[NTLUG:Discuss] VPN Setup Help required
Robert Pearson
e2eiod at gmail.com
Sat Feb 13 03:11:35 CST 2010
On Fri, Feb 12, 2010 at 10:38 AM, Chris Cox <cjcox at acm.org> wrote:
> On Fri, 2010-02-12 at 09:04 -0600, Stephen Davidson wrote:
> ...snip...
>> I can NOT believe that a Cisco/RSA VPN connection is that rare! Does
>> nobody have any idea on who could be asked for assistance on this? I'm
>> even willing to travel to your site for help.
>
> Au contraire!
>
> Cisco VPN is probably the MOST common VPN out there (oddly enough).
>
> We use it. I do NOT recommend the Cisco client, but there are
> cases where it is necessary. Why not use it? It's a proprietary
> KERNEL module... and it doesn't behave well.... and Cisco could
> care less about Linux (really).
>
> However, if using IPSEC, vpnc is a great alternative. I could care
> less about kvpnc or NetworkManager's vpnc integration though.... skip
> that unless you want to debug those products. Just use vpnc to
> get started.
>
> Now... I can't tell you how to set things up end to end (don't know
> all about the server side).
>
> On the client side of things you usually get a *.pcf file that has
> a lot of the data needed for you.
>
> The Host, GroupName and GroupPwd (or enc_GroupPwd) are the important
> things. But, my config might not be like yours. If you won't have
> a *.pcf... well... not sure if I can help much.
>
> In your vpnc profile, e.g.. /etc/vpnc/yourvpn.conf
>
> DPD idle timeout (our side) 0
> IPSec gateway IP-from-Host-in-dot-pcf
> IPSec ID GroupName-from-dot-pcf
> IPSec secret unencrypted-GroupPwd-from-dot-pcf
> Xauth username your-username-for-convenience
>
> To begin the vpn session you would do:
>
> (as root, because it uses the tun device)
> vpnc yourvpn.conf
>
> Then I'd enter my password from my RSA secure token
> generating device. In my case it's small USB
> stick like device with an LCD display. My password
> is a combination of a private PIN plus the random
> set of digits on the display.
>
> Once entered, vpnc starts and I'm now on
> the network.
>
Following Chris' leadership, I Googled for "vpnc" and got this hit:
[Debian/Ubuntu Tips & Tricks]
"How-To: Connect to a Cisco VPN with vpnc
This tutorial will show how-to connect to a Cisco VPN Concentrator using vpnc.
vpnc is a VPN client compatible with cisco3000 VPN Concentrator which
runs in userspace and uses the tun kernel module.
People who don't want to be bothered may rather use
network-manager-vpnc or kvpnc.
Otherwise, if you intend to connect to a Cisco VPN using the command
line or a script, follow up."
<http://www.debuntu.org/how-to-connect-to-a-cisco-vpn-using-vpnc>
This does not add anything to Chris' email but does give you a URL to
go to rather than a hardcopy of some sort.
More information about the Discuss
mailing list