My struggle of connecting my Ubuntu-9.04 (Karmic Koala) to Cyberoam's ipsec VPN is worth a mention. Cyberoam provides a road-warrior client for establishing VPN connections from Windows, but nothing for Linux based systems.
So here you go. On Cyberoam:
Here, you are done with the Cyberoam part. Now turn to your laptop or desktop:
--------------------------------------------------------------
On your laptop or PC:
So here you go. On Cyberoam:
- Logon to Cyberoam GUI
- Click on the following menu on left panel: OBJECTS --> Hosts
- Click the ADD button
- Add the local network (behind Cyberoam) that you wish to access over VPN and give it a name. See the snapshot below. The local network behind my Cyberoam is 192.168.0.0/20, I named it as 192series. Press OK.
- Click on the following menu on left panel: VPN --> IPSec
- Press the ADD button. Follow the steps as per below snapshots.
- If everything went well, you should see the following screen.
- The Red button should turn green after pressing it.
- Now you need to allow the VPN connection in firewall. On the left panel, click on Firewall --> Rule. Click ADD to add a rule to allow traffic from VPN to LAN. Do the same for allowing traffic from LAN to VPN. Here's a snapshot:
Here, you are done with the Cyberoam part. Now turn to your laptop or desktop:
--------------------------------------------------------------
On your laptop or PC:
- Install the openswan package from the default repositories. For debian based systems:
apt-get install openswan
For redhat based systems:
yum install openswan
- Add the following configuration to your /etc/ipsec.conf. Change the network parameters as per your network scenario.
conn roadwarrior
rightsubnet=192.168.0.0/255.255.240.0
auto=add
type=tunnel
right=<your_cyberoam_public_ipaddress>
left=your-laptop-ipaddress
leftnexthop=%defaultroute
authby=secret
keyingtries=3
compress=yes
failureshunt=drop
dpddelay=30
dpdtimeout=120
dpdaction=clear
pfs=yes
ike="aes128-md5-modp1024,aes128-sha1-modp1024,3des-md5-modp1024"
esp="aes128-md5,aes128-sha1,3des-md5" - Add the following line in /etc/ipsec.secrets
%any <your_cyberoam_public_ipaddress>: PSK "<pre-shared-key which you defined on cyberoam>"
- Load the connection in ipsec by using the following command on command line.
sudo ipsec auto --add roadwarrior
- Start the connection and test if you are able to reach the local network behind Cyberoam.
sudo ipsec auto --up roadwarrior
ping 192.168.13.102
That should get your VPN up and running. In case of problems, you may contact Cyberoam Support at:
http://www.cyberoam.com/contactsupport.html
That was quite straight. I'll give you a pat on the back just for the sheer effort in screencapping all those steps.
ReplyDeleteHi
ReplyDeleteCurrently getting the following error when starting ipsec up.
104 "roadwarrior" #19: STATE_MAIN_I1: initiate
003 "roadwarrior" #19: received Vendor ID payload [Dead Peer Detection]
003 "roadwarrior" #19: received Vendor ID payload [RFC 3947] method set to=109
003 "roadwarrior" #19: Can't authenticate: no preshared key found for `192.168.125.68' and `117.218.56.3'. Attribute OAKLEY_AUTHENTICATION_METHOD
003 "roadwarrior" #19: no acceptable Oakley Transform
214 "roadwarrior" #19: STATE_MAIN_I1: NO_PROPOSAL_CHOSEN
My configuration file is.
conn roadwarrior
rightsubnet=10.0.0.0/255.0.0.0
auto=add
type=tunnel
right=cyberoam_public_ipaddress
left=myip
leftnexthop=192.168.125.254
authby=secret
keyingtries=3
compress=yes
failureshunt=drop
dpddelay=30
dpdtimeout=120
dpdaction=clear
pfs=yes
ike="aes128-md5-modp1024,aes128-sha1-modp1024,3des-md5-modp1024"
esp="aes128-md5,aes128-sha1,3des-md5"
I also appended
this to /etc/ipsec.secrets
117.*.*.* %any: PSK "****"
Thanks for solution with VPN client.
ReplyDeletetop10-bestvpn.com
Thanks a lot for insteresting post.
ReplyDeleteNice VPN client.
Cool solution for Linux.
10webhostingservice.com