24 files changed, 1803 insertions, 0 deletions
diff --git a/doc/misc/README.DCOP b/doc/misc/README.DCOP
new file mode 100644
index 0000000..e46c83d
--- /dev/null
+++ b/doc/misc/README.DCOP
@@ -0,0 +1,87 @@
+Controlling KVpnc using DCOP
+========================
+
+DCOP use is simple:
+dcop kvpnc-<pid> KVpncInterface <command>
+
+The PID (process identifier number) can be obtained by:
+ps ax | grep kvpnc | grep -v grep
+
+The first number in line is the PID. 
+Hint: You can use kdcop for browsing the applications which can be controlled and their functions.
+
+KVpnc provides the following functions:
+--------------------------------------------------
+QCStringList interfaces()
+QCStringList functions()
+QString getVersion()
+void doConnect()
+void doDisconnect()
+uint getConnectedTime()
+QString getStatus()
+QString getCurrentProfile()
+void setProfile(QString profilename)
+void createNewProfile()
+void createNewProfileWithWizard()
+void deleteCurrentProfile()
+void openPreferences()
+void doImportCert()
+void doImportPcf()
+void doImportPcf(QString file)
+void doImportOpenvpnConfig()
+void doImportOpenvpnConfig(QString file)
+QStringList profiles()
+QStringList toolinfo()
+void doQuit()
+void doGenerateOpenvpnKey()
+void doSendFeedbackMail()
+QStringList getProfileTypes()
+
+Return and parameter data types:
+------------------------------------------
+QString text (QString format)
+QStringList string list - list of text (QString format)
+QCStringList string list - list of text (C format)
+uint unsigned int - number
+void empty - no return value
+
+Examples:
+-------------
+1. List all profile names
+	root@linux# dcop kvpnc-3957 KVpncInterface profiles
+	profile1
+	profile2
+	profile3
+
+2. Get information about tools
+	root@linux# dcop kvpnc-3957 KVpncInterface toolinfo
+	vpnc,Found,0.3.3,full,
+	gnome-ssh-askpass,Found,No info,full,
+	ksshaskpass,Found,0.4.1,full,
+	ssh,Found,5.1p1,full,
+	tail,Found,6.10,full,
+	cisco_cert_mgr,Found,4.8.01 (0640),full,
+	vtund,Not found,No info,none,
+	bash,Found,No info,full,
+	pkcs11-tool,Found,No info,full,
+	route,Found,1.98,full,
+	ifconfig,Found,1.42,full,
+	ip,Found,iproute2-ss080725,full,
+	ping,Found,iputils-sss20071127,full,
+	killall,Found,22.6,full,
+	kill,Found,3.2.7,full,
+	openvpn,Found,2.1_rc11,full,
+	openssl,Found,0.9.8g,full,
+	iptables,Found,v1.4.1.1,full,
+	setkey,Found,0.7.1,full,
+	openl2tpd,Found,No info,full,
+	xl2tpd,Found,xl2tpd-1.2.0,full,
+	l2tpd,Not found,No info,none,
+	pptp,Found,1.7.2,full,
+	pppd,Found,2.4.4,full,
+	ipsec,Found,strongSwan U4.2.4,full,
+	racoonctl,Found,No info,full,
+	vpnclient,Found,4.8.01 (0640),full,
+
+3. change current profile to hs_harz 
+	dcop kvpnc-3957 KVpncInterface setProfile 'hs_harz'
+\ No newline at end of file
diff --git a/doc/misc/README.FRITZBOX_VPN_IMPORT b/doc/misc/README.FRITZBOX_VPN_IMPORT
new file mode 100644
index 0000000..2b477f9
--- /dev/null
+++ b/doc/misc/README.FRITZBOX_VPN_IMPORT
@@ -0,0 +1,24 @@
+What
+====
+IPSec vpn to AVM Fritzbox using KVpnc
+
+Description:
+=========
+Some AVM Fritzbox router provides a IPSec VPN for accessing the local lan from the internet.
+There is a windows program called "Fritz!Fernzugang einrichten" (http://webgw.avm.de/download/t_download.jsp?partid=14654) which also runs fine using wine. This allows you to create a vpn profile for a given mail address.
+It creates 2 files: vpnconfig_xxx.cfg (to import into the fritzbox router) and vpnuser_xxx.cfg for use with the program "Fritz!Fernzugang" which only runs under windows.
+A detailed document for this process is available here (German only): http://www.avm.de/de/Service/Service-Portale/Service-Portal/VPN_Praxis_und_Tipps/step_by_step_fernzugang.php?portal=VPN
+You can import a the vpn user config file directly into Kvpnc. It must be not encrypted and is named vpnuser_xxx.cfg where xxx is your mail address.
+After import you can connect directly after importing the vpnuser_xxx.cfg file (vpnconfig_xxx.cfg must be imported into the fritzbox router before).
+
+Requirements:
+===========
+"Fritz!Fernzugang einrichten"
+KVpnc
+racoon (ipsec-tools)
+
+
+Have a lot of fun ;)
+
+
+
diff --git a/doc/misc/README.OPENVPN_INLINE_CERT b/doc/misc/README.OPENVPN_INLINE_CERT
new file mode 100644
index 0000000..7ddb3c5
--- /dev/null
+++ b/doc/misc/README.OPENVPN_INLINE_CERT
@@ -0,0 +1,27 @@
+KVpnc can import OpenVPN configuration files which contain inline certificates (user certificate, ca certificate, private key, tls-key).
+The format for the inline parts must be:
+
+<ca>
+-----BEGIN CERTIFICATE-----
+...
+-----END CERTIFICATE-----
+</ca>
+
+<cert>
+-----BEGIN CERTIFICATE-----
+...
+-----END CERTIFICATE-----
+</cert>
+
+<key>
+-----BEGIN RSA PRIVATE KEY-----
+...
+-----END RSA PRIVATE KEY-----
+</key>
+
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+...
+-----END OpenVPN Static key V1-----
+</tls-auth>
diff --git a/doc/misc/README.SSH_VPN b/doc/misc/README.SSH_VPN
new file mode 100644
index 0000000..0fb9af0
--- /dev/null
+++ b/doc/misc/README.SSH_VPN
@@ -0,0 +1,58 @@
+You need to have enabled the following options in /etc/ssh/sshd_config (Server):
+
+PermitTunnel yes
+PermitRootLogin yes
+
+Minimum requirement is OpenSSH 4.3 and ksshaskpass/ssh-askpass-gnome.
+
+TUN and TAP modes are supported.
+
+Network configuration can be made automaticlly (default) or by execution an specified script on server. If script is used the following parameters will be given:
+
+Parameter 0: script name e.g. /root/ssh_vpn_up.sh
+Parameter 1: device type  e.g. tun
+Parameter 2: ip address  e.g. 1.2.3.4 (tun)
+Parameter 3: remote ip address 1.2.3.5 (tun)
+
+On automatic configuration tun0/tap0 will be used.
