From marekrud@gmail.com  Sun Jan  6 18:21:24 2013
Return-Path: <marekrud@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	by hub.freebsd.org (Postfix) with ESMTP id 02A3DE34
	for <freebsd-gnats-submit@freebsd.org>; Sun,  6 Jan 2013 18:21:24 +0000 (UTC)
	(envelope-from marekrud@gmail.com)
Received: from mail-bk0-f53.google.com (mail-bk0-f53.google.com [209.85.214.53])
	by mx1.freebsd.org (Postfix) with ESMTP id 6F1AC11C5
	for <freebsd-gnats-submit@freebsd.org>; Sun,  6 Jan 2013 18:21:22 +0000 (UTC)
Received: by mail-bk0-f53.google.com with SMTP id j5so7940533bkw.40
        for <freebsd-gnats-submit@freebsd.org>; Sun, 06 Jan 2013 10:21:15 -0800 (PST)
Received: from orange (109.125.97.129.dynamic.cablesurf.de. [109.125.97.129])
        by mx.google.com with ESMTPS id z5sm40333916bkv.11.2013.01.06.10.21.13
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sun, 06 Jan 2013 10:21:14 -0800 (PST)
Message-Id: <87zk0mcgvs.fsf@gmail.com>
Date: Sun, 06 Jan 2013 19:20:55 +0100
From: Marek Rudnicki <marekrud@gmail.com>
To: <freebsd-gnats-submit@freebsd.org>
Subject: security/vpnc-0.5.3_7: vpnc-disconnect does not terminate vpnc daemon

>Number:         175067
>Category:       ports
>Synopsis:       sysutils/vpnc-scripts: vpnc-disconnect does not terminate vpnc daemon
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    zi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 06 18:30:00 UTC 2013
>Closed-Date:    Wed Jan 30 12:37:31 UTC 2013
>Last-Modified:  Wed Jan 30 12:37:31 UTC 2013
>Originator:     Marek Rudnicki <marekrud@gmail.com>
>Release:        FreeBSD 9.1-RELEASE amd64
>Organization:
<organization of PR author (multiple lines)>
>Environment:
System: FreeBSD orange 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64


>Description:

After starting VPN client (vpnc), I'm not able to terminate the vpnc
using vpnc-disconnect.  vpnc-disconnect displays message about
terminating vpnc daemon, but the vpnc program is still running.
Network interfaces (tun0 and tun1) created by vpnc are not destroyed.



>How-To-Repeat:

My /usr/local/etc/vpnc.conf has the following fields:

IPSec gateway
IPSec ID
IPSec secret
Xauth username
Xauth password


There are no tun interfaces, neither vpnc is running.

Below is the copy/paste from the terminal without irrelevant lines
(other interfaces than tun, vpnc routing info)

# vpnc
Warning: using insecure memory!
VPNC started in background (pid: 26056)...

# ifconfig
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1412
	options=80000<LINKSTATE>
	inet a.b.c.d --> a.b.c.d netmask 0xffffffff
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	Opened by PID 25762
tun1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
	options=80000<LINKSTATE>
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

# ps aux |  grep vpnc
root       26056   0.0  0.0  19688   1904 ??  Is    6:10PM   0:00.00 vpnc
root       26072   0.0  0.0  16288   1616  3  S+    6:14PM   0:00.00 grep vpnc


# vpnc-disconnect
Terminating vpnc daemon (pid: 26056)

# ps aux |  grep vpnc
root       26056   0.0  0.0  19688   1948 ??  Is    6:10PM   0:00.00 vpnc
root       26075   0.0  0.0  14508   1852 ??  I     6:14PM   0:00.02 /bin/sh /usr/local/sbin/vpnc-script
root       27832   0.0  0.0  10164   1436  3  R+    6:15PM   0:00.00 grep vpnc

# ifconfig
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1412
	options=80000<LINKSTATE>
	inet a.b.c.d --> a.b.c.d netmask 0xffffffff
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	Opened by PID 25762
tun1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
	options=80000<LINKSTATE>
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>




>Fix:

Workaround:

# killall -9 vpnc

tun0 is destroyed automatically

# ifconfig tun1 destroy
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->ehaupt 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Mon Jan 7 03:46:24 UTC 2013 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=175067 
State-Changed-From-To: open->analyzed 
State-Changed-By: ehaupt 
State-Changed-When: Sat Jan 19 14:39:22 CET 2013 
State-Changed-Why:  
Was able to confirm the issue. Contacted maintainer of sysutils/vpnc-scripts. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=175067 

From: Emanuel Haupt <ehaupt@FreeBSD.org>
To: bug-followup@FreeBSD.org, marekrud@gmail.com
Cc:  
Subject: Re: ports/175067: security/vpnc 0.5.3_7: vpnc-disconnect does not
 terminate vpnc daemon
Date: Tue, 22 Jan 2013 16:53:35 +0100

 Could you please try the following patch?
 
 http://people.freebsd.org/~ehaupt/misc/vpnc2/vpnc-script.diff

From: Marek Rudnicki <marekrud@gmail.com>
To: bug-followup@FreeBSD.org, Emanuel Haupt <ehaupt@FreeBSD.org>
Cc:  
Subject: Re: ports/175067: security/vpnc 0.5.3_7: vpnc-disconnect does not terminate vpnc daemon
Date: Tue, 22 Jan 2013 23:56:45 +0100

 I tested the patch and it seem to work well.  Thank you.
 
 
 BTW: I was browsing PRs and the description kern/173475 looks similar.
 Perhaps the patch solves that problem too.
Responsible-Changed-From-To: ehaupt->zi 
Responsible-Changed-By: ehaupt 
Responsible-Changed-When: Thu Jan 24 09:58:23 CET 2013 
Responsible-Changed-Why:  
Over to sysutils/vpnc-scripts maintainer. Suggest the following patch: http://people.freebsd.org/~ehaupt/patches/vpnc-scripts.patch 

http://www.freebsd.org/cgi/query-pr.cgi?pr=175067 
State-Changed-From-To: analyzed->closed 
State-Changed-By: zi 
State-Changed-When: Wed Jan 30 12:37:30 UTC 2013 
State-Changed-Why:  
sysutils/vpnc-scripts was updated to 20130129, which resolves this 
issue.  Thank you for the report. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=175067 
>Unformatted:
