Working Cisco VPN Fedora 18 with racoon

Installation, configuration and troubleshooting of the Cisco VPN Client on Linux systems

Working Cisco VPN Fedora 18 with racoon

Postby mariuszs » Sun Dec 09, 2012 6:01 pm


Very simple and working configuration for old and dead Cisco Vpn with cert authentication. All you need on Fedora is package ipsec-tools (no racoon2).

Configuration /etc/racoon/racoon.conf:

Code: Select all
# Racoon IKE daemon configuration file.
# See 'man racoon.conf' for a description of the format and entries.
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
path script "/etc/racoon/scripts";
sainfo anonymous
        lifetime time 1 hour ;
        encryption_algorithm 3des;     
        authentication_algorithm hmac_md5;
        compression_algorithm deflate ;
        exchange_mode main;
        my_identifier asn1dn;
       certificate_type x509 "client.crt" "client.key";
   ca_type x509 "ca.crt";

        mode_cfg on;
        script "p1_up_down" phase1_up;
        script "p1_up_down" phase1_down;
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method xauth_rsa_client;
                dh_group modp1024;

Prepare certs:

Code: Select all
openssl pkcs12 -in YOUR.p12 -out ca.crt -nokeys -cacerts
openssl pkcs12 -in YOUR.p12 -out client.crt -nokeys -clcerts
openssl pkcs12 -in YOUR.p12 -out client.key -nodes -nocerts

All certs put in /etc/racoon/certs

and setup racoon with
Code: Select all
sudo racoon -F

connect with
Code: Select all
sudo racoonctl -d  vc YOUR_CISCOVPN_GATE_IP

After this: VPN connexion established :D
Posts: 18
Joined: Wed May 20, 2009 6:59 am

Return to Cisco VPN Client on Linux systems

Who is online

Users browsing this forum: No registered users and 1 guest