[NTLUG:Discuss] VPN Setup Help required
Stephen Davidson
gorky at freenet.carleton.ca
Sun Feb 14 21:49:20 CST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert Pearson wrote:
> On Fri, Feb 12, 2010 at 10:38 AM, Chris Cox <cjcox at acm.org> wrote:
>> On Fri, 2010-02-12 at 09:04 -0600, Stephen Davidson wrote:
>> ...snip...
>>> I can NOT believe that a Cisco/RSA VPN connection is that rare! Does
>>> nobody have any idea on who could be asked for assistance on this? I'm
>>> even willing to travel to your site for help.
>> Au contraire!
>>
>> Cisco VPN is probably the MOST common VPN out there (oddly enough).
>>
>> We use it. I do NOT recommend the Cisco client, but there are
>> cases where it is necessary. Why not use it? It's a proprietary
>> KERNEL module... and it doesn't behave well.... and Cisco could
>> care less about Linux (really).
>>
>> However, if using IPSEC, vpnc is a great alternative. I could care
>> less about kvpnc or NetworkManager's vpnc integration though.... skip
>> that unless you want to debug those products. Just use vpnc to
>> get started.
>>
>> Now... I can't tell you how to set things up end to end (don't know
>> all about the server side).
>>
>> On the client side of things you usually get a *.pcf file that has
>> a lot of the data needed for you.
>>
>> The Host, GroupName and GroupPwd (or enc_GroupPwd) are the important
>> things. But, my config might not be like yours. If you won't have
>> a *.pcf... well... not sure if I can help much.
>>
>> In your vpnc profile, e.g.. /etc/vpnc/yourvpn.conf
>>
>> DPD idle timeout (our side) 0
>> IPSec gateway IP-from-Host-in-dot-pcf
>> IPSec ID GroupName-from-dot-pcf
>> IPSec secret unencrypted-GroupPwd-from-dot-pcf
>> Xauth username your-username-for-convenience
>>
>> To begin the vpn session you would do:
>>
>> (as root, because it uses the tun device)
>> vpnc yourvpn.conf
>>
>> Then I'd enter my password from my RSA secure token
>> generating device. In my case it's small USB
>> stick like device with an LCD display. My password
>> is a combination of a private PIN plus the random
>> set of digits on the display.
>>
>> Once entered, vpnc starts and I'm now on
>> the network.
>>
>
> Following Chris' leadership, I Googled for "vpnc" and got this hit:
> [Debian/Ubuntu Tips & Tricks]
> "How-To: Connect to a Cisco VPN with vpnc
> This tutorial will show how-to connect to a Cisco VPN Concentrator using vpnc.
>
> vpnc is a VPN client compatible with cisco3000 VPN Concentrator which
> runs in userspace and uses the tun kernel module.
> People who don't want to be bothered may rather use
> network-manager-vpnc or kvpnc.
> Otherwise, if you intend to connect to a Cisco VPN using the command
> line or a script, follow up."
> <http://www.debuntu.org/how-to-connect-to-a-cisco-vpn-using-vpnc>
>
> This does not add anything to Chris' email but does give you a URL to
> go to rather than a hardcopy of some sort.
>
Hi Robert.
Thanks. Unfortnately, nothing there on RSA tokens, and I've not been
able to find a way to configure vpnc to use RSA Token Software (or any
decent documentation on installing/configuring this on Linux for that
matter). Hence my request for assistance.
Regards,
Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iEYEARECAAYFAkt4xEAACgkQSphIUSiVzgb/UgCfaZO1qFH7ucF+Bor1vDNo4EEe
pksAoLTM1t7S1ZDlfQ16Zzi6tGpaY4qx
=DJFX
-----END PGP SIGNATURE-----
More information about the Discuss
mailing list