Connecting Opensolaris to a Cisco VPN
I finally got my Opensolaris box hooked up to a Cisco VPN:
1. Get the tun/tap driver from Kazuyoshi. This driver is used for creating a using between the client and the Cisco VPN router.
2. Compile and install the driver:
3. Download the vpnc client. This program handels the vpn connection. I've used the version 0.5.1.
4. Get gmake
5. Adjust installation paths (my personal preferences):
6. Convert the pcf file into vpnc format using /opt/vpnc/pcf2vpnc. Store the file in /opt/vpnc/etc
7. Now comes the tricky part. Create the /opt/vpnc/etc/vpnc-script -script. The script opens the connection and sets up the appropriate routing.
My target was to just have a couple of connections go through the tunnel instead of all.
Attention! If you want to have a default route set into the tunnel, be sure to add some direct routes to your vpn gateway before the default route points to the tunnel. Otherwise the vpn gateway will become unreachable and the tunnel goes down. Your remote gateway can be found in your conf file ("IPSec gateway" line).
Depending on what you want to achieve, you have to configure your DNS servers in /etc/resolv.conf manually.
Here is my sample /opt/vpnc/etc/vpnc-script :
8. Now you should be able to connect to your vpn:
9.The output should look like this:
10. The interfaces look like this, where zz.zz.zz.zz is the IP Address that got assigned from the other side of the tunnel. The tun0 device was automatically created by vpnc·
1. Get the tun/tap driver from Kazuyoshi. This driver is used for creating a using between the client and the Cisco VPN router.
2. Compile and install the driver:
pkg install sunstudioexpress
export CC=/opt/SunStudioExpress/bin/cc
./configure
make
make install
3. Download the vpnc client. This program handels the vpn connection. I've used the version 0.5.1.
4. Get gmake
pkg install SUNWgmake
5. Adjust installation paths (my personal preferences):
Makefile:
PREFIX=/opt/vpnc
ETCDIR=/opt/vpnc/etc
config.c (hardcoded locations):
Line 250: return "/opt/vpnc/etc/ssl/certs";
Line 270: return "/opt/vpnc/etc/vpnc-script";
Line 275: return "/var/run/vpnc.pid";
Line 541: ... : /opt/vpnc/etc/", ...
Line 760: ... "/opt/vpnc/etc/default.conf" ...
Line 761: ... "/opt/vpnc/etc/vpnc.conf" ...
gmake
gmake install
6. Convert the pcf file into vpnc format using /opt/vpnc/pcf2vpnc. Store the file in /opt/vpnc/etc
7. Now comes the tricky part. Create the /opt/vpnc/etc/vpnc-script -script. The script opens the connection and sets up the appropriate routing.
My target was to just have a couple of connections go through the tunnel instead of all.
Attention! If you want to have a default route set into the tunnel, be sure to add some direct routes to your vpn gateway before the default route points to the tunnel. Otherwise the vpn gateway will become unreachable and the tunnel goes down. Your remote gateway can be found in your conf file ("IPSec gateway" line).
Depending on what you want to achieve, you have to configure your DNS servers in /etc/resolv.conf manually.
Here is my sample /opt/vpnc/etc/vpnc-script :
#!/bin/sh
#* reason -- why this script was called, one of: pre-init connect disconnect
#* VPNGATEWAY -- vpn gateway address (always present)
#* TUNDEV -- tunnel device (always present)
#* INTERNAL_IP4_ADDRESS -- address (always present)
#* INTERNAL_IP4_NETMASK -- netmask (often unset)
#* INTERNAL_IP4_DNS -- list of dns serverss
#* INTERNAL_IP4_NBNS -- list of wins servers
#* CISCO_DEF_DOMAIN -- default domain name
#* CISCO_BANNER -- banner from server
#* CISCO_SPLIT_INC -- number of networks in split-network-list
#* CISCO_SPLIT_INC_%d_ADDR -- network address
#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0)
#* CISCO_SPLIT_INC_%d_MASKLEN -- subnet masklen (for example: 24)
#* CISCO_SPLIT_INC_%d_PROTOCOL -- protocol (often just 0)
#* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0)
#* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0)
# =========== script (variable) setup ====================================
PATH=/sbin:/usr/sbin:$PATH
FULL_SCRIPTNAME=/usr/local/sbin/vpnc
SCRIPTNAME=`basename $FULL_SCRIPTNAME`
# =========== tunnel interface handling ====================================
do_ifconfig() {
ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" "$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu 1412 up
