[ previous ] [ next ] [ threads ]
 
 From:  "Frans King" <frans dot king at f333 dot net>
 To:  "'Peter Allgeyer'" <allgeyer at web dot de>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0wall to cisco vpn
 Date:  Wed, 23 Feb 2005 17:42:21 -0000
> -----Original Message-----
> From: Peter Allgeyer [mailto:allgeyer at web dot de]
> Sent: 23 February 2005 17:35
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] m0n0wall to cisco vpn
> 
> Hi Frans!
> 
> Am Mittwoch, den 23.02.2005, 15:11 +0000 schrieb Frans King:
> > I was wondering if it is possible for m0n0wall to connect to this kind
> of
> > vpn. First it requires a group password (pre-shared key) and post
> connection
> > asks for my username and corresponding password or is this a proprietary
> > cisco authentication mechanism.
> 
> This is exactly what is vpnc [1] made for. Since there isn't any support
> for it in m0n0wall yet (there are some good reasons why it is not) you
> aren't able to connect your m0n0wall to a cisco easy vpn endpoint (thus
> it is possible to connect via site-to-site vpn to a cisco device even if
> the client site hasn't a static ip address).
> 
> Ciao ...
> 	... PIT ...
> 
> [1] http://www.unix-ag.uni-kl.de/~massar/vpnc/
> 
> 
> --------------------------------------------------------------------------
> -
>  copyleft(c) by |           Oh, I've seen copies  of Linux Journal
>  Peter Allgeyer |   _-_     around the terminal room at The Labs.  --
>                 | 0(o_o)0   Dennis Ritchie
> ---------------oOO--(_)--OOo----------------------------------------------
> -
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


That is a shame. Whoever set the cisco end up has disabled support for
excluding my local lan subnet from the vpn tunnel so I have a choice of
connecting to the vpn and only the vpn or connecting to my lan.

I was hoping I could find a way round this with m0n0wall.