3

I need to connect to a legacy Cisco VPN server that uses weak MD5 authentication. I have set up the connection in NetworkManager (1.40.10), but the underlying vpnc (0.5.3) fails to connect, complaining about the weak authentication:

NetworkManager[1234]: /usr/sbin/vpnc: Peer has selected md5 as authentication method. NetworkManager[1234]: This algorithm is considered too weak today. NetworkManager[1234]: If your vpn concentrator admin still insists on using md5, NetworkManager[1234]: use the "--enable-weak-authentication" option.

I do not see any option in my NetworkManager connection settings to enable such thing, and I can't find any way to pass arbitrary command-line options to vpnc.

I have tried:

  • Adding Enable weak authentication=yes in /etc/vpnc/default.conf or /etc/vpnc.conf: Does not work because NetworkManager passes the configuration through stdin to vpnc.
  • Adding Enable weak authentication=yes to the NetworkManager connection configuration file: It fails saying that it is not a recongnized config option.
  • ...As a workaround, I've created a shell script in /usr/sbin/vpnc that calls /usr/sbin/real_vpnc --enable-weak-authentication "$@". This WORKS but this is clearly a fragile hack.

How do I properly enable this option in Network Manager?

Improve this question
1
  • Here is related issue in VPNC plugin for NetworkManager. So, this option should be supported in network-manager-vpnc (package name in Ubuntu) version 1.4.0. Commented Mar 11 at 8:12

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.