From owner-freebsd-questions@FreeBSD.ORG Sun Apr 10 18:37:41 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D64BC16A4CE for ; Sun, 10 Apr 2005 18:37:41 +0000 (GMT) Received: from mail27.sea5.speakeasy.net (mail27.sea5.speakeasy.net [69.17.117.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E4A443D2D for ; Sun, 10 Apr 2005 18:37:41 +0000 (GMT) (envelope-from omniBSD@speakeasy.net) Received: (qmail 21345 invoked from network); 10 Apr 2005 18:37:41 -0000 Received: from acute.anhedonia.com (HELO [10.20.30.10]) (omni@[66.93.24.213]) (envelope-sender ) by mail27.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 10 Apr 2005 18:37:41 -0000 Message-ID: <42597350.4000502@speakeasy.net> Date: Sun, 10 Apr 2005 13:41:20 -0500 From: Ash User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20041104 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Scott Mitchell References: <20050410153834.GA893@tuatara.fishballoon.org> <425961D5.8090403@speakeasy.net> <20050410181657.GB893@tuatara.fishballoon.org> In-Reply-To: <20050410181657.GB893@tuatara.fishballoon.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: FreeBSD Questions Subject: Re: Connect to Cisco VPN server from FreeBSD? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Apr 2005 18:37:42 -0000 Scott Mitchell wrote: > On Sun, Apr 10, 2005 at 12:26:45PM -0500, Ash wrote: > >>Scott Mitchell wrote: >> >>>Hi all, >>> >>>As in the subject - has anyone managed to get a FreeBSD machine to connect >>>to a Cisco VPN server, using IPSec and 2-factor authentication (password + >>>SecurID card)? My employer has been acquired by another company, and this >>>will soon be the only remote-access method available. Linux client >>>software exists, but given that it relies on a kernel module I'm not >>>holding out much hope of it working. The security/vpnc port looks like it >>>might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded >>>to do the SecurID authentication. >>> >>>I would try all these things myself, except I don't have any account >>>details for the server yet. I really don't want to keep a Linux or Windows >>>machine around just to connect to the office... >>> >>>Many thanks in advance, >>> >>> Scott >>> >> >>I have not personally used this, however I have had reports of users >>connecting to a Cisco VPN 3000 box that I administered at one point with >>the following client: >> >>http://www.unix-ag.uni-kl.de/~massar/vpnc/ > > > Thanks, that looks promising. The SecurID thing is apparently just a > flavour of XAUTH which seems to be supported, so it might just work. > > Cheers, > > Scott > Whoops forgot to mention that I had configured out VPN3000 to authenticate users using SecurID. The vpnc users were able to authenticate just fine. OT, but they were also able to use vpnc to bypass split-tunneling restrictions (no real surprise there). Good luck, -Ash