LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-25-2008, 03:28 PM   #1
billyg96r
LQ Newbie
 
Registered: Mar 2008
Posts: 5

Rep: Reputation: 0
Linux to Cisco IPSEC/GRE VPN using ISP or EVDO


I am trying to establish an IPSEC/GRE VPN between a Linux client and a Cisco 2811 router. Ideally, I need to be able to connect an Air Card into my laptop running Linux, and once assigned an IP address from the provider, access my hub network via VPN. My application uses multicasting, so GRE over IPSEC is required. My application is used in a public safety environment, so i would need this connection to be used in a hotel, mobile environment etc. The cisco router needs to be configured with a dynamic peer configuration. I need someone with extensive IPSEC/Linux expertise. I am looking for assistance with this configuration, and would be willing to pay a significant consulting fee for proper assitance
 
Old 03-26-2008, 11:52 AM   #2
mahmoud
Member
 
Registered: Apr 2006
Location: UK
Distribution: Mandriva, Debain, Redhat, Fedora, Ubuntu, FreeBSD
Posts: 269

Rep: Reputation: 30
which part do you need to configure the router or your system
also is the router the vpn server
use this links its good and easy for the router config
http://articles.techrepublic.com.com...tag=rbxccnbtr1
http://articles.techrepublic.com.com...tag=rbxccnbtr1
what application in linux are you using for the vpn connection

Last edited by mahmoud; 03-26-2008 at 12:06 PM.
 
Old 03-26-2008, 12:30 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,696

Rep: Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265
"used in a public safety environment,"

I would do it but you should get your departments scheduled contractors to do it. Data loss might land you in jail.
 
Old 03-27-2008, 08:42 AM   #4
billyg96r
LQ Newbie
 
Registered: Mar 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by mahmoud View Post
which part do you need to configure the router or your system
also is the router the vpn server
use this links its good and easy for the router config
http://articles.techrepublic.com.com...tag=rbxccnbtr1
http://articles.techrepublic.com.com...tag=rbxccnbtr1
what application in linux are you using for the vpn connection
Thank you for your response...i need help with the linux side, as I believe the cisco router is set up properly. I can get phase one working (isakmp) but phase 2 (IPSEC) does not seem to ever come up. I've disabled AH on the router and am trying to find someone who can disable and work with AH on the Linux client piece.
 
Old 03-27-2008, 08:43 AM   #5
billyg96r
LQ Newbie
 
Registered: Mar 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jefro View Post
"used in a public safety environment,"

I would do it but you should get your departments scheduled contractors to do it. Data loss might land you in jail.
Hi Jefro,
I don't have an approved list of contractors for my department. No one in my area has the actual linux AND cisco expertise to help me with this problem. I am looking for someone to come on site and work with me to configure the system from the ground up. Do you know of anyone in the CT or NY area?
 
Old 03-27-2008, 01:03 PM   #6
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,696

Rep: Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265
I'd send this up the chain of command. Your organization would have data policies, that might might go up to CFR or other public laws.

Who is this for? I understand if you can't say.

I might consider a nx/rdp or other tunnel to a home machine that runs within the secure lan/intranet.

GRE tunnels are not that secure.

Last edited by jefro; 03-27-2008 at 01:07 PM.
 
Old 03-28-2008, 04:31 AM   #7
mahmoud
Member
 
Registered: Apr 2006
Location: UK
Distribution: Mandriva, Debain, Redhat, Fedora, Ubuntu, FreeBSD
Posts: 269

Rep: Reputation: 30
ok dont use this links they should help you
http://www.linuxsecurity.com/resourc...wto/HOWTO.html
http://www.opus1.com/vpn/freeswan/IPSEC.CONF
http://linuxgazette.net/126/pfeiffer.html
 
Old 03-28-2008, 06:09 AM   #8
mahmoud
Member
 
Registered: Apr 2006
Location: UK
Distribution: Mandriva, Debain, Redhat, Fedora, Ubuntu, FreeBSD
Posts: 269

Rep: Reputation: 30
also if thats givng you to much problems you can install wine and using the cisco vpn client
 
Old 03-29-2008, 03:48 PM   #9
billyg96r
LQ Newbie
 
Registered: Mar 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by mahmoud View Post
also if thats givng you to much problems you can install wine and using the cisco vpn client

unfortunately the cisco easy vpn client does not support multicast and GRE. I've actually tried using this client, and contacted TAC directly who confirms that statement. Do you know if the onboard linux client can handle IPSEC and GRE and multicast?
 
Old 03-30-2008, 10:47 AM   #10
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,696

Rep: Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265
http://www.linux.com/base/ldp/howto/...unnel.gre.html

I think it still might be better to use a nomachine in the lan and just nx to it from anywhere.

GRE tunnels are not secure.

They do have how to's on things like stunnel.
 
Old 04-02-2008, 09:59 AM   #11
billyg96r
LQ Newbie
 
Registered: Mar 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jefro View Post
http://www.linux.com/base/ldp/howto/...unnel.gre.html

I think it still might be better to use a nomachine in the lan and just nx to it from anywhere.

GRE tunnels are not secure.

They do have how to's on things like stunnel.
I have tried the above link and could not get MC traffic to pass etc. GRE tunnels are not secure? How else can I encapsulate multicast traffic for my application and routing protocol updates?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Vpn poptop - CTRL: PTY read or GRE write failed (pty,gre)=(5,6) dezeque Linux - Networking 9 08-26-2016 11:39 AM
Dynamic IP VPN between IpSec(OpenBSD) and Linux VPN software Peter_APIIT Linux - Server 2 04-09-2008 06:08 AM
Ipsec vpn in Linux ? winxandlinx Linux - Networking 2 02-07-2007 04:22 AM
PPPd and IPsec on Linux VPN - how to? Joncamp Linux - Server 0 10-22-2006 11:37 PM
Connect to Cisco VPN w/o Cisco VPN Client gboutwel Linux - Networking 4 02-07-2003 01:46 PM


All times are GMT -5. The time now is 09:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration