[SUMMARY] Solaris x86 cisco vpn client

From: Jerry Kemp <sun.mail.list_at_oryx.cc>
Date: Thu May 24 2007 - 12:44:53 EDT
Solaris x86 VPN client summary.

Thank you to the following for your comments and suggestions:

Michael Grice
Gary Chambers
Matthew Taylor
Glenn Prince
David Magda
Al Saenz

Vacations - It has been a while since I posted a question here, and 
amazingly, no one is on holiday.


Down to business - With one exception, everyone suggested VPNC.  No one 
has this working on Solaris that emailed me, but some indicated that 
they had it working on linux.

This is the URL for VPNc:


The one exception was for the Connectra SSL VPN extender.  The Cisco VPN 
concentrator does not support SSL based VPN's, so I was not able to 
explore this option.

Compiling VPNc

My VPNc test platform is an Ultra 20 M2 running Solaris 10u3.

I pulled down the VPNc 0.4.0 source code last evening, and ultimately 
got a good working compile.  Why there was not any rocket-surgery 
involved, it wasn't a task for the timid or beginner.  This application 
had roughly a dozen sub-dependencies I had to get compiled and installed 
prior to getting a good/working compile of VPNc.

The bulk of problems encountered with the sub-dependencies revolved 
around ld.  They needed the GNU ld.  And it wasn't enough to do a
./configure --with-gnu-ld=/usr/local/bin/ld .  I actually had to rename 
/usr/ccs/bin/ld to get a good compile.  If you have to do this also, be 
sure to restore /usr/ccs/bin/ld afterwards, you will need it!

The big exception to the sub-dependencies was the compiling/installing 
of the TUN/TAP kernel modules.  I was not able to get a good compile and 
install till I used /usr/ccs/bin/ld .  I was able to verify my TUN/TAP 
installation here with the following command:

# modinfo | egrep -i 'tun|tap'


VPNc installation/configuration/usage

After I had a good installation of all of the sub-dependencies for VPNc, 
I was finally able to begin working with VPNc itself.  The compile 
(make) was easy/quick/clean, but the "make install" operation really 
didn't do much of anything.

I manually copied the binaries and scripts to /usr/local/sbin , and 
configuration files were put in /etc/vpnc/ .

VPNc includes a script to convert your Cisco generated *.pcf file to a 
VPNc style configuration file.  This script did a pretty good job, but I 
needed to do some manual clean up.  Once complete, your configuration 
file should be named "default.conf" and moved to the /etc/vpnc/ 



I ran out of time last night before I was fully complete, but before I 
needed to stop, but I was able to run VPNc, successfully log in, have 
VPNc display warning/disclaimer banners, and have the Cisco concentrator 
automatically set static routes to all of the internal networks.

I was not able to pass any traffic through the tunnel before I needed to 
stop, but I am certain that I am very close.  There are some scripting 
issues that I need to work through, but I feel that I will be successful 
using VPNc.


Additional details

This was suppose to be a short summary, but it is starting to look like 
a book.  If anyone needs additional details of what I did, please email 
me off line, and I will assist to the best of my abilities.


Original question

> Currently, Cisco does not provide a VPN client for Solaris x86, although 
> there is one for Solaris Sparc.
> Does any one have a usable 3rd party functional VPN client that they use 
> to connect to a Cisco VPN concentrator.  It could be 3rd party 
> commercial, shareware, freeware, open source, etc?
> A Yahoo search turns up many others asking the same question, but no 
> answers.
> Thanks for any comments, I will post a summary.
sunmanagers mailing list
Received on Thu May 24 12:45:13 2007

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:05 EST