From: Jerry Kemp (sun.mail.list@oryx.cc)
Date: Thu May 24 2007 - 12:44:53 EDT
Solaris x86 VPN client summary.
Thank you to the following for your comments and suggestions:
Michael Grice
Gary Chambers
Matthew Taylor
Glenn Prince
David Magda
Al Saenz
Vacations - It has been a while since I posted a question here, and
amazingly, no one is on holiday.
================================
Down to business - With one exception, everyone suggested VPNC. No one
has this working on Solaris that emailed me, but some indicated that
they had it working on linux.
This is the URL for VPNc:
http://www.unix-ag.uni-kl.de/~massar/vpnc/
The one exception was for the Connectra SSL VPN extender. The Cisco VPN
concentrator does not support SSL based VPN's, so I was not able to
explore this option.
================================
Compiling VPNc
My VPNc test platform is an Ultra 20 M2 running Solaris 10u3.
I pulled down the VPNc 0.4.0 source code last evening, and ultimately
got a good working compile. Why there was not any rocket-surgery
involved, it wasn't a task for the timid or beginner. This application
had roughly a dozen sub-dependencies I had to get compiled and installed
prior to getting a good/working compile of VPNc.
The bulk of problems encountered with the sub-dependencies revolved
around ld. They needed the GNU ld. And it wasn't enough to do a
./configure --with-gnu-ld=/usr/local/bin/ld . I actually had to rename
/usr/ccs/bin/ld to get a good compile. If you have to do this also, be
sure to restore /usr/ccs/bin/ld afterwards, you will need it!
The big exception to the sub-dependencies was the compiling/installing
of the TUN/TAP kernel modules. I was not able to get a good compile and
install till I used /usr/ccs/bin/ld . I was able to verify my TUN/TAP
installation here with the following command:
# modinfo | egrep -i 'tun|tap'
================================
VPNc installation/configuration/usage
After I had a good installation of all of the sub-dependencies for VPNc,
I was finally able to begin working with VPNc itself. The compile
(make) was easy/quick/clean, but the "make install" operation really
didn't do much of anything.
I manually copied the binaries and scripts to /usr/local/sbin , and
configuration files were put in /etc/vpnc/ .
VPNc includes a script to convert your Cisco generated *.pcf file to a
VPNc style configuration file. This script did a pretty good job, but I
needed to do some manual clean up. Once complete, your configuration
file should be named "default.conf" and moved to the /etc/vpnc/
subdirectory.
================================
Success?
I ran out of time last night before I was fully complete, but before I
needed to stop, but I was able to run VPNc, successfully log in, have
VPNc display warning/disclaimer banners, and have the Cisco concentrator
automatically set static routes to all of the internal networks.
I was not able to pass any traffic through the tunnel before I needed to
stop, but I am certain that I am very close. There are some scripting
issues that I need to work through, but I feel that I will be successful
using VPNc.
================================
Additional details
This was suppose to be a short summary, but it is starting to look like
a book. If anyone needs additional details of what I did, please email
me off line, and I will assist to the best of my abilities.
================================
Original question
> Currently, Cisco does not provide a VPN client for Solaris x86, although
> there is one for Solaris Sparc.
>
> Does any one have a usable 3rd party functional VPN client that they use
> to connect to a Cisco VPN concentrator. It could be 3rd party
> commercial, shareware, freeware, open source, etc?
>
> A Yahoo search turns up many others asking the same question, but no
> answers.
>
> Thanks for any comments, I will post a summary.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:41:59 EDT