[opensuse] ssh through vpn tunnel, openSUSE 11.4
Hello: As I could not make Cisco vpnclient work in openSUSE 11.4 I have to look for another solution. Therefore I installed and configured shrew/ike as described at http://forums.opensuse.org/english/get-technical-help-here/how-faq-forums/un... I can start ikea, load the vpn profile and can connect. Shrew soft VPN Connect windows shows: bringing up tunnel... network device configured tunnel enabled But there is no traffic through the tunnel, eg. I can't connect to other computers by ssh: ~> ssh -vvv -p 146 10.10.3.66 OpenSSH_5.8p1, OpenSSL 1.0.0c 2 Dec 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.10.3.66 [10.10.3.66] port 146. ssh stops at this point. I really need vpn connection, how could I fix this? Thanks, Istvan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 07/27/2011 03:30 PM, Istvan Gabor wrote:
Hello:
As I could not make Cisco vpnclient work in openSUSE 11.4 I have to look for another solution. Therefore I installed and configured shrew/ike as described at http://forums.opensuse.org/english/get-technical-help-here/how-faq-forums/un...
I can start ikea, load the vpn profile and can connect. Shrew soft VPN Connect windows shows:
bringing up tunnel... network device configured tunnel enabled
But there is no traffic through the tunnel, eg. I can't connect to other computers by ssh:
~> ssh -vvv -p 146 10.10.3.66 OpenSSH_5.8p1, OpenSSL 1.0.0c 2 Dec 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.10.3.66 [10.10.3.66] port 146.
ssh stops at this point.
I really need vpn connection, how could I fix this?
Any particular reason you are not using vpnc to establish the vpn connection to the Cisco backend? Robert -- Robert Schweikert MAY THE SOURCE BE WITH YOU SUSE-IBM Software Integration Center LINUX Tech Lead rjschwei@suse.com rschweik@ca.ibm.com 781-464-8147 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2011. július 27. 21:53 napon Robert Schweikert
On 07/27/2011 03:30 PM, Istvan Gabor wrote:
Hello:
As I could not make Cisco vpnclient work in openSUSE 11.4 I have to look for another solution. Therefore I installed and configured shrew/ike as described at http://forums.opensuse.org/english/get-technical-help-here/how-faq-forums/un...
I can start ikea, load the vpn profile and can connect. Shrew soft VPN Connect windows shows:
bringing up tunnel... network device configured tunnel enabled
But there is no traffic through the tunnel, eg. I can't connect to other computers by ssh:
~> ssh -vvv -p 146 10.10.3.66 OpenSSH_5.8p1, OpenSSL 1.0.0c 2 Dec 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.10.3.66 [10.10.3.66] port 146.
ssh stops at this point.
I really need vpn connection, how could I fix this?
Any particular reason you are not using vpnc to establish the vpn connection to the Cisco backend?
I tried it once but could not make it work. And it required network-manager, if I remember well, which I don't want to use. (The best would be if I could setup cisco vpnclient.) I think shrew should work too. Thanks Istvan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 07/27/2011 05:18 PM, Istvan Gabor wrote:
2011. július 27. 21:53 napon Robert Schweikert
írta: On 07/27/2011 03:30 PM, Istvan Gabor wrote:
Hello:
As I could not make Cisco vpnclient work in openSUSE 11.4 I have to look for another solution. Therefore I installed and configured shrew/ike as described at http://forums.opensuse.org/english/get-technical-help-here/how-faq-forums/un...
I can start ikea, load the vpn profile and can connect. Shrew soft VPN Connect windows shows:
bringing up tunnel... network device configured tunnel enabled
But there is no traffic through the tunnel, eg. I can't connect to other computers by ssh:
~> ssh -vvv -p 146 10.10.3.66 OpenSSH_5.8p1, OpenSSL 1.0.0c 2 Dec 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.10.3.66 [10.10.3.66] port 146.
ssh stops at this point.
I really need vpn connection, how could I fix this?
Any particular reason you are not using vpnc to establish the vpn connection to the Cisco backend?
I tried it once but could not make it work. And it required network-manager, if I remember well, which I don't want to use. (The best would be if I could setup cisco vpnclient.)
