Difference between revisions of "Connect to Cisco VPN /Easy VPN/ IPSec from centos using free vpnc client"
(Created page with "'''How to Connect to Cisco VPN /Easy VPN/ IPSec from linux/centos 6 using free vpnc client. Ensure that tun interface is enabled if you are plan to run vpnc in openvz contain...") |
|||
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
'''How to Connect to Cisco VPN /Easy VPN/ IPSec from linux/centos 6 using free vpnc client. | '''How to Connect to Cisco VPN /Easy VPN/ IPSec from linux/centos 6 using free vpnc client. | ||
+ | |||
+ | |||
+ | You do not require the next block if you are using dedicated server /kvm | ||
+ | If you are our client - you can easily enable TUN/TAP from SolusVM CP or contact us. | ||
+ | |||
+ | '''---------only for openvz vps------------ | ||
Ensure that tun interface is enabled if you are plan to run vpnc in openvz container | Ensure that tun interface is enabled if you are plan to run vpnc in openvz container | ||
Line 17: | Line 23: | ||
restart Ct to apply settings if need: | restart Ct to apply settings if need: | ||
vzctl <CTID> restart | vzctl <CTID> restart | ||
− | + | ||
+ | '''---------end---------------------------- | ||
yum install vpnc | yum install vpnc | ||
Line 31: | Line 38: | ||
are using key : | are using key : | ||
− | + | <pre> IPSec gateway <gw_ip> | |
IPSec ID <group_name> | IPSec ID <group_name> | ||
− | IPSec secret <pre-shared_key> | + | IPSec secret <pre-shared_key> |
− | # your username goes here: | + | # your username goes here: |
− | #Xauth username | + | #Xauth username </pre> |
+ | |||
try to connect: | try to connect: | ||
Line 54: | Line 62: | ||
pcf2vpnc | pcf2vpnc | ||
+ | |||
yum install pcf2vpnc | yum install pcf2vpnc | ||
Line 69: | Line 78: | ||
Lets create the connect script and place it in cron: | Lets create the connect script and place it in cron: | ||
− | + | GNU nano 2.0.9 File: /home/vpnconnect.sh Modified | |
− | asa [ internal ip] | + | #!/bin/bash |
+ | /bin/ping -c 1 192.168.99.2 # Try ping on some service located behind the asa [ internal ip] | ||
rc=$? | rc=$? | ||
if [[ $rc -eq 0 ]] ; then | if [[ $rc -eq 0 ]] ; then | ||
Line 77: | Line 87: | ||
else | else | ||
vpnc asa | vpnc asa | ||
− | route delete 217. | + | route delete 217.24.12.11 gw 0.0.0.0 venet0 |
route delete 8.8.8.8 gw 0.0.0.0 tun0 | route delete 8.8.8.8 gw 0.0.0.0 tun0 | ||
fi | fi | ||
Line 86: | Line 96: | ||
add cron task | add cron task | ||
− | |||
nano /etc/crontab | nano /etc/crontab | ||
Line 92: | Line 101: | ||
1 * * * * root /home/vpnconnect.sh | 1 * * * * root /home/vpnconnect.sh | ||
− | this will start this sctip every minute - it;s usefuil if you require permanent | + | this will start this sctip every minute - it;s usefuil if you require permanent connection. |
+ | |||
− | + | [[Category:Linux]] |
Latest revision as of 14:04, 29 September 2015
How to Connect to Cisco VPN /Easy VPN/ IPSec from linux/centos 6 using free vpnc client.
You do not require the next block if you are using dedicated server /kvm
If you are our client - you can easily enable TUN/TAP from SolusVM CP or contact us.
---------only for openvz vps------------
Ensure that tun interface is enabled if you are plan to run vpnc in openvz container check the vm.conf in /etc/vz/conv/<CTID>.conf add the lines :
IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport
iptable_filter iptable_nat iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length
ipt_state ip_nat_ftp ipt_REDIRECT"
DEVICES="c:10:200:rw c:108:0:rw " CAPABILITY=" NET_ADMIN:on" DEVNODES="net/tun:rw "
restart Ct to apply settings if need:
vzctl <CTID> restart
---------end----------------------------
yum install vpnc chmod 700 /etc/vpnc/vpnc-script
In case yum can;t find package try to add remi repo
Copt the config from default to new profile:
cp /etc/vpnc/default.conf /etc/vpnc/asa.conf
Edit the /etc/vpnc/asa.conf. Depending on your cisco config you may use key or cert. We
are using key :
IPSec gateway <gw_ip> IPSec ID <group_name> IPSec secret <pre-shared_key> # your username goes here: #Xauth username
try to connect:
vpnc asa
You'll be prompted to enter username and password.
To disconnect use next command:
vpnc-disconnect
You can store vpn user name and password in the conf file:
Xauth username <your username> Xauth password <your password>
Be sure that the password storing policy allowed on the cisco side.
Also it's posible to create a .conf file to use with vpnc from .pcf . SImply install
pcf2vpnc
yum install pcf2vpnc
NOTE:after connecting you may lost internet access on your linux vps/server/ws. This caused due to vpnc removes default route. so you can write some script to run the next lines after vpnc connect command issued:
route delete <gwe.ip> gw 0.0.0.0 venet0 route delete 8.8.8.8 gw 0.0.0.0 tun0
there may be differ names for network interfaces so check with route -n command
Lets create the connect script and place it in cron:
GNU nano 2.0.9 File: /home/vpnconnect.sh Modified
#!/bin/bash /bin/ping -c 1 192.168.99.2 # Try ping on some service located behind the asa [ internal ip] rc=$? if $rc -eq 0 ; then ((count = 1)) # ok do nothing else vpnc asa route delete 217.24.12.11 gw 0.0.0.0 venet0 route delete 8.8.8.8 gw 0.0.0.0 tun0 fi
save it as /home/vpnconnect.sh remember to
chmod +rwx
add cron task
nano /etc/crontab
add line:
1 * * * * root /home/vpnconnect.sh
this will start this sctip every minute - it;s usefuil if you require permanent connection.