jfw.id.au

At work we run a Cisco PIX that is also a VPN Concentrator. For the last month or so I have been using the Cisco Windows client software for connceting into work to do any after hours tasks. A couple of recent events have forced me to re-evaluate the method I use to connect in. Primarily, the windows service that is installed with the client has been randomly refusing to startup correctly with no apparent reason. Secondly, I’ve recently purchased a laptop and with it dropping into hibernation or standby whenever I walk away for more then a couple of minutes (something that happens often with a small child) I keep getting disconnected.

I have a small LAN with 2 servers and 2 client machines. The 2 servers are Wallace, a Centos4 installation that basically runs the network, and Gromit, a windows 2003 server for basic development testing and the beginnings of my HTPC. The 2 clients are my norbert, the desktop in the office, and puddlejumper, my reently acquired laptop.

I got the official Cisco client installed and working on Wallace, with 1 small exception. I could not for the life of me manage to get the rest of the LAN able to make use of the connection. I started to google for options and quickly found an article on Linux Resources on the Dartmouth College math faculty website.

This page in turn lead me to the vpnc information for Dartmouth, and I eventually ended up find a couple more helpful articles on configuration of vpnc.

Vpnc configuration was very straight forward compared to the cisco client. Time from compilation to working connection would have been far shorter if I had remembered to set up the IP of the VPN Concentrator before trying to connect. The configuration file has the following parameters:

Interface name <Device>
IPSec gateway <VPN Server IP or FQDN>
IPSec ID <Group Name>
IPSec secret <Group Password>
Xauth username <VPN Username>
Xauth password <VPN Password>

Most parameters are straight forward. The only one that needs to be explained is the Interface Name. This will be the interface that is created when you are connected to the VPN, in my case tun0. As far as I understand it all VPN connections are defined in this 1 configuration file by just repeating the 6 config lines for each connection.

The really annoying thing about the Cisco client was that it didnt add any device that was visible via ifconfig that I could identify as the VPN connection. It also didnt add any routes to the routing table for anything on the VPN network. There was also nowhere in the configuration file that I could define these things. With vpnc I’ve been able to define all of these things myself, giving me full control over the connection itself and the level of access that I can provide to the clients on my LAN.

I now have easy access to work’s LAN from any machine on my home LAN. I don’t have to have any additional software running on the client machines as the connection and all routing are handled by my server.