LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   vpnc - please Help vpn connection (http://www.linuxquestions.org/questions/linux-networking-3/vpnc-please-help-vpn-connection-358222/)

nilleso 08-29-2005 04:43 PM

vpnc - please Help vpn connection
 
:scratch:
I've been putting off migrating from kernel 2.4 to 2.6 because of multiple failed attempts at getting my corporate VPN connection working. I could only get it working with 2.4.25 and cisco's vpnclient 4.0.5b

I made the plunge (2.6.12-r8) ... but after much work, I've given up on getting cisco's vpnclient (any version) to work. So I've been trying to get vpnc working instead... and I guess because I'm no networking guru - I'm not having any luck. vpnc documentation is hard to find so I was hoping some helpful LQ'er could assist.

With the cisco client, I just needed my connection profile, my personal cert, and my corporate CA cert.
I have no idea how to make this work with vpnc/kvpnc. I can import the profile but I cannot see how to import the two cert's (pfx and .cer)
I am connecting to a Cisco 3060 VPN concentrator.

:scratch: Can someone please help and/or point me in the right direction??
thanks.

nilleso 08-31-2005 10:34 PM

?? anybody ??
 
+bump+

c'mon folks... someone must have something to offer. Is no one using vpnc to connect to a cisco concentrator via cert authentication?!?!
If not vpnc, I would be open to any other suggestions... [even getting vpnclient working with 2.6.12]
It's getting quite urgent.
TIA

carl.waldbieser 09-01-2005 01:18 AM

Re: ?? anybody ??
 
Quote:

Originally posted by nilleso
+bump+

c'mon folks... someone must have something to offer. Is no one using vpnc to connect to a cisco concentrator via cert authentication?!?!
If not vpnc, I would be open to any other suggestions... [even getting vpnclient working with 2.6.12]
It's getting quite urgent.
TIA

I got vpnc to work for some sites. Others wouldn't work, and I am not sure why. The .pfx file should have all the info you need to set up your vpnc config file. Here is the example from the man pages:
Code:

             
IPSec gateway vpn.rwth-aachen.de
IPSec ID MoPS
IPSec secret mopsWLAN
Xauth username abcdef
Xauth password 123456

You just save a file somewhere with this format, but plug in all your info from the .pfx file (server address, Group name, group password, user name, user password). Then you issue
Code:

# vpnc theconfig.conf
The vpn should start up, and it should tell you the PID. You'll probably need to add a route at this point (to the tun0 device). To end the connection, just
Code:

# kill -HUP thepid

nilleso 09-01-2005 09:30 AM

thanks carl
 
Quote:

The .pfx file should have all the info you need to set up your vpnc config file. Here is the example from the man pages:
The .PCF file has the connection profile kind of info. BUT.. this is certificate based, so I cannot use the config you're suggesting. There is no group name/passwd, no username ....
with this kind of Cisco setup it authenticates you based on your unique personal certificate.

any site's like this?

carl.waldbieser 09-01-2005 06:08 PM

Re: thanks carl
 
Quote:

Originally posted by nilleso
The .PCF file has the connection profile kind of info. BUT.. this is certificate based, so I cannot use the config you're suggesting. There is no group name/passwd, no username ....
with this kind of Cisco setup it authenticates you based on your unique personal certificate.

any site's like this?

Looks like this has not been implemented, yet: http://svn.unix-ag.uni-kl.de/vpnc/trunk/TODO (search the page for "certificate").

nilleso 09-02-2005 09:56 AM

any other clients suggested for this type of connection?

..or can someone point me in the right direction to get cisco's vpnclient working with kernel 2.6.12-r8?
vpnclient 4.6.02-0030 and 4.6.02-0190 are both not working. cisco_ipsec module is fine... just hanging at 'initializing'

nilleso 09-22-2005 10:34 PM

:confused:
really? no one can help?
I didn't think this would be so terribly difficult for LQ'ers ... we need more Cisco VPN knowledge around here :(


All times are GMT -5. The time now is 04:26 PM.