Cisco PIX VPN Connect from N900 - Page 2 - maemo.org

mail_e36 | # 11 | 2010-04-21, 18:17 | Report

Stlpaul, can you please elaborate on the actual command line you add "--dpd-idle=0" to in order to keep from being disconnected?

Essentially I am looking for the complete command since I cannot seem to get it running without it disconnecting after a while.

On the Vpnc web site I found the following two notes:

# disconnecting does not work reliable with all supported targets (a work-around is to connect with incorrect password, and then again with correct password)

# vpnc looses connection with some targets, even before the rekey-timer expires most probably due bugs with keepalive, dead-peer-detection or something else...

rcarlos | # 12 | 2010-04-21, 18:22 | Report

does it work with IPSec 3DES

stlpaul | # 13 | 2010-04-21, 19:32 | Report

Sure, I use vpnc on my desktop machine as well as my N900, and I do exactly the same commands and setup the same way on both. I don't use the GUI, I just use xterm.

I created a file in /etc/vpnc/company.conf with my company's VPN settings. Here's what they are, the parts I changed are in bold font:

Code:

IPSec gateway 123.123.123.1
IPSec ID MYVPN
IPSec obfuscated secret 9083258390532(long hex string)
Xauth username myusername

Now that the file is there, I can connect with "company" as a shortcut to that configuration. This is the exact commandline I use:

Code:

sudo vpnc --dpd-idle=0 company

After it connects, vpnc is launched as a background process and you can exit the xterm. When you're done with using the VPN you can open xterm and type:

Code:

sudo vpnc-disconnect

which will disconnect the VPN and close the vpnc background process.

Also important to know that vpnc on N900 does not (for me) work when you are connected to gprs (cellular internet)... only on wlan (WiFi).

To see all available command-line options type:

Code:

vpnc --long-help

And yes it works with 3des, that's what we use at my company.

The Following User Says Thank You to stlpaul For This Useful Post:
rcarlos

mail_e36 | # 14 | 2010-04-21, 22:31 | Report

stlpaul, thank you for your wonderfully complete response. I will try this out within the next day.

As a side note, in my previous tests I was able to connect to my Cisco VPN over both Wi-Fi and Cellular (Tmobile in the USA, using the Tmobile "VPN Data Plan" which provides a public IP directly to my N900). Of course the connection would drop soon thereafter, but that is a different issue which hopefully your last post will help the community address.

mail_e36 | # 15 | 2010-04-21, 23:54 | Report

Update:

It looks like the solution carefully provided by stlpaul is absolutely correct. I have used the "--dpd-idle=0" additional suffix and now I am staying connected, hopefully indefinately. I have run a ping and have successfully pinged up to ping sequence 1,100+, which tells me the connection is solid.

In short, it seems my problem was over-reliance on a GUI VPN front end program for vpnc called vpngui, version 5.4.4. It seems the next step would be to somehow edit the vpnc-gui configuration to add the "--dpd-idle=0" additional suffix, which would complete this super setup. This may involve making changes to the source code for vpngui, version 5.4.4 to add the "--dpd-idle=0" additional suffix by default to every connection it makes.

I am very new to Linux, but I would not shy away from recompiling vpngui, version 5.4.4 to make this change. Can anyone offer any advice on how we could make this small change to vpngui, version 5.4.4?

Thank you very much

rentboy | # 16 | 2010-04-22, 00:54 | Report

How much do you pay for the T-Mobile VPN data plan? I haven't been able to get VPN to work over my $30 a month smartphone plan.

mail_e36 | # 17 | 2010-04-22, 13:52 | Report

Since I've had Tmobile since the Voicestream days (10 years ago) the VPN data plan is $20/month... but they told me that if I make any drastic changes to my plan I will forfeit the cheap data plan and would have to get the normal more expensive data plan, like all new customers.

stlpaul | # 18 | 2010-04-22, 19:01 | Report

I'm glad I could help!

I'm using the $10 a month T-Mobile internet so maybe that's why VPN doesn't work for me.

mail_e36 | # 19 | 2010-04-23, 02:49 | Report

For those interested in setting aliases to run this script from xterm without doing tons of typing, in my case I had to perform a 'chmod' on the vpnc file in /opt/maemo/usr/sbin/ before my aliases would work.

cd /opt/maemo/usr/sbin/

chmod +x vpnc

This should let you run your alias directly from the $ prompt.

But i'm sure there are better ways to do this...

capo | # 20 | 2010-05-18, 09:42 | Report

Thank you for the explanation, right now, I can stay connect to my Uni-Cisco VPN using both cpngui or --idle things, but one problem that occur to me is I can connect to skype or anything that I have installed in my N900 such as a forecast or go to maemo to install a program, but I can't browse to web, or even download from maemo.org..
Is there any step that missed by me? so I can't browsing to internet?

Here is when I use the --idle=0...
sudo vpnc --dpd-idle=0 my_uni
route : SIOCDELRT : no such process
route : SIOCDELRT : no such process
sending state in dbus : connected
vpnc started in background (Pid : 1765)...

is there any mistake?