With change comes challenges; the corporate guys changed the VPN solution we have been using from a MS to a Cisco based solution.
Due to laziness on my part, I have only tried to get this working with VPNC and have not tried the Cisco client option.
So, this is a summary of my experience for anyone else trying to use the VPNC (NetworkManager) option. Any improvements or new ideas are welcome.
The problem was that I could not get the VPNC under NetworkManager to connect using the encrypted group password or the decrypted version of it. To try and bypass this I tried to edited the VPNC connection info using the GNOME config editor and put the group password string there. No success.
The only solution that does work is via the command prompt using the “vpnc” and “vpn-disconnect” commands via sudo.
So I converted the pcf file to the VPNC conf format using “pcf2vpnc” and added additional info at the command prompt until I got the connection working. Once it was working I added “–print-config” to the vpnc command line to get the final configuration for the config file. After updating the config file (in /etc/vpnc) with the final config, I have been able to connect and disconnect with no issues (e.g. vpnc myCustom.conf).
The only outstanding task is to configure split routing on my side by running a post VPN connect script that updates the routing table. DNS also needs to be modified by merging the pre VPN resolv.conf with the current resolv.conf. That seems the easier solution than running a local DNS server
This is a little messy, but gets the job done until it can be managed via the NetworkManager UI without issues.
The packages I have installed on openSUSE 11 (32bit i686) are:
The content of the VPNC conf file:
IPSec ID <grpID>
IPSec gateway <IP Address>
IPSec obfuscated secret <Big long encrypted password>
Xauth username <username>
IKE Authmode psk
Interface name <for later scripting convenience>
Enable Single DES
IKE Authmode psk