[arch-general] Cisco VPN config
Hi :) Got a Cisco VPN connection with my office, but can't manage to get it running. I've seen that there's a: - vpnc package: installed it, but it doesn't import the .pcf file, says it can't find the file. - cisco-vpnclient: but it's out-dated I've been searching through the Wiki but haven't found any help on how to setup a Cisco VPN connection to my office. Anyone have a link or some tips they could share? TIA Rafa BTW Got the KMS + UXA running, seems I messed something up the other time I tried 0:) Thanks also for the kdmrc tip. -- "We cannot treat computers as Humans. Computers need love." rgriman@skype.com rgriman@jabberes.org
Rafa Griman schrieb:
Got a Cisco VPN connection with my office, but can't manage to get it running. I've seen that there's a:
- vpnc package: installed it, but it doesn't import the .pcf file, says it can't find the file.
pcf2vnc /path/to/file.pcf Seems easy. When it says it can't find the file, then you specified the wrong file. So what exactly is the problem?
- cisco-vpnclient: but it's out-dated
This software is the greatest piece of shit ever published from what I know. But what do you expect from Cisco? A company that solves security problems by preventing the details from being published can not be taken seriously. And a company that sells a VPN appliance that is insecure by design can't either.
Hi :) On Sunday 26 July 2009 18:57:07 Thomas Bächler wrote:
Rafa Griman schrieb:
Got a Cisco VPN connection with my office, but can't manage to get it running. I've seen that there's a:
- vpnc package: installed it, but it doesn't import the .pcf file, says it can't find the file.
pcf2vnc /path/to/file.pcf
Didn't know of that command 0:)
Seems easy. When it says it can't find the file, then you specified the wrong file. So what exactly is the problem?
Well the problem is (hope I could write was, but haven't tried it yet ;) that the path is right and so's the file. I'll try now with the pcf2vpnc command. Thanks for the tip !!!
- cisco-vpnclient: but it's out-dated
This software is the greatest piece of shit ever published from what I know. But what do you expect from Cisco? A company that solves security problems by preventing the details from being published can not be taken seriously. And a company that sells a VPN appliance that is insecure by design can't either.
I know it sucks, had to patch it and patch it again when I used openSUSE because it didn't work. AFAIK they have no 64 bit VPN client, they have no up to date Linux VPN client, ... I'm not a Cisco fan, but my company has Cisco gateways/firewalls/whatever and I have no voice into that matter :( Thanks once again for your help :) Rafa -- "We cannot treat computers as Humans. Computers need love." rgriman@skype.com rgriman@jabberes.org
Rafa Griman schrieb:
I know it sucks, had to patch it and patch it again when I used openSUSE because it didn't work. AFAIK they have no 64 bit VPN client, they have no up to date Linux VPN client, ... I'm not a Cisco fan, but my company has Cisco gateways/firewalls/whatever and I have no voice into that matter :(
Many companies have that - which worries me because of the very obvious security problems, at least in the xauth protocol.
On Sun, Jul 26, 2009 at 3:33 PM, Thomas Bächler<thomas@archlinux.org> wrote:
Rafa Griman schrieb:
I know it sucks, had to patch it and patch it again when I used openSUSE because it didn't work. AFAIK they have no 64 bit VPN client, they have no up to date Linux VPN client, ... I'm not a Cisco fan, but my company has Cisco gateways/firewalls/whatever and I have no voice into that matter :(
Many companies have that - which worries me because of the very obvious security problems, at least in the xauth protocol.
Unfortunately their publicity is powerful than their products, I really hate cisco and those all noobs who claim about the cisco training... in the real world, cisco is attached to a their restrictive, not efficient and expensive platform, and that is the truth. I will save this mail when my boss will decide to buy any cisco crap :S. Good luck Rafa! -- Angel Velásquez angvp @ irc.freenode.net Linux Counter: #359909
On Monday 27 July 2009 04:27:45 Angel Velásquez wrote:
On Sun, Jul 26, 2009 at 3:33 PM, Thomas B�chler<thomas@archlinux.org> wrote:
Rafa Griman schrieb:
I know it sucks, had to patch it and patch it again when I used openSUSE because it didn't work. AFAIK they have no 64 bit VPN client, they have no up to date Linux VPN client, ... I'm not a Cisco fan, but my company has Cisco gateways/firewalls/whatever and I have no voice into that matter :(
Many companies have that - which worries me because of the very obvious security problems, at least in the xauth protocol.
Unfortunately their publicity is powerful than their products, I really hate cisco and those all noobs who claim about the cisco training... in the real world, cisco is attached to a their restrictive, not efficient and expensive platform, and that is the truth.
Marketing ... There's another company ... can't remember it's name. Think it starts with an "M" and ends with a "t". IIRC, they're also very strong in marketing but the products ... ;)
I will save this mail when my boss will decide to buy any cisco crap :S.
Good luck Rafa!
