Date: Sun, 14 Aug 2005 18:14:30 +0100 From: Scott Mitchell <scott+lists.freebsd@fishballoon.org> To: freebsd-questions@freebsd.org Subject: Re: Connect to Cisco VPN server from FreeBSD? Message-ID: <20050814171430.GA88530@tuatara.fishballoon.org> In-Reply-To: <20050410153834.GA893@tuatara.fishballoon.org> References: <20050410153834.GA893@tuatara.fishballoon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 10, 2005 at 04:38:34PM +0100, Scott Mitchell wrote: > Hi all, > > As in the subject - has anyone managed to get a FreeBSD machine to connect > to a Cisco VPN server, using IPSec and 2-factor authentication (password + > SecurID card)? My employer has been acquired by another company, and this > will soon be the only remote-access method available. Linux client > software exists, but given that it relies on a kernel module I'm not > holding out much hope of it working. The security/vpnc port looks like it > might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded > to do the SecurID authentication. In case this is useful to anybody else - Finally got my SecurID card and can report that it works very well with the latest security/vpnc port. I had to decode the "group password" in the config file for the Cisco client I was given, but the vpnc web page has a handy service for doing just that. Apart from that, it just worked. The vpnc client doesn't support re-keying, so the connection hangs when the other side decides to do this. I'm mostly just connecting to machines at work over VNC or rdesktop, so this is no big deal for me - just re-connect. It also doesn't deal well with requests to re-authenticate after the SecurID token changes, which I think only happen if you get your password wrong. It does seem to correctly handle any DNS and split-tunnelling setup requested by the server, although you can tweak the connect script to ignore all that stuff if it annoys you :-) I'm connecting to a Cisco 2600 series router, with SecurID authentication done by some RADIUS server at another site. Haven't tried, but I expect I would have no trouble connecting to our central Cisco 3000 VPN concentrator box. Scott -- =========================================================================== Scott Mitchell | PGP Key ID | "Eagles may soar, but weasels Cambridge, England | 0x54B171B9 | don't get sucked into jet engines" scott at fishballoon.org | 0xAA775B8B | -- Anon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050814171430.GA88530>