Monday, December 28, 2015

Cisco VPNC Fedora 22 woes

Moving to our new server setup using a Cisco ASA 5500 was great, up until I realized the instructions for connecting that I was given was for Windows.

A couple months ago I made the switch to Fedora 22, and have loved every moment of the switch. Well, almost every moment, except for the bit where some stuff just doesn't seem to work like it's supposed to, and you can find dozens of posts online where people have the exact same problem, none of which ever seem to have found resolution.

My first mistake: Trying to adapt the Windows instructions for use in Fedora. Why was this a mistake? Simply because the software suggested, while it runs in Fedora, turned out to be the really long way around.
Shrew Soft just wouldn't connect. It timed out, and didn't give me any indication as to why. I ended up turning on debugging in the conf, restarting, trying again, saving the debug. Still made little to no sense to me (have you ever seen those logs?!).

I tried installing and configuring like this:
No luck, never got past: ipsec auto --add VPN_CONNECTION_NAME

After that I tried a couple manual setups of ipsec and openswan, and felt like I was getting somewhere, but as I know next to nothing about VPN, it was all very confusing.

Finally, I ran: dnf search NetworkManager
Found this guy: NetworkManager-vpnc
Dnf installed that.
Opened Network in gnome.
Clicked the little + in the bottom left corner, chose vpn, then Cisco Compatible VPN (vpnc)

 --> The stuff in () after each described where that is in Shrew Soft, if you have those instructions like I did.
Entered the Gateway (host name or IP address of remote host)
User name and pwd (in shrew soft entered after you try to connect)
Added Group name (Authentication->Local Identity->Key ID String)
Group password (Authentication->Credentials->Pre Shared Key)

In Advanced, I checked the box for "Disable Dead Peer Detection", clicked Apply.
Finally clicked "Add", then switched it on!

A wasted few hours of trying to figure it out, and it was basically already there.

Hope this saves some poor soul some time.

No comments:


Made by Lena