Re: VPN IPSec (Cisco vpnc)
Hajder Rabiee wrote: > Trying to connect to VPN at work but keep getting: "vpnc: no response from > target". This is a typical response when the group name/password are incorrect. IPSec ID IPSec secret Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/h1pbobxuhc@news.roaima.co.uk
Re: VPN IPSec (Cisco vpnc)
On Thursday 11 December 2014 19:38:52, Hajder Rabiee wrote : > Ok thank you for your reply. > > I'll have a second round with the IT admins. The question remains if the > pre shared key is the same as the group password? If not, how is it > specified in vpnc? My answer was unclear. The group name and group password are not related in any way to the login, password or pre shared key. In other words, you need to ask your admins for some personal credentials (login, password, token or whatever is supported) and, in addition, a group name and a group password. The group name and group password are the same for every user of the group. That's the reason you need your own login/password and they must not be the same as the group name and password which are shared by every user in the group. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/201412120948.09108.frederic.marc...@wowtechnology.com
Re: VPN IPSec (Cisco vpnc)
Here are the fields in my default.conf for vpnc and what I use them for: IPSec gateway this is the IP you use to access the vpn IPSec IDwe use this as the ID for the company. IPSec secretthis is the key Xauth username we don't use this Xauth password we don't use this Vendor ciscoI think vpnc uses this Local Port 1 Debug 1 sets the logging level - higher = more logging On Thursday, December 11, 2014 13:38:52 Hajder Rabiee wrote: > Ok thank you for your reply. > > I'll have a second round with the IT admins. The question remains if the > pre shared key is the same as the group password? If not, how is it > specified in vpnc? > > > > On Thu, Dec 11, 2014 at 12:20 PM, Frédéric Marchal < > > frederic.marc...@wowtechnology.com> wrote: > > 2014-12-11 8:04 GMT+01:00 Hajder Rabiee : > > > Hi > > > > > > Trying to connect to VPN at work but keep getting: "vpnc: no response > > > > from > > > > > target". > > > > > > I have created my vpn.conf in /etc/vpnc/myconf.conf and also added > > > Local Port 1 as I've read some posts that the particular error > > > message > > > > might > > > > > have to do > > > with a block in the firewall. Comparing with OSX - where the VPN works, > > > > the > > > > > only difference is that I have to specify a group name in Linux. I have > > > talked to the IT admins and gotten the correct group name. I wonder > > > > though > > > > > is the Group Password the same as the shared key? Otherwise how do I > > > specify it? > > > > I followed this tutorial to connect to Palo Alto GlobalProtect using > > vpnc protocol: > > > > > > http://blog.webernetz.net/2014/03/31/palo-alto-globalprotect-for-linux-wi > > th-vpnc/ > > > > The group name and group password are distinct parameters. The IT > > admin should give you both in addition to your own credentials. > > > > In the case of Palo Alto, it was necessary to enable X-Auth. I don't > > remember the error message I received when it was not enabled. OSX, > > Android and Windows with the GlobalProtect client don't need the > > X-Auth protocol. Only Linux's vpnc needs it. You may have some similar > > settings on your VPN server. > > > > I configured the vpn using the Network Manager in KDE so I don't know > > about /etc/vpnc. > > > > Make sure you are not trying to connect to the VPN server from inside > > the lan. It doesn't work on my network. I can only connect from the > > wan. > > > > I also had to circumvent another problem after the connection was > > established. The route to the gateway is set to 128.0.0.0/1. Half of > > the internet address space is routed through the VPN tunnel. I had to > > configure vpnc to ignore the default route and add my own custom > > routes (I did all of this in the Network Manager). OSX and Windows > > receive the correct route though. I have yet to investigate more > > deeply into that problem. > > > > Frederic -- Mike McGinn KD2CNU Be happy that brainfarts don't smell. No electrons were harmed in sending this message, some were inconvenienced. ** Registered Linux User 377849
Re: VPN IPSec (Cisco vpnc)
