From owner-freebsd-net@FreeBSD.ORG Sat Apr 16 03:53:36 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5042416A4CE for ; Sat, 16 Apr 2005 03:53:36 +0000 (GMT) Received: from nostrum.com (magus.nostrum.com [69.5.195.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id A675243D55 for ; Sat, 16 Apr 2005 03:53:35 +0000 (GMT) (envelope-from dave@duchscher.com) Received: from [10.1.5.3] (ip70-186-96-108.ma.dl.cox.net [70.186.96.108]) (authenticated bits=0) by nostrum.com (8.12.11/8.12.11) with ESMTP id j3G3rOOQ042249 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO); Fri, 15 Apr 2005 22:53:27 -0500 (CDT) (envelope-from dave@duchscher.com) In-Reply-To: <426059E3.5000902@elischer.org> References: <42604BD4.9040906@elischer.org> <42604D00.4010401@savvis.net> <42605891.5000104@savvis.net> <426059E3.5000902@elischer.org> Mime-Version: 1.0 (Apple Message framework v619.2) Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-1-24928999; protocol="application/pkcs7-signature" Message-Id: <558fd238cf8728f9b87cb54a4092039f@duchscher.com> From: David Duchscher Date: Fri, 15 Apr 2005 22:53:18 -0500 To: Julian Elischer X-Mailer: Apple Mail (2.619.2) Received-SPF: pass (nostrum.com: 70.186.96.108 is authenticated by a trusted mechanism) X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: net@freebsd.org Subject: Re: cisco vpn experience? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Apr 2005 03:53:36 -0000 --Apple-Mail-1-24928999 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On Apr 15, 2005, at 7:18 PM, Julian Elischer wrote: > > > Maksim Yevmenkin wrote: > >> Maksim Yevmenkin wrote: >> >>> Julian Elischer wrote: >>> >>>> Has anyone connected a FreeBSD machine to a "cisco ipsec VPN" as >>>> exported by various Cisco routers. >>>> >>>> they have special solaris, linux and windows clients.. >>> >>> >>> tried to play with it. no luck though. could find where to stick >>> "group password" (or whatever its called). even looked at linux >>> sources at one point. looked like (to me) some shim on top of ipsec. >>> i might be wrong (it was long time ago). >> >> >> just tried google'ing it again and >> >> http://www.unix-ag.uni-kl.de/~massar/vpnc/ >> >> came up... have not tried to actually use it, but it compliled fine > > yeah I found that. > > It's a port/package too.. > > I'm hoping it will do the trick for me though it seems a shame that we > have to use a > linux-based userland program when we have ipsec in the kernel. > I found this: http://ipsec-tools.sourceforge.net/ Was pointed to by this message: http://www.freebsdforums.com/forums/showthread.php?threadid=30092 and buried inside the src/racoon/samples/roadwarrior/README under 'Client setup' it says: This configuration should be compatible with the Cisco VPN 3000 using hybrid authentication, though this has not been tested. Hope this helps, -- DaveD --Apple-Mail-1-24928999--