How to use vpnc with a cisco vpn server
Build vpnc with Hybrid support need by the cisco vpn.
sudo apt-get build-dep vpncVerify the hybrid mode by executing
sudo apt-get install libssl-dev
mkdir -p ~/tmp/vpnc
cd ~/tmp/vpnc
apt-get source vpnc
cd vpnc-0.5.3r449
# Edit the file Makefile and uncomment line
#OPENSSL_GPL_VIOLATION=yes
dpkg-buildpackage
# Remove existing vpnc
sudo apt-get remove vpnc
sudo dpkg -i ../vpnc_0.5.3r449-2_i386.deb
vpnc --version| grep -i auth
Supported Auth-Methods: psk psk+xauth hybrid(rsa)
Extract/Convert Root Cert and Profiles
Download MacOS Cisco VPN client your_company_cisco_client.dmg
Mount HFS Archive to copy the files needed
sudo mkdir /tmp/ciscosudo mount -t hfsplus your_company_cisco_client.dmg /tmp/cisco -o loopcd /tmp/ciscocp -r Profiles/ rootcertcdsudo umount /tmp/ciscosudo rmdir /tmp/cisco
Use pcf2vpn to convert files.
mkdir ~/vpnc
$ for file in Profiles/*.pcf; \
do basename=`basename "$file"`; \
/usr/share/vpnc/pcf2vpnc Profiles/"$basename" ~/vpnc/"${basename%pcf}vpnc"; \
done
use openssl to convert your root cert to PEM format
openssl x509 -inform DER <> root_certificate.pem
to connect to bayarea (for example)
sudo vpnc --ca-file root_certificate.pem vpnc/bayarea.vpnc
Example vpnc file:
## generated by pcf2vpnc
# CA-File /etc/vpnc/root_certificate.pem
IPSec ID GeneralHybrid
IPSec gateway vpn.company.com
IPSec secret XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
IKE Authmode hybrid
IKE DH Group dh2
## To add your username and password,
## use the following lines:
# Xauth username
# Xauth password
Comments
Post a Comment