The Sorry State of VPN’ing in Linux
Wednesday February 14, 2007
Just a warning, this is a bloody rant:
Novell’s Nortel VPN package comes REALLY close, but it doesn’t handle PIN/RSA SecurID yet. PLEASE get this working guys!! In fact, please hire me and pay me to get it working!!! =;) The ONLY choice you have in Linux (if you find yourself needing to connect to a Nortel VPN that uses SecurID) is to fork over $100 for Apani’s Contivity client for Linux. Oh–and, by the way, you can’t use that on SUSE 10 or any other modern distribution, since it’s still looking for gcc3 and other things that aren’t found on my SUSE 10 laptop. Although, to be fair, the Apani support guys are very quick in their e-mail replies and I’ve learned that they’re working on an new client by end of first-quarter, which will be welcome. But we really need a completely free VPN solution for Linux that interfaces with Nortel’s VPN!!!
Also, VMWare 5.5 finally allows you to use a bridged wireless network connection! Unfortunately, if you use madwifi wireless drivers, as I do, you’ll get errors like this:
bridge-ath0: enabling the bridge
bridge-ath0: can’t bridge with ath0, bad header length 88
bridge-ath0: interface ath0 is not a valid Ethernet interface
bridge-ath0: can’t bridge with ath0, bad header length 88
…until you patch madwifi with this. *sigh* More wasted time.
Lastly, I can’t tell you how much I hate Windows. I spent far too much time to admit to today trying to connect to my work’s VPN in a WinXP VMWare guest from within my openSUSE 10.2 Linux host and kept getting “checking for banner text” timeouts (i.e. the handshake and VPN gets completely established and then the first time data is asked for, it hangs). And then I remembered that I have to disable Symantec’s Client Firewall or else it eats these packets. Bloody hell!! The least it could do is tell me it’s eating them!!!
*frustrated and still sick*
Jason,
I am implementing securid to contivity for my company’s linux based appliance. Can you tell me what problems you experienced? Did you use openvpn?
Thanks,
j$
Hi James,
It’s a client problem. Specifically, there is only one client for Linux that can handle RSA SecurId PIN/Token authentication, and that’s Apani’s Contivity Client for Linux (used to be Netlock, iirc). And Apani’s Contivity Client for Linux doesn’t work with any of the newer Linux distributions yet.
I have never tried openvpn. Is it a client layer that can authenticate with SecurID PIN/Token against a Contivity VPN switch?
The best solution that Linux has so far is the NetworkManager VPN plugin that Novell has packaged with SLED 10 (turnpike plugin), and that can apparently authenticate against a Contivity switch, but it cannot yet do SecurID PIN/Token.
Hope I explained that right? =:)
Any more news on this?
I still run Suse 9.2/Contivity/VMWare on my work
laptop, with XP in the VM.
Typically, I tunnel xterms and emacs through SSH. If
I list a long file, however, my cable modem hangs.
This does not happen with the Windows VPN client from
my dual-boot personal machine.
This makes no sense to me, but it is consistently
reproducible.
Cheers,
Hugh
hughlt@yahoo.com
Any more news on this?
On my work laptop, I run Suse 9.2/Apani client and
VMWare w/WinXP. Sounds like your situation.
I have one problem that makes no sense. My cable modem
hangs when I list a long file in an SSH-tunneled
xterm screen, though not on SCPs. Doesn’t happen
with my dual-boot home machine using the windows
VPN client. Makes no sense, but completely reproducible.
Cheers,
Hugh Taylor
Hi Hugh! =:) Yes, I do have a solution! Switch to an employer who has a sane VPN solution that provides a Linux client! =:D
Heh. Sorry. =:) I’m just so glad to work for a fantastic company who values Linux!
And on the problem you mentioned… That’s weird! Are you sure the cable modem hangs?? That makes no sense whatsoever, since to the cable modem, it should all look like encrypted gibberish, regardless of what you’re doing.
Maybe it’s too late…
Make sure your connection is bridged on your VM Host.
Im stuck in your situation having to use Windows to connect my company’s VPN.
Im on Fedora with running Windows inside Virtual box.
Hope this helps.
Cheers!