Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I was able to successfully use the Cisco VPN Client for Linux on my Ubuntu machine. I have obtained a private IP address from our corporate LAN. Though I find it really ironic to deactivate eth0 for it to run. I always issue the command "ifconfig eth0 down" for it to work. I spent hours and hours to make it work and only that trick did the job.
Now, here's my question. Everytime I connect to my corporate LAN, my internet connection is already controlled by my corporate network. When I tried to visit www.whatismyip.com, I see the proxy IP of the corporate LAN instead of my ISP provider. Is there a way to join the corporate network without using their proxy? I had experiences before on OpenVPN and this is called "push-gateway". I usually turn this thing off to allow me to surf the web, chat, email using my ISP connection and not our corporate networks proxy. I am hoping there's a flag on the .pcf to turn this off. Hope someone can help me out. Thanks.
the official cisco client will rigidly use the policy handed to it by the easyvpn peer. you can't get away from what the network admins want you to do. however if you use vpnc instead you can define your own local behaviour.
I really find Cisco VPN Client for linux quite buggy. I also tried to installed vpnc using the ubuntu repo but I can't seem to make it work connecting to our network. I've read from one of the forum that I should convert the .pcf to the something that the vpnc could understand. I know you know exactly what I wanted to do. Simple thing as connecting to our corporate network while using my ISP's proxy for internet browsing, P2P, etc. If you can just help me out on how to do this on vpnc if you believe this is an answer to my problem. Thanks.
Yiiihaa...VPNC now working. Acid, please tell me how I can bypass my corporate network's proxy and let me use my ISP's proxy. COrporate network proxy has a lot of filtering which restricts me from visiting my favorite websites at home. I want to use my ISP's proxy while being connected to the corporate network. How can this be done? Thanks.
if you have a split tunnel then everything else follows. as for the configuration, you need that tool that's not found, it apparently comes with the vpnc source code, but there are plenty of links to it from google.
i assume in all this you don't actually *know* what the password is?
Do you mean I can access my wireless local lan while being connected to the corporate network even if the corporate's network has restricted that? So which is more secure split-tunneling enabled or not? For a newbie like me, it will be difficult to have this setup. I have searched thru google and find no specific config for this. Hope you can point me to a link which could help me. Thanks.
wireless? use of a vpn client has nothing whatsoever to do with wireless. you need to overlay the generic functions a vpn client can perform onto the infrastrcuture in question...
you want to be able to reach whatever you want on the net from a remote location whilst also being connected to your corporate LAN right? well that's blatantly going to be agaisnt any security policy they have but is technically fine if you have a client you can require to use a split tunnel. that is where vpnc comes in as it will allow you to bypass the security policies which should be enforced without choice by the cisco client...
is it me or have we just taken a huge step backwards?
Forgive me for my ignorance acid_kewpie. I'm stil digesting what you are saying but I know this is possible. I just don't know how to do that in vpnc. I've found this one on google:
vpnc /etc/vpnc/default.conf
route del default
route add default gw x.x.x.x (use your old default gateway ip here)
route add -net 10.0.0.0 netmask 255.0.0.0 tun0 (in my case, "work" network uses the 10.x.x.x subnet)
but that isn't working for me. I have no intention of violating security policies. What I just want to do is to use my ISP's proxy. I used to connect to VPN from my home. My intention is for me to use my ISP proxy so that it won't waste my corporate's network bandwidth while I'm surfing the net but still being connected to the corporate network.
Is it the vpnc version I'm using that prohibits me to do this "split tunneling"? I know it's just a matter of routing but I really don't know where to start. This is also my first time to hear that this would actually work. I used to configure OpenVPN before and I also enforce pushing the corporate's gateway but not once did I learn that this can be done. This is really cool and I wanted to know how to make this work. Though I am connecting to the corporate network, my home connection isn't owned by them so I also have the right to use it even if I'm connected with the corporate network. Does it make sense?
your employers provide content filtering, logging, av, ids etc..
your ISP proxy contains no content filtering, logging, av, ids etc...
if you use your ISP's proxy whilst connected to their network you can see all sorts of stuff they don't want you to. you install spyware, trojans or whatever, and that then attacks your companies network.
whether you have a malicious / devious intention or not, you *ARE* going to be violating the company policy. just admit it.
you need to define within the vpnc-script file what the split policy is. copy the default one to /etc/vpnc/ and edit away. it's fully commented at the top.
I am very much cautious about my system. And aside from using Linux as my OS, I also have active firewall. I doubt it that I do have viruses/trojans even if I'm not using an AV. There is a very slight chance that I'll be able to infect any computer on my corporate LAN.
I already made some routing and was able to make this thing work. Thanks a lot for the help acid_kewpie.
i have a bunch of PCF files from my network admin
the group password is a hash
does the vpnc software accept the hash for the group password or do i need the original password?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.