Help - Search - Members - Calendar
Full Version: Vpn-client On C3k
OESF Forums > Distros, Development, and Model Specific Forums > Model Specific Forums > C1000/3x00 General discussions
miho
Hi!

Has anyone tried to install vpnc? I have trouble with the tun device. I only found a tun.o file for kernel 2.4.18. But as C3k uses 2.4.20 it won't be loaded. I need vpnc to get acces to the internet from university.

Thanks for your help,

miho
piku
QUOTE(miho @ Apr 12 2005, 03:18 PM)
Hi!

Has anyone tried to install vpnc? I have trouble with the tun device. I only found a tun.o file for kernel 2.4.18. But as C3k uses 2.4.20 it won't be loaded. I need vpnc to get acces to the internet from university.

Thanks for your help,

miho
*


I'm working on building a kernel but no such luck. The Zaurus cross compiler (official from Sharp) doesn't like my Gentoo box at all. It's got a far too new gcc. Now I could cross compile with that Glibc and I might get a working binary.. Anyway, I'm desperate for a vpn client but I can't get vpnc working with my PIX even on my amd64 box. I'm so screwed.
miho
Please let me know if you had any success!
aldanm
Hi!

I was able to get a tun module compiled, which should be attached to this post.

I couldn't get the ipsec module compiled as I don't have a dedicated linux box; however, I was able to connect to my university's vpn with the attached module and the ipsec compiled against 2.4.18 from http://www.liebchen-online.de/vpn-zaurus-cisco_en.html. So far I haven't experienced any lock-ups, but I don't know how secure it is. Hope it helps!
pipacs
Check out the feed at viperinz.sf.net/feed - it has both tun and ipsec for the stock C3000 kernel.

Btw. I just released the first alpha of Viperin-Z which is a GUI for managing vpnc connections - comments are welcome!
daemon1
QUOTE(pipacs @ May 11 2005, 01:10 PM)
Check out the feed at viperinz.sf.net/feed - it has both tun and ipsec for the stock C3000 kernel.

Btw. I just released the first alpha of  Viperin-Z which is a GUI for managing vpnc connections - comments are welcome!
*


Thanks pipacs! just what was needed for the z... ipsec connectivity! smile.gif going to give it a try tonight.
rickh
Has anybody actually gotten tun to work? I get the module loaded fine. the char device exists with 10, 200. But I still get "can't open /dev/net/tun..." when I try to run vpnc. It goes through all the prompts for gateway, ids and passwords before I get the error message.

What (simple, I'm sure) step am I missing?

R.
==
pipacs
QUOTE(rickh @ May 12 2005, 06:25 PM)
Has anybody actually gotten tun to work?  I get the module loaded fine.  the char device exists with 10, 200.  But I still get "can't open /dev/net/tun..." when I try to run vpnc.  It goes through all the prompts for gateway, ids and passwords before I get the error message.


I found this on Jens' site:

QUOTE
You will need the tun device of the kernel and iproute. Be carefull, busybox has a bug at the moment making it impossible to create /dev/net/tun with the correct mayor and minor numbers. This is why I included /dev/net/tun in the vpnc package.


I guess I should update my package, too...
rickh
QUOTE(pipacs @ May 12 2005, 04:59 PM)
QUOTE(rickh @ May 12 2005, 06:25 PM)
Has anybody actually gotten tun to work?  I get the module loaded fine.  the char device exists with 10, 200.  But I still get "can't open /dev/net/tun..." when I try to run vpnc.  It goes through all the prompts for gateway, ids and passwords before I get the error message.


I found this on Jens' site:

QUOTE
You will need the tun device of the kernel and iproute. Be carefull, busybox has a bug at the moment making it impossible to create /dev/net/tun with the correct mayor and minor numbers. This is why I included /dev/net/tun in the vpnc package.


I guess I should update my package, too...
*


Okies. I didn't have iproute. Installed that and command line vpnc works great. I installed the latest cersion of viperinz and haven't got that to work. Doesn't look like there's any error, but it does nothing. Doesn't provide any feedback. Just says Not connected.

R.
==
pipacs
... or maybe not. The busybox mknod seems to work fine on the C3000. Are you running vpnc as root?
rickh
QUOTE(pipacs @ May 12 2005, 05:49 PM)
... or maybe not. The busybox mknod seems to work fine on the C3000. Are you running vpnc as root?
*

I was missing iproute for vpnc to work. It works now. Running as zaurus with sudo.

R.
==
pipacs
QUOTE(rickh @ May 12 2005, 07:36 PM)
I installed the latest cersion of viperinz and haven't got that to work.  Doesn't look like there's any error, but it does nothing.  Doesn't provide any feedback.  Just says Not connected.


