I have a blank partition on my WinXP box at home, and I want to load Vista 64-bit on it to test my current suite of favorite apps before I move to this OS full time. Because I often work from home, I have a need to establish a VPN connection through my company's firewall via a Cisco VPN 3000 Concentrator. However, Cisco does not (and, I've heard, will never) offer a 64-bit version of its VPN client for the VPN 3000.
I stumbled across an open source vpn client called vpnc which they claim will work on Vista and the VPN 3000. Now, apparently vpnc was written for Linux, and so you can only get the source code which you must then compile yourself (and you Linux folks wonder why the general public hasn't embraced Linux!). It can be compiled for Windows Vista, but the only instructions I've found are those below. Can someone explain to me in non-Linux language what's going on, and how to actually follow these instructions? Pearls to anyone who can.
1. Install cygwin onto vista. Details here: http://www.cygwin.com/
2. Make sure you install the development options for cygwin to give you
access to make and gcc etc
3. Make sure you install libcrypt for cygwin as it is needed in the make
4. Modify the bash.exe to run as administrator or you will have
privilege issues later, this is done on the properties tab of the
executable in c:/cygwin/bin
4. Download vpnc tarball from here
http://www.unix-ag.uni-kl.de/~massar/vpnc/ I used the vpnc-0.5.1.tar.gz
version
5. Unzip and explode the tarball
6. modify tap-win32.h to change #define TAP_COMPONENT_ID "tap0801" to
"tap0901" (No sure if this is necesary but I did it and it is working
for me)
7. make
8.You should have a shinny new vpnc.exe
9. Download openvpn from http://openvpn.net/download.html. I used
*openvpn-2.1_rc4-install.exe *as all other version I tried had errors
during install
10. Run the exe but only install the TAP-Win32 Adapter V9
11. Go to control Panel | Network Connections and rename the TAP device
to my-tap
12. create a /etc/vpnc/default.conf file something like this
IPSec gateway YOURGATEWAY
IPSec ID YOURID
IPSec obfuscated secret YOURREALYLONGHEXVALUE (you can use your clear
text password here if you remove obfuscated)
Xauth username YOURUSERNAME
Xauth password YOURPASSWORD
Interface name my-tap
Interface mode tap
Local Port 0
Script /etc/vpnc/custom-script
13. I had to use a custom script as many required values were not coming
back from vpnc, not sure if this was a VPN setup issue or a vpnc.exe
issue. I gathered the missing values by looking in the statistic from
my other machine that was runnig the cisco vpn client
14. Build the custom script /etc/vpnc/custom-script (make sure you make
it executable and store it as a unix file not a dos file (dos2unix is
your friend)
15. My script looks something like this: (I got these value by looking
at another machine that was connected via the cisco vpn tool)
#!/bin/sh
# This sets up split networking regardless
# of the concentrators specifications.
# You can add as many routes as you want,
# but you must set the counter $CISCO_SPLIT_INC
# accordingly
export CISCO_SPLIT_INC=6
export CISCO_SPLIT_INC_0_ADDR=10.10.0.0
export CISCO_SPLIT_INC_0_MASK=255.255.0.0
export CISCO_SPLIT_INC_1_ADDR=10.12.0.0
export CISCO_SPLIT_INC_1_MASK=255.255.0.0
export CISCO_SPLIT_INC_2_ADDR=10.20.0.0
export CISCO_SPLIT_INC_2_MASK=255.255.0.0
export CISCO_SPLIT_INC_3_ADDR=10.30.0.0
export CISCO_SPLIT_INC_3_MASK=255.255.0.0
export CISCO_SPLIT_INC_4_ADDR=192.168.1.0
export CISCO_SPLIT_INC_4_MASK=255.255.255.0
export CISCO_SPLIT_INC_5_ADDR=192.168.100.0
export CISCO_SPLIT_INC_5_MASK=255.255.255.0
export INTERNAL_IP4_NETMASK=255.0.0.0
. /etc/vpnc/vpnc-script
NOTE: I had to add the netmask for in internal device as is was not
coming back from vpnc.exe? Got the value by looking at my cisco vpn
cliet on other machine
16. The output of the route command has changed from XP to Vista so I
had to modify /etc/vpnc/vpnc-script-win.js quite a bit to get the
default gateway, it was my first play with jscript so I know it is ugly
but it worked for me
New vpnc-script-win.js
// vpnc-script-win.js
//
// Sets up the Network interface and the routes
// needed by vpnc.
