[K12OSN] CISCO vpn client for linux
"Terrell Prudé, Jr."
microman at cmosnetworks.com
Mon Oct 11 22:40:09 UTC 2004
If you're dealing w/ hospital-type info, then there's *really* a case
for PAT'ed addresses in your environment. And I've got a lawyer using
K12LTSP in his office. Works great.
Do let us know how this turns out! You've got at least me curious.
--TP
Lewis Holcroft wrote:
> Terrell,
>
> I'll try the Terminal Server approach. The fact is I'm not using
> K12LTSP in a school environment. I'm using it in an office
> environment. I choose K12LTSP because the the adults act like third
> graders. Not to insult third graders. Many of the things my client
> wanted to accomplish were already proven in the K12 setup, so it
> seamed like a good choice. In fact I'm very happy with making that
> choice.
>
> The connection is to a hospital. Federal Law (HIPAA) imposes mandates
> in this arena. I'll go back to the vendor and have them work on the
> problem from a Windows 2000 Terminal Server perspective.
>
> Thanks again
>
> Lewis
>
> On Oct 11, 2004, at 4:06 PM, Terrell Prudé, Jr. wrote:
>
>> Ah...that's unfortunate. That's not something that the VPN client
>> can do anything about. You have to establish the VPN connection on
>> the server, since, remember, the clients don't actually run anything
>> besides, essentially, a kernel and an X11 server.
>>
>> You're right; the service provider should know these answers, since
>> what we're really talking about here (IP connectivity) is
>> platform-agnostic. One way to deal with these people is to say that
>> you've got a Windows 2000 Terminal Server, and that's how "it has
>> been decided," that connectivity to this application "will take
>> place," if you get my meaning. You don't have to tell them *who*
>> made the decision. :-) I've found that this bit of sleight-of-hand
>> can get answers when "cleaner" methods don't.
>>
>> I would also ask them why they are limiting sessions by IP address
>> instead of by actual authentication (user/password, certificates,
>> etc.). How do they handle schools, like, say, my district, that
>> use--matter of fact, *have* to use--Port Address Translation on our
>> firewalls? Just about everybody today does this for a variety of
>> reasons. My district couldn't function as it does without it.
>>
>> --TP
>>
>> Lewis Holcroft wrote:
>>
>>> Terrell,
>>>
>>> I was premature with my excitement. While I am able to get the VPN
>>> Client running on my sandbox machine. I am not so fortunate with the
>>> production machine.
>>>
>>> Perhaps you could answer a couple more questions I have? In my case
>>> the vpn client connection is made by my server. Each user can then
>>> start the "special" windows telnet client using wine. I have a
>>> problem in the that the service they connect to only allows one
>>> session per IP. Do you establish the vpn connection on the server,
>>> or do you somehow establish it on a per workstation basis? If the
>>> later how is this configured on the workstation sessions?
>>>
>>> I realize the folks that I am trying to connect to should know the
>>> answers, but the word Linux gives them the heebee geebee's. Which is
>>> much better that the "we don't support that" answer.
>>>
>>> Thanks is advance.
>>>
>>> Lewis
>>>
>>>
>>> On Oct 7, 2004, at 6:11 PM, Terrell Prudé, Jr. wrote:
>>>
>>>> Ted thanks you, as does Terrell. :-)
>>>> Good to hear that it's working. FWIW, this is exactly how I've
>>>> gotten a couple more converts to GNU/Linux, so I'm glad to see
>>>> Cisco supporting our favorite platform.
>>>>
>>>> --TP...er, Ted
>>>>
>>>> Lewis Holcroft wrote:
>>>>
>>>>> Ted! Who's Ted?
>>>>>
>>>>> Sorry TP. It was pre coffee.
>>>>>
>>>>> And once again I'm very exited about getting this to work.
>>>>>
>>>>> Lewis
>>>>>
>>>>> On Oct 7, 2004, at 8:22 AM, Lewis Holcroft wrote:
>>>>>
>>>>>> Ted,
>>>>>>
>>>>>> Thank you very much. This worked like a charm.
