jueves 12 de enero de 2012

vpn nortel linux

Como siempre el tema de las vpn en linux es algo difici ya que algunas empresas como citrix no tienen cliente para este S. O. afortunadamente en el caso de nortel podemos usar vpnc con algunas configuraciones extra. Lo primero que debemos hace es descargar el cliente:

svn co -r 414 http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel
Nos movemos al directorio de descargamos y compilamos el código fuente:

$ cd vpnc-nortel
$ make
$ sudo make install
$ sudo mv /etc/vpnc/default.conf /etc/vpnc/default.conf.install 
Listo, ya tenemos instalado el cliente, ahora la configuración.

Creamos el archivo /etc/vpnc/contivity-ip-split.conf :

#===== /etc/vpnc/contivity-ip-split.conf
IPSec gateway XX.XX.XX.XX
IPSec ID ID_GROUP
IPSec secret PASS_GROUP


# This is specific to  Nortel Contivity Server Config 
# please update accodingly
Vendor nortel
Nortel Client ID V06_01
IKE DH Group dh5
IKE Authmode gpassword
Local Port 501
## To add your username and password,
## use the following lines:
Xauth username USER
Xauth password PASS


Script /etc/vpnc/contivity-ip-split-script


# No Detach # This is for debugging purposes only... runs vpnc in foreground
# Debug 99  # Again for debug purposes check vpnc --long-help for verbosity levels
#            # NEVER post debug99 log on the internet, it  contains username and passwd

Ahora creamos el script  /etc/vpnc/contivity-ip-split-script :



#!/bin/sh
#==== /etc/vpnc/contivity-ip-split-script


add_ip ()
{
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$1
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=255.255.25 5.255
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=32
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC + 1))
}
add_Csubnet ()
{
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$1
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=255.255.25 5.0
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=24
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC + 1))
}
add_Bsubnet ()
{
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$1
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=255.255.0.0
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=16
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC + 1))
}
add_Asubnet ()
{
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$1
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=255.0.0.0
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=8
export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC + 1))
}


# Initialize empty split tunnel list
export CISCO_SPLIT_INC=0


# Delete DNS info provided by VPN server to use internet DNS
# Comment following line to use DNS beyond VPN tunnel
unset INTERNAL_IP4_DNS


# List of IPs beyond VPN tunnel
# These should be listed in /etc/hosts also...


#add_ip 10.XXX.XXX.XXX #email server
#add_ip 10.YYY.YYY.YYY # www server
#add_ip 10.AAA.BBB.CCC # your workstation
#add_ip 10.ZZZ.ZZZ.ZZZ # some other server
# add_Asubnet 10.0.0.0 # full 10.0.0.0 private class A subnet
add_Bsubnet 10.220.0.0 # eg class B subnet
add_Bsubnet 10.225.0.0
# add_Csubnet 10.10.10.0 # eg class C subnet


# Execute default script
. /etc/vpnc/vpnc-script


# End of script


Recordamos modificar las subredes por que que usamos en nuestras vpn.
Le damos permisos de ejecución y creamos un link al archivo de configuración

chmod 700 /etc/vpnc/contivity-ip-split-script
cd /etc/vpnc/ln -s contivity-ip-split.conf default.conf
Listo, para conectarnos solo ejecutamos:

 $ sudo vpnc
y para desconectar:
  $ sudo vpnc-disconnect
Ahora podemos navegar por vpn sin problemas :D
Publicado por raag pc en 08:53
Suscribirse a: Enviar comentarios (Atom)