Posted: Thu Feb 25, 2010 8:26 Post subject: Problem with VPNC and Cisco VPN connection....
So, I'm trying to get VPN w/ auto-connect/reconnect working with my employer's Cisco VPN.
That was a miserable failure, so I fell back to the non-autoconnect version, and I'm still having problems.
I grabbed my .pcf file off my laptop, ran pcf2vpnc on it, and got something that looks like this:
Code:
mjb@mars:~$ ./pcf2vpnc ProQuest\ VPN.pcf
decoding input: No such file or directory
## generated by pcf2vpnc
IPSec ID nottherealid
IPSec gateway 127.0.0.1 <---fake IP, the correct one was here
IPSec secret password <---not the real password
So, looking at that, I took the script provided by alain, and modified it, like this:
Code:
#!/bin/sh
vpn_concentrator="127.0.0.1" ##enter ip or hostname of your Ipsec vpn concentrator
vpn_groupname="nottherealid" ##enter the group name here
vpn_grouppasswd="password" ##enter the group password here
vpn_username="mbobak" ##enter your username here
vpn_password="password" ##enter your password here
vpn_domain="pq" ##enter your domain
#--do not edit this--
#Written by Alain R. (alainr /A*T/ gmx. de) 27.Sep.2007
vpnc-disconnect
rm -f /tmp/etc/vpnc/vpn.conf
mkdir /tmp/etc/vpnc
echo "
IPSec gateway $vpn_concentrator
IPSec ID $vpn_groupname
IPSec secret $vpn_grouppasswd
Xauth username $vpn_username
Xauth password $vpn_password
Domain $vpn_domain
IKE Authmode psk
" >> /tmp/etc/vpnc/vpn.conf
note that I added the vpn_domain, and the 'Domain $vpn_domain' line and the 'IKE Authmode psk' line.
I save the script under startup, and reboot the router.
Then, I log into the router, and I do:
Code:
vpnc /tmp/etc/vpnc/vpn.conf
and I get:
Code:
Connect Banner:
| VPN access for company_name Associates.
|
| Warning! You are about to access the private network. Unauthorized access will be punished to the fullest extent of the law.
root@DD-WRT:~#
Note that I get the banner, indicating communication with and successful connection to, the VPN gateway, correct?
But then it exits back out to command line. This is different than if I run vpnc from the command line on my Ubuntu 9.10 box, using the *same* vpn.conf. If I run it there, I get the same banner, but vpnc does *not* exit back to command line, and my connection is successful.
So, any ideas, thoughts or suggestions would be appreciated.
AdvThanksance,
-Mark
PS Almost forgot, router is Linksys WRT-300N, dd-wrt is:
Firmware: DD-WRT v24-sp2 (10/10/09) vpn
Posted: Thu Feb 25, 2010 13:55 Post subject: Re: Problem with VPNC and Cisco VPN connection....
mbobak wrote:
But then it exits back out to command line. This is different than if I run vpnc from the command line on my Ubuntu 9.10 box, using the *same* vpn.conf. If I run it there, I get the same banner, but vpnc does *not* exit back to command line, and my connection is successful.
I've tried with and without the 'IKE Authmode psk' line, and it doesn't seem to matter. I always get the banner, leading me to believe that it worked....but then trying to ssh to a machine fails, even if I specify IP.
Getting the welcome banner in general means the tunnel is established. Can you post the output of "ifconfig"?
Can your router access the company network?
To share the connection with the pc's:
After you get the connection banner enter the following:
Code:
iptables -A FORWARD -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
At this point, I can't get to the private network. Any attempt to ping/ssh/etc, simply hangs, and eventually times out with 'Connection timed out'. Not surprisingly, running the iptables commands on the router does not allow computers in my local LAN access to the private network, either.
At this point, all network connectivity is hosed. If I run 'vpnc-disconnect', normal network connectivity is restored, but, obviously, no VPN access.
Any other thoughts or suggestions would be appreciated.
