Re: Cisco 3000 VPN + Nahant = Intermittant hangups

["Tom 'spot' Callaway" <tcallawa redhat com>]

On Sun, 2005-03-06 at 10:20 -0500, Ed Griffin wrote:
>I don't know if this is a kernel issue or a Cisco issue but if the system does 
>not hang I see the following in /var/log/messages...

Its a Cisco issue. Their driver is, well, poor.

The good news is that there is an open source client that has 99% of the
functionality of the Cisco binary-only kernel module (and it uses the
tun module in the existing kernel instead of reinventing the wheel).

VPNC: http://www.unix-ag.uni-kl.de/~massar/vpnc/
SRPM here (its for Fedora Extras, but it should --rebuild for RHEL 4
just fine):
http://download.fedora.redhat.com/pub/fedora/linux/extras/3/SRPMS/vpnc-0.3.2-3.src.rpm

The biggest problem with it is that rekeying is not supported (default
rekey-interval is 8 hours), so you have to restart the client everytime
it needs to rekey, depending on how you have the Concentrator
configured.

I use it heavily, and besides the rekeying problem, it works great!

~spot
---
Tom "spot" Callaway: Red Hat Sales Engineer || GPG Fingerprint: 93054260
Fedora Extras Steering Committee Member (RPM Standards and Practices)
Aurora Linux Project Leader: http://auroralinux.org
Lemurs, llamas, and sparcs, oh my!