Author Topic: Vpn-client On C3k (Read 8576 times)

elephanti · « **Reply #15 on:** May 17, 2005, 07:52:43 am »

Quote

Well, at least it's connecting... The GUI is monitoring /var/run/vpnc/vpnc.pid - do you have this file when connected? What are its permissions?

don't think so. I have correct right, and have /vr/run/vpnc/vpnc.pid with correct pid of vpn connection inside, but the icon of viperinz is stil in "Not connected" mode.
But stil, it is connecting so its great for me.
Great job thanks.

Traps · « **Reply #16 on:** August 13, 2005, 12:31:22 pm »

Quote

Quote
Quote
OK. Looks like it's connecting fine. I see a good ip address on tun0. Your GUI doesn't provide any sort of feedback though. The lock remains in an "unlocked" position and still says "Not Connected" even though I'm passing through tun0.

Well, at least it's connecting... The GUI is monitoring /var/run/vpnc/vpnc.pid - do you have this file when connected? What are its permissions?

Quote
Is there maybe another qtopia lib I'm missing?

Don't think so (assuming you got the one in the feed)

~ pipacs.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=79517\"][{POST_SNAPBACK}][/a][/div]

BTW Guys,

I finally successfully connected to my Cisco PIX Firewall with vpnc! My problem all along has been our company's use of 1des instead of 3des.. I'll have to report that. vpnc requires special --enable-1des so you are sure you have a connection that is effectively unencrypted. I don't care much, just need the connection! I use ssh anyway ;-) The only requirement really was a slight modification of the vpnc-connect script to fix the gateway issue. I'm going to be compiling and packaging the seemingly much better version of vpnc from cvs. For some reason my /dev/net/tun device doesn't survive a reboot from what I noticed so far...

So to recap, install the tun from above in this thread, which works with tetsu kernel v18 or sharp rom, or whatever (I'm using cacko). Install vpnc and run it.. Specify gateway ip, group name and pass and whala. Amazing An open source vpn client that works great!
[div align=\"right\"][a href=\"index.php?act=findpost&pid=79974\"][{POST_SNAPBACK}][/a][/div]

Hi all,
I'm using a 3100 and trying to connect to the office pix with radius. the error i get is INVALID EXCHANGE TYPE. The other issue is viperinz. I had problems installing and removing it. I think I'm using all the latest files now as I can add/remove without error.Does anyone know if the vpnc error refers to the exchange mode (Main,Aggressive)? Should the advanced tab in viperinz work and if so what does it contain?

Paul

Traps · « **Reply #17 on:** August 16, 2005, 02:14:22 am »

OK got vpnc working and I can connect to work. Disconnecting isn't very clean but for now I can live with that. No joy with viperinz though. Advanced tab shows nothing. Any ideas?

Paul

agosine · « **Reply #18 on:** August 17, 2005, 09:57:16 pm »

Traps: How did you get routing to work? Are you using a script? I can connect to my vpn server, but routing doesn't work. As for disconnecting, have you tried the vpnc-disconnect script in the vpnc tar (source) file?

Traps · « **Reply #19 on:** August 19, 2005, 01:02:26 am »

Quote

Traps: How did you get routing to work? Are you using a script? I can connect to my vpn server, but routing doesn't work. As for disconnecting, have you tried the vpnc-disconnect script in the vpnc tar (source) file?
[div align=\"right\"][a href=\"index.php?act=findpost&pid=92273\"][{POST_SNAPBACK}][/a][/div]

Agosine: I have done nothing clever just installed the packages. I start vpnc by opening the terminal and doing su, #vpnc and filling the info (Gateway address,group name, secret,username,password)
I get some message pop up about vpnc running is the background. This may be why when I use vpnc-disconnect it says vpnc not running. But it is, and I normally kill the process. Are you sure that your firewall/Gateway device it configured OK? Nat traversal should be configured on the vpn box.
We use a PIX 506E at work and adding the following "isakmp nat-traversal" make it all work for me.

Traps

agosine · « **Reply #20 on:** August 19, 2005, 10:02:24 am »

Strange. I'll have to play with it more since it worked without issue on my 5500. That was with a much older version though and I actually compiled the modules directly on my 5500. I wonder if it has anything to do with my running OZ 3.5.3. I'll install the Sharp ROM and try again. What ROM are you using?

madeddie · « **Reply #21 on:** August 19, 2005, 02:58:44 pm »

Quote

If you've got some time and willing to help with debugging viperinz:

1. Replace /usr/bin/viperinz-connect with this debug version

2. sudo chmod a+rx /usr/bin/viperinz-connect

3. Try to connect again

4. Look for vpnc errors in /var/log/viperinz.log

5. Check if the config file in /var/run/vpnc/viperinz.conf looks sane

Thanks!
[div align=\"right\"][a href=\"index.php?act=findpost&pid=79492\"][{POST_SNAPBACK}][/a][/div]

1. haven't done that, the current one produces more than enough logging

2. idem

3. it worked already

4. no errors i recognize

5. looks sane to me

2 points of mention:

a. it worked one time, i was connected and viperinz said so, after that it connected the vpn alright, just didn't notice it anymore

b. how does viperinz know the connection with the pix succeeded? something with the detection must go wrong

--
edwin

pipacs · « **Reply #22 on:** August 19, 2005, 04:34:11 pm »

I made some progress since the introduction of Viperin-Z. Most notably:

- Version 0.1.2 fixes the uninstall and vpnc detection bugs

- An experimental version 0.1.3 is now available from the feed which adds support for vpnc options "Enable Single DES", "UDP Encapsulate" and "Disable NAT Traversal". Experimental, because my provider doesn't require any of these, so I can't try them out.

To answer the question on how a successful connection is detected: I check /var/run/vpnc/pid for a vpnc process ID, then verify if a process with the given ID really exists.

~ pipacs.

pipacs · « **Reply #23 on:** August 19, 2005, 04:39:23 pm »

One more thing. If you upgrade Viperin-Z, make sure vpnc is upgraded as well. The supported version is 0.3.3 and it's in the feed, too: http://viperinz.sourceforge.net/feed

~ pipacs.

madeddie · « **Reply #24 on:** August 19, 2005, 05:38:46 pm »

Quote

To answer the question on how a successful connection is detected: I check /var/run/vpnc/pid for a vpnc process ID, then verify if a process with the given ID really exists.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=92550\"][{POST_SNAPBACK}][/a][/div]

well duh, of course i created the /var/run/vpnc/ dir the first time and not the second

you might want to add a check for it in your script

it works like a charm now, perfect, thanks for an excellent tool

--
edwin

pipacs · « **Reply #25 on:** August 23, 2005, 04:01:06 pm »

Quote

well duh, of course i created the /var/run/vpnc/ dir the first time and not the second

you might want to add a check for it in your script

Good point! Version 0.1.4 now creates /var/run/vpnc if missing

~ pipacs.

jpmatrix · « **Reply #26 on:** August 25, 2005, 06:05:32 am »

hi guys,

i'm trying to have VPN on my C3000 with my Windows XP box. is it possible to do it (and how?) with vpnc and windows xp vpn or OpenVPN ?

i installed openvpn_2.0_arm.ipk on my Z but apparently it wants liblzo and i cannot find it...

any help please?

News:

Author Topic: Vpn-client On C3k (Read 8576 times)