Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Help with connecting to a Cisco IPSec/L2TP VPN serv
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
AaylaSecura
Tux's lil' helper
Tux's lil' helper


Joined: 09 Jun 2011
Posts: 122

PostPosted: Sun Apr 26, 2015 11:00 am    Post subject: [SOLVED] Help with connecting to a Cisco IPSec/L2TP VPN serv Reply with quote

Greetings! I'm trying to connect to my University's VPN network but they do not disclose much information about it... I know that it is an IPSec/L2TP Cisco VPN 3000 server, uses RFC 3947, allows both certificate and group password authentication during phase 1 and not much more. For Linux, they recomment using some closed source Cisco client that has an annoying GUI that cannot even be minimized to tray and adds routes to my table to route ALL my trafic through the VPN. This is unsatisfactory, so I went and tried to configure LibreSwan + xl2tp. The only useful thing I could obtain from my Unversity is a Cisco client configuration file that I could import in case I use and OS which they do not already provide the client for. From it I obtained the group name and the (encrypted) password. So with the help of this guide and after some guessing regarding the authentication and hashing methods, I managed to setup up the IPSec tunnel using hybrid authentication (group pwd + xauth). Here are the ipsec configuration file and the log file. All seems fine and my resolv.conf is modified to include the DNS servers of the University. Next, I tried to configure xl2tp but I am receiving the following error when I start the tunnel (after the IPSec tunnel is on):
Code:
udp_xmit failed to 130.102.1.190:1701 with err=-1:Operation not permitted

Here's the configuration file for xl2tp, the ppp options file and the full log of starting the L2TP tunnel. Any ideas?


Last edited by AaylaSecura on Mon Aug 24, 2015 1:42 am; edited 1 time in total
Back to top
View user's profile Send private message
CrankyPenguin
Apprentice
Apprentice


Joined: 19 Jun 2003
Posts: 270

PostPosted: Mon Aug 24, 2015 1:36 am    Post subject: Reply with quote

You might try openconnect. My institution has a slightly different setup but is still purely Cisco based. I found the closed source client was able to connect but was so slow as to be unusable. By contrast openconnect worked well right out of the box.
_________________
Linux, the OS for the obsessive-compulsive speed freak in all of us.
Back to top
View user's profile Send private message
AaylaSecura
Tux's lil' helper
Tux's lil' helper


Joined: 09 Jun 2011
Posts: 122

PostPosted: Mon Aug 24, 2015 1:41 am    Post subject: Reply with quote

CrankyPenguin wrote:
You might try openconnect. My institution has a slightly different setup but is still purely Cisco based. I found the closed source client was able to connect but was so slow as to be unusable. By contrast openconnect worked well right out of the box.

Thanks for replying. That is a fairly old topic and some time after I posted I actually found out about vpnc, which is specifically for Cisco servers and it works brilliantly (I especially like the fact it handles the set up of additional routes and it supports hooks that allow you to give it all the info about what routes you want it to set up). I just forgot to edit my post and mark it as solved, my bad.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum