Return-Path: Received: from po11.mit.edu (po11.mit.edu [18.7.21.73]) by po11.mit.edu (Cyrus v2.1.5) with LMTP; Thu, 11 Nov 2004 01:55:54 -0500 X-Sieve: CMU Sieve 2.2 Received: from biscayne-one-station.mit.edu by po11.mit.edu (8.12.4/4.7) id iAALfnWp025237; Wed, 10 Nov 2004 16:41:50 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.12.4/8.9.2) with ESMTP id iAALe6B1020449; Wed, 10 Nov 2004 16:40:06 -0500 (EST) Received: from [18.152.1.192] (WHO-NEEDS-THE-KWIK-E-MART.MIT.EDU [18.152.1.192]) (authenticated bits=0) (User authenticated as jdreed@ATHENA.MIT.EDU) by outgoing.mit.edu (8.12.4/8.12.4) with ESMTP id iAALe41U002783 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT); Wed, 10 Nov 2004 16:40:05 -0500 (EST) Mime-Version: 1.0 X-Sender: jdreed@hesiod Message-Id: In-Reply-To: References: X-Reply: no Date: Wed, 10 Nov 2004 16:40:03 -0500 To: Derek Atkins From: Jonathan Reed Subject: Re: Help test Linux VPN client? Cc: sipb@mit.edu, sipb-office@mit.edu Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.42 X-Spam-Score: 0 X-Spam-Flag: NO There is now a vpnclient RPM available for testing at: /mit/rhel-dev/packages/mitonly/vpnclient-4.6-4.i386.rpm I've tested it both on RHEL and FC2 machines - I'd appreciate other tests. It installs a vpnclient-build-kmod script that behaves somewhat like Garry's afs-build-kmod script. It checks for one of the pre-built modules (only available for RHEL 3), then it attempts to build a module if you have the kernel source package installed. It starts with priority 80, just before the vpnclient at 85. Please send any feedback or test results to me. I'm sure there are some bugs, I didn't test this on quite as many distributions as I normally do, but I want to get it out for testing now, as I'm going out of town for the rest of the week. We're still exploring distributing VPNC as well... Thanks, Jon At 11:03 AM -0400 10/21/04, Derek Atkins wrote: >I think from a user standpoint having an RPM is much better. Note that >your RPM could do nothing more than install the tarball and run the >install script.. But it would be "nicer" to at least have some control >over the files. The OpenAFS package is definitely a better starting point. > >Have you tried using the linux ipsec-tools client? I do know that it >interacts ok with a Cisco server, but I dont know which cisco features >you need. > >-derek > >Jonathan Reed writes: > >> Basically, I think it's going to be more effort than it's worth to do >> an RPM, but if enough people want it, I might do it. I'm also going >> to look into something like Garry's afs-build-kmod script that comes >> with the openafs installer, but we'll see. >> >> Of course, if we could go with vpnc instead of Cisco's client, I'd >> build an RPM and be done with it. >> >> -Jon >> >> >> At 9:55 AM -0400 10/21/04, Derek Atkins wrote: >>>Any chance of providing an RPM? >>> >>>-derek >>> >>>Jonathan Reed writes: >>> >>>> For completeness value, I'll point out that this is x86 only. Should >>>> run on all 2.x kernels, through we probably only care about 2.4 and >>>> 2.6. >>>> >>>> Oh, and feedback should include your distribution, your network card >>>> type, and the output of uname -a, plus anything else you think is >>>> relevant. >>>> >>>> Thanks, >>>> >>>> -Jon >>>> >>>> At 5:04 PM -0400 10/20/04, Jonathan Reed wrote: >>>>>Greetings, >>>>> >>>>> I'm on the VPN release team, and we'd like to get some testing >>>>> feedback on the VPN client for linux. A tarball can be obtained at: >>>>> >>>>>http://web.mit.edu/jdreed/Public/vpnclient-4.6.tar.gz >>>>> >>>>> Basically, untar it, become root, run vpn_install, and it should >>>>> build the kernel module and install itself. Then you can run: >>>>> >>>>>vpnclient connect MITnet-VPN >>>>>(capitalization counts) >>>>> to connect. It won't work if you haven't changed your password in >>>>> the last ~3 years. You won't get your shell prompt back when you >>>>> connect, so you probably want to run that in another xterm or >>>>> virtual terminal. (Blame Cisco, not me) >>>>> >>>>> You also can't ifconfig the cipsec0 interface the module creates, so >>>>> don't bother trying. >>>>> >>>>> If anyone feels like testing this and sending feedback to me, it >>>>> would be greatly appreciated. We're currently debating providing it >>>>> as is (which is how Cisco gives it to us), or making RPMs (since our >>>>> primary audience is RHEL/Fedora), so if you have any thoughts on >>>>> that, let me know. Feel free to send any other questions/concerns >>>>> to me. >>>>> >>>>>Thanks, >>>>> >>>>>Jon >>>>>-- >>>>>------------------- >>>>>Jonathan Reed >>>>> >>>>>jdreed@mit.edu > >>>>------------------- > >>> > >>> > >>> -- > >>> ------------------- > >>> Jonathan Reed > >>> > >>> jdreed@mit.edu > >>> ------------------- > >>> > >>> > >> > >>-- > >> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory >>> Member, MIT Student Information Processing Board (SIPB) >>> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH > >> warlord@MIT.EDU PGP key available >> >> >> -- >> ------------------- >> Jonathan Reed >> >> jdreed@mit.edu >> ------------------- >> >> > >-- > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory > Member, MIT Student Information Processing Board (SIPB) > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH > warlord@MIT.EDU PGP key available -- ------------------- Jonathan Reed jdreed@mit.edu -------------------