>>>>>>
>>>>>> Lewis
>>>>>>
>>>>>> On Oct 6, 2004, at 9:14 PM, Terrell Prudé, Jr. wrote:
>>>>>>
>>>>>>> Lewis Holcroft wrote:
>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> I'm glad to know this is in use and works.
>>>>>>>>
>>>>>>>> I should say I am new to this process and site I am connecting
>>>>>>>> too are all windows folks. So the learning curve is steep.
>>>>>>>>
>>>>>>>> I did run into a problem. I am running the vpnclient on the
>>>>>>>> server and when it does connect the LAN gets disabled. This is
>>>>>>>> a problem as all of the local desktops stop responding. Are
>>>>>>>> folks using the vpnclient on the server or on workstations on
>>>>>>>> the network? Is this a configurable option?
>>>>>>>>
>>>>>>>> I'm working with no documentation here. So I'm really in the dark.
>>>>>>>>
>>>>>>>> Lewis
>>>>>>>>
>>>>>>>> On Oct 5, 2004, at 7:42 PM, Terrell Prudé, Jr. wrote:
>>>>>>>>
>>>>>>>>> Lewis Holcroft wrote:
>>>>>>>>>
>>>>>>>>>> Hi all,
>>>>>>>>>>
>>>>>>>>>> I have rolled out a K12LTSP 4.0 cluster of 5 servers (I could
>>>>>>>>>> upgrade but I just got this installation working and am going
>>>>>>>>>> to wait a while) and now that we have all the equipment in
>>>>>>>>>> we are told that the client needs to use a $MS product. The
>>>>>>>>>> vendor does not offer a Linux version so....
>>>>>>>>>>
>>>>>>>>>> The first step is to set up a vpn link. The vendor uses CISCO
>>>>>>>>>> 3000 series product and has sent along a copy of the cisco
>>>>>>>>>> vpn client version 4.6.00.0045-k9.
>>>>>>>>>>
>>>>>>>>>> This requires the kernel source to install. That was fun to
>>>>>>>>>> install.
>>>>>>>>>>
>>>>>>>>>> When I start the daemon I get messages about tainting the
>>>>>>>>>> kernel, which concerns me. Should I be concerned? I think so.
>>>>>>>>>>
>>>>>>>>>> Is anyone running this vpn client?
>>>>>>>>>>
>>>>>>>>>> If so, does it work well or have problems?
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>>
>>>>>>>>>> Lewis
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I have been using the Cisco VPN Client since v4.0.3B, up to
>>>>>>>>> and including the 4.6 version specified above, since 4.0.3B
>>>>>>>>> came out. Works fine, though for 2.6 kernels, experience has
>>>>>>>>> taught me that you will need the 4.6 version for reliable
>>>>>>>>> operation.
>>>>>>>>>
>>>>>>>>> I have successfully done this on Red Hat Linux 9, Slackware
>>>>>>>>> GNU/Linux 9.1 and 10.0, and SuSE Linux 9.1. "Tainted" simply
>>>>>>>>> means that a proprietary, i. e. non-GPL kernel module is
>>>>>>>>> getting inserted into the kernel. Doesn't affect operation,
>>>>>>>>> but I wish Cisco would be less anally retentive about the GPL.
>>>>>>>>>
>>>>>>>>> --TP
>>>>>>>>> _____________________
>>>>>>>>> Do you GNU!? <http://www.gnu.org>
>>>>>>>>> Be virus- and spam-free with Free/Open Source Software (FOSS).
>>>>>>>>> Check it out! <http://www.mozilla.org/thunderbird>
>>>>>>>>>
>>>>>>>
>>>>>>> In my .pcf file, there's a setting "EnableLocalLan". Try
>>>>>>> setting that to 1 and let us know.
>>>>>>>
>>>>>>> --TP
>>>>>>> __________________
>>>>>>
More information about the K12OSN
mailing list