Zentraler Informatikdienst der TU Wien
> Zum Inhalt

VPNC Anleitung für externen Zugang

Konfiguration

Configfile:

/etc/vpnc/tu.conf 
===== CUT HERE =====
Interface name vpntun0
IPSec gateway terminator.tuwien.ac.at
IPSec ID vpncclient
IPSec secret vpnc2tu
Xauth username UserID@[student.]tuwien.ac.at
Debug 1
===== CUT HERE =====

Wenn der Tunnel nur zur TU aufgebaut werden soll (TU Only Config), dann im Config File noch zusätzlich folgende Zeile angeben: 

===== CUT HERE =====
Target networks 128.130.0.0/15 192.35.240.0/24 193.170.3.0/24 193.170.72.0/21
===== CUT HERE =====
(Obige Option nur für Debian!)

Start:

root@chief:/etc# vpnc tu.conf
Enter password for username@student.tuwien.ac.at@terminator.tuwien.ac.at: [ENTER PASSWORD HERE]
IKE SA selected 3des-md5
Enter Username and Password.
got address 128.131.2XX.XXX
IPSEC SA selected 3des-md5
VPNC started in background (pid: 6004)...

Danach sollte der ganze Traffic (lokales LAN ausgenommen)über den VPN Tunnel laufen: 

root@chief:/etc# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
128.131.240.1 10.0.0.1 255.255.255.255 UGH 1500 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 vpntun0

Mit TU Only: 

root@chief:~# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
128.130.0.0 0.0.0.0 255.254.0.0 U 0 0 0 vpntun0
193.170.3.0 0.0.0.0 255.255.255.0 U 0 0 0 vpntun0
193.170.72.0 0.0.0.0 255.255.248.0 U 0 0 0 vpntun0
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0

Tunnel stoppen: 

root@chief:~# vpnc-disconnect 
Terminating vpnc daemon (pid: 6004)

Help: 

root@chief:~# /usr/sbin/vpnc --help
Secure memory is not locked into core
usage: /usr/sbin/vpnc [--version] [--print-config] [options] [config file]
 Option Config file directive -- Description
 --debug Debug <0/1/2/3/99> -- Show verbose debug messages
 --no-detach No Detach -- Don't detach from the console after login
 --non-inter Noninteractive -- Don't ask anything, exit on missing options
 --pid-file Pidfile -- store the pid of background process there
--local-port Local Port <0-65535> -- local port (0 = autodetect)
 --ifname Interface name -- visible name of the TUN interface
 --dh IKE DH Group -- name of the IKE DH Group
 --pfs Perfect Forward Secrecy 
 --gateway IPSec gateway -- name of your IPSec gateway
 --id IPSec ID 
 (no option) IPSec secret 
 --username Xauth username 
 (no option) Xauth password
Report bugs to vpnc@unix-ag.uni-kl.de

Erstellt von Philipp Kolmann