Como parte del trabajo que realizo es necesario contar con la posibilidad de conectarme a la red interna de la organización, sabemos que hay mejores herramientas que las que ofrece Cisco en cuestión de VPN, sin embargo forman parte del escenario en el que laboralmente nos movemos.
Así que al grano, la receta para instalar el cliente de Cisco es la siguiente:
Así que al grano, la receta para instalar el cliente de Cisco es la siguiente:
Verificar versión del kernellisto, disfruta trabajando desde tu casa !
- $ uname -r
2.6.24-21-generic
Nota: esta receta aplica para kernels 2.6.24+, para la serie 2.6.22 es cuestión de
buscar el cliente y el parche los cuales puedes encontrar en las referencias que
cito mas abajo.
Independientemente de ello el procedimiento es muy similar.
Instalar herramientas de Compilación y cabeceras del kernel
- $ dpkg-query --show build-essential
build-essential 11.3ubuntu1
- $ dpkg-query --show linux-headers-generic
linux-headers-generic 2.6.24.21.23
- en caso de NO contar con ellas, entonces a instalarlas
$ sudo apt-get install build-essential linux-headers-generic
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
build-essential linux-headers-generic
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 7066B/33.5kB of archives.
After this operation, 102kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com hardy/main build-essential 11.3ubuntu1 [7066B]
Fetched 7066B in 0s (8227B/s)
Selecting previously deselected package build-essential.
(Reading database ... 230086 files and directories currently installed.)
Unpacking build-essential (from .../build-essential_11.3ubuntu1_i386.deb) ...
Selecting previously deselected package linux-headers-generic.
Unpacking linux-headers-generic (from .../linux-headers-generic_2.6.24.21.23_i386.deb) ...
Setting up build-essential (11.3ubuntu1) ...
Setting up linux-headers-generic (2.6.24.21.23) ...
Bajar el cliente de VPN Cisco y el parche correspondiente a la versión del kernel
- Cliente VPN Cisco
- Parche para kernel 2.6.24+
Descomprimir el Cliente
$ cd /opt
$ tar xvfz /home/aqzero/Downloads/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
vpnclient/
vpnclient/libvpnapi.so
vpnclient/vpnapi.h
vpnclient/cisco_cert_mgr
vpnclient/vpnclient
vpnclient/ipseclog
vpnclient/cvpnd
vpnclient/vpn_install
vpnclient/vpnclient_init
vpnclient/vpn_uninstall
vpnclient/driver_build.sh
vpnclient/sample.pcf
vpnclient/vpnclient.ini
vpnclient/license.txt
vpnclient/license.rtf
vpnclient/interceptor.c
vpnclient/linuxcniapi.c
vpnclient/linuxcniapi.h
vpnclient/vpn_ioctl_linux.h
vpnclient/IPSecDrvOS_linux.c
vpnclient/linux_os.h
vpnclient/frag.h
vpnclient/frag.c
vpnclient/linuxkernelapi.c
vpnclient/GenDefs.h
vpnclient/mtu.h
vpnclient/IPSecDrvOSFunctions.h
vpnclient/IPSecDrvOS_linux.h
vpnclient/Cniapi.h
vpnclient/unixcniapi.h
vpnclient/unixkernelapi.h
vpnclient/config.h
vpnclient/libdriver64.so
vpnclient/libdriver.so
vpnclient/Makefile
Aplicar el parche correspondiente
$ cd /opt/vpnclient
$ patch < ~/Download/vpnclient-linux-2.6.24-final.diff
patching file GenDefs.h
patching file interceptor.c
Instalar
$ sudo vpn_install
Cisco Systems VPN Client Version 4.8.01 (0640) Linux Installer
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.24-21-generic/build]
* Binaries will be installed in "/usr/local/bin".
* Modules will be installed in "/lib/modules/2.6.24-21-generic/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from "/lib/modules/2.6.24-21-generic/build" will be used to build the module.
Is the above correct [y]
Shutting down /opt/cisco-vpnclient/bin/vpnclient: module cisco_ipsec is not running.
Stopped: /etc/init.d/vpnclient_init (VPN init script)
Making module
make -C /lib/modules/2.6.24-21-generic/build SUBDIRS=/opt/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-21-generic'
CC [M] /opt/vpnclient/linuxcniapi.o
CC [M] /opt/vpnclient/frag.o
CC [M] /opt/vpnclient/IPSecDrvOS_linux.o
CC [M] /opt/vpnclient/interceptor.o
CC [M] /opt/vpnclient/linuxkernelapi.o
LD [M] /opt/vpnclient/cisco_ipsec.o
Building modules, stage 2.
MODPOST 1 modules
WARNING: could not find /opt/vpnclient/.libdriver.so.cmd for /opt/vpnclient/libdriver.so
CC /opt/vpnclient/cisco_ipsec.mod.o
LD [M] /opt/vpnclient/cisco_ipsec.ko
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-21-generic'
Copying module to directory "/lib/modules/2.6.24-21-generic/CiscoVPN".
Already have group 'bin'
Creating start/stop script "/etc/init.d/vpnclient_init".
/etc/init.d/vpnclient_init
Enabling start/stop script for run level 3,4 and 5.
Installing license.txt (VPN Client license) in "/opt/cisco-vpnclient/":
/opt/cisco-vpnclient/license.txt
Installing bundled user profiles in "/etc/opt/cisco-vpnclient/Profiles/":
* Replaced Profiles: sample
Copying binaries to directory "/opt/cisco-vpnclient/bin".
Adding symlinks to "/usr/local/bin".
/opt/cisco-vpnclient/bin/vpnclient
/opt/cisco-vpnclient/bin/cisco_cert_mgr
/opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory "/opt/cisco-vpnclient/bin".
/opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory "/opt/cisco-vpnclient/lib".
/opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory "/opt/cisco-vpnclient/include".
/opt/cisco-vpnclient/include/vpnapi.h
Setting permissions.
/opt/cisco-vpnclient/bin/cvpnd (setuid root)
/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient (permissions not changed)
* You may wish to change these permissions to restrict access to root.
* You must run "/etc/init.d/vpnclient_init start" before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.
Iniciar el servicio
$ sudo /etc/init.d/vpnclient_init start
[sudo] password for aqzero:
Starting /opt/cisco-vpnclient/bin/vpnclient: Done
Instalar tus _profiles_ de Cisco
$ cp trabajo.pcf /etc/opt/cisco-vpnclient/Profiles/
Probar tu enlace
$ sudo vpnclient connect trabajo
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.24-21-generic #1 SMP Tue Oct 21 23:43:45 UTC 2008 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Contacting the gateway at 21.10.40.30
Authenticating user.
Negotiating security policies.
Securing communication channel.
Do you wish to continue? (y/n): y
Your VPN connection is secure.
VPN tunnel information.
Client address: 192.168.10.10
Server address: 21.10.40.30
Encryption: 128-bit AES
Authentication: HMAC-SHA
IP Compression: None
NAT passthrough is active on port UDP 4500
Local LAN Access is disabled
refs:
code it !
No hay comentarios:
Publicar un comentario