gofman.mike at gmail
May 2, 2009, 7:14 PM
Post #1 of 3
(2589 views)
Permalink
|
|
ubuntu 9.04 username/pass authentication
|
|
Ough Wow Antonio.
It finally worked.
It established a connection.
I am so very grateful for your efforts.
Thank you so much, this is one of the biggest thing currently holding me
back in Windows.
Now I just have to figure out how to configure that tunnel.
Using the --target-network XX.XXX.X.0/255.255.254.0
it looks like the connection was established.
ifconfig gives me the following info:
--------------start----------------------------------
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.104.6.62 P-t-P:XX.XXX.X.62 Mask:255.255.254.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1412 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:532 (532.0 B) TX bytes:232 (232.0 B)
--------------end----------------------------------
XX.XXX.X.0 : is an ip adress similar to what I normally get for my VPN
connection with the last octet at 0
XX.XXX.X.62 : is the ip adress I probably got from the tunnel server.
Can anyone provide any help on what else I am missing?
On Sun, 2009-05-03 at 00:48 +0800, Antonio Borneo wrote:
> Hi Georges-Etienne,
> I always skipped Mac related threads since neither user nor expert of
> this platform.
> Digging in the list I found messages confirming what you say, that
> current vpnc-nortel cannot work on Mac.
>
> Possible options:
> - port the patch made by Mattias in 2004 for kernel-ipsec, available in
> http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2004-September/000228.html
> I did'n found any further development since then. Georges-Etienne, I
> read some later mail from you. Do you confirm this is a viable option?
> Anyone wants work on it?
>
> - port in vpnc the protocol AH, that is one alternative protocol to
> ESP. Will MAC support AH? If also AH requires kernel-ipsec, no way.
>
> - I have an "almost" working version of vpnc-nortel with NATT through
> UDP encapsulation. I should find time to finalize it in a working
> patch. This mode does not requires ESP or AH.
> There are already other patches pending for commit in SVN, and some
> are quite invasive; I was waiting to have them committed before
> posting a new one.
>
> If you are aware of ony other option, let us know.
>
> Best Regards,
> Antonio Borneo
>
> On Sat, May 2, 2009 at 9:12 PM, Georges-Etienne Legendre
> <legege [at] legege> wrote:
> > Is it for Ubuntu or Mac? Because, to my knowledge, VPNC + Nortel is
> > not working on Mac, because this platform doesn't support ESP socket.
> >
> > --
> > Georges-Etienne Legendre, Jr Eng.
> >
> > On 1-May-09, at 11:38 PM, Antonio Borneo wrote:
> >
> >> Ciao Mike,
> >>
> >> seems your system does not have the development version of the library
> >> libgcrypt.
> >> In Fedora is the RPM package libgcrypt-devel-...
> >> In fact, is missing the shell command "libgcrypt-config", usually in
> >> /usr/bin/libgcrypt-config, and the include file "gcrypt.h", usually in
> >> /usr/include/gcrypt.h.
> >> Please install them, and try again.
> >>
> >> Best Regards,
> >> Antonio Borneo
> >>
> >>
> >> On Sat, May 2, 2009 at 3:31 AM, Michael Gofman
> >> <gofman.mike [at] gmail> wrote:
> >>> Antonio
> >>> I am running Ubuntu 9.04
> >>> Trying to compile the nortel branch.
> >>> After I checkout out the latest from svn and applied the patch from
> >>> the
> >>> e-mail you mentioned
> >>> ,(http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-January/002959.html
> >>> )
> >>>
> >>> I'm getting the following error:
> >>> make: libgcrypt-config: Command not found
> >>> gcc -O3 -g -W -Wall -Wmissing-declarations -Wwrite-strings
> >>> -DVERSION=\"0.5.2-394M\" -c -o isakmp-pkt.o isakmp-pkt.c
> >>> In file included from isakmp-pkt.c:31:
> >>> math_group.h:38:20: error: gcrypt.h: No such file or directory
> >>> In file included from isakmp-pkt.c:31:
> >>> math_group.h:62: error: expected specifier-qualifier-list before
> >>> ‘gcry_mpi_t’
> >>> In file included from vpnc.h:24,
> >>> from isakmp-pkt.c:32:
> >>> tunip.h:43: error: expected specifier-qualifier-list before
> >>> ‘gcry_cipher_hd_t’
> >>> make: *** [isakmp-pkt.o] Error 1
> >>>
> >>>
> >>> On Fri, May 1, 2009 at 1:11 PM, Antonio Borneo <borneo.antonio [at] gmail
> >>> >
> >>> wrote:
> >>>>
> >>>> Ciao Phil,
> >>>> I'm putting in copy vpnc-devel list. This reply could help
> >>>> somebody else
> >>>> too.
> >>>>
> >>>> You are right, before configuring split tunnel you need vpnc-nortel
> >>>> working.
> >>>>
> >>>> I believe the main issue you have is that you are NOT using the
> >>>> right
> >>>> code.
> >>>> The code specific for Nortel is still not merged in the main
> >>>> branch of
> >>>> vpnc.