+
+Example script on server:
+
+###### /root/ssh_vpn_up.sh #####
+#!/bin/bash
+
+# $0 script name /root/ssh_vpn_up.sh
+# $1 device type tun|tap
+# $2 ip address 1.2.3.4 (tun)
+# $3 remote ip address 1.2.3.5 (tun)
+
+device="tun0"
+ip=""
+remote_ip=""
+type="tun"
+
+echo "type: $1"
+
+if [ $# -gt 0 ]; then
+        type="$1"
+        if [ $# -gt 1 ]; then
+                ip=$2
+                if [ $# -gt 2 ]; then
+                        remoteip=$3
+                fi
+        fi
+fi
+
+if [ "$type "="tun" ]; then
+echo "tun!"
+/sbin/ifconfig $device $ip pointopoint $remoteip up
+fi
+
+if [ "$type"="tap" ]; then
+echo "tap!"
+netmask="255.255.255.0"
+ip="10.0.0.1"
+device="tap0"
+/sbin/ifconfig $device $ip netmask $netmask up
+fi
+############ END ##########
diff --git a/doc/misc/README.VIRTUALIP b/doc/misc/README.VIRTUALIP
new file mode 100644
index 0000000..101a590
--- /dev/null
+++ b/doc/misc/README.VIRTUALIP
@@ -0,0 +1 @@
+on ipsec (openswan/strongswan) you can set the virtual_private value (aka %v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.2.0/24,%v4:!192.168.15.128/25) in network - virtual ip settings - virtual subnets. You have to put the string here, it will be directly passed into ipsec.conf for the connection block.
diff --git a/doc/misc/README.handbook b/doc/misc/README.handbook
new file mode 100644
index 0000000..71395af
--- /dev/null
+++ b/doc/misc/README.handbook
@@ -0,0 +1,14 @@
+How to write the handbook
+-------------------------
+
+
+Step 1: write your content in English in index.docbook (maybe multiple files with xinclude)
+Step 2: run './update_handbook.sh' in this directory. This will update english translation template (handbook.pot) and all translations (e.g. fr/handbook.po)
+Step 3: translate <yourlanguage>/handbook.po (if your language isnt there yet, grab handbook.pot and send to me)
+Step 4: run './update_handbook.sh' again. This will create the docbook files containing the translation
+
+Best regards
+
+Christoph <crissi99@gmx.de>
+
+Last change: 2005/19/09 
diff --git a/doc/misc/README.smartcard b/doc/misc/README.smartcard
new file mode 100644
index 0000000..310d98a
--- /dev/null
+++ b/doc/misc/README.smartcard
@@ -0,0 +1,25 @@
+Smartcard support in KVpnc
+==========================
+
+Date: 2007/13/01
+
+1. preparation
+	- smartcard reader suported by opensc
+	- 'pkcs11-tool -L' shows your reader
+	- openvpn 2.1 (development version!)
+2. using it
+	01. create a OpenVPN connection with the wizard
+	02. go to profile - authentication - certificate/psk
+	03. check 'enable pkcs11 smartcard support'
+	04. select id type (usally id)
+	05. check 'use token provider library' and select one if nessary
+	06. click detect button behind slot combobox (now the slots on cardreaders should shown, usually 0)
+	07. select your slot
+	08. click detect button behind id combobox (now the content of the slot selected slot of step 6 should shown should be shown)
+	09. select your id
+	10. click save
+	11. exit preferences dialog
+	12. click connect
+	13. if pin entry dialog shows up, enter your pin
+
+Feedback are welcome to <crissi99@gmx.de>.
diff --git a/doc/misc/debian_compile.txt b/doc/misc/debian_compile.txt
new file mode 100644
index 0000000..b36d37d
--- /dev/null
+++ b/doc/misc/debian_compile.txt
@@ -0,0 +1,14 @@
+export kde_prefix=/usr
+export sysconfdir=/etc
+export kde_includedir=/usr/include/tde
+export infodir=/usr/share/info
+export mandir=/usr/share/man
+export qtdir=/usr/share/qt3
+export kde_cgidir=/usr/lib/cgi-bin
+export kde_confdir=/etc/kde3
+export kde_htmldir=/usr/share/doc/tde/HTML
+
+./configure --disable-debug --disable-rpath --prefix=$kde_prefix --sysconfdir=$sysconfdir --includedir=$kde_includedir --infodir=$infodir --mandir=$mandir --with-qt-dir=$qtdir --enable-pipe
+
+make
+
diff --git a/doc/misc/debian_compile_debug.txt b/doc/misc/debian_compile_debug.txt
new file mode 100644
index 0000000..bf97953
--- /dev/null
+++ b/doc/misc/debian_compile_debug.txt
@@ -0,0 +1,14 @@
+export kde_prefix=/usr
+export sysconfdir=/etc
+export kde_includedir=/usr/include/tde
+export infodir=/usr/share/info
+export mandir=/usr/share/man
+export qtdir=/usr/share/qt3
+export kde_cgidir=/usr/lib/cgi-bin
+export kde_confdir=/etc/kde3
+export kde_htmldir=/usr/share/doc/tde/HTML
+
+./configure --enable-debug=full --disable-rpath --prefix=$kde_prefix --sysconfdir=$sysconfdir --includedir=$kde_includedir --infodir=$infodir --mandir=$mandir --with-qt-dir=$qtdir
+
+make
+
diff --git a/doc/misc/der_import.txt b/doc/misc/der_import.txt
new file mode 100644
index 0000000..02c39c6
--- /dev/null
+++ b/doc/misc/der_import.txt
@@ -0,0 +1 @@
+openssl x509 -in Uniklinikum\ Giessen\ Root\ Authority\ 1.crt -out cert.pem -inform DER
diff --git a/doc/misc/gentoo_compile.txt b/doc/misc/gentoo_compile.txt
new file mode 100644
index 0000000..d787cf1
--- /dev/null
+++ b/doc/misc/gentoo_compile.txt
@@ -0,0 +1,4 @@
+export KDEPREFIX=/usr/kde/`cat /etc/rc.conf |grep XSESSION= | awk -F \" '{print $2}' | awk -F \- '{print $2}'`/
+./configure --disable-debug --disable-rpath
+
+make
diff --git a/doc/misc/loginfo b/doc/misc/loginfo
new file mode 100644
index 0000000..58806a3
--- /dev/null
+++ b/doc/misc/loginfo
@@ -0,0 +1 @@
+ALL /usr/bin/perl /home/crissi/ciabot_cvs_1.12.pl %p %{s} %n $USER project from_email dest_email ignore_regexp
diff --git a/doc/misc/openvpn.txt b/doc/misc/openvpn.txt
new file mode 100644
index 0000000..17e6c5e
--- /dev/null
+++ b/doc/misc/openvpn.txt
@@ -0,0 +1,29 @@
+prerequisites:
+  - openssl
+
+
+- port 5000 udp
+
+
+server:
+netsprinter:~ # openvpn --port 5000 --dev tun0 --ifconfig 10.0.0.1 10.0.0.2 --secret geheimer.key
+Sun Jan 23 17:32:14 2005 0[0]: OpenVPN 1.6_rc4 i686-pc-linux-gnu [SSL] [LZO] [PTHREAD] built on Dec  3 2004
+Sun Jan 23 17:32:14 2005 1[0]: TUN/TAP device tun0 opened
+Sun Jan 23 17:32:14 2005 2[0]: /sbin/ifconfig tun0 10.0.0.1 pointopoint 10.0.0.2 mtu 1256
+Sun Jan 23 17:32:14 2005 3[0]: PTHREAD support initialized
