[K12OSN] CISCO vpn client for linux

Lewis Holcroft lewis at pcc.com
Mon Oct 11 21:15:04 UTC 2004


I'll try the Terminal Server approach. The fact is I'm not using 
K12LTSP in a school environment. I'm using it in an office environment. 
I choose K12LTSP because the the adults act like third graders. Not to 
insult third graders. Many of the things my client wanted to accomplish 
were already proven in the K12 setup, so it seamed like a good choice. 
In fact I'm very happy with making that choice.

The connection is to a hospital. Federal Law (HIPAA) imposes mandates 
in this arena. I'll go back to the vendor and have them work on the 
problem from a Windows 2000 Terminal Server perspective.

Thanks again


On Oct 11, 2004, at 4:06 PM, Terrell Prudé, Jr. wrote:

> Ah...that's unfortunate.  That's not something that the VPN client can 
> do anything about.  You have to establish the VPN connection on the 
> server, since, remember, the clients don't actually run anything 
> besides, essentially, a kernel and an X11 server.
> You're right; the service provider should know these answers, since 
> what we're really talking about here (IP connectivity) is 
> platform-agnostic.  One way to deal with these people is to say that 
> you've got a Windows 2000 Terminal Server, and that's how "it has been 
> decided," that connectivity to this application "will take place," if 
> you get my meaning.  You don't have to tell them *who* made the 
> decision.  :-)  I've found that this bit of sleight-of-hand can get 
> answers when "cleaner" methods don't.
> I would also ask them why they are limiting sessions by IP address 
> instead of by actual authentication (user/password, certificates, 
> etc.).  How do they handle schools, like, say, my district, that 
> use--matter of fact, *have* to use--Port Address Translation on our 
> firewalls?  Just about everybody today does this for a variety of 
> reasons.  My district couldn't function as it does without it.
> --TP
> Lewis Holcroft wrote:
>> Terrell,
>> I was premature with my excitement. While I am able to get the VPN 
>> Client running on my sandbox machine. I am not so fortunate with the 
>> production machine.
>> Perhaps you could answer a couple more questions I have? In my case 
>> the vpn client connection is made by my server. Each user can then 
>> start the "special" windows telnet client using wine. I have a 
>> problem in the that the service they connect to only allows one 
>> session per IP. Do you establish the vpn connection on the server, or 
>> do you somehow establish it on a per workstation basis? If the later 
>> how is this configured on the workstation sessions?
>> I realize the folks that I am trying to connect to should know the 
>> answers, but the word Linux gives them the heebee geebee's. Which is 
>> much better that the "we don't support that" answer.
>> Thanks is advance.
>> Lewis
>> On Oct 7, 2004, at 6:11 PM, Terrell Prudé, Jr. wrote:
>>> Ted thanks you, as does Terrell.  :-)
>>> Good to hear that it's working.  FWIW, this is exactly how I've 
>>> gotten a couple more converts to GNU/Linux, so I'm glad to see Cisco 
>>> supporting our favorite platform.
>>> --TP...er, Ted
>>> Lewis Holcroft wrote:
>>>> Ted! Who's Ted?
>>>> Sorry TP. It was pre coffee.
>>>> And once again I'm very exited about getting this to work.
>>>> Lewis
>>>> On Oct 7, 2004, at 8:22 AM, Lewis Holcroft wrote:
>>>>> Ted,
>>>>> Thank you very much. This worked like a charm.
>>>>> Lewis
>>>>> On Oct 6, 2004, at 9:14 PM, Terrell Prudé, Jr. wrote:
>>>>>> Lewis Holcroft wrote:
>>>>>>> Thanks,
>>>>>>> I'm glad to know this is in use and works.
>>>>>>> I should say I am new to this process and site I am connecting 
>>>>>>> too are all windows folks. So the learning curve is steep.
>>>>>>> I did run into a problem. I am running the vpnclient on the 
>>>>>>> server and when it does connect the LAN gets disabled. This is a 
>>>>>>> problem as all of the local desktops stop responding. Are folks 
>>>>>>> using the vpnclient on the server or on workstations on the 
>>>>>>> network? Is this a configurable option?
>>>>>>> I'm working with no documentation here. So I'm really in the 
>>>>>>> dark.
>>>>>>> Lewis
>>>>>>> On Oct 5, 2004, at 7:42 PM, Terrell Prudé, Jr. wrote:
>>>>>>>> Lewis Holcroft wrote:
>>>>>>>>> Hi all,
>>>>>>>>> I have rolled out a K12LTSP 4.0 cluster of 5 servers (I could 
>>>>>>>>> upgrade but I just got this installation working and am going 
>>>>>>>>> to wait a while)  and now that we have all the equipment in we 
>>>>>>>>> are told that the client needs to use a $MS product. The 
>>>>>>>>> vendor does not offer a Linux version so....
>>>>>>>>> The first step is to set up a vpn link. The vendor uses CISCO 
>>>>>>>>> 3000 series product and has sent along a copy of the cisco vpn 
>>>>>>>>> client version
>>>>>>>>> This requires the kernel source to install. That was fun to 
>>>>>>>>> install.
>>>>>>>>> When I start the daemon I get messages about tainting the 
>>>>>>>>> kernel, which concerns me. Should I be concerned? I think so.
>>>>>>>>> Is anyone running this vpn client?
>>>>>>>>> If so, does it work well or have problems?
>>>>>>>>> Thanks
>>>>>>>>> Lewis
>>>>>>>> I have been using the Cisco VPN Client since v4.0.3B, up to and 
>>>>>>>> including the 4.6 version specified above, since 4.0.3B came 
>>>>>>>> out.  Works fine, though for 2.6 kernels, experience has taught 
>>>>>>>> me that you will need the 4.6 version for reliable operation.
>>>>>>>> I have successfully done this on Red Hat Linux 9, Slackware 
>>>>>>>> GNU/Linux 9.1 and 10.0, and SuSE Linux 9.1.  "Tainted" simply 
>>>>>>>> means that a proprietary, i. e. non-GPL kernel module is 
>>>>>>>> getting inserted into the kernel.  Doesn't affect operation, 
>>>>>>>> but I wish Cisco would be less anally retentive about the GPL.
>>>>>>>> --TP
>>>>>>>> _____________________
>>>>>>>> Do you GNU!? <http://www.gnu.org>
>>>>>>>> Be virus- and spam-free with Free/Open Source Software (FOSS). 
>>>>>>>> Check it out! <http://www.mozilla.org/thunderbird>
>>>>>> In my .pcf file, there's a setting "EnableLocalLan".  Try setting 
>>>>>> that to 1 and let us know.
>>>>>> --TP
>>>>>> __________________
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
The instructions said to use Windows 98 or better.... So I installed 

More information about the K12OSN mailing list