DSL and KVPNCForum: Networking Topic: DSL and KVPNC started by: bryanchapman9999 Posted by bryanchapman9999 on Mar. 19 2007,16:14
Hi,I've just started with DSL and I think it rocks! What I was looking for was a small lightweight distro that could run under a VM on my Xp laptop - this certainly does the job. To finish it off I need to be able to use KVPNC or at least vpnc or the cisco vpn client. I cant find any reference for these apps anywhere. Any help appreciated Cheers Bryan Posted by Jason W on Mar. 20 2007,04:50
Bryan,Try out this vpnc .dsl and tell me how it works. Be sure to enter into a terminal: #modprobe tun before using the vpnc. Maybe it will work out. There are graphical frontends for this, of course, but before going to that trouble it would be nice to know if it works in DSL first. The file: < http://www.yourfilelink.com/get.php?fid=301960 > Posted by bryanchapman9999 on Mar. 20 2007,08:49
WOW! Many thanks Jason!, I will try this later.Just a pointer though, how do I install the .dsl files manually? I'm not new to linux in any way, but to DSL a complete newb! Cheers Bryan Posted by Jason W on Mar. 20 2007,10:31
Hey,Just click on the MyDSL icon on the desktop and then the Load Local button. For older versions of DSL I believe there is a button labeled MyDSL in the Emelfm file manager. I would appreciate any feedback on this extension since I am not really able to fully test it. Hope it works. JW Posted by bryanchapman9999 on Mar. 20 2007,21:32
thanks for your time with this Jason...Looks like this will work. Unfortuatly, I only have my Cisco PCF file here at home which only shows my encrypted group password. I will get the password tomorrow and give it another go. Unless there is a way to use the .pcf file ?? Many thanks - this will be really cool if this works :-) Bryan Posted by Jason W on Mar. 21 2007,13:29
From what I understand, the pcf file contains all you need except that your group password is encrypted. I don't think you can use the pcf file directly but rather use it to create a vpnc.conf file in your /etc/vpnc directory. Example file would contain:IPSec gateway vpngateway.domain.org IPSec ID group_id IPSec secret group_password Xauth username network_signon Xauth password network_password This would save having to enter those values every time you start vpnc. Posted by clach04 on July 19 2007,17:58
Is this vpnc.dsl file still available anywhere? The url below eventually says the file has been removed once you click through to try and get it. I'd be interested in testing this out and reporting back on it, I've used vpnc before so I'm happy about testing it out. RE "encrypted group password" - the newer version (0.4.0) can handle this, and if you have an older version you can derive the clear text from PCF files now :-) I just tried DSL on a few machines and I'm really impressed, it is very cool! I might start using DSL if vpnc is available. Chris Posted by greavette on July 20 2007,13:14
Hello,I've been looking to install vpnc on dsl as well. I would also like to locate this file Jason W was kind enough to post. Thanks, Charles. Posted by Jason W on July 21 2007,01:41
Hi folks,I tried that download link and was greeted with racy advertisements but no file to download. I will look for the package, and since there is interest in it I will make an updated one if I cannot find it. JW Posted by Jason W on July 21 2007,04:52
Couldn't find the old file, but here is a new vpnc dsl to try out.< http://74.237.17.82/dsl/vpnc-0.4.dsl > Let me know how it works, and if it does I will submit it. If the above link does not download by clicking it in Firefox, use wget. $wget < http://74.237.17.82/dsl/vpnc-0.4.dsl > And you do not have to #modprobe tun The vpnc script does it for you. Posted by clach04 on July 24 2007,01:16
Awesome! :-) Sorry for the late reply, my PC died last week (dead mobo :-( ) so I've not been able to log on to the board for a few days. I've tested out the new .dsl file/package and it does work. What is really cool is that this is the latest version that handles (sort-of) encrypted group passwords so one can simply use pcf2vpnc to generate the .conf file. It may not work as expected if you are a new user as the location of some of the files is non-standard so it maybe worth tweaking the dsl package before officially publishing it: 1) vpnc-connect soft-link to vpnc is missing, i.e. normally one would issue:
To get the dsl extension posted to work, one should issue:
If the soft-link is present it should work fine. 2) vpnc-scriptis in a (slightly) non-standard location, it is in the DSL package at /etc/vpnc-script instead of /etc/vpnc/vpnc-script. Not a huge issue but this does require an extra command line flag (or .conf setting), e.g.:
3) Sort of related to #2, there is no /etc/vpnc/ directory so one should put the *.conf file(s) in a directory and fully specifiy the path when making the connection, e.g.:
Where myserver.conf is in the current directory (i.e. ./ is not optional). But these are very small issues! Here is my complete, issue this to start (assuming a conf file is present in the current directory called myserver.conf):
