Connect to Cisco VPN /Easy VPN/ IPSec from centos using free vpnc client
How to Connect to Cisco VPN /Easy VPN/ IPSec from linux/centos 6 using free vpnc client.
You do not require the next block if you are using dedicated server /kvm If you are our client - you can easily enable TUN/TAP from SolusVM CP or contact us.
---------only for openvz vps------------
Ensure that tun interface is enabled if you are plan to run vpnc in openvz container check the vm.conf in /etc/vz/conv/<CTID>.conf add the lines :
IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport
iptable_filter iptable_nat iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length
ipt_state ip_nat_ftp ipt_REDIRECT"
DEVICES="c:10:200:rw c:108:0:rw " CAPABILITY=" NET_ADMIN:on" DEVNODES="net/tun:rw "
restart Ct to apply settings if need:
vzctl <CTID> restart
yum install vpnc chmod 700 /etc/vpnc/vpnc-script
In case yum can;t find package try to add remi repo
Copt the config from default to new profile:
cp /etc/vpnc/default.conf /etc/vpnc/asa.conf
Edit the /etc/vpnc/asa.conf. Depending on your cisco config you may use key or cert. We
are using key :
IPSec gateway <gw_ip> IPSec ID <group_name> IPSec secret <pre-shared_key> # your username goes here: #Xauth username
try to connect:
You'll be prompted to enter username and password.
To disconnect use next command:
You can store vpn user name and password in the conf file:
Xauth username <your username> Xauth password <your password>
Be sure that the password storing policy allowed on the cisco side.
Also it's posible to create a .conf file to use with vpnc from .pcf . SImply install
yum install pcf2vpnc
NOTE:after connecting you may lost internet access on your linux vps/server/ws. This caused due to vpnc removes default route. so you can write some script to run the next lines after vpnc connect command issued:
route delete <gwe.ip> gw 0.0.0.0 venet0 route delete 220.127.116.11 gw 0.0.0.0 tun0
there may be differ names for network interfaces so check with route -n command
Lets create the connect script and place it in cron:
GNU nano 2.0.9 File: /home/vpnconnect.sh Modified
#!/bin/bash /bin/ping -c 1 192.168.99.2 # Try ping on some service located behind the asa [ internal ip] rc=$? if $rc -eq 0 ; then ((count = 1)) # ok do nothing else vpnc asa route delete 18.104.22.168 gw 0.0.0.0 venet0 route delete 22.214.171.124 gw 0.0.0.0 tun0 fi
save it as /home/vpnconnect.sh remember to
add cron task
1 * * * * root /home/vpnconnect.sh
this will start this sctip every minute - it;s usefuil if you require permanent connection.