If you've got some time and willing to help with debugging viperinz:

1. Replace /usr/bin/viperinz-connect with this debug version

2. sudo chmod a+rx /usr/bin/viperinz-connect

3. Try to connect again

4. Look for vpnc errors in /var/log/viperinz.log

5. Check if the config file in /var/run/vpnc/viperinz.conf looks sane

Thanks!
rickh
QUOTE(pipacs @ May 12 2005, 07:08 PM)
QUOTE(rickh @ May 12 2005, 07:36 PM)
I installed the latest cersion of viperinz and haven't got that to work.  Doesn't look like there's any error, but it does nothing.  Doesn't provide any feedback.  Just says Not connected.


If you've got some time and willing to help with debugging viperinz:

1. Replace /usr/bin/viperinz-connect with this debug version

2. sudo chmod a+rx /usr/bin/viperinz-connect

3. Try to connect again

4. Look for vpnc errors in /var/log/viperinz.log

5. Check if the config file in /var/run/vpnc/viperinz.conf looks sane

Thanks!
*


OK. Looks like it's connecting fine. I see a good ip address on tun0. Your GUI doesn't provide any sort of feedback though. The lock remains in an "unlocked" position and still says "Not Connected" even though I'm passing through tun0.

As far as the log file for viperinz, it just tells me that's it's started vpnc in the background.

Is there maybe another qtopia lib I'm missing?

R.
==
pipacs
QUOTE(rickh @ May 12 2005, 10:35 PM)
OK.  Looks like it's connecting fine.  I see a good ip address on tun0.  Your GUI doesn't provide any sort of feedback though.  The lock remains in an "unlocked" position and still says "Not Connected" even though I'm passing through tun0.


Well, at least it's connecting... The GUI is monitoring /var/run/vpnc/vpnc.pid - do you have this file when connected? What are its permissions?

QUOTE(rickh @ May 12 2005, 10:35 PM)
Is there maybe another qtopia lib I'm missing?


Don't think so (assuming you got the one in the feed)

~ pipacs.
piku
QUOTE(pipacs @ May 12 2005, 07:24 PM)
QUOTE(rickh @ May 12 2005, 10:35 PM)
OK.  Looks like it's connecting fine.  I see a good ip address on tun0.  Your GUI doesn't provide any sort of feedback though.  The lock remains in an "unlocked" position and still says "Not Connected" even though I'm passing through tun0.


Well, at least it's connecting... The GUI is monitoring /var/run/vpnc/vpnc.pid - do you have this file when connected? What are its permissions?

QUOTE(rickh @ May 12 2005, 10:35 PM)
Is there maybe another qtopia lib I'm missing?


Don't think so (assuming you got the one in the feed)

~ pipacs.
*



BTW Guys,

I finally successfully connected to my Cisco PIX Firewall with vpnc! My problem all along has been our company's use of 1des instead of 3des.. I'll have to report that. vpnc requires special --enable-1des so you are sure you have a connection that is effectively unencrypted. I don't care much, just need the connection! I use ssh anyway ;-) The only requirement really was a slight modification of the vpnc-connect script to fix the gateway issue. I'm going to be compiling and packaging the seemingly much better version of vpnc from cvs. For some reason my /dev/net/tun device doesn't survive a reboot from what I noticed so far...

So to recap, install the tun from above in this thread, which works with tetsu kernel v18 or sharp rom, or whatever (I'm using cacko). Install vpnc and run it.. Specify gateway ip, group name and pass and whala. Amazing smile.gif An open source vpn client that works great!
elephanti
QUOTE
Well, at least it's connecting... The GUI is monitoring /var/run/vpnc/vpnc.pid - do you have this file when connected? What are its permissions?

don't think so. I have correct right, and have /vr/run/vpnc/vpnc.pid with correct pid of vpn connection inside, but the icon of viperinz is stil in "Not connected" mode.
But stil, it is connecting so its great for me.
Great job thanks.
Traps
QUOTE(piku @ May 16 2005, 03:52 AM)
QUOTE(pipacs @ May 12 2005, 07:24 PM)
QUOTE(rickh @ May 12 2005, 10:35 PM)
OK.  Looks like it's connecting fine.  I see a good ip address on tun0.  Your GUI doesn't provide any sort of feedback though.  The lock remains in an "unlocked" position and still says "Not Connected" even though I'm passing through tun0.


Well, at least it's connecting... The GUI is monitoring /var/run/vpnc/vpnc.pid - do you have this file when connected? What are its permissions?

QUOTE(rickh @ May 12 2005, 10:35 PM)
Is there maybe another qtopia lib I'm missing?


Don't think so (assuming you got the one in the feed)

~ pipacs.
*



BTW Guys,

I finally successfully connected to my Cisco PIX Firewall with vpnc! My problem all along has been our company's use of 1des instead of 3des.. I'll have to report that. vpnc requires special --enable-1des so you are sure you have a connection that is effectively unencrypted. I don't care much, just need the connection! I use ssh anyway ;-) The only requirement really was a slight modification of the vpnc-connect script to fix the gateway issue. I'm going to be compiling and packaging the seemingly much better version of vpnc from cvs. For some reason my /dev/net/tun device doesn't survive a reboot from what I noticed so far...

