Last night I tried to intall vpnc in my Debian Sarge running 2.6.9 and
apt-get'ed this:
ii vpnc 0.3.2+SVN20041123-1 Cisco-compatible VPN client
I read it's README files. Next, I downloaded the .pcf file from my
university's VPN FAQ page for Linux and converted it to a conf file like
so:
/usr/share/vpnc/pcf2vpnc my-univ.pcf > my-univ.conf
and obtained this:
> cat /etc/vpnc/my-univ.conf
## generated by pcf2vpnc.pl
## Stefan Tomanek <stefan@pico.ruhr.de>
IPSec ID my-univ
IPSec gateway <host name here>
Xauth password <my password here>
Xauth username <my username here>
Next, I introduced this iptables rule in my firewall:
$IPTABLES -I INPUT -p udp -s <host name here> --dport 500 -j ACCEPT
Now the problems:
1) I cannot connect as a normal user. Is this how it is supposed to
work? When I try, I get this:
{vpn}> /usr/sbin/vpnc-connect /etc/vpnc/my-univ.conf
Secure memory is not locked into core
Enter IPSec secret for my-univ@<host name here>:
/usr/sbin/vpnc: binding to port 500: Permission denied
2) If I try as root, I get:
# /usr/sbin/vpnc-connect /etc/vpnc/my-univ.conf
Enter IPSec secret for my-univ@<host name here>:
Your session is now encrypted
VPNC started in background (pid: 18179)...
#
However, now pinging doesn't work, neither with IP numbers nor with
domain names. DNS doesn't seem to be working
# ping yahoo.com
ping: unknown host yahoo.com
/etc/resolv.conf gets updated and shows new DNS IPs listed there.
ifconfig shows the new interface tun0:
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:x.y.z.a P-t-P:x.y.z.a Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1412 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Is there some way I have to tell my system not to use eth0 anymore? It
is still up. Or what am I missing something else?
Thanks,
->HS