How to connect to a IPsec VPN with Preshared key and Xauth from Linux?

Question

I would very much like to connect to a VPN network which have these info:

host: example.com
user: my_name
pass: my_pass

group: VPN1
key: secret_passphrase

It uses Preshared key and Xauth.

Can I connect to this VPN from my Linux desktop, and if so, how? =)

score 9 · Accepted Answer · answered Jul 21 '10 at 16:43

9

There is a couple of IPSec compatible VPN client:

openswan
ike
vpnc
official cisco linux client

They all work well depending of the IPSec server. There is even a GUI for VPNC that integrate into Ubuntu network manager.

Official Cisco client is harder to install, require kernel headers, user-space binaries in 32 bits only. It can be tricky to install this one.

The problems starts with Xauth and Cisco devices when using non-Cisco hardware. I personnaly tried many times with occasional success.

Which distribution you use? Which IPsec server you connect to?

If you have ubuntu, you can give a try to vpn:

sudo apt-get install network-manager-vpnc vpnc

and set a new VPN connection using your configuration.

answered Jul 21 '10 at 16:43

Treddit

359
2
3

It is a juniper SRX firewall that is the VPn server, and my distribution is Fedora 13. I can see that openswan and vpnc are available in Fedora. Which would you recommend given that the IPsec server is a Juniper firewall? – Sandra Jul 21 '10 at 16:55
I do not have personnal experience on newer Juniper firewall, but I had some on older Netscreen firewall (that juniper bought) and back in that time I used ipsec-tools and Linux IPSec internal stacks... but I didn't used Xauth. Good luck! – Treddit Jul 21 '10 at 16:59
Check out Shrewsoft too. Great for end-users and compatible with Netscreen. – Warner Jul 22 '10 at 04:59

score 5 · Answer 2 · answered Jul 21 '10 at 12:35

5

OpenVPN uses its own SSL-based protocol which is not compatible with IPSEC

answered Jul 21 '10 at 12:35

Federico

351
2
7

Okay, this was a very vital information you gave there =) I have updated the question accordingly. – Sandra Jul 21 '10 at 12:54

score 2 · Answer 3 · edited Aug 19 '13 at 16:17

2

I'm using the vpnc (Debian) on most systems. IPSec is the way to go, in my opinion. I wouldn't recommend the frontend, though, because it is sort of confusing if you don't know what you are doing.

They should stick with the correct terms instead of trying to make something user-friendly, which is not supposed to be used by the average Joe anyways.

Cisco client: way too much hassle.
ike: heard only good stuff about it, but it wasn't in my repository.
vpnc: Works fine with anything IPSec based, such as FritzBox, if anybody is interested in that.
openvpn: no IPSec support, you do not want that.

edited Aug 19 '13 at 16:17

slm

7,615
16
56
76

answered Aug 19 '13 at 15:48

user186178

31
1

This answer can be improved (it is unnecessarily informal and opinionated). But: the FritzBox remark merits an upvote. – equaeghe Sep 02 '15 at 10:52

score 1 · Answer 4 · answered Jul 21 '10 at 19:55

1

The shrewsoft vpn client will be able to connect. http://www.shrew.net/software

answered Jul 21 '10 at 19:55

topdog

3,520
17
13

Be aware that this is a windows only client... as such it might help others, but not the OP. – flob Nov 02 '17 at 11:04
1

Not true, there's a client for Linux and BSD: https://www.shrew.net/download/ike – ZombieDev Jan 31 '18 at 21:59

How to connect to a IPsec VPN with Preshared key and Xauth from Linux?

4 Answers4