+Sun Jan 23 17:32:14 2005 4[0]: UDPv4 link local (bound): [undef]:5000
+Sun Jan 23 17:32:14 2005 5[0]: UDPv4 link remote: [undef]
+Sun Jan 23 17:32:59 2005 6[0]: Peer Connection Initiated with 192.168.1.37:5000
+Sun Jan 23 17:35:57 2005 7[0]: select : Interrupted system call (code=4)
+Sun Jan 23 17:35:57 2005 8[0]: SIGINT received, exiting
+
+
+client:
+crissi:/home/crissi# openvpn --dev tun0 --port 5000 --remote 192.168.1.36 --ifconfig 10.0.0.2 10.0.0.1 --secret ./geheimer.key
+Sun Jan 23 17:45:47 2005 OpenVPN 2.0_rc6 i386-pc-linux [SSL] [LZO] [EPOLL] built on Jan  5 2005
+Sun Jan 23 17:45:47 2005 TUN/TAP device tun0 opened
+Sun Jan 23 17:45:47 2005 /sbin/ifconfig tun0 10.0.0.2 pointopoint 10.0.0.1 mtu 1500
+Sun Jan 23 17:45:47 2005 UDPv4 link local (bound): [undef]:5000
+Sun Jan 23 17:45:47 2005 UDPv4 link remote: 192.168.1.36:5000
+Sun Jan 23 17:45:57 2005 Peer Connection Initiated with 192.168.1.36:5000
+Sun Jan 23 17:45:58 2005 Initialization Sequence Completed
diff --git a/doc/misc/pptp.txt b/doc/misc/pptp.txt
new file mode 100644
index 0000000..24bdc2f
--- /dev/null
+++ b/doc/misc/pptp.txt
@@ -0,0 +1,82 @@
+requirements:
+- mppe patched kernel (http://www.polbox.com/h/hs001/)
+- pptp client (http://pptpclient.sourceforge.net/)
+
+
+needed for connection:
+- IP address or hostname
+- dns
+	- automatic (usepeerdns)
+	- name servers (ip)
+- authentication domain name 
+- authentication
+	- no (noauth)
+	- yes 
+- username
+- password
+- encryption
+	- refuse 40 bit encr (nomppe-40)
+	- refuse 128 bit encr (nomppe-128)
+	- require stateless encr (mppe-stateful)
+	- require mppe (require-mppe)
+		- requires ppp-compress-18 (ppp_mppe)
+	- refuse eap (refuse-eap)
+
+optional:
+- debug (debug dump)
+- reconnect on disconnect (persist)
+
+
+options:
+
+       mppe-stateful
+              Allow  MPPE  to  use  stateful  mode.   Stateless  mode is still
+              attempted first.  The default is to disallow stateful mode.
+       nomppe Disables MPPE (Microsoft Point to Point  Encryption).   This  is
+              the default.
+
+       nomppe-40
+              Disable 40-bit encryption with MPPE.
+
+       nomppe-128
+              Disable 128-bit encryption with MPPE.
+
+       nomppe-stateful
+              Disable MPPE stateful mode.  This is the default.
+
+       refuse-mschap
+              With this option, pppd will not agree to authenticate itself  to
+              the peer using MS-CHAP.
+
+       refuse-mschap-v2
+              With  this option, pppd will not agree to authenticate itself to
+              the peer using MS-CHAPv2.
+       require-mppe
+              Require  the  use of MPPE (Microsoft Point to Point Encryption).
+              This option disables all other compression types.   This  option
+              enables  both  40-bit and 128-bit encryption.  In order for MPPE
+              to successfully come up, you must have authenticated with either
+              MS-CHAP  or  MS-CHAPv2.  This option is presently only supported
+              under Linux, and only if your  kernel  has  been  configured  to
+              include MPPE support.
+
+       require-mppe-40
+              Require the use of MPPE, with 40-bit encryption.
+
+       require-mppe-128
+              Require the use of MPPE, with 128-bit encryption.
+
+       require-mschap
+              Require the peer to authenticate itself using MS-CHAP [Microsoft
+              Challenge Handshake Authentication Protocol] authentication.
+
+       require-mschap-v2
+              Require  the  peer  to  authenticate  itself   using   MS-CHAPv2
+              [Microsoft  Challenge Handshake Authentication Protocol, Version
+              2] authentication.
+
+       require-eap
+              Require the peer to authenticate itself  using  EAP  [Extensible
+              Authentication Protocol] authentication.
+
+
diff --git a/doc/misc/update_handbook.sh b/doc/misc/update_handbook.sh
new file mode 100755
index 0000000..24210e6
--- /dev/null
+++ b/doc/misc/update_handbook.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+LANGS="de fr sv"
+
+echo -n "update pot..."
+xml2pot en/index.docbook > en/handbook.pot
+echo " done."
+
+for lang in $LANGS; do
+        echo -n "updating $lang..."
+	mv $lang/handbook.po $lang/handbook_old.po
+	msgmerge -o $lang/handbook.po $lang/handbook_old.po en/handbook.pot
+	rm $lang/handbook_old.po
+        po2xml en/index.docbook $lang/handbook.po > $lang/index.docbook
+        echo " done."
+done
diff --git a/doc/misc/vpnc-0.2-err-sort.txt b/doc/misc/vpnc-0.2-err-sort.txt
new file mode 100644
index 0000000..8123dde
--- /dev/null
+++ b/doc/misc/vpnc-0.2-err-sort.txt
@@ -0,0 +1,29 @@
+IKE DH Group * unsupported
+IKE DH Group must not be nopfs
+Perfect Forward Secrecy * unsupported
+authentication unsuccessful
+binding to port *
+can't allocate memory
+can't initialise tunnel interface
+can't poll socket
+can't send packet
+can't send packet
+couldn't open *
+got response from unknown host *
+hash comparison failed: * check group password!
+making socket
+malformed loadbalance target
+missing IPSec ID
+missing IPSec gatway address
+missing IPSec secret
+missing Xauth password
+missing Xauth username
+no response from target
+out of memory
+reading *
+reading user input
+receiving packet
+response was invalid [1]: *
+response was invalid [2]: *
+response was invalid [3]: *
+unknown host *
diff --git a/doc/misc/vpnc-0.2-err.txt b/doc/misc/vpnc-0.2-err.txt
new file mode 100644
index 0000000..2a48c31
--- /dev/null
+++ b/doc/misc/vpnc-0.2-err.txt
@@ -0,0 +1,30 @@
+making socket
+binding to port \%d
+out of memory
+unknown host `\%s'
+can't initialise tunnel interface
+receiving packet
+got response from unknown host \%s:\%d
+can't send packet
+can't poll socket
+no response from target
+response was invalid [1]: \%s
+response was invalid [2]: \%s
+response was invalid [3]: \%s
+hash comparison failed: \%s\ncheck group password!
