Subject: vpnc 0.3.3 status update
To: None <tech-pkg@NetBSD.org>
From: Hubert Feyrer <hubert@feyrer.de>
List: tech-pkg
Date: 01/03/2006 19:12:09
I'm currently typing this through a connection made with vpnc 0.3.3.
The mandatory vpnc-script shipped with 0.3.3 still needs some heavy
whacking, and I've mostly written one from scratch for NetBSD.
Those that want to play, grab the package at [1] and after installation
patch /usr/pkg/etc/vpnc-script with [2]. Then edit the latter - if you're
on a machine with a DSL interface connected, set isp_interface to your PPP
interface (e.g. ppp0). If you have some other machine on the LAN as
default router, set isp_interface="" and further down set the "isp_route"
variable to your gateway's IP instead of 10.0.0.3 - sorry this is a bit
messy right now, I'll see if I can merge this with the 'official' script
somehow.
(I was also told that Cisco have finally realized that their 'group
passwords' stored in their old clients' PCF files were rather easily
breakable[3], and that their new clients using "hybrid" authentication are
120% proprietary, so no go with vpnc on them; I'd appreciate inputs from
people using e.g. NetBSD's ipsec-tools or OpenVPN to access such a machine
:-/)
- Hubert
[1] http://www.feyrer.de/Misc/vpnc-0.3.3.tgz
[2] http://www.feyrer.de/Misc/vpnc-0.3.3-script.diff
[3] http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode