Alessio Molteni Dot Com

Windows 7 64 bit – Cisco VPN with CygWin VPNC client

by on Ott.28, 2009, under Tutorials

I’ve found that Cisco did not release their VPN Client for 64 bit machines…. so…. who cares !
The problem could be addressed using cygwin and vpnc opensource client.
This tutorial is suitable for people who are a little bit confortable with unix like shell or similar, I will not detail every step such as the cygwin installation steps.
Let’s begin !
P.s I based this article starting from what I’ve found here , thanks to “Salty”.
1- Install CygWin in Windows 7: http://www.cygwin.com
You should install those packages in addition to the base system:
– gcc-core
– libgcrypt-devel
– make
– perl
2- You will find on your Desktop the Cygwin link to open the bash prompt.
3- Modify the bash.exe executable to “Run as Administrator”: go to c:\cygwin\bin search bash.exe, right click on it, go to the “Compatibility” tab and flag “Run as Administrator”
4- Go to http://www.unix-ag.uni-kl.de/~massar/vpnc/ and download vpnc-0.5.3.tar.gz
5- Uncompress the tarball with the command “tar xvfz vpnc-0.5.3.tar.gz”
6- Enter the vpnc-0.5.3 directory with “cd vpnc-0.5.3”
7- Compile and install the vpnc client launcing the command “make install”
8- Download and Install OpenVPN from http://openvpn.net/index.php/open-source/downloads.html openvpn-2.1_rc20-install.exe
9- Run the OpenVPN Installater and deselct everything but TAP-Win32 Adapter V9
10- Check the Control Panel –> Network Connection and rename the TAP device as “VPN”
11- Create a configuration file in /etc/vpnc/default.conf as the following:

[cc lang=”bash” width=”600px” tab_size=”2″]
IPSec gateway YOURGATEWAY
IPSec ID YOURID
IPSec obfuscated secret YOURREALYLONGHEXVALUE (you can use your clear text password here if you remove obfuscated)
Xauth username YOURUSERNAME
Xauth password YOURPASSWORD
Interface name VPN
Interface mode tap
Local Port 0

[/cc]

12- Now you have to modify the file c:\cygwin\etc\vpnc\vpnc-script-win.js, I’ve modified what I’ve found on the Theology Web site I mentioned at the top of this article.
[cc lang=”javascript” width=”600px” tab_size=”2″]
// vpnc-script-win.js
//
// Sets up the Network interface and the routes
// needed by vpnc.

// ————————————————————–
// Utilities
// ————————————————————–

function echo(msg)
{
WScript.echo(msg);
}

function run(cmd)
{
return (ws.Exec(cmd).StdOut.ReadAll());
}

// function getDefaultGateway()
// {
// if (run(“route print”).match(/Default Gateway: *(.*)/)) {
// return (RegExp.$1);
// }
// return (“”);
// }

function getDefaultGateway()
{
var stuff = run(“route print 0.0.0.0 mask 0.0.0.0”);
var res;
var inal;
//echo (“Stuff” + stuff);
if (res = stuff.match(/0.0.0.0 *(.*) 0.0.0.0 *(.*)10/)) {
// echo (“RegExp: “+RegExp.$1+”2: “+ RegExp.$2+” 3:”+RegExp.$3);
//echo (“res :” + res[0]+” THE END!!!”);
inal = res[0].split(/\s/);
for (var i = 0; i < inal.length; i++) {
echo (“inal :” + inal[i]);
}

return (inal[2]);
}
return (“”);
}

function getDefaultGatewayOnDisconnect()
{
var stuff = run(“route print ” + env(“VPNGATEWAY”) + ” mask 255.255.255.255″);
var res;
var inal;
//echo (“Stuff” + stuff);
if (res = stuff.match(new RegExp(env(“VPNGATEWAY”) + ” *(.*) 255.255.255.255 *(.*)10″,”ig”))) {
//echo (“RegExp: “+RegExp.$1+”2: “+ RegExp.$2+” 3:”+RegExp.$3);
//echo (“res :” + res[0]+” THE END!!!”);
inal = res[0].split(/\s/);
for (var i = 0; i < inal.length; i++) {
echo (“inal :” + inal[i]);
}

return (inal[2]);
}
return (“”);
}

// ————————————————————–
// Script starts here
// ————————————————————–

var internal_ip4_netmask = “255.255.255.0”

var ws = WScript.CreateObject(“WScript.Shell”);
var env = ws.Environment(“Process”);

