|
Cisco VPN Client for Ubuntu
Hi,
I was able to successfully use the Cisco VPN Client for Linux on my Ubuntu machine. I have obtained a private IP address from our corporate LAN. Though I find it really ironic to deactivate eth0 for it to run. I always issue the command "ifconfig eth0 down" for it to work. I spent hours and hours to make it work and only that trick did the job. Now, here's my question. Everytime I connect to my corporate LAN, my internet connection is already controlled by my corporate network. When I tried to visit www.whatismyip.com, I see the proxy IP of the corporate LAN instead of my ISP provider. Is there a way to join the corporate network without using their proxy? I had experiences before on OpenVPN and this is called "push-gateway". I usually turn this thing off to allow me to surf the web, chat, email using my ISP connection and not our corporate networks proxy. I am hoping there's a flag on the .pcf to turn this off. Hope someone can help me out. Thanks. |
the official cisco client will rigidly use the policy handed to it by the easyvpn peer. you can't get away from what the network admins want you to do. however if you use vpnc instead you can define your own local behaviour.
|
Hi acid_kewpie,
I really find Cisco VPN Client for linux quite buggy. I also tried to installed vpnc using the ubuntu repo but I can't seem to make it work connecting to our network. I've read from one of the forum that I should convert the .pcf to the something that the vpnc could understand. I know you know exactly what I wanted to do. Simple thing as connecting to our corporate network while using my ISP's proxy for internet browsing, P2P, etc. If you can just help me out on how to do this on vpnc if you believe this is an answer to my problem. Thanks. |
vpnc contains a script, pcf2vpnc, which does just that.
|
Hi acid_kewpie,
I am getting this error when I issue the command: $ sudo ./pcf2vpnc VPN.pcf > VPN.conf Can't exec "cisco-decrypt": No such file or directory at ./pcf2vpnc line 29. cisco-decrypt not in search path, adding passwords in obfuscated form What do you think I am missing here? Also, whenever this becomes successful, how do i bypass my corporate network as proxy? Thanks. |
Hi,
Yiiihaa...VPNC now working. Acid, please tell me how I can bypass my corporate network's proxy and let me use my ISP's proxy. COrporate network proxy has a lot of filtering which restricts me from visiting my favorite websites at home. I want to use my ISP's proxy while being connected to the corporate network. How can this be done? Thanks. |
if you have a split tunnel then everything else follows. as for the configuration, you need that tool that's not found, it apparently comes with the vpnc source code, but there are plenty of links to it from google.
i assume in all this you don't actually *know* what the password is? |
Hi acid,
Do you mean I can access my wireless local lan while being connected to the corporate network even if the corporate's network has restricted that? So which is more secure split-tunneling enabled or not? For a newbie like me, it will be difficult to have this setup. I have searched thru google and find no specific config for this. Hope you can point me to a link which could help me. Thanks. |
wireless? use of a vpn client has nothing whatsoever to do with wireless. you need to overlay the generic functions a vpn client can perform onto the infrastrcuture in question...
you want to be able to reach whatever you want on the net from a remote location whilst also being connected to your corporate LAN right? well that's blatantly going to be agaisnt any security policy they have but is technically fine if you have a client you can require to use a split tunnel. that is where vpnc comes in as it will allow you to bypass the security policies which should be enforced without choice by the cisco client... is it me or have we just taken a huge step backwards? |
Forgive me for my ignorance acid_kewpie. I'm stil digesting what you are saying but I know this is possible. I just don't know how to do that in vpnc. I've found this one on google:
vpnc /etc/vpnc/default.conf route del default route add default gw x.x.x.x (use your old default gateway ip here) route add -net 10.0.0.0 netmask 255.0.0.0 tun0 (in my case, "work" network uses the 10.x.x.x subnet) but that isn't working for me. I have no intention of violating security policies. What I just want to do is to use my ISP's proxy. I used to connect to VPN from my home. My intention is for me to use my ISP proxy so that it won't waste my corporate's network bandwidth while I'm surfing the net but still being connected to the corporate network. Is it the vpnc version I'm using that prohibits me to do this "split tunneling"? I know it's just a matter of routing but I really don't know where to start. This is also my first time to hear that this would actually work. I used to configure OpenVPN before and I also enforce pushing the corporate's gateway but not once did I learn that this can be done. This is really cool and I wanted to know how to make this work. Though I am connecting to the corporate network, my home connection isn't owned by them so I also have the right to use it even if I'm connected with the corporate network. Does it make sense? |
your employers provide content filtering, logging, av, ids etc..
your ISP proxy contains no content filtering, logging, av, ids etc... if you use your ISP's proxy whilst connected to their network you can see all sorts of stuff they don't want you to. you install spyware, trojans or whatever, and that then attacks your companies network. whether you have a malicious / devious intention or not, you *ARE* going to be violating the company policy. just admit it. you need to define within the vpnc-script file what the split policy is. copy the default one to /etc/vpnc/ and edit away. it's fully commented at the top. |
I am very much cautious about my system. And aside from using Linux as my OS, I also have active firewall. I doubt it that I do have viruses/trojans even if I'm not using an AV. There is a very slight chance that I'll be able to infect any computer on my corporate LAN.
I already made some routing and was able to make this thing work. Thanks a lot for the help acid_kewpie. |
i have a bunch of PCF files from my network admin
the group password is a hash does the vpnc software accept the hash for the group password or do i need the original password? |
please read the above... use the cisco-decrypt tool.
|
i still only get the hash and the program asks for the group password
then it kills my network |
| All times are GMT -5. The time now is 07:33 AM. |