Ok thank you for your reply. I'll have a second round with the IT admins. The question remains if the pre shared key is the same as the group password? If not, how is it specified in vpnc? On Thu, Dec 11, 2014 at 12:20 PM, Frédéric Marchal < frederic.marc...@wowtechnology.com> wrote: > 2014-12-11 8:04 GMT+01:00 Hajder Rabiee : > > Hi > > > > Trying to connect to VPN at work but keep getting: "vpnc: no response > from > > target". > > > > I have created my vpn.conf in /etc/vpnc/myconf.conf and also added Local > > Port 1 as I've read some posts that the particular error message > might > > have to do > > with a block in the firewall. Comparing with OSX - where the VPN works, > the > > only difference is that I have to specify a group name in Linux. I have > > talked to the IT admins and gotten the correct group name. I wonder > though > > is the Group Password the same as the shared key? Otherwise how do I > > specify it? > > > I followed this tutorial to connect to Palo Alto GlobalProtect using > vpnc protocol: > > > http://blog.webernetz.net/2014/03/31/palo-alto-globalprotect-for-linux-with-vpnc/ > > The group name and group password are distinct parameters. The IT > admin should give you both in addition to your own credentials. > > In the case of Palo Alto, it was necessary to enable X-Auth. I don't > remember the error message I received when it was not enabled. OSX, > Android and Windows with the GlobalProtect client don't need the > X-Auth protocol. Only Linux's vpnc needs it. You may have some similar > settings on your VPN server. > > I configured the vpn using the Network Manager in KDE so I don't know > about /etc/vpnc. > > Make sure you are not trying to connect to the VPN server from inside > the lan. It doesn't work on my network. I can only connect from the > wan. > > I also had to circumvent another problem after the connection was > established. The route to the gateway is set to 128.0.0.0/1. Half of > the internet address space is routed through the VPN tunnel. I had to > configure vpnc to ignore the default route and add my own custom > routes (I did all of this in the Network Manager). OSX and Windows > receive the correct route though. I have yet to investigate more > deeply into that problem. > > Frederic > -- Med vänliga hälsningar / Best Regards Hajder
Re: VPN IPSec (Cisco vpnc)
2014-12-11 8:04 GMT+01:00 Hajder Rabiee : > Hi > > Trying to connect to VPN at work but keep getting: "vpnc: no response from > target". > > I have created my vpn.conf in /etc/vpnc/myconf.conf and also added Local > Port 1 as I've read some posts that the particular error message might > have to do > with a block in the firewall. Comparing with OSX - where the VPN works, the > only difference is that I have to specify a group name in Linux. I have > talked to the IT admins and gotten the correct group name. I wonder though > is the Group Password the same as the shared key? Otherwise how do I > specify it? I followed this tutorial to connect to Palo Alto GlobalProtect using vpnc protocol: http://blog.webernetz.net/2014/03/31/palo-alto-globalprotect-for-linux-with-vpnc/ The group name and group password are distinct parameters. The IT admin should give you both in addition to your own credentials. In the case of Palo Alto, it was necessary to enable X-Auth. I don't remember the error message I received when it was not enabled. OSX, Android and Windows with the GlobalProtect client don't need the X-Auth protocol. Only Linux's vpnc needs it. You may have some similar settings on your VPN server. I configured the vpn using the Network Manager in KDE so I don't know about /etc/vpnc. Make sure you are not trying to connect to the VPN server from inside the lan. It doesn't work on my network. I can only connect from the wan. I also had to circumvent another problem after the connection was established. The route to the gateway is set to 128.0.0.0/1. Half of the internet address space is routed through the VPN tunnel. I had to configure vpnc to ignore the default route and add my own custom routes (I did all of this in the Network Manager). OSX and Windows receive the correct route though. I have yet to investigate more deeply into that problem. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAJ7R-8R1HLVORcnUhfrhv+xJG7E9wm3mGZUcAf_ofeBWVGbg=w...@mail.gmail.com
VPN IPSec (Cisco vpnc)
Hi Trying to connect to VPN at work but keep getting: "vpnc: no response from target". I have created my vpn.conf in /etc/vpnc/myconf.conf and also added Local Port 1 as I've read some posts that the particular error message might have to do with a block in the firewall. Comparing with OSX - where the VPN works, the only difference is that I have to specify a group name in Linux. I have talked to the IT admins and gotten the correct group name. I wonder though is the Group Password the same as the shared key? Otherwise how do I specify it? Thank you -- Med vänliga hälsningar / Best Regards Hajder
