Tags:
view all tags
---+!! VPN-access with KVpnc (Linux) ---++!! Short manual on how to set up VPN-connections to the VPN-gateway of the ZIV with the help of KDE-frontends KVpnc. Below you will find an instruction on how to set up a VPN-connection to the VPN-server of the university using the open-source-combination vpnc/kvpnc (i.e. without using the proprietary Cisco-driver).<br/><br/> In this context it is assumed that both _vpnc_ and _KVpnc_ installiert sind. have been installed. Both programs are at least available as packages in the newer distributions and can be installed by means of _apt-get_ (Ubuntu) or _yast_ (Suse). Alternatively, you can find the source codes under [[http://www.unix-ag.uni-kl.de/~massar/vpnc/]] or at [[http://home.gna.org/kvpnc/en/index.html]].<br/> Instructions:<br/> Starting =kvpnc= (you will be asked for the root-password). The surface of KVpnc will appear. <br /> <br /> Choose _Profile/New Profile (Assistant)_ in the menu. <br /><br /> <img src="%PUBURLPATH%/%WEB%/CiscoIPSecKVpncSetup/begruessung.jpg" width='719' height='507' /><br /><br /> Click _continue_.<br /><br /> <img src="%PUBURLPATH%/%WEB%/CiscoIPSecKVpncSetup/cisco.jpg" width='719' height='407' /><br /><br /> Choose _Cisco (free)_ as VPN-Type and click _continue_.<br /><br /> <img src="%PUBURLPATH%/%WEB%/CiscoIPSecKVpncSetup/pcf.jpg" width='719' height='407' /><br /><br /> Choose _Import PCF-file_ and click _continue_.<br /><br /> <img src="%PUBURLPATH%/%WEB%/CiscoIPSecKVpncSetup/vpn-standard.jpg" width='247' height='122' /><br /><br /> You will now be asked for the VPN-Profile (PCF-file). You can download the VPN-profile provided by the ZIV [[CiscoIPSecVPNClientDownload][here]]. You must now choose the downloaded file. (Normally this file is called _vpnstandard.pcf_.)<br /><br /> <img src="%PUBURLPATH%/%WEB%/CiscoIPSecKVpncSetup/benutzer.jpg" width='719' height='407' /><br /><br /> You will now be asked for the user ID and the *password for network access* (*not* the standard-password). You can change the passwords at the portal [[https://www.uni-muenster.de/ZIV/en/MeinZIV/index.html][MeinZIV]].<br /> *Take care*: The password will be saved in the clear text, but it can only be read with Root-rights. Entering the password here is optional. If you do not give any details here, KVpnc will ask for the information every time you want to set up a connection.<br /><br /> Now click _continue_ three times. <br /><br /> If everything is ok, the KVpnc-surface will reappear.<br /><br /> In order to complete the remaining settings, choose _set up settings/kvpnc_ in the menu: <img src="%PUBURLPATH%/%WEB%/CiscoIPSecKVpncSetup/nat.jpg" width='643' height='484' /><br /><br /> Choose the category _Profile/Network/NAT_. <br /><br /> Activate the button _Use UDP (NAT-T)_. As _UDP port for NAT-T_ enter, for example, _10000_.<br /> Note: If you use a router with integrated firewall, it might be necessary to transfer the relevant port. The router handbook will provide information about how to proceed. It might also be necessary to configure the Linux-Firewall (if applicable) accordingly. <br /><br /> If you want to set up a VPN-connection, you can now choose the requested profile (in this case: _vpnstandard_) and click _connect_. <br/><br/> You will now be asked for the group password:<br/><br/> <img src="%PUBURLPATH%/%WEB%/CiscoIPSecKVpncSetup/group.png" width='484' height='335' /><br /><br /> It is slightly more difficult to get the group password. First open the file _vpnstandard.pcf_ with a text editor. There you will find the string: <verbatim>!enc_GroupPwd=*PASSWORT*</verbatim> This _password_ must now be deciphered by entering it on [[http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode]] and using the deciphered password as group password. (for vpnstandard.pcf currently: Der_preshardkey_$4$_vpnstandard% <br/><br/> You might also be asked to enter your password for network access (see above). After that an encrypted VPN-connection to the VPN-Gateway of the ZIV will be set up. Job done.<br /><br /> The connection can be dropped by clicking _Disconnect_.<br /><br /> The configurations made can be saved under =~root/.kde/share/config/kvpnrc=. If you want to start anew, you can also delete this file (a restart of KVpnc will re-set them). ---++!! Problems with (k)vpnc at more specific client gateways Beside the general VPN-Gateway ("vpnstandard") the ZIV also operates many more specific gateways used to connect into other net zones (comp. [[http://www.uni-muenster.de/ZIV/Technik/Netz/VPN.html]]). For those gateways you need especially provided VPN-profiles and the users must be especially authorized for this connection. Unfortunately, the use of these more specific client gateways does not work with the (k)vpnc at present. This might be because of the authentication with "user@xyz" necessary for these gateways: in the [[http://svn.unix-ag.uni-kl.de/vpnc/trunk/TODO][TODO]]-list for the [[http://www.unix-ag.uni-kl.de/~massar/vpnc/][vpnc]] 0.5.3 it says: "research/bugs: - usernames containing "@" unable to login". In this case your only choice is to use the Cisco-client (see [[https://zivwiki.uni-muenster.de/bin/view/Anleitungen/CiscoIPSecVPNSetup][here]]). -- Main.LauraOeste - 2011-05-10
Edit
|
Attach
|
Watch
|
P
rint version
|
H
istory
:
r5
<
r4
<
r3
<
r2
<
r1
|
B
acklinks
|
V
iew topic
|
Raw edit
|
More topic actions...
Topic revision: r3 - 2012-08-16
-
mfies_5f01
Home
Site map
Anleitungen web
Exchange web
Main web
TWiki web
Anleitungen Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
P
View
Raw View
Print version
Find backlinks
History
More topic actions
Edit
Raw edit
Attach file or image
Edit topic preference settings
Set new parent
More topic actions
Account
Log In
Български
Cesky
Dansk
Deutsch
English
Español
Suomi
_Français_
Italiano
日本語
한글
Nederlands
Polski
Português
Русский
Svenska
Українська
简体中文
簡體中文
Edit
Attach
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding ZIVwiki?
Send feedback
Datenschutzerklärung
Impressum