+can't send packet
+malformed loadbalance target
+reading user input
+authentication unsuccessful
+couldn't open `\%s'
+reading `\%s'
+can't allocate memory
+missing IPSec gatway address
+missing IPSec ID
+missing IPSec secret
+missing Xauth username
+missing Xauth password
+IKE DH Group \"\%s\" unsupported
+Perfect Forward Secrecy \"\%s\" unsupported
+IKE DH Group must not be nopfs
+
diff --git a/doc/misc/vpnc-0.2-strings.txt b/doc/misc/vpnc-0.2-strings.txt
new file mode 100644
index 0000000..cd91bb4
--- /dev/null
+++ b/doc/misc/vpnc-0.2-strings.txt
@@ -0,0 +1,563 @@
+/lib/ld-linux.so.2
+libgcrypt.so.11
+gcry_md_get_algo_dlen
+gcry_mpi_scan
+gcry_md_close
+gcry_mpi_get_nbits
+gcry_md_read
+gcry_md_setkey
+gcry_mpi_copy
+gcry_mpi_powm
+gcry_control
+gcry_randomize
+gcry_md_write
+gcry_mpi_mul_2exp
+gcry_cipher_open
+gcry_cipher_ctl
+gcry_md_hash_buffer
+gcry_cipher_close
+gcry_cipher_algo_info
+gcry_free
+gcry_mpi_add_ui
+gcry_cipher_encrypt
+gcry_md_open
+gcry_check_version
+gcry_mpi_set_ui
+gcry_cipher_decrypt
+gcry_mpi_new
+gcry_mpi_release
+_Jv_RegisterClasses
+gcry_md_ctl
+gcry_mpi_aprint
+__gmon_start__
+libgpg-error.so.0
+_DYNAMIC
+_init
+_fini
+_GLOBAL_OFFSET_TABLE_
+libc.so.6
+putchar
+strcpy
+unsetenv
+ioctl
+stdout
+connect
+getenv
+__strtol_internal
+getpid
+__getdelim
+memcpy
+perror
+puts
+getpass
+system
+feof
+malloc
+recvfrom
+socket
+fflush
+strncasecmp
+abort
+uname
+calloc
+fprintf
+strcat
+bind
+chdir
+setsockopt
+stdin
+signal
+openlog
+strncmp
+strncpy
+strcasecmp
+sendto
+realloc
+__strdup
+fork
+inet_aton
+memset
+inet_ntoa
+time
+__assert_fail
+poll
+syslog
+gethostbyname
+asprintf
+fclose
+stderr
+fwrite
+__errno_location
+inet_ntop
+fopen
+_IO_stdin_used
+_exit
+__libc_start_main
+setsid
+getsockname
+_edata
+__bss_start
+_end
+GLIBC_2.1
+GLIBC_2.0
+GCRYPT_1.2
+PTRh
+QVhT
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+;A0t
+q0Ph_
+Ph@#
+PVht
+w0PS
+w0PS
+G0;G
+G(;G0|
+w(PS
+[^_]
+;B0t
+p0Sh	
+[^_]
+w0PS
+[^_]
+[^_]
+[^_]
+Ph@$
+[^_]
+[^_]
+[^_]
+WSh@%
+r0PS
+[^_]
+[^_]
+[^_]
+PSht
+[^_]
+[^_]
+Rh> 
+PhW 
+Pho 
+[^_]
+[^_]
+F	PS
+F	PS
+F	PS
+[^_]
+[^_]
+[^_]
+[^_]
+Ph@1
+PhR1
+Ph@1
+Phi1
+[^_]
+Ph}1
+G	Ph
+Ph}1
+G	Ph
+G	Ph
+Ph"2
+Ph22
+PhJ2
+PhP2
+Ph[2
+Phh2
+PhJ2
+PhP2
+Ph[2
+Ph|2
+G	Ph
+[^_]
+[^_]
+C Pj
+Phm9
+[^_]
+;V(t<
+9Z8u
+9B`t
+[^_]
+pHWh
+pThs;
+pHWj
+Phq:
+[^_]
+[^_]
+P`Qh
+p8h =
+PhL^
+ hH^
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+nopfs
+sha1
+3des
+aes128
+aes192
+aes256
+get_algo
+vpnc.c
+what <= SUPP_ALGO_CRYPT
+key <= SUPP_ALGO_IPSEC_SA
+server
+%s:%c
+%02x
+making socket
+binding to port %d
+out of memory
+unknown host `%s'
+using interface %s
+receiving packet
+exchange_type
+can't send packet
+can't poll socket
+no response from target
+S4.1
+i_cookie
+i_nonce
+S4.2
+dh_public
+S4.3
+S4.4
+response was invalid [1]: %s
+IKE SA selected %s-%s
+response was invalid [2]: %s
+response was invalid [3]: %s
+skeyid
+returned_hash
+dh_shared_secret
+skeyid_d
+skeyid_a
+skeyid_e
+enc-key
+do_phase_1
+d->ivlen < d->md_len
+current_iv
+S4.5
+initial_iv
+S4.6
+hashlen: %d
+u.hash.length: %d
+expected_hash
+h->u.hash.data
+authing NULL package!
+S5.1
+S5.2
+malformed loadbalance target
+S5.3
+S5.4
+%c%c
+%.*s%s
+S5.5
+xauth packet unsupported: %s
+reading user input
+S5.6
+authentication unsuccessful
+S5.7
+CISCO_BANNER
+CISCO_DEF_DOMAIN
+INTERNAL_IP4_NBNS
+INTERNAL_IP4_DNS
+INTERNAL_IP4_NETMASK
+INTERNAL_IP4_ADDRESS
+Banner: 
+Remote Application Version: 
+got pfs setting: %d
+got address %s
+TUNDEV
+VPNGATEWAY
+S7.1
+len = %d
+S7.2
+S7.3
+S7.4
+S7.5
+S7.6
+IPSEC SA selected %s-%s
+S7.7
+S7.8
+S7.9
+S7.10
+default value for this option
+commandline option,
+configfile variable, 
+argument type
+description
+--gateway
+IPSec gateway 
+<ip/hostname>
+IP/name of your IPSec gateway
+--id
+IPSec ID 
+<ASCII string>
+your group name
+IPSec secret 
+--username
+Xauth username 
+your username
+Xauth password 
+--script
+Config Script 
+<command>
+--domain
+Domain 
+--dh
+IKE DH Group 
+<dh1/dh2/dh5>
+name of the IKE DH Group
+--pfs
+Perfect Forward Secrecy 
+<nopfs/dh1/dh2/dh5/server>
+--enable-1des
+Enable Single DES
+--application-version
+Application version 
+Application Version to report
+--ifname
+Interface name 
+--debug
+Debug 
+<0/1/2/3/99>
+Show verbose debug messages
+--no-detach
+No Detach
+--pid-file
+Pidfile 
+<filename>
+--local-port
+Local Port 
+<0-65535>
+--non-inter
+Noninteractive
+couldn't open `%s'
+reading `%s'
+can't allocate memory
+Legend:
+(configfile only option)
+  %s %s
+  %s%s
+      %s
+    Default: %s
+1.1.12
+hex_test
+--version
+vpnc version 0.2-rm+zomb.1
+Supported DH-Groups:
+Supported Hash-Methods:
+Supported Encryptions:
+--print-config
+--help
+%s: unknown option %s
+/etc/vpnc/default.conf
+/etc/vpnc.conf
+Enter IPSec gateway address: 
+Enter IPSec ID for %s: 
+Enter username for %s: 
+Enter password for %s@%s: 
+vpnc.conf:
+%s%s
+missing IPSec gatway address
+missing IPSec ID
+missing IPSec secret
+missing Xauth username
+missing Xauth password
+can't initialise tunnel interface
+got response from unknown host %s:%d
+want extype %d, got %d, ignoring
+unknown attribute %d, arborting..