// --------------------------------------------------------------
// Utilities
// --------------------------------------------------------------
function echo(msg)
{
WScript.echo(msg);
}
function run(cmd)
{
return (ws.Exec(cmd).StdOut.ReadAll());
}
function getDefaultGateway()
{
var stuff = run("route print 0.0.0.0 mask 0.0.0.0");
var res;
var inal;
echo ("Stuff" + stuff);
if (res = stuff.match(/0.0.0.0 *(.*) 0.0.0.0 *(.*)10/)) {
// echo ("RegExp: "+RegExp.$1+"2: "+ RegExp.$2+" 3:"+RegExp.$3);
echo ("res :" + res[0]+" THE END!!!");
inal = res[0].split(/\s/);
for (var i = 0; i < inal.length; i++) {
echo ("inal :" + inal[i]);
}
return (inal[2]);
}
return ("");
}
// --------------------------------------------------------------
// Script starts here
// --------------------------------------------------------------
var ws = WScript.CreateObject("WScript.Shell");
var env = ws.Environment("Process");
switch (env("reason")) {
case "pre-init":
break;
case "connect":
var gw = getDefaultGateway();
echo("Default Gateway :" + gw);
echo("VPN Gateway: " + env("VPNGATEWAY"));
echo("Internal Address: " + env("INTERNAL_IP4_ADDRESS"));
echo("Internal Netmask: " + env("INTERNAL_IP4_NETMASK"));
echo("Interface: \"" + env("TUNDEV") + "\"");
echo("Configuring \"" + env("TUNDEV") + "\" interface...");
var setinterface = "netsh interface ip set address " + env
("TUNDEV") + " static " + env("INTERNAL_IP4_ADDRESS") + " " +
env("INTERNAL_IP4_NETMASK");
echo(setinterface);
run(setinterface);
// Add direct route for the VPN gateway to avoid routing loops
var setroute = "route add " + env("VPNGATEWAY") +
" mask 255.255.255.255 " + gw;
echo(setroute);
run(setroute);
if (env("INTERNAL_IP4_NBNS")) {
var wins = env("INTERNAL_IP4_NBNS").split(/ /);
for (var i = 0; i < wins.length; i++) {
run("netsh interface ip add wins \"" +
env("TUNDEV") + "\" " + wins[i]
+ " index=" + (i+1));
}
}
if (env("INTERNAL_IP4_DNS")) {
var dns = env("INTERNAL_IP4_DNS").split(/ /);
for (var i = 0; i < dns.length; i++) {
var dnsrun = "netsh interface ip add dns \"" +
env("TUNDEV") + "\" " + dns[i]
+ " index=" + (i+1);
echo(dnsrun);
run(dnsrun);
}
}
echo("done.");
// Add internal network routes
echo("Configuring networks:");
if (env("CISCO_SPLIT_INC")) {
for (var i = 0 ; i < parseInt(env("CISCO_SPLIT_INC")); i++) {
var network = env("CISCO_SPLIT_INC_" + i + "_ADDR");
var netmask = env("CISCO_SPLIT_INC_" + i + "_MASK");
var internal = env("INTERNAL_IP4_ADDRESS");
//echo("network:"+network);
//echo("netmask:"+netmask);
//echo("internal:"+internal);
var blah = "route add " + network + " mask " +netmask + " "
+ internal; // + " IF 16";
echo(blah);
//run(blah);
}
} else {
echo("Gateway did not provide network configuration.");
}
echo("Route configuration done.");
if (env("CISCO_BANNER")) {
echo("--------------------------------------------------");
echo(env("CISCO_BANNER"));
echo("--------------------------------------------------");
}
break;
case "disconnect":
// Delete direct route for the VPN gateway to avoid
run("route delete " + env("VPNGATEWAY") + " mask 255.255.255.255");
echo("Removing networks:");
if (env("CISCO_SPLIT_INC")) {
for (var i = 0 ; i < parseInt(env("CISCO_SPLIT_INC")); i++) {
var network = env("CISCO_SPLIT_INC_" + i + "_ADDR");
var netmask = env("CISCO_SPLIT_INC_" + i + "_MASK");
var internal = env("INTERNAL_IP4_ADDRESS");
echo("network:"+network);
echo("netmask:"+netmask);
echo("internal:"+internal);
var blah = "route delete " + network;
echo(blah);
run(blah);
}
}
}
----------------------------------------------------
The main changes I did was to display all the commands prior to
execution and to echo some commands you need to run after vpnc.exe has
connected
17. If you now run "./vpnc --debug 1 --no-detach" you should get some
info about what it is doing and a print at the end something like
Configuring networks:
route add 10.10.0.0 mask 255.255.0.0 10.10.101.2
route add 10.12.0.0 mask 255.255.0.0 10.10.101.2
route add 10.20.0.0 mask 255.255.0.0 10.10.101.2
route add 10.30.0.0 mask 255.255.0.0 10.10.101.2
route add 192.168.1.0 mask 255.255.255.0 10.10.101.2
route add 192.168.100.0 mask 255.255.255.0 10.10.101.2
Route configuration done.
VPNC started in foreground...
18. You must cut and paste the route add command into a window an
execute them. If I ran these in the script they worked but it never
would use the correct interface and I had issues with routing etc. Once
I did it after the thing was all up and runinng all was OK. Not sure if
it was a timing issue or a bigger issue, but doing it externally worked
for me
19. At this point I have a working vpnc connetion allowing me access to
my cisco VPN from 64 bit Vista.
20. Get back to real work! :-)
