On Mon, 2007-08-27 at 13:50 +1000, Antonio Cosimo Costantino wrote: > It's the first time I write here since I came here in Sydney from Italy six > weeks ago so... let's start with a canonical (!) greeting... ciaociao > everybody! > > When I started studying at usyd, the staff told us we (students) have access > to web resources via wireless connection. It's true, except discovering few > weeks later we need a (cisco) vpn client and linux kernel 2.6 is not > supported!
I run vnpc with no dramas to a Cisco VPN concentrator. Maybe using that rather than some GUIified front end will show the issue more readily. A lightly edited copy of an internal wiki for using a Cisco VPN from Linux follows: VPN 1. INTRODUCTION Use the virtual private network where: you wish to use internal computing systems from outside of the Example network; you do not have unfiltered access to the Internet and wish to run a protocol which is being filtered; from eduroam access points which only allow VPN connections so the eduroam provider can limit costs. Example uses a Cisco VPN concentrator. This requires client software which is peculiar to Cisco's IPsec VPN implementation. Other VPN software will not work, including PPTP, L2PT and SSL. ... 3. LINUX There is a choice of client software: Cisco Systems and VPNC. VPNC is simpler to install and use. 3.1 VPNC INSTALLATION For Red Hat or Fedora have the Extras repository enabled and # yum install vpnc For Debian and Ubuntu have the Universe repository enabled and # apt-get update # apt-get install vpnc VPNC's home page is <http://www.unix-ag.uni-kl.de/~massar/vpnc/> You need VPNC 0.4.0 or later. Don't even bother with earlier versions. 3.2 VPNC CONFIGURATION Create the "Example" configuration file # (umask 077; touch /etc/vpnc/example.conf) then edit it to add this text IPSec gateway ....example.edu.au IPSec ID Example IPSec secret ... NAT-Keepalive packet interval 290 Rekeying interval 0 Xauth username fab replacing fab with your username. Similarly, create the "Example always" configuration file # (umask 077; touch /etc/vpnc/example-always.conf) then edit it to add this text IPSec gateway ....example.edu.au IPSec ID Example always IPSec secret ... NAT-Keepalive packet interval 290 Rekeying interval 0 Xauth username fab again replacing fab with your username. Most of the parameters come directly from those used to configure the VPN endpoint and are discussed above. The rekeying interval is set to 0 to disable rekeying, as connections from laptops are not held up long enough for discovery of the session key to be a concern. Versions of VPNC before 0.4 had difficulty with rekeying. The NAT keep-alive packet interval is set to 290 seconds. Most NAT boxes time out a connection after 10 minutes of inactivity, so using a value just short of 5 minutes presents two opportunities to re-start the NAT router's inactivity timer for this connection. 3.3 VPNC USE Bring up the VPN with # vpnc example.conf Enter password for [EMAIL PROTECTED]: ********* VPNC started in background (pid: 123)... You can check the results by looking for routes to the tun0 interface reported by $ route -n or by checking the input and output counters on the tun0 interface $ ifconfig tun0 Bring down the VPN with # vpnc-disconnect 3.4 VPNC EXPERT USE If you want the default route to be at the VPN endpoint then use # vpnc example-always.conf Enter password for [EMAIL PROTECTED]: ********* VPNC started in background (pid: 666)... 3.5 FAULT FINDING Check your firewall settings. Ubuntu's firestarter (its recommended firewall) blocks traffic from interfaces it does not know of when configured. "dmesg" will show errors related to the configuration of the kernel module. "ifconfig" and "iproute" show network configuration. "vpnc --no-detach --debug 1" will show detailed progress. The VPN Concentrator sends messages to the Example central syslog facility at ... -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
