[NTLUG:Discuss] VPN Setup Help required

Stephen Davidson gorky at freenet.carleton.ca
Sun Feb 14 21:45:57 CST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Cox wrote:
> On Fri, 2010-02-12 at 09:04 -0600, Stephen Davidson wrote:
> ...snip...
>> I can NOT believe that a Cisco/RSA VPN connection is that rare!  Does
>> nobody have any idea on who could be asked for assistance on this?  I'm
>> even willing to travel to your site for help.
> 
> Au contraire!
> 
> Cisco VPN is probably the MOST common VPN out there (oddly enough).
> 
> We use it.  I do NOT recommend the Cisco client, but there are
> cases where it is necessary.  Why not use it?  It's a proprietary
> KERNEL module... and it doesn't behave well.... and Cisco could
> care less about Linux (really).
> 
> However, if using IPSEC, vpnc is a great alternative.  I could care
> less about kvpnc or NetworkManager's vpnc integration though.... skip
> that unless you want to debug those products.  Just use vpnc to
> get started.
> 
> Now... I can't tell you how to set things up end to end (don't know
> all about the server side).
> 
> On the client side of things you usually get a *.pcf file that has
> a lot of the data needed for you.
> 
> The Host, GroupName and GroupPwd (or enc_GroupPwd) are the important
> things.  But, my config might not be like yours.  If you won't have
> a *.pcf... well... not sure if I can help much.
> 
> In your vpnc profile, e.g.. /etc/vpnc/yourvpn.conf
> 
> DPD idle timeout (our side) 0
> IPSec gateway IP-from-Host-in-dot-pcf
> IPSec ID GroupName-from-dot-pcf
> IPSec secret unencrypted-GroupPwd-from-dot-pcf
> Xauth username your-username-for-convenience
> 
> To begin the vpn session you would do:
> 
> (as root, because it uses the tun device)
> vpnc yourvpn.conf
> 
> Then I'd enter my password from my RSA secure token
> generating device.  In my case it's small USB
> stick like device with an LCD display.  My password
> is a combination of a private PIN plus the random
> set of digits on the display.
> 
> Once entered, vpnc starts and I'm now on
> the network.
> 
Hi Chris.

Thanks.  I've used some of this before, but never had it stable before.

This customer is using Software based RSA Tokens, not a device RSA key
device.  And I've not been able to get that software fully installed.
The software script supplied by Cisco seems to be broken, and the
instructions seem to be flatout wrong (as in, asking for a binary file,
but the specified file is a clear-text ascii file that is the Server's
master config).  Getting the RSA set up and talking to anything that
talks Cisco seems to be the major sticking point right now.  Vpnc won't
do RSA Tokens, at least not in its current version, which does not seem
to give me anything but MS to fall back on.

Suggestions? (I am seriously considering switching to MS at this point
- -- I really need VPN, either Cisco/RSA or pptp to work).

Regards,
Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iEYEARECAAYFAkt4w3UACgkQSphIUSiVzgZ0JACfZojeG/Gp9HgNjxu8PzCDcSih
/TkAnReGVTmfk+hqb5a9Qup+nXqsH8jR
=5gpd
-----END PGP SIGNATURE-----

More information about the Discuss mailing list