Instalación del paquete vpnc
root@flant:~# apt-get install vpnc
Creación de la configuración de vpnc
root@flant:~# cat /etc/vpnc/vpnc.conf
IPSec gateway 138.4.5.199
IPSec ID <usuario_grupo>
IPSec secret <passwd_grupo>
Xauth username <usuario>
#Xauth <password>
IKE DH Group dh2
root@flant:~#
Comprobación del funcionamiento en modo debug (usar cuando hay problemas)
root@flant:~# vpnc --debug 2 /etc/vpnc/vpnc.conf
Enter password for usuario@138.4.5.199:
vpnc version 0.5.3
S1 init_sockaddr
[2012-05-14 18:59:19]
S2 make_socket
[2012-05-14 18:59:19]
S3 setup_tunnel
[2012-05-14 18:59:19]
using interface tun0
S4 do_phase1_am
[2012-05-14 18:59:19]
S4.1 create_nonce
[2012-05-14 18:59:19]
S4.2 dh setup
[2012-05-14 18:59:19]
S4.3 AM packet_1
[2012-05-14 18:59:19]
S4.4 AM_packet2
[2012-05-14 18:59:19]
(Cisco Unity)
(DPD)
(unknown)
(Xauth)
(Nat-T 02N)
got ike lifetime attributes: 2147483 seconds
IKE SA selected psk+xauth-3des-sha1
peer is DPD capable (RFC3706)
peer is NAT-T capable (draft-02)\n
peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery
payloads
peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery
payloads
NAT status: NAT-T VID seen, no NAT device detected
S4.5 AM_packet3
[2012-05-14 18:59:19]
S4.6 cleanup
[2012-05-14 18:59:19]
S5 do_phase2_xauth
[2012-05-14 18:59:19]
S5.1 xauth_request
[2012-05-14 18:59:19]
S5.2 notice_check
[2012-05-14 18:59:19]
got ike lifetime attributes: 86400 seconds
S5.3 type-is-xauth check
[2012-05-14 18:59:19]
S5.4 xauth type check
[2012-05-14 18:59:19]
S5.5 do xauth reply
[2012-05-14 18:59:19]
S5.2 notice_check
[2012-05-14 18:59:19]
S5.3 type-is-xauth check
[2012-05-14 18:59:19]
S5.6 process xauth set
[2012-05-14 18:59:19]
S5.7 send xauth ack
[2012-05-14 18:59:19]
S5.8 xauth done
[2012-05-14 18:59:19]
S6 do_phase2_config
[2012-05-14 18:59:19]
S6.1 phase2_config send modecfg
[2012-05-14 18:59:19]
S6.2 phase2_config receive modecfg
[2012-05-14 18:59:19]
got save password setting: 0
got 1 acls for split include
acl 0: addr: 138.4.0.0/ 255.255.0.0 (16), protocol: 0,
sport: 0, dport: 0
Remote Application Version: Cisco IOS Software, 2800 Software
(C2800NM-ADVIPSERVICESK9-M), Version 12.4(18), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Fri 30-Nov-07 16:36 by prod_rel_team
got address 138.4.6.9
S7 setup_link (phase 2 + main_loop)
[2012-05-14 18:59:19]
S7.0 run interface setup script
[2012-05-14 18:59:19]
S7.1 QM_packet1
[2012-05-14 18:59:19]
S7.2 QM_packet2 send_receive
[2012-05-14 18:59:19]
S7.3 QM_packet2 validate type
[2012-05-14 18:59:19]
S7.5 QM_packet2 check reject offer
[2012-05-14 18:59:19]
S7.6 QM_packet2 check and process proposal
[2012-05-14 18:59:19]
got ipsec lifetime attributes: 2147483 seconds
IPSEC SA selected 3des-md5
got ipsec lifetime attributes: 86400 seconds
got ipsec lifetime attributes: 4608000 kilobyte
S7.7 QM_packet3 sent
[2012-05-14 18:59:19]
S7.8 setup ipsec tunnel
[2012-05-14 18:59:19]
S7.9 main loop (receive and transmit ipsec packets)
[2012-05-14 18:59:19]
remote -> local spi: 0x4562f047
local -> remote spi: 0x4356aedd
VPNC started in background (pid: 12525)...
Cerrar el túnel
root@flant:~# killall vpnc
root@flant:~# ifconfig gre0 down
root@flant:~#