[NTLUG:Discuss] VPN Setup Help required
Chris Cox
cjcox at acm.org
Fri Feb 12 10:38:44 CST 2010
On Fri, 2010-02-12 at 09:04 -0600, Stephen Davidson wrote:
...snip...
> I can NOT believe that a Cisco/RSA VPN connection is that rare! Does
> nobody have any idea on who could be asked for assistance on this? I'm
> even willing to travel to your site for help.
Au contraire!
Cisco VPN is probably the MOST common VPN out there (oddly enough).
We use it. I do NOT recommend the Cisco client, but there are
cases where it is necessary. Why not use it? It's a proprietary
KERNEL module... and it doesn't behave well.... and Cisco could
care less about Linux (really).
However, if using IPSEC, vpnc is a great alternative. I could care
less about kvpnc or NetworkManager's vpnc integration though.... skip
that unless you want to debug those products. Just use vpnc to
get started.
Now... I can't tell you how to set things up end to end (don't know
all about the server side).
On the client side of things you usually get a *.pcf file that has
a lot of the data needed for you.
The Host, GroupName and GroupPwd (or enc_GroupPwd) are the important
things. But, my config might not be like yours. If you won't have
a *.pcf... well... not sure if I can help much.
In your vpnc profile, e.g.. /etc/vpnc/yourvpn.conf
DPD idle timeout (our side) 0
IPSec gateway IP-from-Host-in-dot-pcf
IPSec ID GroupName-from-dot-pcf
IPSec secret unencrypted-GroupPwd-from-dot-pcf
Xauth username your-username-for-convenience
To begin the vpn session you would do:
(as root, because it uses the tun device)
vpnc yourvpn.conf
Then I'd enter my password from my RSA secure token
generating device. In my case it's small USB
stick like device with an LCD display. My password
is a combination of a private PIN plus the random
set of digits on the display.
Once entered, vpnc starts and I'm now on
the network.
More information about the Discuss
mailing list