Thanks for putting this together! I managed to fix my PC up today with a new motherboard but I can't get networking to work under DSL so I think I need to try the ndiswrappers :-( But that's something I'll try another day! So I'm not yet in a position to use this after all :-( But I suspect I will soon!, Thanks again. Let me know if you need more feed back. Chris Posted by Jason W on July 24 2007,12:14
Chris,Thanks for testing, I will rebuild the package with the files in the standard places and repost it. If you don't mind to continue helping, I hope to make a final submittable .dsl package out of it. I will symlink vpnc-connect to vpnc, and place the vpnc-script in /etc/vpnc. Hopefully, that will do it. I will repost the package maybe tonight and edit this post with the link. Thanks again. JW Posted by greavette on Aug. 04 2007,13:01
Hello Jason,Thanks for making this available! I've tried it out (thanks largely to the instructions from clach04) and it doesn't seem to be working for me, but then I am new to DSL and may have done something improperly. I'm running DSL-embedded (using kqemu and qemu) on my Windows XP Home laptop. I have access to the internet in DSL before I enable vpn. I use vpn from my Ubuntu PC and have made sure that the vpnc.conf file from my Ubuntu box matches the vpnc.conf file I created in DSL. I connect to vpnc from the terminal and DSL reports the Process number and says I'm connected. My connection to the internet is immediately not available upon connecting to vpn when I open Firefox. I also cannot ping my work PC. I've verified that my username and passwords are correct. Anyone else having problems? Thanks, greavette Posted by clach04 on Aug. 04 2007,21:49
As you have it working in Ubuntu you've already tried the the first thing I would suggest :-) Only tips I have are: 1) try outside of qemu, I.e. run it under real hardware. My initial hunch is the network wrapper in win32 is doing odd things. 2) If you haven't already try the "--local-port 0" param (outside of the VM and inside the VM). 3) Do the usual network sanity checks, check ip routes and dns mapping. Try pinging a known IP (e.g. 64.233.187.99 not google.com). Loosing access to the internet may be due to the VPN server script making all your traffic go the VPN server instead of using your internet connection (i.e. tunneling is off). Posted by greavette on Aug. 08 2007,09:48
Hello Clach04, I won't be able to try this outside of qemu until I have a spare drive. For now I can only run this from my USB using the embedded version. I did try using the "--local-port 0". Still nothing. I did notice a message when I ran it again (not sure how I missed it the first time?). I use the following instruction: "sudo vpnc /mnt/hdb/vpnc.conf --local-port 0 --script /etc/vpnc-script" I'm asked to input my password and then I receive the following messages: "readlink: /dev/net/tun: No such file or directory" "VPNC started in background (pid: 631)..." Although it looks like the process is started, I don't know what it means that there is no tun directory? I tried googling the message but nothing came up to suggest how to fix it (or even if it needs to be fixed). Any suggestions? Thanks, greavette Posted by clach04 on Aug. 09 2007,16:50
mmm, this could the the key difference. tun should just be available with DSL. What version are you using? I was testing the not-too old 3.3 version. I was using the live CD, it wasn't installed at all. You mention you don't have another drive. Do you mean you do not have a cdrom/dvd drive? I would suggest trying the live cd as it is very quick to test and doesn't need anything except ram :-) If the live cd works there maybe something missing from the USB version you have. I get the impression that older releases of DSL either didn't have tun or a tun device was not created -- but I don't know the history at all so I could be 100% wrong here. Good luck! Chris Posted by greavette on Aug. 09 2007,17:11
Of course, the Live Cd...why didn't I think of that! Thanks, I'll give that a try.I was pretty sure I was running the DSL-embedded 3.4 but maybe it is 3.3...I'll download 3.4 embedded version as well after using the Live CD to test it out. Thanks for the tips! greavette. Posted by Jason W on Aug. 13 2007,13:46
Here is an adjusted vpnc that creates /var/run/vpnc if it does not exist, creates /dev/net/tun if it does not exist, and inserts the tun module. The command is /usr/bin/vpnc-connect to connect, the script is in /etc/vpnc/vpnc-script. I used DSL 2.4 to build this .dsl so it should pretty much work on all DSL versions. Thanks to the feedback you have given, this extension should be useful. I will put it on my server when I get home and edit this post with the link for any who later want to download and use it. Thanks for both of your help. Here is the link:< http://74.237.17.82/dsl/vpnc-0.4.dsl > Posted by clach04 on Aug. 19 2007,19:34
I finally had a free moment to try the new package. It is almost there, I had to edit /usr/bin/vpnc-connect to add command line param calls to /usr/bin/vpnc otherwise command line params were ignored. E.g.: Add $*:
I didn't have problems with tun before so hopefully greavette can test on his system. I tested on dsl 3.3, I made the change above (placed my MYSERVER.conf file in/etc/vpnc ) and used:
Thanks for putting this together, Chris |