Thanks. I'll check it out tomorrow (I hope) and let you all know. Thanks !!! Rafa -- "We cannot treat computers as Humans. Computers need love." rgriman@skype.com rgriman@jabberes.org
Hi! I don’t want to get your hopes down, but we used to have Cisco’s vpnclient at our university. I tried it eventually and got it to compile even under x84_64 but it would only run for some minutes or so and then kernel panic! What helped were -- I think -- patches from www.tuxx-home.at and I also found some patched 64 bit version from some university. I have it lying around somewhere. If you want I can send it to you. Good luck! Edgar Am oder ungefähr am Sonntag, 26. Juli 2009, um 21:52:54 schrieb Rafa Griman:
Hi :)
On Sunday 26 July 2009 18:57:07 Thomas Bächler wrote:
Rafa Griman schrieb:
Got a Cisco VPN connection with my office, but can't manage to get it running. I've seen that there's a:
- vpnc package: installed it, but it doesn't import the .pcf file, says it can't find the file.
pcf2vnc /path/to/file.pcf
Didn't know of that command 0:)
Seems easy. When it says it can't find the file, then you specified the wrong file. So what exactly is the problem?
Well the problem is (hope I could write was, but haven't tried it yet ;) that the path is right and so's the file. I'll try now with the pcf2vpnc command.
Thanks for the tip !!!
- cisco-vpnclient: but it's out-dated
This software is the greatest piece of shit ever published from what I know. But what do you expect from Cisco? A company that solves security problems by preventing the details from being published can not be taken seriously. And a company that sells a VPN appliance that is insecure by design can't either.
I know it sucks, had to patch it and patch it again when I used openSUSE because it didn't work. AFAIK they have no 64 bit VPN client, they have no up to date Linux VPN client, ... I'm not a Cisco fan, but my company has Cisco gateways/firewalls/whatever and I have no voice into that matter :(
Thanks once again for your help :)
Rafa
On Sun, Jul 26, 2009 at 3:52 PM, Rafa Griman<rafagriman@gmail.com> wrote:
Hi :)
On Sunday 26 July 2009 18:57:07 Thomas Bächler wrote:
Rafa Griman schrieb:
Got a Cisco VPN connection with my office, but can't manage to get it running. I've seen that there's a:
- vpnc package: installed it, but it doesn't import the .pcf file, says it can't find the file.
pcf2vnc /path/to/file.pcf
Didn't know of that command 0:)
Seems easy. When it says it can't find the file, then you specified the wrong file. So what exactly is the problem?
Well the problem is (hope I could write was, but haven't tried it yet ;) that the path is right and so's the file. I'll try now with the pcf2vpnc command.
Thanks for the tip !!!
- cisco-vpnclient: but it's out-dated
This software is the greatest piece of shit ever published from what I know. But what do you expect from Cisco? A company that solves security problems by preventing the details from being published can not be taken seriously. And a company that sells a VPN appliance that is insecure by design can't either.
I know it sucks, had to patch it and patch it again when I used openSUSE because it didn't work. AFAIK they have no 64 bit VPN client, they have no up to date Linux VPN client, ... I'm not a Cisco fan, but my company has Cisco gateways/firewalls/whatever and I have no voice into that matter :(
Thanks once again for your help :)
I usually recommend strongSwan (which is in AUR) for interoperability with Cisco concentrators. It works quite well, but it's not simple to set up initially. I still believe it to be the best technical solution, but it would be beyond me to explain how to do it, via email, and for an unfamiliar situation.
Ray Kohler schrieb:
I usually recommend strongSwan (which is in AUR) for interoperability with Cisco concentrators. It works quite well, but it's not simple to set up initially. I still believe it to be the best technical solution, but it would be beyond me to explain how to do it, via email, and for an unfamiliar situation.
I was under the impression the only thing that worked with Cisco's proprietary xauth protocol was vpnc. (Apart from authentication, it is only IPSEC IIRC) I am so glad now that I don't need that shit anymore, because my university is now offering an OpenVPN server as an alternative. It's not only free and secure, but also compatible with virtually any platform or operating system you could think of - if not, it can be ported to it.
On Mon, Jul 27, 2009 at 1:38 PM, Thomas Bächler<thomas@archlinux.org> wrote:
Ray Kohler schrieb:
I usually recommend strongSwan (which is in AUR) for interoperability with Cisco concentrators. It works quite well, but it's not simple to set up initially. I still believe it to be the best technical solution, but it would be beyond me to explain how to do it, via email, and for an unfamiliar situation.
I was under the impression the only thing that worked with Cisco's proprietary xauth protocol was vpnc. (Apart from authentication, it is only IPSEC IIRC)
strongSwan supports XAUTH, though I've never tested that feature. It also supports certificate-based authentication, which vpnc doesn't, and which I actually do use.
On Sun, Jul 26, 2009 at 4:12 PM, Rafa Griman<rafagriman@gmail.com> wrote:
Hi :)
Got a Cisco VPN connection with my office, but can't manage to get it running.
My office uses Cisco for VPN as well. The "official" Cisco VPN client would give me a kernel panic every few days. I was able to use vpnc successfully, following this walkthough here: http://bbs.archlinux.org/viewtopic.php?id=49502 Good luck, Slash
participants (6)
-
Angel Velásquez
-
Edgar Kalkowski
-
Rafa Griman
-
Ray Kohler
-
Slash
-
Thomas Bächler