+hash comparison failed: %s
+check group password!
+---!!!!!!!!! entering phase2_fatal !!!!!!!!!---
+got cisco loadbalancing notice, diverting to %s
+got responder liftime notice, ignoring..
+expected xauth packet; rejected: %s
+server requested domain, but none set (use "Domain ..." in config or --domain
+xauth SET response rejected: %s
+configuration response rejected: %s
+generating %d bytes keymat (cnt=%d)
+ignoring responder-lifetime notify
+quick mode response rejected: %s
+check pfs setting
+quick mode response rejected [2]: %s
+Cisco Systems VPN Client %s:%s
+your group password (cleartext, no support for obfuscated strings)
+your password (cleartext, no support for obfuscated strings)
+command is executed using system() to configure the interface,
+      routing and so on. Device name, IP, etc. are passed using enviroment
+      variables, see README. This script is executed right after ISAKMP is
+      done, but befor tunneling is enabled.
+(NT-) Domain name for authentication
+Diffie-Hellman group to use for PFS
+enables weak single DES encryption
+visible name of the TUN interface
+Don't detach from the console after login
+store the pid of background process in <filename>
+local ISAKMP port number to use (0 == use random port)
+Don't ask anything, exit on missing options
+warning: unknown configuration directive in %s at line %d
+Usage: %s [--version] [--print-config] [--help] [options] [config file]
+Report bugs to vpnc@unix-ag.uni-kl.de
+Copyright (C) 2002, 2003 Geoffrey Keating, Maurice Massar
+vpnc comes with NO WARRANTY, to the extent permitted by law.
+You may redistribute copies of vpnc under the terms of the GNU General
+Public License.  For more information about these matters, see the files
+named COPYING.
+WARNING! active debug level is >= 99, output includes username and password (hex encoded)
+WARNING! active debug level is >= 99, output includes username and password (hex encoded)
+Enter IPSec secret for %s@%s: 
+IKE DH Group "%s" unsupported
+Perfect Forward Secrecy "%s" unsupported
+IKE DH Group must not be nopfs
+; H_
+malloc of %lu bytes failed
+alloc of %lud bytes failed
+flatten_isakmp_packet
+isakmp-pkt.c
+blksz != 0
+t.attributes.type
+t.attributes.u.attr_16
+t.attributes.u.lots.length
+(not dumping xauth data)
+t.attributes.u.lots.data
+next_type
+sa.doi
+sa.situation
+p.number
+p.prot_id
+p.spi_size
+p.spi
+t.number
+t.id
+ke.data
+id.type
+id.protocol
+id.port
+id.data
+cert.encoding
+cert.data
+n.doi
+n.protocol
+n.spi_length
+n.type
+n.spi
+n.data
+d.num_spi
+d.spi
+modecfg.type
+DONE PARSING PAYLOAD type
+BEGIN_PARSE
+r_cookie
+payload
+isakmp_version
+flags
+message_id
+PARSE_OK
+INVALID_PAYLOAD_TYPE
+DOI_NOT_SUPPORTED
+SITUATION_NOT_SUPPORTED
+INVALID_COOKIE
+INVALID_MAJOR_VERSION
+INVALID_MINOR_VERSION
+INVALID_EXCHANGE_TYPE
+INVALID_FLAGS
+INVALID_MESSAGE_ID
+INVALID_PROTOCOL_ID
+INVALID_SPI
+INVALID_TRANSFORM_ID
+ATTRIBUTES_NOT_SUPPORTED
+NO_PROPOSAL_CHOSEN
+BAD_PROPOSAL_SYNTAX
+PAYLOAD_MALFORMED
+INVALID_KEY_INFORMATION
+INVALID_ID_INFORMATION
+INVALID_CERT_ENCODING
+INVALID_CERTIFICATE
+CERT_TYPE_UNSUPPORTED
+INVALID_CERT_AUTHORITY
+INVALID_HASH_INFORMATION
+AUTHENTICATION_FAILED
+INVALID_SIGNATURE
+ADDRESS_NOTIFICATION
+NOTIFY_SA_LIFETIME
+CERTIFICATE_UNAVAILABLE
+UNSUPPORTED_EXCHANGE_TYPE
+UNEQUAL_PAYLOAD_LENGTHS
+|S5v
+size = %ld, blksz = %ld, padding = %ld
+ sending: ========================>
+(not dumping xauth data length)
+recvfrom: %m
+packet too short from %s
+truncated in: %d -> %d
+socket(SOCK_RAW)
+setsockopt(IP_HDRINCL)
+ipesp
+socket: %m
+connect: %m
+getsockname: %m
+local address for %s is %s
+unknown spi %ld
+hmac_compute
+tunip.c
+md_ctx != 0
+ret == 0
+sending ESP packet (after ah)
+sendto: %m
+truncated out (%d out of %d)
+Packet too short
+HMAC mismatch in ESP mode
+Inconsistent padlen
+Inconsistent next_header %d
+Bad padding
+poll: %m
+read: %m
+routing loop to %s
+unknown spi from %s
+terminated
+tous.enc_secret
+tous.auth_secret
+tothem.enc_secret
+tothem.auth_secret
+vpnc
+VPNC started in foreground...
+can't find a local address for packets to %s
+sending packet: len = %d, padding = %d
+sending ESP packet (before crypt)
+sending ESP packet (after crypt)
+payload len %d not a multiple of algorithm block size %d
+peer hasn't a known address yet
+spi %ld: remote address changed from %s to %s
+received update probe from peer
+can't open pidfile %s for writing
+Warning, could not fork the child process!
+VPNC started in background (pid: %d)...
+/dev/net/tun
+can't open /dev/net/tun, check that it is either device char 10 200 or (with DevFS) a symlink to ../misc/net/tun (not misc/net/tun!!!)
+ifconfig $TUNDEV inet $INTERNAL_IP4_ADDRESS pointopoint $INTERNAL_IP4_ADDRESS netmask 255.255.255.255 mtu 1412 up
+FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF
+id <= (int)(sizeof (groups) / sizeof (groups[0]))
+group_init
+math_group.c
+groups[i].type == MODP
+group_get
+id >= 1
+clone->type == MODP
+group_free
+grp->type == MODP
+modp_clone
+new_grp
+modp_init
diff --git a/doc/misc/vpnc-0.3.1-err-newlines.txt b/doc/misc/vpnc-0.3.1-err-newlines.txt
new file mode 100644
index 0000000..1454146
--- /dev/null
+++ b/doc/misc/vpnc-0.3.1-err-newlines.txt
@@ -0,0 +1,9 @@
+Warning, could not fork the child process!
