![]() ![]() This FAQ will help you to find out what is causing the problem in your specific situation. ![]() If this is useful to you and you would like some of this packaged up in some way, please let me know.There are a number of possible causes for such a behavior. Now all you need to do is fire up the connection like this: Nobody wants to hack a config every time they run a program! Additionally, if you use RSA-SecureID fobs for your passwords it will make using the application far easier. It will save you from having to enter them in plain text into a config file. It's worth mentioning here that if you omit the username and/or password, the vpnc program will prompt you for them at run time. Just enter the follwing lines (of course using your own settings), write out the file and exit: And now to the final stage - creating the config file: Here's how I did grep enc_GroupPwd London.pcf | awk -F= '' | xargs course I have modified it for obvious reasons, but you get the idea. The first thing cisco-decrypt does is convert the string from hexadecimal to binary. pcf file and then we can paste that into our nf. all we need to do now is decrypt that cipher string from the. Gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config -libs -cflags) Note that when you come to compile the program you will need to use the following compile options: You will then need to compile the cisco-decrypt.c utility which is downloadable from here. First you will need to install the libgcrypt-dev package: Thankfully there are tools around to help us with this. This throws a slight hurdle in our path, because it is the original plain text version which we need to offer our vpnc config. The group secret is a very long string of characters - it's actually a hexadecimal representation of the key, (which itself is formed from a mixture of SHA-1 hashing and triple-DES in CBC mode - a web search will yield all the gory details if that interests you). Now we can extract the vpn gateway hostname, the Group ID and the group 'secret' from the locally copied. pcf file on my windows partition and copy it over.Ĭp /windows/Program Files/Yahoo! Inc/VPN Client/profiles/London.pcf /home/chris/Desktop/. You see, for every connection profile, the Cisco VPN client keeps a profile description file called a. That doesn't suit my needs, but it does offer a clue. ![]() So from whence should we collect this data? I knew that if I was to ask the IT department at work, they would probably tell me that the software isn't supported and to use the cisco client under windows. When I first looked at these, I really didn't know where to start, but I pretty soon determined that the most important values would be these: This contains a bunch of IPSec settings required to talk to your VPN endpoint. Now this is where things get a bit tricky - you have the application installed, but it won't work until you have a working config. The sources are downloadable from this page: If you are not running ubuntu, you will probably have to compile the program yourself. First let's install that on the client system. Ubuntu users are one step ahead of the source-based distros just because a vpnc package does exist for dapper. The solution came in the form of Maurice Massar's vpnc - a relatively little-known and fairly unassuming application which does exactly as it says on the tin. It was these issues which pushed me to find an alternative solution. Connections just die over SSH when any more than a few packets are sent and nothing less than a restart of the client will allow the system to reconnect - Such a program falls well beyond my 'suitable-for-use' radar. In addition to that, I have run the Cisco VPN client for linux on at least two distros (including Slackware and Redhat) and it has been bad to say the least. This may or may not be a total ballache to manage. The Cisco VPN client for linux comes with a few major flaws - firstly it's a complete arse to install - particulary on heavily package-based distros such as Ubuntu - the program requires all the kernel headers to be present and it also insists that they exactly match the running kernel version. Getting a reliably working VPN connection on your linux box isn't as easy as one might think.
0 Comments
Leave a Reply. |