Difference between revisions of "Connect to Cisco VPN /Easy VPN/ IPSec from centos using free vpnc client"

From vpsget wiki
Jump to: navigation, search
(Created page with "'''How to Connect to Cisco VPN /Easy VPN/ IPSec from linux/centos 6 using free vpnc client. Ensure that tun interface is enabled if you are plan to run vpnc in openvz contain...")
 
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
'''How to Connect to Cisco VPN /Easy VPN/ IPSec from linux/centos 6 using free vpnc client.
 
'''How to Connect to Cisco VPN /Easy VPN/ IPSec from linux/centos 6 using free vpnc client.
 +
 +
 +
You do not require the next block if you are using dedicated server /kvm 
 +
If you are our client -  you can easily enable TUN/TAP from SolusVM CP or contact us.
 +
 +
'''---------only for openvz vps------------
  
 
Ensure that tun interface is enabled if you are plan to run vpnc in openvz container
 
Ensure that tun interface is enabled if you are plan to run vpnc in openvz container
Line 17: Line 23:
 
restart Ct to apply settings if need:
 
restart Ct to apply settings if need:
 
  vzctl <CTID> restart
 
  vzctl <CTID> restart
+
 
 +
'''---------end----------------------------
  
 
  yum install vpnc
 
  yum install vpnc
Line 31: Line 38:
 
are using key :
 
are using key :
 
   
 
   
IPSec gateway <gw_ip>
+
<pre> IPSec gateway <gw_ip>
 
  IPSec ID <group_name>
 
  IPSec ID <group_name>
  IPSec secret <pre-shared_key>
+
  IPSec secret <pre-shared_key>  
  # your username goes here:
+
  # your username goes here:  
  #Xauth username
+
  #Xauth username </pre>
 +
 
  
 
try to connect:
 
try to connect:
Line 54: Line 62:
  
 
pcf2vpnc
 
pcf2vpnc
 +
 
  yum install pcf2vpnc
 
  yum install pcf2vpnc
  
Line 69: Line 78:
 
Lets create the connect script and place it in cron:
 
Lets create the connect script and place it in cron:
  
ping -c 1 192.168.99.2                      # Try ping on some service located behind the
+
  GNU nano 2.0.9                                                              File: /home/vpnconnect.sh                                                                                                                          Modified 
  
  asa [ internal ip]
+
  #!/bin/bash
 +
/bin/ping -c 1 192.168.99.2                      # Try ping on some service located behind the asa [ internal ip]
 
  rc=$?
 
  rc=$?
 
  if [[ $rc -eq 0 ]] ; then
 
  if [[ $rc -eq 0 ]] ; then
Line 77: Line 87:
 
  else
 
  else
 
     vpnc  asa
 
     vpnc  asa
     route delete 217.23.3.12 gw 0.0.0.0 venet0
+
     route delete 217.24.12.11 gw 0.0.0.0 venet0
 
     route delete 8.8.8.8 gw 0.0.0.0 tun0
 
     route delete 8.8.8.8 gw 0.0.0.0 tun0
 
  fi
 
  fi
Line 86: Line 96:
  
 
add cron task
 
add cron task
 
 
  nano /etc/crontab
 
  nano /etc/crontab
  
Line 92: Line 101:
 
  1 * * * * root /home/vpnconnect.sh   
 
  1 * * * * root /home/vpnconnect.sh   
  
this will start this sctip every minute - it;s usefuil if you require permanent  
+
this will start this sctip every minute - it;s usefuil if you require permanent connection.
 +
 
  
connection.
+
[[Category:Linux]]

Latest revision as of 14:04, 29 September 2015

How to Connect to Cisco VPN /Easy VPN/ IPSec from linux/centos 6 using free vpnc client.


You do not require the next block if you are using dedicated server /kvm If you are our client - you can easily enable TUN/TAP from SolusVM CP or contact us.

---------only for openvz vps------------

Ensure that tun interface is enabled if you are plan to run vpnc in openvz container check the vm.conf in /etc/vz/conv/<CTID>.conf add the lines :

IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport 

iptable_filter iptable_nat iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length

ipt_state ip_nat_ftp ipt_REDIRECT"

DEVICES="c:10:200:rw c:108:0:rw "
CAPABILITY=" NET_ADMIN:on"
DEVNODES="net/tun:rw "


restart Ct to apply settings if need:

vzctl <CTID> restart

---------end----------------------------

yum install vpnc
chmod 700 /etc/vpnc/vpnc-script

In case yum can;t find package try to add remi repo

Copt the config from default to new profile:

cp /etc/vpnc/default.conf /etc/vpnc/asa.conf

Edit the /etc/vpnc/asa.conf. Depending on your cisco config you may use key or cert. We

are using key :

 IPSec gateway <gw_ip>
 IPSec ID <group_name>
 IPSec secret <pre-shared_key> 
 # your username goes here: 
 #Xauth username 


try to connect:

vpnc  asa

You'll be prompted to enter username and password.

To disconnect use next command:

vpnc-disconnect

You can store vpn user name and password in the conf file:

Xauth username <your username>
Xauth password <your password>

Be sure that the password storing policy allowed on the cisco side.

Also it's posible to create a .conf file to use with vpnc from .pcf . SImply install

pcf2vpnc

yum install pcf2vpnc


NOTE:after connecting you may lost internet access on your linux vps/server/ws. This caused due to vpnc removes default route. so you can write some script to run the next lines after vpnc connect command issued:

route delete <gwe.ip> gw 0.0.0.0 venet0
route delete 8.8.8.8 gw 0.0.0.0 tun0 

there may be differ names for network interfaces so check with route -n command

Lets create the connect script and place it in cron:

 GNU nano 2.0.9                                                               File: /home/vpnconnect.sh                                                                                                                           Modified  
#!/bin/bash
/bin/ping -c 1 192.168.99.2                      # Try ping on some service located behind the asa [ internal ip]
rc=$?
if $rc -eq 0  ; then
   ((count = 1))                      # ok do nothing
else
    vpnc  asa
    route delete 217.24.12.11 gw 0.0.0.0 venet0
    route delete 8.8.8.8 gw 0.0.0.0 tun0
fi

save it as /home/vpnconnect.sh remember to

chmod +rwx

add cron task

nano /etc/crontab

add line:

1 * * * * root /home/vpnconnect.sh   

this will start this sctip every minute - it;s usefuil if you require permanent connection.