+alloc of * bytes failed
+can't send packet
+error: arbitrary naming tunnel interface is not supported in this version
+error: arbitrary naming tunnel interface only supported on linux
+malloc of * bytes failed
+reading user input
+vpnc.conf:
+warning: unknown configuration directive in * at line *
diff --git a/doc/misc/vpnc-0.3.1-err-sort.txt b/doc/misc/vpnc-0.3.1-err-sort.txt
new file mode 100644
index 0000000..efa8cb9
--- /dev/null
+++ b/doc/misc/vpnc-0.3.1-err-sort.txt
@@ -0,0 +1,34 @@
+IKE DH Group * unsupported
+IKE DH Group must not be nopfs
+Perfect Forward Secrecy * unsupported
+Warning, could not fork the child process!
+alloc of * bytes failed
+authentication unsuccessful
+binding to port *
+can't allocate memory
+can't initialise tunnel interface
+can't poll socket
+can't send packet
+couldn't open *
+error: arbitrary naming tunnel interface is not supported in this version
+error: arbitrary naming tunnel interface only supported on linux
+got response from unknown host *
+hash comparison failed: * check group password!
+making socket
+malformed loadbalance target
+malloc of * bytes failed
+missing IPSec ID
+missing IPSec gatway address
+missing IPSec secret
+missing Xauth password
+missing Xauth username
+no response from target
+out of memory
+reading *
+receiving packet
+response was invalid [1]: *
+response was invalid [2]: *
+response was invalid [3]: *
+unknown host *
+vpnc.conf:
+warning: unknown configuration directive in * at line *
diff --git a/doc/misc/vpnc-0.3.1-err.txt b/doc/misc/vpnc-0.3.1-err.txt
new file mode 100644
index 0000000..d2c5adb
--- /dev/null
+++ b/doc/misc/vpnc-0.3.1-err.txt
@@ -0,0 +1,34 @@
+couldn't open `%s'
+reading `%s'", name
+can't allocate memory
+warning: unknown configuration directive in %s at line %d
+vpnc.conf:\n\n
+missing IPSec gatway address
+missing IPSec ID
+missing IPSec secret
+missing Xauth username
+missing Xauth password
+IKE DH Group \"%s\" unsupported\n
+Perfect Forward Secrecy \"%s\" unsupported\n
+IKE DH Group must not be nopfs
+malloc of %lu bytes failed
+alloc of %lud bytes failed
+error: arbitrary naming tunnel interface only supported on linux\n
+error: arbitrary naming tunnel interface is not supported in this version\n
+Warning, could not fork the child process!\n
+making socket
+binding to port %d
+out of memory
+unknown host `%s'\n", hostname
+can't initialise tunnel interface
+receiving packet
+got response from unknown host %s:%d
+can't send packet
+can't poll socket
+no response from target
+response was invalid [1]: %s
+response was invalid [2]: %s
+response was invalid [3]: %s
+hash comparison failed: %s\ncheck group password!
+malformed loadbalance target
+authentication unsuccessful
+\ No newline at end of file
diff --git a/doc/misc/vpnc-0.3.1-strings.txt b/doc/misc/vpnc-0.3.1-strings.txt
new file mode 100644
index 0000000..d86e142
--- /dev/null
+++ b/doc/misc/vpnc-0.3.1-strings.txt
@@ -0,0 +1,622 @@
+/lib/ld-linux.so.2
+SuSE
+libgcrypt.so.11
+gcry_md_get_algo_dlen
+gcry_mpi_scan
+gcry_md_close
+gcry_mpi_get_nbits
+gcry_md_read
+gcry_md_setkey
+gcry_mpi_copy
+gcry_mpi_powm
+gcry_control
+gcry_randomize
+gcry_md_write
+gcry_mpi_mul_2exp
+gcry_cipher_open
+gcry_cipher_ctl
+gcry_md_hash_buffer
+gcry_cipher_close
+gcry_cipher_algo_info
+gcry_free
+gcry_mpi_add_ui
+gcry_cipher_encrypt
+gcry_md_open
+gcry_check_version
+gcry_mpi_set_ui
+gcry_cipher_decrypt
+gcry_mpi_new
+gcry_mpi_release
+_Jv_RegisterClasses
+gcry_md_ctl
+gcry_mpi_aprint
+__gmon_start__
+libgpg-error.so.0
+_DYNAMIC
+_init
+_fini
+_GLOBAL_OFFSET_TABLE_
+libc.so.6
+putchar
+strcpy
+unsetenv
+ioctl
+stdout
+connect
+getenv
+__strtol_internal
+getpid
+__getdelim
+memcpy
+perror
+puts
+getpass
+system
+feof
+malloc
+recvfrom
+socket
+fflush
+strncasecmp
+abort
+uname
+calloc
+fprintf
+strcat
+bind
+chdir
+setsockopt
+stdin
+signal
+openlog
+strncmp
+strncpy
+strcasecmp
+sendto
+realloc
+__strdup
+fork
+inet_aton
+memset
+inet_ntoa
+time
+__assert_fail
+poll
+syslog
+gethostbyname
+asprintf
+fclose
+stderr
+fwrite
+__errno_location
+inet_ntop
+fopen
+_IO_stdin_used
+_exit
+__libc_start_main
+strchr
+setsid
+getsockname
+_edata
+__bss_start
+_end
+GLIBC_2.1
+GLIBC_2.0
+GCRYPT_1.2
+PTRh
+QVh\
+jyh&%
+jzh&%
+[^_]
+[^_]
+[^_]
+Pht%
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+;BDt
+Ph)&
+pDSh<&
+[^_]
+wDPS
+[^_]
+[^_]
+[^_]
+rDPS
+[^_]
+[^_]
+Pht&
+Sh}&
+;BDt
+;FDt
+qDPh
+PVh!'
+rDPS
+q4h2'
+rDPS
+q0h;'
+C(;CD
+CD;C(
+w$hM'
+G@;GDv
+v@PS
+vLhv'
+[^_]
+Ph4(
+[^_]
+Ph|,
+Vhz(
+Vhm(
+Ph0)
+Ph|,
+PhL)
+[^_]
+[^_]
+[^_]
+Pha)
+Ph -
+PSh!'
+[^_]
+Vh0.
+ShK.
+[^_]
+F	PS
+F	PS
+F	PS
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+Ph(/
+G	Ph1/
+Ph;/
+PhL/
+G	PhU/
+Phb/
+G	Phj/
+Phv/
+G	PhU/
+[^_]
+Sht&
+Ph!0
+Ph*0
+Ph20
+PhA0
+PhO0
+PhU0
+Phr'
+[^_]
+C Pj
+Ph	<
+[^_]
+C Pj
+Ph	<
+[^_]
+PhH>
+;V(t<
+9Z8u
+9B`t
+[^_]
+SQhx>
+pHSh
+pHSj
+[^_]
+[^_]
+[^_]
+Php=
+[^_]
+P`Qh o
+p8hh?
