator configured to require IP compression this is not yet supported by vpnc. Note: the Cisco Concentrator Documentation recommends against using compression, expect on low-bandwith (read: ISDN) links, because it uses much CPU-resources on the concentrator
Did I call the help desk? No: Google to the rescue.
The fix? Well, this post got me in the right direction, and I updated my version of vpnc from 0.5.1r275-1 to 0.5.1r334-1 (
apt-get update; apt-get install vpnc) using these repos... which didn't seem to help.
# Unstable Sid deb http://http.us.debian.org/debian/ unstable main contrib non-free # Unstable Sources deb-src http://http.us.debian.org/debian/ unstable main contrib non-free # sidux http://sidux.com/files/misc/sources.list deb http://sidux.com/debian/ sid main contrib non-free firmware fix.main fix.contrib fix.non-free deb-src http://sidux.com/debian/ sid main contrib non-free firmware fix.main fix.contrib fix.non-free
But the actual solution was to add this line to my .conf file:
Enable Single DES
And remove this:
Perfect Forward Secrecy nopfs