[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] CISCO vpn client for linux

Ah...that's unfortunate. That's not something that the VPN client can do anything about. You have to establish the VPN connection on the server, since, remember, the clients don't actually run anything besides, essentially, a kernel and an X11 server.

You're right; the service provider should know these answers, since what we're really talking about here (IP connectivity) is platform-agnostic. One way to deal with these people is to say that you've got a Windows 2000 Terminal Server, and that's how "it has been decided," that connectivity to this application "will take place," if you get my meaning. You don't have to tell them *who* made the decision. :-) I've found that this bit of sleight-of-hand can get answers when "cleaner" methods don't.

I would also ask them why they are limiting sessions by IP address instead of by actual authentication (user/password, certificates, etc.). How do they handle schools, like, say, my district, that use--matter of fact, *have* to use--Port Address Translation on our firewalls? Just about everybody today does this for a variety of reasons. My district couldn't function as it does without it.


Lewis Holcroft wrote:


I was premature with my excitement. While I am able to get the VPN Client running on my sandbox machine. I am not so fortunate with the production machine.

Perhaps you could answer a couple more questions I have? In my case the vpn client connection is made by my server. Each user can then start the "special" windows telnet client using wine. I have a problem in the that the service they connect to only allows one session per IP. Do you establish the vpn connection on the server, or do you somehow establish it on a per workstation basis? If the later how is this configured on the workstation sessions?

I realize the folks that I am trying to connect to should know the answers, but the word Linux gives them the heebee geebee's. Which is much better that the "we don't support that" answer.

Thanks is advance.


On Oct 7, 2004, at 6:11 PM, Terrell Prudé, Jr. wrote:

Ted thanks you, as does Terrell. :-)
Good to hear that it's working. FWIW, this is exactly how I've gotten a couple more converts to GNU/Linux, so I'm glad to see Cisco supporting our favorite platform.

--TP...er, Ted

Lewis Holcroft wrote:

Ted! Who's Ted?

Sorry TP. It was pre coffee.

And once again I'm very exited about getting this to work.


On Oct 7, 2004, at 8:22 AM, Lewis Holcroft wrote:


Thank you very much. This worked like a charm.


On Oct 6, 2004, at 9:14 PM, Terrell Prudé, Jr. wrote:

Lewis Holcroft wrote:


I'm glad to know this is in use and works.

I should say I am new to this process and site I am connecting too are all windows folks. So the learning curve is steep.

I did run into a problem. I am running the vpnclient on the server and when it does connect the LAN gets disabled. This is a problem as all of the local desktops stop responding. Are folks using the vpnclient on the server or on workstations on the network? Is this a configurable option?

I'm working with no documentation here. So I'm really in the dark.


On Oct 5, 2004, at 7:42 PM, Terrell Prudé, Jr. wrote:

Lewis Holcroft wrote:

Hi all,

I have rolled out a K12LTSP 4.0 cluster of 5 servers (I could upgrade but I just got this installation working and am going to wait a while) and now that we have all the equipment in we are told that the client needs to use a $MS product. The vendor does not offer a Linux version so....

The first step is to set up a vpn link. The vendor uses CISCO 3000 series product and has sent along a copy of the cisco vpn client version

This requires the kernel source to install. That was fun to install.

When I start the daemon I get messages about tainting the kernel, which concerns me. Should I be concerned? I think so.

Is anyone running this vpn client?

If so, does it work well or have problems?



I have been using the Cisco VPN Client since v4.0.3B, up to and including the 4.6 version specified above, since 4.0.3B came out. Works fine, though for 2.6 kernels, experience has taught me that you will need the 4.6 version for reliable operation.

I have successfully done this on Red Hat Linux 9, Slackware GNU/Linux 9.1 and 10.0, and SuSE Linux 9.1. "Tainted" simply means that a proprietary, i. e. non-GPL kernel module is getting inserted into the kernel. Doesn't affect operation, but I wish Cisco would be less anally retentive about the GPL.

Do you GNU!? <http://www.gnu.org>
Be virus- and spam-free with Free/Open Source Software (FOSS). Check it out! <http://www.mozilla.org/thunderbird>

In my .pcf file, there's a setting "EnableLocalLan". Try setting that to 1 and let us know.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]