[K12OSN] CISCO vpn client for linux

"Terrell Prudé, Jr." microman at cmosnetworks.com
Mon Oct 11 20:06:12 UTC 2004 

Ah...that's unfortunate.  That's not something that the VPN client can 
do anything about.  You have to establish the VPN connection on the 
server, since, remember, the clients don't actually run anything 
besides, essentially, a kernel and an X11 server.

You're right; the service provider should know these answers, since what 
we're really talking about here (IP connectivity) is platform-agnostic.  
One way to deal with these people is to say that you've got a Windows 
2000 Terminal Server, and that's how "it has been decided," that 
connectivity to this application "will take place," if you get my 
meaning.  You don't have to tell them *who* made the decision.  :-)  
I've found that this bit of sleight-of-hand can get answers when 
"cleaner" methods don't.

I would also ask them why they are limiting sessions by IP address 
instead of by actual authentication (user/password, certificates, 
etc.).  How do they handle schools, like, say, my district, that 
use--matter of fact, *have* to use--Port Address Translation on our 
firewalls?  Just about everybody today does this for a variety of 
reasons.  My district couldn't function as it does without it.

--TP

Lewis Holcroft wrote:

> Terrell,
>
> I was premature with my excitement. While I am able to get the VPN 
> Client running on my sandbox machine. I am not so fortunate with the 
> production machine.
>
> Perhaps you could answer a couple more questions I have? In my case 
> the vpn client connection is made by my server. Each user can then 
> start the "special" windows telnet client using wine. I have a problem 
> in the that the service they connect to only allows one session per 
> IP. Do you establish the vpn connection on the server, or do you 
> somehow establish it on a per workstation basis? If the later how is 
> this configured on the workstation sessions?
>
> I realize the folks that I am trying to connect to should know the 
> answers, but the word Linux gives them the heebee geebee's. Which is 
> much better that the "we don't support that" answer.
>
> Thanks is advance.
>
> Lewis
>
>
> On Oct 7, 2004, at 6:11 PM, Terrell Prudé, Jr. wrote:
>
>> Ted thanks you, as does Terrell.  :-)
>> Good to hear that it's working.  FWIW, this is exactly how I've 
>> gotten a couple more converts to GNU/Linux, so I'm glad to see Cisco 
>> supporting our favorite platform.
>>
>> --TP...er, Ted
>>
>> Lewis Holcroft wrote:
>>
>>> Ted! Who's Ted?
>>>
>>> Sorry TP. It was pre coffee.
>>>
>>> And once again I'm very exited about getting this to work.
>>>
>>> Lewis
>>>
>>> On Oct 7, 2004, at 8:22 AM, Lewis Holcroft wrote:
>>>
>>>> Ted,
>>>>
>>>> Thank you very much. This worked like a charm.
>>>>
>>>> Lewis
>>>>
>>>> On Oct 6, 2004, at 9:14 PM, Terrell Prudé, Jr. wrote:
>>>>
>>>>> Lewis Holcroft wrote:
>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> I'm glad to know this is in use and works.
>>>>>>
>>>>>> I should say I am new to this process and site I am connecting 
>>>>>> too are all windows folks. So the learning curve is steep.
>>>>>>
>>>>>> I did run into a problem. I am running the vpnclient on the 
>>>>>> server and when it does connect the LAN gets disabled. This is a 
>>>>>> problem as all of the local desktops stop responding. Are folks 
>>>>>> using the vpnclient on the server or on workstations on the 
>>>>>> network? Is this a configurable option?
>>>>>>
>>>>>> I'm working with no documentation here. So I'm really in the dark.
>>>>>>
>>>>>> Lewis
>>>>>>
>>>>>> On Oct 5, 2004, at 7:42 PM, Terrell Prudé, Jr. wrote:
>>>>>>
>>>>>>> Lewis Holcroft wrote:
>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> I have rolled out a K12LTSP 4.0 cluster of 5 servers (I could 
>>>>>>>> upgrade but I just got this installation working and am going 
>>>>>>>> to wait a while)  and now that we have all the equipment in we 
>>>>>>>> are told that the client needs to use a $MS product. The vendor 
>>>>>>>> does not offer a Linux version so....
>>>>>>>>
>>>>>>>> The first step is to set up a vpn link. The vendor uses CISCO 
>>>>>>>> 3000 series product and has sent along a copy of the cisco vpn 
>>>>>>>> client version 4.6.00.0045-k9.
>>>>>>>>
>>>>>>>> This requires the kernel source to install. That was fun to 
>>>>>>>> install.
>>>>>>>>
>>>>>>>> When I start the daemon I get messages about tainting the 
>>>>>>>> kernel, which concerns me. Should I be concerned? I think so.
>>>>>>>>
>>>>>>>> Is anyone running this vpn client?
>>>>>>>>
>>>>>>>> If so, does it work well or have problems?
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>> Lewis
>>>>>>>>
>>>>>>>
>>>>>>> I have been using the Cisco VPN Client since v4.0.3B, up to and 
>>>>>>> including the 4.6 version specified above, since 4.0.3B came 
>>>>>>> out.  Works fine, though for 2.6 kernels, experience has taught 
>>>>>>> me that you will need the 4.6 version for reliable operation.
>>>>>>>
>>>>>>> I have successfully done this on Red Hat Linux 9, Slackware 
>>>>>>> GNU/Linux 9.1 and 10.0, and SuSE Linux 9.1.  "Tainted" simply 
>>>>>>> means that a proprietary, i. e. non-GPL kernel module is getting 
>>>>>>> inserted into the kernel.  Doesn't affect operation, but I wish 
>>>>>>> Cisco would be less anally retentive about the GPL.
>>>>>>>
>>>>>>> --TP
>>>>>>> _____________________
>>>>>>> Do you GNU!? <http://www.gnu.org>
>>>>>>> Be virus- and spam-free with Free/Open Source Software (FOSS). 
>>>>>>> Check it out! <http://www.mozilla.org/thunderbird>
>>>>>>>
>>>>>
>>>>> In my .pcf file, there's a setting "EnableLocalLan".  Try setting 
>>>>> that to 1 and let us know.
>>>>>
>>>>> --TP
>>>>> __________________
>>>>

More information about the K12OSN mailing list