+Ph,)
+PhLn
+ hHn
+PRh1@
+PRh;@
+7RhE@
+ PRhO@
+;PhU@
+[^_]
+[^_]
+VWhPD
+[^_]
+RhFD
+Ph]D
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+[^_]
+nopfs
+sha1
+3des
+aes128
+aes192
+aes256
+get_algo
+vpnc.c
+what <= SUPP_ALGO_CRYPT
+key <= SUPP_ALGO_IPSEC_SA
+server
+making socket
+binding to port %d
+out of memory
+unknown host `%s'
+using interface %s
+TUNDEV
+VPNGATEWAY
+receiving packet
+can't send packet
+can't poll socket
+no response from target
+hashlen: %lu
+u.hash.length: %d
+expected_hash
+h->u.hash.data
+authing NULL package!
+S4.1
+i_cookie
+i_nonce
+S4.2
+dh_public
+S4.3
+S4.4
+response was invalid [1]: %s
+IKE SA selected %s-%s
+response was invalid [2]: %s
+response was invalid [3]: %s
+skeyid
+returned_hash
+dh_shared_secret
+skeyid_d
+skeyid_a
+skeyid_e
+enc-key
+do_phase_1
+s->ivlen <= s->md_len
+current_iv
+S4.5
+NAT status: no NAT-T VID seen
+initial_iv
+S4.6
+S5.1
+S5.2
+malformed loadbalance target
+S5.3
+S5.4
+%c%c
+%.*s%s
+S5.5
+xauth packet unsupported: %s
+Answer
+Password
+Passcode
+%s for VPN %s@%s: 
+S5.6
+authentication unsuccessful
+S5.7
+CISCO_BANNER
+CISCO_DEF_DOMAIN
+INTERNAL_IP4_NBNS
+INTERNAL_IP4_DNS
+INTERNAL_IP4_NETMASK
+INTERNAL_IP4_ADDRESS
+ignoring zero length netmask
+Banner: 
+Remote Application Version: 
+got pfs setting: %d
+unknown attriube %d / 0x%X
+got address %s
+S7.1
+len = %d
+S7.2
+S7.3
+S7.4
+S7.5
+S7.6
+IPSEC SA selected %s-%s
+S7.7
+S7.8
+S7.9
+S7.10
+1.1.90
+hex_test
+vpnc version 0.3.1
+can't initialise tunnel interface
+got response from unknown host %s:%d
+NAT-T mode, adding non-esp marker
+---!!!!!!!!! entering phase2_fatal !!!!!!!!!---
+generating %d bytes keymat (cnt=%d)
+unknown attribute %d, arborting..
+hash comparison failed: %s
+check group password!
+NAT status: this end behind NAT? %s -- remote end behind NAT? %s
+NAT status: NAT-T VID seen, no NAT device detected
+got cisco loadbalancing notice, diverting to %s
+got responder liftime notice, ignoring..
+expected xauth packet; rejected: %s
+server requested domain, but none set (use "Domain ..." in config or --domain
+xauth SET response rejected: %s
+configuration response rejected: %s
+got peer udp encapsulation port: %hu
+ignoring responder-lifetime notify
+quick mode response rejected: %s
+check pfs setting
+quick mode response rejected [2]: %s
+; H_
+malloc of %lu bytes failed
+alloc of %lud bytes failed
+flatten_isakmp_packet
+isakmp-pkt.c
+blksz != 0
+t.attributes.type
+t.attributes.u.attr_16
+t.attributes.u.lots.length
+(not dumping xauth data)
+t.attributes.u.lots.data
+next_type
+sa.doi
+sa.situation
+p.number
+p.prot_id
+p.spi_size
+p.spi
+t.number
+t.id
+ke.data
+id.type
+id.protocol
+id.port
+id.data
+cert.encoding
+cert.data
+n.doi
+n.protocol
+n.spi_length
+n.type
+n.spi
+n.data
+d.num_spi
+d.spi
+modecfg.type
+UNKNOWN.data
+DONE PARSING PAYLOAD type
+BEGIN_PARSE
+r_cookie
+payload
+isakmp_version
+exchange_type
+flags
+message_id
+PARSE_OK
+INVALID_PAYLOAD_TYPE
+DOI_NOT_SUPPORTED
+SITUATION_NOT_SUPPORTED
+INVALID_COOKIE
+INVALID_MAJOR_VERSION
+INVALID_MINOR_VERSION
+INVALID_EXCHANGE_TYPE
+INVALID_FLAGS
+INVALID_MESSAGE_ID
+INVALID_PROTOCOL_ID
+INVALID_SPI
+INVALID_TRANSFORM_ID
+ATTRIBUTES_NOT_SUPPORTED
+NO_PROPOSAL_CHOSEN
+BAD_PROPOSAL_SYNTAX
+PAYLOAD_MALFORMED
+INVALID_KEY_INFORMATION
+INVALID_ID_INFORMATION
+INVALID_CERT_ENCODING
+INVALID_CERTIFICATE
+CERT_TYPE_UNSUPPORTED
+INVALID_CERT_AUTHORITY
+INVALID_HASH_INFORMATION
+AUTHENTICATION_FAILED
+INVALID_SIGNATURE
+ADDRESS_NOTIFICATION
+NOTIFY_SA_LIFETIME
+CERTIFICATE_UNAVAILABLE
+UNSUPPORTED_EXCHANGE_TYPE
+UNEQUAL_PAYLOAD_LENGTHS
+|S5v
+size = %ld, blksz = %ld, padding = %ld
+ sending: ========================>
+(not dumping xauth data length)
+recvfrom: %m
+packet too short from %s
+truncated in: %d -> %d
+socket(SOCK_RAW)
+setsockopt(IP_HDRINCL)
+ipesp
+udpesp
+socket: %m
+connect: %m
+getsockname: %m
+local address for %s is %s
+unknown spi %ld
+hmac_compute
+tunip.c
+md_ctx != 0
+ret == 0
+sending ESP packet (after ah)
+sendto: %m
+truncated out (%d out of %d)
+Packet too short
+HMAC mismatch in ESP mode
+Inconsistent padlen
+Inconsistent next_header %d
+Bad padding
+poll: %m
+read: %m
+routing loop to %s
+unknown spi from %s
+terminated
+tous.enc_secret
+tous.auth_secret
+tothem.enc_secret
+tothem.auth_secret
+vpnc
+VPNC started in foreground...
+can't find a local address for packets to %s
+sending packet: len = %d, padding = %lu
+sending ESP packet (before crypt)
+sending ESP packet (after crypt)
+truncated out (%Zd out of %Zd)
+payload len %d not a multiple of algorithm block size %lu
+peer hasn't a known address yet
+spi %ld: remote address changed from %s to %s
+received update probe from peer
+can't open pidfile %s for writing
+Warning, could not fork the child process!
+VPNC started in background (pid: %d)...
