I’m not sure what triggers it but vpnc negotiates 1des or no encryption when trying to VPN to some Cisco ASA firewalls (but not others). NetworkManager just reports an instant failure in connection.
Fortunately, this is all libre software so after finding a thread at Ubuntu Forums a potential fix was not far away. The fix involves modifying vpnc so that it doesn’t even try to negotiate the incorrect encryption types. The problem is that the forum suggests building from vpnc SVN. This may work, but it does not include patches from Ubuntu and may break other things. The better resolution is to repackage the version from Ubuntu.
Install build dependencies.
1 2 3 4 5 6
Make your modifications to supp.c
existing encryption support:
1 2 3 4 5 6 7 8
Remove support you don’t need. In my case I only want 3des and aes256:
1 2 3 4
Rebuild it and install.
1 2 3
If using NetworkManager to start the problematic connection you will need to change the “Encryption method” to “Weak” (sounds wrong but it is the only way to get it to work… even though it isn’t using 1des anymore). You only need to change this for connections that weren’t working before the modification! Otherwise functioning VPN connections don’t need to be changed!