From: Adeel Nazir Date: Thu, 17 Nov 2005 12:20:39 -0500 Subject: alternative vpn method, via vpnc To: umlinux@gmail.com Hey, I'm running Gentoo 2005 using kernel 2.6.14-r2 (aka, gentoo-sources) and was able to get the VPN working without having to use the cisco client, as there is a much faster clone out there that works just as well. It's called vpnc and is in portage, and has fewer issues than the cisco client, but it doesn't have the pretty graphical interface, but it's not really necessary. Anyways, I'll give you the quick walkthough and link to the gentoo documentation for any advanced customization that people might want to do. 1. Ensure that TUN/TAP is enabled in your kernel (built-in or module is fine). To double check, try doing a "modprobe tun" and see what it says, if you think it's builtin do a "dmesg | grep -i tun". Otherwise, you HAVE to recompile the kernel with the support added in. It's located in the Device Drivers --> Networking Support --> Universal TUN/TAP device driver support 2. Load the TUN module using insmod/modprobe before running vpnc. 3. Install vpnc, net-misc/vpnc. There's a tool bundled with vpnc called pcf2vpnc, which is written in perl, but its not necessary for UMD. 4. VPNC looks for configurations in either /etc/vpnc/default.conf or /etc/vpnc.conf. The former allows for multiple profiles, while the latter is for a single profile. I use /etc/vpnc.conf as I only vpn into UMD. 5. Here's the /etc/vpnc.conf file I use, minus the individual username/password combo: # /etc/vpnc.conf -- For UMD-TunnelAll IPSec gateway vpn2.umd.edu IPSec ID UMD-TunnelAll IPSec secret ONorR)Wdx6W0mH;[ Xauth username YOURUSERNAME Xauth password YOURPASS 6. You must at least enter in your username in the Xauth username line, and if you enter in the password field, vpnc will automatically remember your password. Note: Make sure the premissions are strict if you leave your password in, as its stored in cleartext and can be read if proper care isn't taken. Not to mention, vpnc has to be run as root, so there's no real need in allowing any other permissions. 7. Before you start vpnc, you need to create the directory /var/run/vpnc (the install script nor vpnc create it automatically for some reason) 8. VPNC must be run as root with the following command: vpnc If you use the kill to exit vpnc, your dns and routes will be messed up, so you'll need to restart the eth0 interface. To exit vpnc normally, execute "vpnc-disconnect" and the vpn will exit. Some advanced VPN stuff can be done, but is extra, so I'll just leave a link to the site: http://www.gentoo.org/doc/en/draft/vpnc-howto.xml That should be all that's necessary for vpn to work, you could even create seperate profiles, one for tunnelall and one for normal vpn, just need to name them different files e.g. /etc/vpnc/umd.conf or /etc/vpnc/umdtunnel.conf and start them by passing the name to vpnc, i.e., "vpnc umd.conf" Here's the necessary info for the other UMD connection # /etc/vpnc/umd.conf -- Sample UMD normal connection IPSec gateway vpn.umd.edu IPSec ID UMD IPSec secret i#|fOd!jisYR5r9N Xauth username YOURUSERNAME Xauth password YOURPASS Hope this helps. Adeel -- UM Linux Users Group http://www.umlug.umd.edu ====== Other useful URLs added: [1] http://www.mail-archive.com/um-linux@listserv.umd.edu/msg01716.html [2] http://www.helpdesk.umd.edu/documents/4/4341/ReadMe.txt