It appears to me that Cisco has given up on maintaining their proprietary code. There hasn't been an update that builds on a recent kernel in a long time and their 64 bit support was always iffy. Not really surprising as it is difficult to keep up with the rate of change in the kernel. vpnc does not need network manager. Setting up vpnc to a Cisco backend is pretty straight forward. You have to make sure the tun module is loaded, configure your /etc/vpnc.conf file and off you go. If you only have an encrypted pass phrase from your Cicso config file it can be decrypted here: http://coreygilmore.com/projects/decrypt-cisco-vpn-password/ The Gentoo instructions for vpnc are very useful, section 5 shows the config file setup. http://www.gentoo.org/doc/en/vpnc-howto.xml Sorry I cannot help with shrew. Hope things work out for you. Good luck, Robert -- Robert Schweikert MAY THE SOURCE BE WITH YOU SUSE-IBM Software Integration Center LINUX Tech Lead rjschwei@suse.com rschweik@ca.ibm.com 781-464-8147 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
2011. július 28. 0:38 napon Robert Schweikert
vpnc does not need network manager. Setting up vpnc to a Cisco backend is pretty straight forward.
You have to make sure the tun module is loaded, configure your /etc/vpnc.conf file and off you go. If you only have an encrypted pass phrase from your Cicso config file it can be decrypted here:
http://coreygilmore.com/projects/decrypt-cisco-vpn-password/
The Gentoo instructions for vpnc are very useful, section 5 shows the config file setup.
Thank you. By your help I could easily set up and run vpnc. But I find it awkward: 1. It disconnects in the midlle of the work. It did it several times. 2. I don't know how I can run it as a regular user, not root. I googled but could not find a real solution. sudoing is not good for me. 3. It is difficult to check whether the connection is up or not. With vpnclient I knew when the prompt came back the client disconnected. With vpnc I have to run ps and check the pid, or use newtworkmanager and check the connection name server number. Not very starightforward. Can these issues be fixed somehow? Thanks, Istvan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 07/29/2011 02:10 PM, Istvan Gabor wrote:
2011. július 28. 0:38 napon Robert Schweikert
írta: [snip]
vpnc does not need network manager. Setting up vpnc to a Cisco backend is pretty straight forward.
You have to make sure the tun module is loaded, configure your /etc/vpnc.conf file and off you go. If you only have an encrypted pass phrase from your Cicso config file it can be decrypted here:
http://coreygilmore.com/projects/decrypt-cisco-vpn-password/
The Gentoo instructions for vpnc are very useful, section 5 shows the config file setup.
Thank you. By your help I could easily set up and run vpnc. But I find it awkward: 1. It disconnects in the midlle of the work. It did it several times.
You will probably find this message in you /var/log/messages file: connection terminated by dead peer detection This is a know problem that AFAIK is being worked on upstream. I am not sure what triggers the disconnect, sometimes the connection stays up all day and other times it drops.
2. I don't know how I can run it as a regular user, not root. I googled but could not find a real solution. sudoing is not good for me.
You can setuid vpnc
3. It is difficult to check whether the connection is up or not. With vpnclient I knew when the prompt came back the client disconnected. With vpnc I have to run ps and check the pid, or use newtworkmanager and check the connection name server number. Not very starightforward.
vpnc operates the other way around than vpnclient, when it comes back the connection is established. With the exception that it drops the connection at times :( HTH, Robert
Can these issues be fixed somehow?
Thanks,
Istvan
-- Robert Schweikert MAY THE SOURCE BE WITH YOU SUSE-IBM Software Integration Center LINUX Tech Lead rjschwei@suse.com rschweik@ca.ibm.com 781-464-8147 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thanks again, Robert.
You will probably find this message in you /var/log/messages file:
connection terminated by dead peer detection
Yes there are a few of them. Is there anything I can do to fix this?
This is a know problem that AFAIK is being worked on upstream. I am not sure what triggers the disconnect, sometimes the connection stays up all day and other times it drops.
2. I don't know how I can run it as a regular user, not root. I googled but could not find a real solution. sudoing is not good for me.
You can setuid vpnc
I've set the suid bit on /usr/sbin/vpnc: # ls -l /usr/sbin/vpnc -rwsr-xr-x 1 root root 141556 Feb 18 15:53 /usr/sbin/vpnc Now when I want to run vpnc as regular user, after entering the password I get: /usr/sbin/vpnc: Error binding to source port. Try '--local-port 0' If I run /usr/sbin/vpnc --local-port 0 I get (after the password entered): /usr/sbin/vpnc: can't initialise tunnel interface: Operation not permitted tun module is loaded: ~> lsmod|grep -i tun tun 15220 0
3. It is difficult to check whether the connection is up or not. With vpnclient I knew when the prompt came back the client disconnected. With vpnc I have to run ps and check the pid, or use newtworkmanager and check the connection name server number. Not very starightforward.
vpnc operates the other way around than vpnclient, when it comes back the connection is established. With the exception that it drops the connection at times :(
Anyway, it is not convenient. Entering a long command instead of pressing ctrl-C. If I could use kvpnc as regular user maybe would be more comfortable. By the way kvpnc looks very complicated at first sight. Thanks, Istvan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Istvan Gabor
-
Robert Schweikert