So to recap, install the tun from above in this thread, which works with tetsu kernel v18 or sharp rom, or whatever (I'm using cacko). Install vpnc and run it.. Specify gateway ip, group name and pass and whala. Amazing smile.gif An open source vpn client that works great!
*



Hi all,
I'm using a 3100 and trying to connect to the office pix with radius. the error i get is INVALID EXCHANGE TYPE. The other issue is viperinz. I had problems installing and removing it. I think I'm using all the latest files now as I can add/remove without error.Does anyone know if the vpnc error refers to the exchange mode (Main,Aggressive)? Should the advanced tab in viperinz work and if so what does it contain?

Paul
Traps
OK got vpnc working and I can connect to work. Disconnecting isn't very clean but for now I can live with that. No joy with viperinz though. Advanced tab shows nothing. Any ideas?

Paul
agosine
Traps: How did you get routing to work? Are you using a script? I can connect to my vpn server, but routing doesn't work. As for disconnecting, have you tried the vpnc-disconnect script in the vpnc tar (source) file?
Traps
QUOTE(agosine @ Aug 18 2005, 01:57 AM)
Traps:  How did you get routing to work?  Are you using a script?  I can connect to my vpn server, but routing doesn't work.  As for disconnecting, have you tried the vpnc-disconnect script in the vpnc tar (source) file?
*


Agosine: I have done nothing clever just installed the packages. I start vpnc by opening the terminal and doing su, #vpnc and filling the info (Gateway address,group name, secret,username,password)
I get some message pop up about vpnc running is the background. This may be why when I use vpnc-disconnect it says vpnc not running. But it is, and I normally kill the process. Are you sure that your firewall/Gateway device it configured OK? Nat traversal should be configured on the vpn box.
We use a PIX 506E at work and adding the following "isakmp nat-traversal" make it all work for me. smile.gif

Traps
agosine
Strange. I'll have to play with it more since it worked without issue on my 5500. That was with a much older version though and I actually compiled the modules directly on my 5500. I wonder if it has anything to do with my running OZ 3.5.3. I'll install the Sharp ROM and try again. What ROM are you using?
madeddie
QUOTE(pipacs @ May 12 2005, 09:08 PM)
If you've got some time and willing  to help with debugging viperinz:

1. Replace /usr/bin/viperinz-connect with this  debug version

2. sudo chmod a+rx /usr/bin/viperinz-connect

3. Try to connect again

4. Look for vpnc errors in /var/log/viperinz.log

5. Check if the config file in /var/run/vpnc/viperinz.conf looks sane

Thanks!
*


1. haven't done that, the current one produces more than enough logging

2. idem

3. it worked already

4. no errors i recognize

5. looks sane to me

2 points of mention:

a. it worked one time, i was connected and viperinz said so, after that it connected the vpn alright, just didn't notice it anymore

b. how does viperinz know the connection with the pix succeeded? something with the detection must go wrong

--
edwin
pipacs
I made some progress since the introduction of Viperin-Z. Most notably:

- Version 0.1.2 fixes the uninstall and vpnc detection bugs

- An experimental version 0.1.3 is now available from the feed which adds support for vpnc options "Enable Single DES", "UDP Encapsulate" and "Disable NAT Traversal". Experimental, because my provider doesn't require any of these, so I can't try them out.

To answer the question on how a successful connection is detected: I check /var/run/vpnc/pid for a vpnc process ID, then verify if a process with the given ID really exists.

~ pipacs.
pipacs
One more thing. If you upgrade Viperin-Z, make sure vpnc is upgraded as well. The supported version is 0.3.3 and it's in the feed, too: http://viperinz.sourceforge.net/feed

~ pipacs.
madeddie
QUOTE(pipacs @ Aug 19 2005, 10:34 PM)
To answer the question on how a successful connection is detected: I check /var/run/vpnc/pid for a vpnc process ID, then verify if a process with the given ID really exists.
*


well duh, of course i created the /var/run/vpnc/ dir the first time and not the second smile.gif

you might want to add a check for it in your script

it works like a charm now, perfect, thanks for an excellent tool

--
edwin
pipacs
QUOTE(madeddie @ Aug 19 2005, 11:38 PM)
well duh, of course i created the /var/run/vpnc/ dir the first time and not the second smile.gif

you might want to add a check for it in your script


Good point! Version 0.1.4 now creates /var/run/vpnc if missing

~ pipacs.
jpmatrix
hi guys,

i'm trying to have VPN on my C3000 with my Windows XP box. is it possible to do it (and how?) with vpnc and windows xp vpn or OpenVPN ?

i installed openvpn_2.0_arm.ipk on my Z but apparently it wants liblzo and i cannot find it...

any help please?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.