Re: Connect to Cisco VPN server from FreeBSD?
On Sun, Apr 10, 2005 at 04:38:34PM +0100, Scott Mitchell wrote: Hi all, As in the subject - has anyone managed to get a FreeBSD machine to connect to a Cisco VPN server, using IPSec and 2-factor authentication (password + SecurID card)? My employer has been acquired by another company, and this will soon be the only remote-access method available. Linux client software exists, but given that it relies on a kernel module I'm not holding out much hope of it working. The security/vpnc port looks like it might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded to do the SecurID authentication. In case this is useful to anybody else - Finally got my SecurID card and can report that it works very well with the latest security/vpnc port. I had to decode the group password in the config file for the Cisco client I was given, but the vpnc web page has a handy service for doing just that. Apart from that, it just worked. The vpnc client doesn't support re-keying, so the connection hangs when the other side decides to do this. I'm mostly just connecting to machines at work over VNC or rdesktop, so this is no big deal for me - just re-connect. It also doesn't deal well with requests to re-authenticate after the SecurID token changes, which I think only happen if you get your password wrong. It does seem to correctly handle any DNS and split-tunnelling setup requested by the server, although you can tweak the connect script to ignore all that stuff if it annoys you :-) I'm connecting to a Cisco 2600 series router, with SecurID authentication done by some RADIUS server at another site. Haven't tried, but I expect I would have no trouble connecting to our central Cisco 3000 VPN concentrator box. Scott -- === Scott Mitchell | PGP Key ID | Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines scott at fishballoon.org | 0xAA775B8B | -- Anon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Connect to Cisco VPN server from FreeBSD?
Hi all, As in the subject - has anyone managed to get a FreeBSD machine to connect to a Cisco VPN server, using IPSec and 2-factor authentication (password + SecurID card)? My employer has been acquired by another company, and this will soon be the only remote-access method available. Linux client software exists, but given that it relies on a kernel module I'm not holding out much hope of it working. The security/vpnc port looks like it might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded to do the SecurID authentication. I would try all these things myself, except I don't have any account details for the server yet. I really don't want to keep a Linux or Windows machine around just to connect to the office... Many thanks in advance, Scott -- === Scott Mitchell | PGP Key ID | Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines scott at fishballoon.org | 0xAA775B8B | -- Anon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connect to Cisco VPN server from FreeBSD?
Scott Mitchell wrote: Hi all, As in the subject - has anyone managed to get a FreeBSD machine to connect to a Cisco VPN server, using IPSec and 2-factor authentication (password + SecurID card)? My employer has been acquired by another company, and this will soon be the only remote-access method available. Linux client software exists, but given that it relies on a kernel module I'm not holding out much hope of it working. The security/vpnc port looks like it might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded to do the SecurID authentication. I would try all these things myself, except I don't have any account details for the server yet. I really don't want to keep a Linux or Windows machine around just to connect to the office... Many thanks in advance, Scott I have not personally used this, however I have had reports of users connecting to a Cisco VPN 3000 box that I administered at one point with the following client: http://www.unix-ag.uni-kl.de/~massar/vpnc/ -Ash ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connect to Cisco VPN server from FreeBSD?
On Sun, Apr 10, 2005 at 12:26:45PM -0500, Ash wrote: Scott Mitchell wrote: Hi all, As in the subject - has anyone managed to get a FreeBSD machine to connect to a Cisco VPN server, using IPSec and 2-factor authentication (password + SecurID card)? My employer has been acquired by another company, and this will soon be the only remote-access method available. Linux client software exists, but given that it relies on a kernel module I'm not holding out much hope of it working. The security/vpnc port looks like it might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded to do the SecurID authentication. I would try all these things myself, except I don't have any account details for the server yet. I really don't want to keep a Linux or Windows machine around just to connect to the office... Many thanks in advance, Scott I have not personally used this, however I have had reports of users connecting to a Cisco VPN 3000 box that I administered at one point with the following client: http://www.unix-ag.uni-kl.de/~massar/vpnc/ Thanks, that looks promising. The SecurID thing is apparently just a flavour of XAUTH which seems to be supported, so it might just work. Cheers, Scott -- === Scott Mitchell | PGP Key ID | Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines scott at fishballoon.org | 0xAA775B8B | -- Anon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connect to Cisco VPN server from FreeBSD?
Scott Mitchell wrote: On Sun, Apr 10, 2005 at 12:26:45PM -0500, Ash wrote: Scott Mitchell wrote: Hi all, As in the subject - has anyone managed to get a FreeBSD machine to connect to a Cisco VPN server, using IPSec and 2-factor authentication (password + SecurID card)? My employer has been acquired by another company, and this will soon be the only remote-access method available. Linux client software exists, but given that it relies on a kernel module I'm not holding out much hope of it working. The security/vpnc port looks like it might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded to do the SecurID authentication. I would try all these things myself, except I don't have any account details for the server yet. I really don't want to keep a Linux or Windows machine around just to connect to the office... Many thanks in advance, Scott I have not personally used this, however I have had reports of users connecting to a Cisco VPN 3000 box that I administered at one point with the following client: http://www.unix-ag.uni-kl.de/~massar/vpnc/ Thanks, that looks promising. The SecurID thing is apparently just a flavour of XAUTH which seems to be supported, so it might just work. Cheers, Scott Whoops forgot to mention that I had configured out VPN3000 to authenticate users using SecurID. The vpnc users were able to authenticate just fine. OT, but they were also able to use vpnc to bypass split-tunneling restrictions (no real surprise there). Good luck, -Ash ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Connect to Cisco VPN server from FreeBSD?
On Sun, Apr 10, 2005 at 01:41:20PM -0500, Ash wrote: Scott Mitchell wrote: Thanks, that looks promising. The SecurID thing is apparently just a flavour of XAUTH which seems to be supported, so it might just work. Cheers, Scott Whoops forgot to mention that I had configured out VPN3000 to authenticate users using SecurID. The vpnc users were able to authenticate just fine. OT, but they were also able to use vpnc to bypass split-tunneling restrictions (no real surprise there). Good luck, -Ash Cool - sounds like just the thing. I look forward to trying it out as soon as my new overlords give me my SecurID :-) Many thanks, Scott -- === Scott Mitchell | PGP Key ID | Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines scott at fishballoon.org | 0xAA775B8B | -- Anon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]