}
# =========== route handling ====================================
get_default_gw() {
# isn't -n supposed to give --numeric output?
# apperently not...
# Get rid of lines containing IPv6 addresses (':')
netstat -r -n | sed 's/default/0.0.0.0/' | sed 's/^.*:.*$//' | grep '^0.0.0.0' | awk '{print $2}'
}
do_pre_init() {
echo "do_pre_init"
}
do_connect() {
if [ -n "$CISCO_BANNER" ]; then
echo "Connect Banner:"
echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done
echo
fi
do_ifconfig
if [ -n "$CISCO_SPLIT_INC" ]; then
i=0
while [ $i -lt $CISCO_SPLIT_INC ] ; do
eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
i=`expr $i + 1`
done
fi
# Hosts 1&2 & 3
add_host_route "xx.xx.xx.xx"
add_host_route "xx.xx.xx.xy"
add_host_route "xx.xx.xx.xz"
for i in $INTERNAL_IP4_DNS ; do
add_host_route "$i"
done
}
do_disconnect() {
if [ -n "$CISCO_SPLIT_INC" ]; then
i=0
while [ $i -lt $CISCO_SPLIT_INC ] ; do
eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
i=`expr $i + 1`
done
fi
# Delete all routes again
del_host_route "xx.xx.xx.xx"
del_host_route "xx.xx.xx.xy"
del_host_route "xx.xx.xx.xy"
for i in $INTERNAL_IP4_DNS ; do
del_host_route "$i"
done
}
add_host_route() {
HOST="$1"
route add "$HOST" "$INTERNAL_IP4_ADDRESS" -interface
}
del_host_route() {
HOST="$1"
route delete "$HOST" "$INTERNAL_IP4_ADDRESS" -interface
}
#### Main
if [ -z "$reason" ]; then
echo "this script must be called from vpnc" 1>&2
exit 1
fi
case "$reason" in
pre-init)
do_pre_init
;;
connect)
do_connect
;;
disconnect)
do_disconnect
;;
*)
echo "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2
exit 1
;;
esac
exit 0
8. Now you should be able to connect to your vpn:
/opt/vpnc/sbin/vpnc myvpn.conf
9.The output should look like this:
/usr/local/sbin/vpnc cia.conf
Enter password for tzhbomi5@bwpir.bluewin.ch:
do_pre_init
add host xx.xx.xx.xx: gateway zz.zz.zz.zz
add host xx.xx.xx.xy: gateway zz.zz.zz.zz
add host xx.xx.xx.xz: gateway zz.zz.zz.zz
VPNC started in background (pid: 3971)...
10. The interfaces look like this, where zz.zz.zz.zz is the IP Address that got assigned from the other side of the tunnel. The tun0 device was automatically created by vpnc·
ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
rge0: flags=201004843 mtu 1500 index 2
inet 192.168.1.35 netmask ffffff00 broadcast 192.168.1.255
ether 0:22:15:5e:61:2b
tun0: flags=10010008d1 mtu 1412 index 4
inet zz.zz.zz.zz --> zz.zz.zz.zz netmask ffffffff
ether 2:0:0:0:0:0
Comments
Although the latter one since a couple of days.
Do you see any errors in the messages log?
For the tun driver, I followed the instructions given here : atechnicaljourney.blogspot.com/2008/10/howto-get-tuntap-compile-for-x64.html
this causes the compile to fail; the simple fix is to simply remove the '| LOG_PERROR' from the function call on line 1061 of tunip.c
hth
Thanks.
pkg install sunstudioexpress
export CC=/opt/SunStudioExpress/bin/cc
Download the tun/tap driver from Kazuyoshi.
run ./configure and then you will need to edit the Makefile (for x64 only!)
Change these options
modules: tun.o tap.o
$(LD) -r -o tun tun.o
$(LD) -r -o tap tap.o
to
modules: tun.o tap.o
$(LD) -melf_x86_64 -r -o tun tun.o
$(LD) -melf_x86_64 -r -o tap tap.o
My Blog : earn money chao!
No, you can't use vpnc with the Cisco AnyConnect VPN; it only supports the legacy IPsec VPNs.
For AnyConnect, you need the OpenConnect client, which can be found here.
The patches to make it build on Solaris were committed to git today; I've just been testing it.
It uses a vpnc-script just like vpnc, so the one from this page should suffice. Note, though, that the script should set the MTU from the $INTERNAL_IP4_MTU variable, which the above script doesn't. And the script on this page needs you to configure your routing manually — it doesn't obey the routes given to it by vpnc/openconnect in the environment.
