Date: Sun, 10 Apr 2005 13:41:20 -0500 From: Ash <omniBSD@speakeasy.net> To: Scott Mitchell <scott+lists.freebsd@fishballoon.org> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Connect to Cisco VPN server from FreeBSD? Message-ID: <42597350.4000502@speakeasy.net> In-Reply-To: <20050410181657.GB893@tuatara.fishballoon.org> References: <20050410153834.GA893@tuatara.fishballoon.org> <425961D5.8090403@speakeasy.net> <20050410181657.GB893@tuatara.fishballoon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Scott Mitchell wrote: > On Sun, Apr 10, 2005 at 12:26:45PM -0500, Ash wrote: > >>Scott Mitchell wrote: >> >>>Hi all, >>> >>>As in the subject - has anyone managed to get a FreeBSD machine to connect >>>to a Cisco VPN server, using IPSec and 2-factor authentication (password + >>>SecurID card)? My employer has been acquired by another company, and this >>>will soon be the only remote-access method available. Linux client >>>software exists, but given that it relies on a kernel module I'm not >>>holding out much hope of it working. The security/vpnc port looks like it >>>might be useful. No idea if racoon + FreeBSD native IPSec can be persuaded >>>to do the SecurID authentication. >>> >>>I would try all these things myself, except I don't have any account >>>details for the server yet. I really don't want to keep a Linux or Windows >>>machine around just to connect to the office... >>> >>>Many thanks in advance, >>> >>> Scott >>> >> >>I have not personally used this, however I have had reports of users >>connecting to a Cisco VPN 3000 box that I administered at one point with >>the following client: >> >>http://www.unix-ag.uni-kl.de/~massar/vpnc/ > > > Thanks, that looks promising. The SecurID thing is apparently just a > flavour of XAUTH which seems to be supported, so it might just work. > > Cheers, > > Scott > Whoops forgot to mention that I had configured out VPN3000 to authenticate users using SecurID. The vpnc users were able to authenticate just fine. OT, but they were also able to use vpnc to bypass split-tunneling restrictions (no real surprise there). Good luck, -Ash
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42597350.4000502>