Thanks for that Bryan, but I sadly I can't control the remote endpoint and from what I know Any Connect is a different type of VPN, so I can't use openconnect to connect to this VPN.
Isn't there any way to get VPNC to work on a recent OpenBSD? On Jan 5, 2011, at 10:53 PM, Bryan wrote: > On Wed, Jan 5, 2011 at 15:20, Christian Kildau <m...@chrisk.de> wrote: >> Hi all, >> >> I'm having a hard time getting vpnc (0.5.3) from packages to work on 4.8. >> I have it running on Mac OS X (and Linux also), but it just doesn't work(tm) >> on OpenBSD. >> > > Oh good, I thought I was the only one. > >> Everything get's set up properly (in my eyes). The tun device is created, the >> IP Address is assigned, the routes are set. But it looks like vpnc just >> doesn't forward anything. >> >> net.inet.esp.enable and net.inet.ah.enable are set to 0, as mentioned by the >> vpnc installation script. >> >> # ping sipgate.de >> PING sipgate.de (217.10.79.9): 56 data bytes >> ping: sendto: No buffer space available >> ping: wrote sipgate.de 64 chars, ret=-1 >> >> Has anyone got this working on a recent OpenBSD? >> > > I had to give up and use openconnect. It uses a vpnc script to create > the SSL tunnel I use. I submitted an update when the WANTLIB changes > came in, but I didn't see any inclusion to -current... > > Here is the latest version of openconnect, it works to connect to my > Cisco AnyClient VPN at work. I've tested it on i386 and amd64 > > > --------------------------------------------------------------- > #more DESCR > OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is > supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco > SR500, 870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers, > and probably others. > > OpenConnect is released under the GNU Lesser Public License, version > 2.1. > > Like vpnc, OpenConnect is not officially supported by, or associated in > any way with, Cisco Systems. It just happens to interoperate with their > equipment. > > Development of OpenConnect was started after a trial of their "official" > client under Linux found it to have many deficiencies: > > * Inability to use SSL certificates from a TPM, or even use > a passphrase. > * Lack of support for Linux platforms other than i386. > * Lack of integration with NetworkManager on the Linux desktop. > * Lack of proper (RPM/DEB) packaging for Linux distributions. > * "Stealth" use of libraries with dlopen(), even using the > development-only symlinks such as libz.so - making it hard to > properly discover the dependencies which proper packaging would > have expressed > * Tempfile races allowing unprivileged users to trick it into > overwriting arbitrary files, as root. > * Unable to run as an unprivileged user, which would have > reduced severity of the above bug. > * Inability to audit the source code for further such "Security > 101" bugs. > > Naturally, OpenConnect addresses all of the above issues, and more. > > > It's been tested on i386 and amd64. I updated it to work with the new > WANTLIB changes. This adds to Jiri's earlier work. I just added the > WANTLIB changes. He's short on bandwidth at the moment, so I made the > changes. > > [demime 1.01d removed an attachment of type application/x-gzip which had a name of openconnect.tar.gz]