(Please visit new location of this post here http://binaryjunction.com/ .)

I have been using “vpnc” software as a VPN client for connecting to my company’s VPN servers for quite some time. However, “vpnc” is very limited in features as it only supports IPsec aggressive mode, pre shared key (PSK) authentication, and only IKEv1 (IKE version 1). Although, “vpnc” also supports “hybrid” authentication, this hybrid authentication just involves verifying server’s certificate, but not client’s certificates. These features are just a subset of features included in various IPsec and IKE protocols. In addition to the features what “vpnc” offers, IPsec and IKE protocol suites involve IKEv1 main mode (phase 1 exchange in addition to phase 2 quick mode exchange), certificates and raw RSA keys based authentication, and IKEv2 (IKE version 2) among several others features. Due to this, I planned to move to another IPsec based VPN software that implements a large IPsec and IKE feature set. Openswan (http://www.openswan.org/) is one such popular open source (free) software available that can be used for connecting to Cisco VPN servers. Here I will explain the instruction I used for connecting to my company’s Cisco VPN server. I used the latest Openswan version (2.6.25) as of now that can be downloaded from http://www.openswan.org/download/openswan-2.6.25.tar.gz . I have experimented Openswan on Fedora and Ubuntu Linux distributions. Fedora offers pre compiled rpms, whereas it should be compiled from source on Ubuntu. For example, Openswan rpms for Fedora 12 can be downloaded from http://koji.fedoraproject.org . Various instructions for using Openswan are described next.

For full post, please visit here at http://binaryjunction.com/ .

Advertisements