Introduction:
If your company is like mine, you will have multiple VPN profiles on your Cisco VPN client. The issue is that you are only allow to connect one VPN at a time. If you need to get to resources on multiple locations you will need to keep disconnecting and reconnecting between different VPN tunnels. I got it to work on windows. This has been tested on Windows XP SP2 only.
Requirements:
- Download Cygwin setup and run the setup file. Set up cygwin and select the following packages during installation
- Devel -> gcc
- Devel -> make
- Libs -> libgcrypt (and the source code as well)
- Libs -> libgpg (and the source code as well)
- Perl -> perl
- Download OpenVPN and install it. You can uncheck most of the options if you like, make sure “TAP-Win32 Virtual Ethernet Adapter” and “Add Shortcuts to Start Menu” (so you can add more virtual interface from start menu) are selected.
- Download vpnc and copy it to c:\cygwin\tmp
Launch cygwin bash shell and run the following commands in the shell
cd /tmp
tar xvfz vpnc-.tar.gz
Note: is the version that you have downloaded. As of writing the version is 0.5.1. Hence, the command would be “tar xvfz vpnc-0.5.1.tar.gz”
cd vpnc-
Example: cd vpnc-0.5.1
make
make PREFIX=/usr install
Note: PREFIX is optional. By default it will install the executables to /usr/local. By putting PREFIX=/usr it will install the executables to /usr/bin an /usr/sbin.
mkdir /var/run/vpnc
Multiple Tunnels:
For each VPN tunnel you will need 1 TAP virtual adapter. If you are planning to use multiple tunnels at the same time, you will need to OpenVPN and run “Add a new TAP-Win32 virtual ethernet adapter”.
Note:
There’s a bug in “vpnc-script-win.js” that came with the 0.5.1. You will need to rename the TAP virtual Adapter from “Local Area Connection X” to TAPX. The included js file doesn’t support space in the virtual adapter. The file doesn’t add route correctly as well. To fix this issue, you will need to use the “vpnc-script-win.js” that was modified to get it to work. Copy the “vpnc-script-win.js” file and replace the existing one located in c:\cygwin\etc\vpnc (or /etc/vpnc if you are in cygwin shell).
Setting up Profiles:
You can use pcf2vpnc command to convert the existing cisco PCF to out what needs to create profiles for VPNC. The profiles need to be stored at c:\cygwin\etc\vpnc (in .conf format). The installation comes with a default.conf that you can refrence to. Alternatively, you can run /usr/sbin/vpnc –long-help to get more help and what you can put in the file. You can also connect by passing all the switches via the command line. Below is an example that will work
IPSec gateway
IPSec ID
IPSec secret
IKE Authmode psk
Xauth username
Interface mode tap
Pidfile /var/run/vpnc/.pid
Local Port <510>
NAT Traversal Mode force-natt
No Detach
## Enable Single DES
When you run pcf2vpnc it will give you IPSec gateway, IPSec ID, IPSec secret (decrypted), Xauth username, IKE Authmode.
Important:
The “No Detach” option is required, as if you don’t specify it the VPN will connect, but you will not be able to access the VPN even thought it’s connected. “Local Port” needs to be different for each profile – so that there’s collision. Each profile needs to have its own pid file.
Depends on your network administrator’s setting you might need to enable single des. If your network administrator enables weak encryption, you will need to use “Enable Single
No comments:
Post a Comment