Thursday, May 29, 2008

vpnc on Cygwin

vpnc is a nice VPN client to use because it lets you setup routes specifically for the VPN network, instead of globally. I like this because I have file servers that my computer access that I "loose access" to whenever I create a VPN connection normally.

Here are the steps I needed to take to install vpnc on Cygwin to allow it to work in Windows.

Requirements:
  • Download vpnc source
    • I used version 0.5.1
  • Download Cygwin Install file
  • Download OpenVPN
Steps for Installation
  1. Install Cygwin with the packages:
    • Base (everything)
    • Devel: make
    • Devel: gcc
    • Perl: perl
    • Libs: libgcrypt
      • Source also
    • Libs: libgpg-errors
    • Libs: libiconv
    • Libs: libiconv2
    • Editors: vim
  2. Install OpenVPN. During the install just have “TAP-Win32 Virtual Ethernet Adapter” and “Add Shortcuts to Start Menu” checked.
  3. Start the Cygwin shell by executing the "Cygwin" icon on your desktop
  4. copy the vpnc source gzipped tarball to /var/tmp
  5. Copy libgcrypt source to /var/tmp
    • cp /usr/lib/src/libgcrypt-[version].tar.bz2 /var/tmp
  6. cd /var/tmp
  7. "Unzip" libgcrypt source file
    • bunzip2 libgcrypt-[version].tar.bz2
  8. Untar libgcrypt source file
    • tar -xvf libgcrypt-[version].tar
  9. cd libgcrpyt-[version]
  10. Compile libgcrypt
    • make
  11. cd /var/tmp
  12. "Unzip" vpnc source file
    • gunzip vpnc-[version].tar.gz
  13. Untar vpnc source file
    • tar -xvf vpnc-[version].tar
  14. cd vpnc-[version]
  15. Edit Makefile file
    • vi Makefile
  16. Add bulletted line after "LDFLAGS += $(shell libgcrypt-config --libs) $(OPENSSLLIBS)"
    • LDFLAGS += -L/var/tmp/libgcrypt-[version]/src/.libs
  17. Compile vpnc
    • make
  18. Install vpnc
    • make install
Configuration
  1. First you will need to rename the TAP connection you created when you installed OpenVPN to not contain any spaces:
    1. Open "Network Connections"
    2. Rename your TAP Virtual Adapter from "Local Connection #" to "my-tap"
  2. When you try to use vpnc it will want port 500 open by default. This port is used by the IPSEC service in windows (if the service is started). You can either
    • Use a different port by configuring "Local Port" in the vpnc config file which we will look at in step 2
      • This may be required to work with your concentrator depending
    • Stop the IPSEC service (if its running) to make port 500 available
      • This may be required to work with your concentrator depending
  3. You will need to setup your config file for vpn now. This file is located at /etc/vpnc/default.conf You can setup the following variables
    • vi /etc/vpnc/default.conf
      • Required:
        • IPSec gateway [gateway-ip]
        • IPSec ID [group-id]
        • Xauth username [username]
      • Optional:
        • Xauth password [password]
        • IPSec secret [group-psk]
        • Local Port [portNumber]
        • NAT Traversal Mode [mode]
        • Interface name [intName]
        • Interface mode [mode]
      • My settings are:
        • IPSec gateway [notTelling]
        • IPSec ID [notTelling]
        • Xauth username [notTelling]
        • Xauth password [notTelling]
        • IPSec secret [notTelling]
        • NAT Traversal Mode cisco-udp
        • Interface name my-tap
        • Interface mode tap
Running vpnc
  1. /usr/local/sbin/vpnc --no-detach
Running vpnc with routing
As stated in the beginning, the nice thing about vpnc is you can have "vpn traffic" have a seperate gateway from "normal traffic". All you should need to do is add a specific route/gateway to use from your normal traffic. Do this after creating the vpnc connection.
  1. route add [networkip] mask [networknetmask] [gatewayip] metric 1
    • Example:
    • route add 50.0.0.0 mask 255.0.0.0 50.0.0.1 metric 1
Posted by at 1 comment:
Labels: , ,
Subscribe to: Posts (Atom)