VPN Problem

Hello -
Just installed Suse 11.4 and I am trying to connect to my office network via VPN, and am failing miserably.

I hope I don’t mangle this too much – I don’t know a lot about VPNs. I am just going on talking to our administrator and the instructions he gave me for creating a connection on a Windows machine.
Information about the server I am connecting to:

  • It is a l2tp connection
  • Using a preshared key.
  • Uses mschap v2 authentication.

I am trying to use the Kvpnc program. I have tried several of the backends with various settings, but the one that seemed closest was L2TP (openswan/strong). I selected Preshared key. When I go to Authentication method and choose MSCHAP-v2, it doesn’t seem to be able to save this setting. When I go back to this screen it has reverted back to CHAP. I feel this is the problem, but can’t be sure. It never returns with an error. It just says Connecting… forever.

Here is what I see in the log screen:

info: Gateway hostname (xx.xx.xx.xxx) resolved to “xx.xx.xx.xxx”.
debug: Default interface: “eth0”.
debug: IP address of default interface: “67.171.218.106”.
debug: default interface: eth0
debug: LocalIP: 67.171.218.106
debug: [L2TP (strongSwan)] Stopping openswan…
debug: Backing up ipsec.conf, ipsec.secrets
debug: ipsec.conf found in /etc, assuming /etc as prefix for L2TP (strongSwan).
debug: ipsec: strongSwan U4.5.0
debug: Setting DNS_UPDATE “Yes”.
debug: Default interface: “eth0”.
debug: IP address of default interface: “67.171.218.106”.
debug: pppd secrets file: /etc/ppp/chap-secrets
debug: Username: eug\jsmallwood
debug: [L2TP (strongSwan)] Starting ipsec…
debug: IPsec daemon (L2TP (strongSwan)) started.
info: [ipsec] Starting strongSwan 4.5.0 IPsec [starter]…
debug: [ipsec] Starting “/usr/sbin/ipsec whack’ --listen”…
debug: “/usr/sbin/ipsec whack --listen” started.
debug: “/usr/sbin/ipsec whack --name Cascade --initiate” started.

Any ideas? Thanks in advance.

Joel

So, I am no expert on vpn, but I do use it all of the time, though mostly with Windows. I have had to get with the Network Administrator and get them to enable access to the host system including user name, password and allowed IP addresses (when it applies) and then get them to send me a Cisco vpnc file. There is a program called /usr/bin/pcf2vpnc (part of vpnc) that can convert a pcn file to vpnc if required. I always try to get a configuration file so I do not need to know the inner details. You can then use vpnc with this configuration at which point you just login with user name and password. A lot depends on what the remote network and network administrators support. And, I have actually used Windows first to just make sure that it all works (using the Cisco vpn client), because when it does not work, it may be hard to determine why. Anyway, just some thoughts on the matter.

Thank You,