[NTLUG:Discuss] cisco vpn client ver4.6 on SuSE 9.3 kernel 2.6

Chris Cox cjcox at acm.org
Tue Aug 30 19:12:49 CDT 2005 

Steve Martindell wrote:
> Thanks, Chris
> I should have said I did a clean(new) install of SuSE9.3,
> because that is what several people on ntlug recommended
> a few weeks ago,   -not upgrade.
> ---
> But, your assesment is correct about the X isn't allowing remote
> connects by default, I guess this is a security thing w/ 2.6 kernel?

Not a 2.6 thing.  It's just a general X insecure thang... so
SUSE disabled it by default to prevent bad things (may people
like to view X as a GUI (wrong) rather than a general purpose network
aware display device manager.

>  
> I will try ssh tonight, but I think it requires ssh to be running
> at work, and ssh has a specific IP address?

Well.. you VPN in and then have ssh on the server where
the X client resides...

$ vpnclient connect <whatever>
...
$ ssh -X yourhostatwork

youhostatwork> xcalc

SSH creates a pseudo MIT-MAGIC-COOKIE so you don't have
to do xauth on your own.. this allows the host you SSH'd
into to display via SSH back to your desktop and connect
to the X server running there.  Port 6000 is not used
on the remote side... it's tunneled through port 22.  This
is useful when something in the way isn't going to allow
port 6000.  In your case, your own local configuration
(default on SUSE) prevents the Xserver from receiving
remote connections on port 6000.. but with SSH it's
tunneled through to the local box, so it's seen as
a local client connect (which is allowed of course).

>  
> The better solution(for me) would be to just turn on the 
> the proper port =6000? to allow remote X. Can I do this
> in Yast?  or  through the iptables command? or running
> a shell script?
>  
> I'll search SuSE and goolge tonight, maybe I can figure this
> out, I'm not good at ports.
> ---
> As for the the amount of work I had to do to get the Redhat
> install script to work on SuSE, it almost makes me want to
> use winxp. ouch!

Cisco VPN client IMHO requires NO effort on SUSE 8.2 nor
on SUSE 9.3  (I have it running on both).

The open source vpnc client also works well.. some
things aren't supported, so it might now work with
your server... I used the open source one at the
last NTLUG meeting.

More information about the Discuss mailing list