+%s: %02x
+%s: %04x
+%s: %08x
+%s:%c
+%02x
+default value for this option
+10000
+commandline option,
+configfile variable, 
+argument type
+description
+--gateway
+IPSec gateway 
+<ip/hostname>
+IP/name of your IPSec gateway
+--id
+IPSec ID 
+<ASCII string>
+your group name
+IPSec secret 
+--username
+Xauth username 
+your username
+Xauth password 
+--udp
+UDP Encapsulate
+--domain
+Domain 
+--xauth-inter
+Xauth interactive
+--script
+Config Script 
+<command>
+--dh
+IKE DH Group 
+<dh1/dh2/dh5>
+name of the IKE DH Group
+--pfs
+Perfect Forward Secrecy 
+<nopfs/dh1/dh2/dh5/server>
+--enable-1des
+Enable Single DES
+--application-version
+Application version 
+Application Version to report
+--ifname
+Interface name 
+--debug
+Debug 
+<0/1/2/3/99>
+Show verbose debug messages
+--no-detach
+No Detach
+--pid-file
+Pidfile 
+<filename>
+--local-port
+Local Port 
+<0-65535>
+--udp-port
+UDP Encapsulation Port 
+--disable-natt
+Disable NAT Traversal
+disable use of NAT-T
+--non-inter
+Noninteractive
+couldn't open `%s'
+reading `%s'
+can't allocate memory
+%s%.*s
+Legend:
+(configfile only option)
+  %s %s
+  %s%s
+      
+    Default: %s
+Supported DH-Groups:
+Supported Hash-Methods:
+Supported Encryptions:
+--version
+--print-config
+--help
+--long-help
+%s: unknown option %s
+/etc/vpnc/default.conf
+/etc/vpnc.conf
+Enter IPSec gateway address: 
+Enter IPSec ID for %s: 
+Enter username for %s: 
+Enter password for %s@%s: 
+vpnc.conf:
+missing IPSec gatway address
+missing IPSec ID
+missing IPSec secret
+missing Xauth username
+missing Xauth password
+Cisco Systems VPN Client %s:%s
+your group password (cleartext, no support for obfuscated strings)
+your password (cleartext, no support for obfuscated strings)
+Use Cisco-UDP encapsulation of IPSEC traffic
+(NT-) Domain name for authentication
+enable interactive extended authentication (for challange response auth)
+command is executed using system() to configure the interface,
+routing and so on. Device name, IP, etc. are passed using enviroment
+variables, see README. This script is executed right after ISAKMP is
+done, but befor tunneling is enabled.
+Diffie-Hellman group to use for PFS
+enables weak single DES encryption
+visible name of the TUN interface
+Don't detach from the console after login
+store the pid of background process in <filename>
+local ISAKMP port number to use (0 == use random port)
+local UDP port number to use (0 == use random port)
+Don't ask anything, exit on missing options
+warning: unknown configuration directive in %s at line %d
+Usage: %s [--version] [--print-config] [--help] [--long-help] [options] [config file]
+Report bugs to vpnc@unix-ag.uni-kl.de
+Copyright (C) 2002-2004 Geoffrey Keating, Maurice Massar
+vpnc comes with NO WARRANTY, to the extent permitted by law.
+You may redistribute copies of vpnc under the terms of the GNU General
+Public License.  For more information about these matters, see the files
+named COPYING.
+WARNING! active debug level is >= 99, output includes username and password (hex encoded)
+WARNING! active debug level is >= 99, output includes username and password (hex encoded)
+Enter IPSec secret for %s@%s: 
+IKE DH Group "%s" unsupported
+Perfect Forward Secrecy "%s" unsupported
+IKE DH Group must not be nopfs
+/dev/net/tun
+can't open /dev/net/tun, check that it is either device char 10 200 or (with DevFS) a symlink to ../misc/net/tun (not misc/net/tun)
+ifconfig $TUNDEV inet $INTERNAL_IP4_ADDRESS pointopoint $INTERNAL_IP4_ADDRESS netmask 255.255.255.255 mtu 1412 up
+FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF
+FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF
+id <= (int)(sizeof(groups) / sizeof(groups[0]))
+group_init
+math_group.c
+groups[i].type == MODP
+group_get
+id >= 1
+clone->type == MODP
+group_free
+grp->type == MODP
+modp_clone
+new_grp
+modp_init
diff --git a/doc/misc/vpnc-err.txt b/doc/misc/vpnc-err.txt
new file mode 100644
index 0000000..86b84d4
--- /dev/null
+++ b/doc/misc/vpnc-err.txt
@@ -0,0 +1,40 @@
+IKE DH Group * unsupported
+IKE DH Group must not be nopfs
+Perfect Forward Secrecy * unsupported
+Warning, could not fork the child process!
+alloc of * bytes failed
+authentication unsuccessful
+binding to port *
+can't allocate memory
+can't initialise tunnel interface
+can't poll socket
+can't send packet
+configuration response rejected: *
+couldn't open *
+error: arbitrary naming tunnel interface is not supported in this version
+error: arbitrary naming tunnel interface only supported on linux
+expected xauth packet; rejected: *
+got response from unknown host *
+hash comparison failed: * check group password!
+making socket
+malformed loadbalance target
+malloc of * bytes failed
+missing IPSec ID
+missing IPSec gatway address
+missing IPSec secret
+missing Xauth password
+missing Xauth username
+no response from target
+out of memory
+quick mode response rejected [2]: *
+quick mode response rejected: * check pfs setting
+reading *
+receiving packet
+response was invalid [1]: *
+response was invalid [2]: *
+response was invalid [3]: *
+unknown host *
+vpnc.conf:
+warning: unknown configuration directive in * at line *
+xauth SET response rejected: *
+xauth packet unsupported: *
diff --git a/doc/misc/vpnc_connect_script_dns_patch_fix.txt b/doc/misc/vpnc_connect_script_dns_patch_fix.txt
new file mode 100644
index 0000000..717e28f
--- /dev/null
+++ b/doc/misc/vpnc_connect_script_dns_patch_fix.txt
@@ -0,0 +1,46 @@
+From: Thomas Bettler <bettlert@...>
+ Subject: Troubles with dns
+ Newsgroups: gmane.network.vpnc.devel
+ Date: 2005-01-08 15:25:28 GMT (15 weeks, 3 days, 6 hours and 18 minutes ago)
+As we discussed on back in november, dns servers assigned from vpn connection 
+are not handled, instead resolv uses the old dns entries.
+
+This should be corrected.
+http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2004-November/000296.html
+and  
+http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2004-November/000298.html
+
+I propose to add the two patches to make it work with or 
+without /sbin/resolvconf (which isn't part of all linux systems)
+
+patch for vpnc-connect
++if [ -x /sbin/resolvconf ] ; then
++ for i in $INTERNAL_IP4_DNS; do
++  echo $i >> /etc/resolv.conf.vpnc
++ done
++ if [ "$DIRECTION" = "up" ] ; then
++  cat /etc/resolv.conf.vpnc | /sbin/resolvconf -a "$IFACE"
++ else
++  /sbin/resolvconf -d "$IFACE"
++ fi
++else
++# in case we have no /sbin/resolvconf handle /etc/resolv.conf manually
++ mv /etc/resolv.conf /var/run/vpnc/resolv.conf
++ for i in $INTERNAL_IP4_DNS; do
++  echo nameserver $i >> /etc/resolv.conf
++ done
++fi
+
+patch for vpnc-disconnect
++if [ -x /sbin/resolvconf ] ; then
++##### remark
++##### I don't know /sbin/resolvconf and don't know exactly how to revert.
++##### This line might not work... please test
++ /sbin/resolvconf -d "$IFACE"
++else
++ mv /var/run/vpnc/resolv.conf /etc/resolv.conf
++fi
+
+Lots of greatings
+Thomas Bettler
+