The old certificate expired on July 1, 2010.
You'll see error like below:
[root@tux ~]# /etc/rc.d/vpnc start :: Connecting to VPN [BUSY] Enter password for weicwang_au@hq-enc.oracle.com: /usr/sbin/vpnc: Error verifying the certificate-chain [FAIL] [root@tux ~]#
Update the certificate
ftp://obiftp.us.oracle.com/modules/unlicensed/global/ciscovpn/4.8.02.0030/vpnclient-linux-README
Starting July 2010, a new root certificate is required to communicate with the VPN gateway.
The new rootcert is provided with the latest vpnclient version, so please update your vpnclient software.
If you choose not to update, you can import the new certificate manually:
1. Download ftp://obiftp/modules/unlicensed/global/ciscovpn/4.8.02.0030/rootcert2
2. Import it on your system using 'cisco_cert_mgr -R -op import -f rootcert2'
3. Confirm the import was successfully with 'cisco_cert_mgr -R -op list' which should return 2 certificate files
For vpnc
1. Download the new certificate rootcert2
2. Edit /etc/vpnc/default.conf
3. Update the root cert path, for example /etc/vpnc/rootcert2
4. Start vpnc /etc/rc.d/vpnc start
The /etc/vpnc/default.conf looks like:
[root@tux vpnc]# cat default.conf ## generated by pcf2vpnc IPSec ID Ora-Hybrid-Gen IPSec gateway hq-enc.oracle.com IPSec secret S!xhundr3dTh1rtyN!n3 Xauth username weicwang_au Application version Cisco Systems VPN Client 4.8.0 (A):Linux IKE Authmode hybrid CA-File /etc/vpnc/oracle.cert # example vpnc configuration file # see vpnc --long-help for details #Interface name tun0 #IKE DH Group dh2 #Perfect Forward Secrecy nopfs # You may replace this script with something better #Script /etc/vpnc/vpnc-script # Enable this option for NAT traversal #UDP Encapsulate #IPSec gateway my.gateway.com #IPSec ID someid #IPSec secret somesecret #Xauth username myusername #Xauth password mypassword [root@tux vpnc]#
Start/stop vpnc
[root@tux ~]# /etc/rc.d/vpnc start :: Connecting to VPN [BUSY] Enter password for weicwang_au@hq-enc.oracle.com: VPNC started in background (pid: 15240)... [DONE] [root@tux ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:5B:54:ED inet addr:10.187.65.196 Bcast:10.187.65.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe5b:54ed/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:24673 errors:1 dropped:1 overruns:0 frame:0 TX packets:13289 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:30481464 (29.0 Mb) TX bytes:1204085 (1.1 Mb) Interrupt:19 Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:280 (280.0 b) TX bytes:280 (280.0 b) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.175.255.96 P-t-P:10.175.255.96 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1412 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) [root@tux ~]# /etc/rc.d/vpnc stop :: Disconnecting from VPN [BUSY] Terminating vpnc daemon (pid: 15240) [DONE] [root@tux ~]#