Difference between revisions of "Connect to Cisco VPN /Easy VPN/ IPSec from centos using free vpnc client"

From vpsget wiki
Jump to: navigation, search
 
(3 intermediate revisions by the same user not shown)
Line 38: Line 38:
 
are using key :
 
are using key :
 
   
 
   
IPSec gateway <gw_ip>
+
<pre> IPSec gateway <gw_ip>
 
  IPSec ID <group_name>
 
  IPSec ID <group_name>
  IPSec secret <pre-shared_key>
+
  IPSec secret <pre-shared_key>  
  #Xauth username
+
# your username goes here:
 +
  #Xauth username </pre>
 +
 
  
 
try to connect:
 
try to connect:
Line 76: Line 78:
 
Lets create the connect script and place it in cron:
 
Lets create the connect script and place it in cron:
  
  ping -c 1 192.168.99.2                      # Try ping on some service located behind the  
+
  GNU nano 2.0.9                                                              File: /home/vpnconnect.sh                                                                                                                          Modified 
asa [ internal ip]
+
 
 +
#!/bin/bash
 +
  /bin/ping -c 1 192.168.99.2                      # Try ping on some service located behind the asa [ internal ip]
 
  rc=$?
 
  rc=$?
 
  if [[ $rc -eq 0 ]] ; then
 
  if [[ $rc -eq 0 ]] ; then
Line 83: Line 87:
 
  else
 
  else
 
     vpnc  asa
 
     vpnc  asa
     route delete 217.23.3.12 gw 0.0.0.0 venet0
+
     route delete 217.24.12.11 gw 0.0.0.0 venet0
 
     route delete 8.8.8.8 gw 0.0.0.0 tun0
 
     route delete 8.8.8.8 gw 0.0.0.0 tun0
 
  fi
 
  fi

Latest revision as of 14:04, 29 September 2015

How to Connect to Cisco VPN /Easy VPN/ IPSec from linux/centos 6 using free vpnc client.


You do not require the next block if you are using dedicated server /kvm If you are our client - you can easily enable TUN/TAP from SolusVM CP or contact us.

---------only for openvz vps------------

Ensure that tun interface is enabled if you are plan to run vpnc in openvz container check the vm.conf in /etc/vz/conv/<CTID>.conf add the lines :

IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport 

iptable_filter iptable_nat iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length

ipt_state ip_nat_ftp ipt_REDIRECT"

DEVICES="c:10:200:rw c:108:0:rw "
CAPABILITY=" NET_ADMIN:on"
DEVNODES="net/tun:rw "


restart Ct to apply settings if need:

vzctl <CTID> restart

---------end----------------------------

yum install vpnc
chmod 700 /etc/vpnc/vpnc-script

In case yum can;t find package try to add remi repo

Copt the config from default to new profile:

cp /etc/vpnc/default.conf /etc/vpnc/asa.conf

Edit the /etc/vpnc/asa.conf. Depending on your cisco config you may use key or cert. We

are using key :

 IPSec gateway <gw_ip>
 IPSec ID <group_name>
 IPSec secret <pre-shared_key> 
 # your username goes here: 
 #Xauth username 


try to connect:

vpnc  asa

You'll be prompted to enter username and password.

To disconnect use next command:

vpnc-disconnect

You can store vpn user name and password in the conf file:

Xauth username <your username>
Xauth password <your password>

Be sure that the password storing policy allowed on the cisco side.

Also it's posible to create a .conf file to use with vpnc from .pcf . SImply install

pcf2vpnc

yum install pcf2vpnc


NOTE:after connecting you may lost internet access on your linux vps/server/ws. This caused due to vpnc removes default route. so you can write some script to run the next lines after vpnc connect command issued:

route delete <gwe.ip> gw 0.0.0.0 venet0
route delete 8.8.8.8 gw 0.0.0.0 tun0 

there may be differ names for network interfaces so check with route -n command

Lets create the connect script and place it in cron:

 GNU nano 2.0.9                                                               File: /home/vpnconnect.sh                                                                                                                           Modified  
#!/bin/bash
/bin/ping -c 1 192.168.99.2                      # Try ping on some service located behind the asa [ internal ip]
rc=$?
if $rc -eq 0  ; then
   ((count = 1))                      # ok do nothing
else
    vpnc  asa
    route delete 217.24.12.11 gw 0.0.0.0 venet0
    route delete 8.8.8.8 gw 0.0.0.0 tun0
fi

save it as /home/vpnconnect.sh remember to

chmod +rwx

add cron task

nano /etc/crontab

add line:

1 * * * * root /home/vpnconnect.sh   

this will start this sctip every minute - it;s usefuil if you require permanent connection.