Difference between revisions of "Connect to Cisco VPN /Easy VPN/ IPSec from centos using free vpnc client"
| Line 6: | Line 6: | ||
'''---------only for openvz vps------------ | '''---------only for openvz vps------------ | ||
| + | |||
Ensure that tun interface is enabled if you are plan to run vpnc in openvz container | Ensure that tun interface is enabled if you are plan to run vpnc in openvz container | ||
check the vm.conf in /etc/vz/conv/<CTID>.conf | check the vm.conf in /etc/vz/conv/<CTID>.conf | ||
| Line 23: | Line 24: | ||
vzctl <CTID> restart | vzctl <CTID> restart | ||
| − | '''---------end---------------------------- | + | '''---------end---------------------------- |
yum install vpnc | yum install vpnc | ||
Revision as of 13:39, 29 September 2015
How to Connect to Cisco VPN /Easy VPN/ IPSec from linux/centos 6 using free vpnc client.
You do not require the next block if you are using dedicated server /kvm
If you are our client - you can easily enable TUN/TAP from SolusVM CP or contact us.
---------only for openvz vps------------
Ensure that tun interface is enabled if you are plan to run vpnc in openvz container check the vm.conf in /etc/vz/conv/<CTID>.conf add the lines :
IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport
iptable_filter iptable_nat iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length
ipt_state ip_nat_ftp ipt_REDIRECT"
DEVICES="c:10:200:rw c:108:0:rw " CAPABILITY=" NET_ADMIN:on" DEVNODES="net/tun:rw "
restart Ct to apply settings if need:
vzctl <CTID> restart
---------end----------------------------
yum install vpnc chmod 700 /etc/vpnc/vpnc-script
In case yum can;t find package try to add remi repo
Copt the config from default to new profile:
cp /etc/vpnc/default.conf /etc/vpnc/asa.conf
Edit the /etc/vpnc/asa.conf. Depending on your cisco config you may use key or cert. We
are using key :
IPSec gateway <gw_ip> IPSec ID <group_name> IPSec secret <pre-shared_key> # your username goes here: #Xauth username
try to connect:
vpnc asa
You'll be prompted to enter username and password.
To disconnect use next command:
vpnc-disconnect
You can store vpn user name and password in the conf file:
Xauth username <your username> Xauth password <your password>
Be sure that the password storing policy allowed on the cisco side.
Also it's posible to create a .conf file to use with vpnc from .pcf . SImply install
pcf2vpnc
yum install pcf2vpnc
NOTE:after connecting you may lost internet access on your linux vps/server/ws. This caused due to vpnc removes default route. so you can write some script to run the next lines after vpnc connect command issued:
route delete <gwe.ip> gw 0.0.0.0 venet0 route delete 8.8.8.8 gw 0.0.0.0 tun0
there may be differ names for network interfaces so check with route -n command
Lets create the connect script and place it in cron:
ping -c 1 192.168.99.2 # Try ping on some service located behind the
asa [ internal ip] rc=$? if $rc -eq 0 ; then ((count = 1)) # ok do nothing else vpnc asa route delete 217.23.3.12 gw 0.0.0.0 venet0 route delete 8.8.8.8 gw 0.0.0.0 tun0 fi
save it as /home/vpnconnect.sh remember to
chmod +rwx
add cron task
nano /etc/crontab
add line:
1 * * * * root /home/vpnconnect.sh
this will start this sctip every minute - it;s usefuil if you require permanent connection.