Has anyone submitted patches to vpnc to fix their vpnc-script to work on Solaris?
It should work with both vpnc and openconnect, and do all the correct things with routes automatically according to the information passed to it from the VPN client.
[url=http://free-sex-porn-xxx-clips.tumblr.com] sex[/url]
sex
http://free-sex-porn-xxx-clips.tumblr.com
Step 1
pkg install sunstudioexpress
export CC=/opt/SunStudioExpress/bin/cc
./configure
make
but in the following step appear the next error
# make install
make: Fatal error: Don't know how to make target `install'
I looked on the web and discovered the following:
Kaseya.com
GFI.com
Logmein.com
They all look different... Does anyone can recommend any other?
In addition did anybody try this:
N-able remote environment manager software ?
# gmake
gcc -O3 -g -W -Wall -Wmissing-declarations -Wwrite-strings -DVERSION=\"0.5.3\" -c -o sysdep.o sysdep.c
sysdep.c: In function `tun_get_hwaddr':
sysdep.c:684: error: structure has no member named `ifr_hwaddr'
gmake: *** [sysdep.o] Error 1
Not sure how get this ".h" file in Solaris...
root@local:/install/vpnc-0.5.3$ gmake
gcc -O3 -g -W -Wall -Wmissing-declarations -Wwrite-strings -DVERSION=\"0.5.3\" -c -o sysdep.o sysdep.c
sysdep.c: In function `tun_get_hwaddr':
sysdep.c:684: error: structure has no member named `ifr_hwaddr'
gmake: *** [sysdep.o] Błąd 1
help please.....
Step 1.
1. Get the tun/tap driver from Kazuyoshi. This driver is used for creating a using between the client and the Cisco VPN router.. In what path I must be install it?
step 2.
The same problem
3. Download the vpnc client. This program handels the vpn connection. I've used the version 0.5.1.
In what path I must be install it
Step 3
5. Adjust installation paths (my personal preferences):
Makefile:
PREFIX=/opt/vpnc
ETCDIR=/opt/vpnc/etc
config.c (hardcoded locations):
Line 250: return "/opt/vpnc/etc/ssl/certs";
Line 270: return "/opt/vpnc/etc/vpnc-script";
Line 275: return "/var/run/vpnc.pid";
Line 541: ... : /opt/vpnc/etc/", ...
Line 760: ... "/opt/vpnc/etc/default.conf" ...
Line 761: ... "/opt/vpnc/etc/vpnc.conf" ...
gmake
gmake install
What do you want to do when say makefile?, where I do, what path.
Please explain me,
Regardles
Step 1.
1. Get the tun/tap driver from Kazuyoshi. This driver is used for creating a using between the client and the Cisco VPN router.. In what path I must be install it?
step 2.
The same problem
3. Download the vpnc client. This program handels the vpn connection. I've used the version 0.5.1.
In what path I must be install it
Step 3
5. Adjust installation paths (my personal preferences):
Makefile:
PREFIX=/opt/vpnc
ETCDIR=/opt/vpnc/etc
config.c (hardcoded locations):
Line 250: return "/opt/vpnc/etc/ssl/certs";
Line 270: return "/opt/vpnc/etc/vpnc-script";
Line 275: return "/var/run/vpnc.pid";
Line 541: ... : /opt/vpnc/etc/", ...
Line 760: ... "/opt/vpnc/etc/default.conf" ...
Line 761: ... "/opt/vpnc/etc/vpnc.conf" ...
gmake
gmake install
What do you want to do when say makefile?, where I do, what path.
Please explain me,
Regardles
$ gmake
gcc -O3 -g -W -Wall -Wmissing-declarations -Wwrite-strings -DCRYPTO_GNUTLS -DVERSION=\"0.5.3-451M\" -c -o sysdep.o sysdep.c
sysdep.c: In function `tun_get_hwaddr':
sysdep.c:684: error: structure has no member named `ifr_hwaddr'
gmake: *** [sysdep.o] Error 1
See this patch for wine http://bugs.winehq.org/show_bug.cgi?id=20714#c1
You need to replace the line in sysdep.c:
#elif defined(SIOCGIFHWADDR)
with
#elif defined(SIOCGIFHWADDR) && !defined(__sun)
This functionality changed as of OSOL build 125. I was pulling my hair out trying to figure out how I compilied it before.
Thought this might help someone.