Dear All
Have anyone here tried to compile cisco vpn for Fedora 16 - 32 or 64 bit? I need it sometimes and it should support ipsec over tcp, unfortunately nothing in unix can provide it.
Thanks for suggestions.
On Mon, Nov 14, 2011 at 4:49 PM, Lucas macachuto@gmail.com wrote:
Dear All
Have anyone here tried to compile cisco vpn for Fedora 16 - 32 or 64 bit? I need it sometimes and it should support ipsec over tcp, unfortunately nothing in unix can provide it.
Have you ever tried NetworkManager-vpnc (and the underlying vpnc) that comes with Fedora OOTB?
Its been a while since I've used it (my current employer uses other technology) but it use to work OK with the last Cisco env I used. From the description:
A VPN client compatible with Cisco's EasyVPN equipment.
Supports IPSec (ESP) with Mode Configuration and Xauth. Supports only shared-secret IPSec authentication, 3DES, MD5, and IP tunneling.
Peter
Lucas wrote:
Have anyone here tried to compile cisco vpn for Fedora 16 - 32 or 64 bit? I need it sometimes and it should support ipsec over tcp, unfortunately nothing in unix can provide it.
NetworkManager works with Cisco VPN tunnels.
Cisco also provides a Linux client that you can use.
Why do you say "nothing in unix can provide it?"
Dne 14.11.2011 17:49, Lucas napsal(a):
Have anyone here tried to compile cisco vpn for Fedora 16 - 32 or 64 bit? I need it sometimes and it should support ipsec over tcp, unfortunately nothing in unix can provide it.
Also, I use pretty happily openswan (via NetworkManager-openswan, you probably need most recent versions) with our Cisco concentrators.
Matěj
On Thu, 12 Jan 2012, Matej Cepl wrote:
Dne 14.11.2011 17:49, Lucas napsal(a):
Have anyone here tried to compile cisco vpn for Fedora 16 - 32 or 64 bit? I need it sometimes and it should support ipsec over tcp, unfortunately nothing in unix can provide it.
I am not sure if the tcp port 10000 can be implemented from a cisco licence point of view. If any kind of fake tcp is implemented to tunnel IPsec, it's probably best to stick it on port 443. The tor people know a lot about faking https traffic to circumvent a lot of deep packet inspectors.
But really, if a network administrator blocks udp 4500 so that IPsec NAT-T is failing, you are basically on a network not welcome to IPsec. Whether you should attempt port 10000 tcp on such a network, I don't know....
Also, I use pretty happily openswan (via NetworkManager-openswan, you probably need most recent versions) with our Cisco concentrators.
Perhaps it is time to turn these cisco's into RHEL servers with openswan :)
Paul
devel@lists.stg.fedoraproject.org