switch (env(“reason”)) {
case “pre-init”:
break;
case “connect”:
var gw = getDefaultGateway();
echo(“Default GW: ” + gw );
echo(“VPN Gateway: ” + env(“VPNGATEWAY”));
echo(“Internal Address: ” + env(“INTERNAL_IP4_ADDRESS”));
echo(“Internal Netmask: ” + env(“INTERNAL_IP4_NETMASK”));
echo(“Interface: \”” + env(“TUNDEV”) + “\””);

if (env(“INTERNAL_IP4_NETMASK”)) {
internal_ip4_netmask = env(“INTERNAL_IP4_NETMASK”);
}

echo(“Configuring \”” + env(“TUNDEV”) + “\” interface…”);

run(“netsh interface ip set address \”” + env(“TUNDEV”) + “\” static ” +
env(“INTERNAL_IP4_ADDRESS”) + ” ” + internal_ip4_netmask);

echo(“Delete Default Route Output: ” + run(“route delete 0.0.0.0 mask 0.0.0.0”));
echo(“Waiting 5 seconds to add new default route…”);
run(“sleep 5”);
echo(“Adding new VPN Default Route: ” + run(“route add 0.0.0.0 mask 0.0.0.0 ” + env(“INTERNAL_IP4_ADDRESS”)));
echo(“”);

// Add direct route for the VPN gateway to avoid routing loops
echo(“Add direct route for the VPN gateway to avoid routing loops”);
echo(“route add ” + env(“VPNGATEWAY”) + ” mask 255.255.255.255 ” + gw);
run(“route add ” + env(“VPNGATEWAY”) +
” mask 255.255.255.255 ” + gw);

echo(“Checking for WINS Servers…”);
if (env(“INTERNAL_IP4_NBNS”)) {
echo(“WINS Found, adding them to the TAP Device…”);
var wins = env(“INTERNAL_IP4_NBNS”).split(/ /);
for (var i = 0; i < wins.length; i++) {
run(“netsh interface ip add wins \”” +
env(“TUNDEV”) + “\” ” + wins[i]
+ ” index=” + (i+1));
}
}

echo(“Checking for DNS Servers…”);
if (env(“INTERNAL_IP4_DNS”)) {
echo(“DNS Found, adding them to the TAP Device…”);
var dns = env(“INTERNAL_IP4_DNS”).split(/ /);
for (var i = 0; i < dns.length; i++) {
run(“netsh interface ip add dns \”” +
env(“TUNDEV”) + “\” ” + dns[i]
+ ” index=” + (i+1));
}
}

echo(“done.”);

// Add internal network routes
echo(“Configuring networks:”);

if (env(“CISCO_SPLIT_INC”)) {
for (var i = 0 ; i < parseInt(env(“CISCO_SPLIT_INC”)); i++) {
var network = env(“CISCO_SPLIT_INC_” + i + “_ADDR”);
var netmask = env(“CISCO_SPLIT_INC_” + i + “_MASK”);
var netmasklen = env(“CISCO_SPLIT_INC_” + i +
“_MASKLEN”);
run(“route add ” + network + ” mask ” + netmask +
” ” + env(“INTERNAL_IP4_ADDRESS”));
}

} else {
echo(“Gateway did not provide network configuration.”);
}
echo(“Route configuration done.”);

if (env(“CISCO_BANNER”)) {
echo(“————————————————–“);
echo(env(“CISCO_BANNER”));
echo(“————————————————–“);
}

break;
case “disconnect”:
// Delete direct route for the VPN gateway to avoid
echo(“Cleaning Routes…”);

var gw = getDefaultGatewayOnDisconnect()
echo(“DefaultGW: ” + gw);

echo(“route delete ” + env(“VPNGATEWAY”) + ” mask 255.255.255.255″);
run(“route delete ” + env(“VPNGATEWAY”) + ” mask 255.255.255.255″);

echo(“route delete 0.0.0.0 mask 0.0.0.0 “);
run(“route delete 0.0.0.0 mask 0.0.0.0 “);

echo(“route add 0.0.0.0 mask 0.0.0.0 ” + gw);
run(“route add 0.0.0.0 mask 0.0.0.0 ” + gw);
}

[/cc]

13- Now you should be ready to run the command “vpnc –no-detach”
14- You should be connected to your VPN !
:, ,

Comments are closed.

Cerchi qualcosa ?

Usa il form sottostante per cercare nel sito:

Non trovi quello che cerchi ? Lasciami una mail o un commento!

Archivio

Tutti i post in ordine cronologico...