Hi!

Has anyone tried to install vpnc? I have trouble with the tun device. I only found a tun.o file for kernel 2.4.18. But as C3k uses 2.4.20 it won't be loaded. I need vpnc to get acces to the internet from university.

Thanks for your help,

miho

I'm working on building a kernel but no such luck. The Zaurus cross compiler (official from Sharp) doesn't like my Gentoo box at all. It's got a far too new gcc. Now I could cross compile with that Glibc and I might get a working binary.. Anyway, I'm desperate for a vpn client but I can't get vpnc working with my PIX even on my amd64 box. I'm so screwed.

Please let me know if you had any success!

Hi!

I was able to get a tun module compiled, which should be attached to this post.

I couldn't get the ipsec module compiled as I don't have a dedicated linux box; however, I was able to connect to my university's vpn with the attached module and the ipsec compiled against 2.4.18 from http://www.liebchen-online.de/vpn-zaurus-cisco_en.html. So far I haven't experienced any lock-ups, but I don't know how secure it is. Hope it helps!

Check out the feed at viperinz.sf.net/feed - it has both tun and ipsec for the stock C3000 kernel.

Btw. I just released the first alpha of Viperin-Z which is a GUI for managing vpnc connections - comments are welcome!

Thanks pipacs! just what was needed for the z... ipsec connectivity! going to give it a try tonight.

Has anybody actually gotten tun to work? I get the module loaded fine. the char device exists with 10, 200. But I still get "can't open /dev/net/tun..." when I try to run vpnc. It goes through all the prompts for gateway, ids and passwords before I get the error message.

What (simple, I'm sure) step am I missing?

R.
==

I found this on Jens' site:



I guess I should update my package, too...

Okies. I didn't have iproute. Installed that and command line vpnc works great. I installed the latest cersion of viperinz and haven't got that to work. Doesn't look like there's any error, but it does nothing. Doesn't provide any feedback. Just says Not connected.

R.
==

... or maybe not. The busybox mknod seems to work fine on the C3000. Are you running vpnc as root?

I was missing iproute for vpnc to work. It works now. Running as zaurus with sudo.

R.
==

If you've got some time and willing to help with debugging viperinz:

1. Replace /usr/bin/viperinz-connect with this debug version

2. sudo chmod a+rx /usr/bin/viperinz-connect

3. Try to connect again

4. Look for vpnc errors in /var/log/viperinz.log

5. Check if the config file in /var/run/vpnc/viperinz.conf looks sane

Thanks!

OK. Looks like it's connecting fine. I see a good ip address on tun0. Your GUI doesn't provide any sort of feedback though. The lock remains in an "unlocked" position and still says "Not Connected" even though I'm passing through tun0.

As far as the log file for viperinz, it just tells me that's it's started vpnc in the background.

Is there maybe another qtopia lib I'm missing?

R.
==

Well, at least it's connecting... The GUI is monitoring /var/run/vpnc/vpnc.pid - do you have this file when connected? What are its permissions?



Don't think so (assuming you got the one in the feed)

~ pipacs.

BTW Guys,

I finally successfully connected to my Cisco PIX Firewall with vpnc! My problem all along has been our company's use of 1des instead of 3des.. I'll have to report that. vpnc requires special --enable-1des so you are sure you have a connection that is effectively unencrypted. I don't care much, just need the connection! I use ssh anyway ;-) The only requirement really was a slight modification of the vpnc-connect script to fix the gateway issue. I'm going to be compiling and packaging the seemingly much better version of vpnc from cvs. For some reason my /dev/net/tun device doesn't survive a reboot from what I noticed so far...

So to recap, install the tun from above in this thread, which works with tetsu kernel v18 or sharp rom, or whatever (I'm using cacko). Install vpnc and run it.. Specify gateway ip, group name and pass and whala. Amazing An open source vpn client that works great!

don't think so. I have correct right, and have /vr/run/vpnc/vpnc.pid with correct pid of vpn connection inside, but the icon of viperinz is stil in "Not connected" mode.
But stil, it is connecting so its great for me.
Great job thanks.

Hi all,
I'm using a 3100 and trying to connect to the office pix with radius. the error i get is INVALID EXCHANGE TYPE. The other issue is viperinz. I had problems installing and removing it. I think I'm using all the latest files now as I can add/remove without error.Does anyone know if the vpnc error refers to the exchange mode (Main,Aggressive)? Should the advanced tab in viperinz work and if so what does it contain?

Paul

OK got vpnc working and I can connect to work. Disconnecting isn't very clean but for now I can live with that. No joy with viperinz though. Advanced tab shows nothing. Any ideas?

Paul

Traps: How did you get routing to work? Are you using a script? I can connect to my vpn server, but routing doesn't work. As for disconnecting, have you tried the vpnc-disconnect script in the vpnc tar (source) file?

Agosine: I have done nothing clever just installed the packages. I start vpnc by opening the terminal and doing su, #vpnc and filling the info (Gateway address,group name, secret,username,password)
I get some message pop up about vpnc running is the background. This may be why when I use vpnc-disconnect it says vpnc not running. But it is, and I normally kill the process. Are you sure that your firewall/Gateway device it configured OK? Nat traversal should be configured on the vpn box.
We use a PIX 506E at work and adding the following "isakmp nat-traversal" make it all work for me.

Traps

Strange. I'll have to play with it more since it worked without issue on my 5500. That was with a much older version though and I actually compiled the modules directly on my 5500. I wonder if it has anything to do with my running OZ 3.5.3. I'll install the Sharp ROM and try again. What ROM are you using?

1. haven't done that, the current one produces more than enough logging

2. idem

3. it worked already

4. no errors i recognize

5. looks sane to me

2 points of mention:

a. it worked one time, i was connected and viperinz said so, after that it connected the vpn alright, just didn't notice it anymore

b. how does viperinz know the connection with the pix succeeded? something with the detection must go wrong

--
edwin

I made some progress since the introduction of Viperin-Z. Most notably:

- Version 0.1.2 fixes the uninstall and vpnc detection bugs

- An experimental version 0.1.3 is now available from the feed which adds support for vpnc options "Enable Single DES", "UDP Encapsulate" and "Disable NAT Traversal". Experimental, because my provider doesn't require any of these, so I can't try them out.

To answer the question on how a successful connection is detected: I check /var/run/vpnc/pid for a vpnc process ID, then verify if a process with the given ID really exists.

~ pipacs.

One more thing. If you upgrade Viperin-Z, make sure vpnc is upgraded as well. The supported version is 0.3.3 and it's in the feed, too: http://viperinz.sourceforge.net/feed

~ pipacs.

well duh, of course i created the /var/run/vpnc/ dir the first time and not the second

you might want to add a check for it in your script

it works like a charm now, perfect, thanks for an excellent tool

--
edwin

Good point! Version 0.1.4 now creates /var/run/vpnc if missing

~ pipacs.

hi guys,

i'm trying to have VPN on my C3000 with my Windows XP box. is it possible to do it (and how?) with vpnc and windows xp vpn or OpenVPN ?

i installed openvpn_2.0_arm.ipk on my Z but apparently it wants liblzo and i cannot find it...

any help please?