> >>>> So, don't use the official version 0.5.3, but download from SVN the
> >>>> code in the Nortel branch
> >>>> http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel/
> >>>>
> >>>> Before compiling it, it's important you apply the patch in this mail
> >>>>
> >>>> http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-January/002959.html
> >>>> that gives access to all the authentication modes supported by
> >>>> Nortel.
> >>>>
> >>>> There are other patches not yet included in the Nortel branch,
> >>>> listed
> >>>> in this mail
> >>>> http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-March/003010.html
> >>>> but are not mandatory for your first steps. Skip them for the
> >>>> moment.
> >>>>
> >>>> Compile the code.
> >>>> In your mail I noticed you added openssl support. Nortel does not
> >>>> need it.
> >>>>
> >>>> In the config file you didn't put the mandatory line
> >>>> Vendor nortel
> >>>> and you also need to provide information about the authentication
> >>>> mode
> >>>> required by your Nortel server. This options is also in the
> >>>> configuration of your official Nortel client.
> >>>> I guess in your case should be "Response Only Token" or "Group
> >>>> Password Authentication".
> >>>> The proper line in the config file will then be
> >>>> IKE Authmode token
> >>>> or
> >>>> IKE Authmode gpassword
> >>>>
> >>>> Let me know the result, and don't hesitate contacting me if any
> >>>> further
> >>>> problem.
> >>>>
> >>>> Best Regards,
> >>>> Antonio Borneo
> >>>>
> >>>> On Fri, May 1, 2009 at 10:08 AM, phil swenson <phil.swenson [at] gmail
> >>>> >
> >>>> wrote:
> >>>>> Hi. Your name keeps popping up on google searches on "nortel
> >>>>> VPNC".
> >>>>> I hope you don't mind me asking for some help.
> >>>>>
> >>>>> I first came across this:
> >>>>>
> >>>>> http://lists.unix-ag.uni-kl.de/pipermail/vpnc-devel/2009-February/002990.html
> >>>>>
> >>>>> Split tunneling is my goal. But first I need to get VPNC working
> >>>>> with
> >>>>> Nortel. I haven't had much luck.
> >>>>>
> >>>>> Here is what I get on version:
> >>>>> zeppelin:bin pswenson$ vpnc --version
> >>>>> vpnc version 0.5.3
> >>>>> Copyright (C) 2002-2006 Geoffrey Keating, Maurice Massar, others
> >>>>> vpnc comes with NO WARRANTY, to the extent permitted by law.
> >>>>> You may redistribute copies of vpnc under the terms of the GNU
> >>>>> General
> >>>>> Public License. For more information about these matters, see
> >>>>> the files
> >>>>> named COPYING.
> >>>>> Built with openssl (certificate) support. Be aware of the
> >>>>> license implications.
> >>>>>
> >>>>> Supported DH-Groups: nopfs dh1 dh2 dh5
> >>>>> Supported Hash-Methods: md5 sha1
> >>>>> Supported Encryptions: null des 3des aes128 aes192 aes256
> >>>>> Supported Auth-Methods: psk psk+xauth hybrid(rsa)
> >>>>>
> >>>>> Here is what I get when I run it:
> >>>>> zeppelin:bin pswenson$ sudo vpnc --local-port 0
> >>>>> response was invalid [1]: (ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)
> >>>>>
> >>>>> my config looks something like:
> >>>>>
> >>>>> IPSec gateway mygatewaygoeshere
> >>>>> IPSec ID mynortelgroupidgoeshere
> >>>>> IPSec secret grouppwgoeshere
> >>>>> IKE Authmode
> >>>>> Xauth username ame\pswenson
> >>>>> Xauth password mypassword
> >>>>>
> >>>>> I assume the problem is specifying Nortel auth somewhere, but I'm
> >>>>> not
> >>>>> sure how to do it. I do notice that IKE isn't in the supported
> >>>>> authmodes. is that the issue?
> >>>>>
> >>>>> thanks for any thoughts.
> >>>>> phil
> >>>>>
> >>>> _______________________________________________
> >>>> vpnc-devel mailing list
> >>>> vpnc-devel [at] unix-ag
> >>>> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> >>>> http://www.unix-ag.uni-kl.de/~massar/vpnc/
> >>>
> >>>
> >>> _______________________________________________
> >>> vpnc-devel mailing list
> >>> vpnc-devel [at] unix-ag
> >>> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> >>> http://www.unix-ag.uni-kl.de/~massar/vpnc/
> >>>
> >>>
> >>
> >> _______________________________________________
> >> vpnc-devel mailing list
> >> vpnc-devel [at] unix-ag
> >> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> >> http://www.unix-ag.uni-kl.de/~massar/vpnc/
> >
> >
> >
> >
> > _______________________________________________
> > vpnc-devel mailing list
> > vpnc-devel [at] unix-ag
> > https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> > http://www.unix-ag.uni-kl.de/~massar/vpnc/
> >
>
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel [at] unix-ag
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/
|
patch_defdomain.diff
