If in your company, or your workplace has Cisco VPN infrastructure, but at the same time you need to connect to some remote site using Ipsec, and you are Linux desktop user, then this is a good tip how to run both of them at the same time.
Requirements:
Already configured vpnc to connect to VPN
Already configured ipsec to connect to remote sites
Already configured Internet connection
Internet to VPN
To connect to corporate vpn, there’s a lot of guides out there. The important thing to consider, it’s that both daemons (vpnc and ipsec, pluto for StrongSwan ) CAN NOT bind to the same port. So in the case of vpnc, the way to start it it’s:
vpnc <name_of_your_profile> –local-port 0
If you run it this way, you’ll note that vpnc daemon it’s binded to random UDP port in your interfaces. You can use netstat to figure out which port it’s using. Now that you are connected to your VPN it’s time to use ipsec…
Connect to remote sites using IPSEC
StrongSwan it’s one of the most used ipsec implementations for Linux. One of the restrictions of StrongSwan, it’s that when it starts pluto daemon, it must be started in UDP port 500. So, now that you have started vpnc in different port, there’s shouldn’t be a problem running this one too:
ipsec start
You can see your configured logs for ipsec, and also you can use netstat to figure out the port that’s being used. With the daemon initialized, now you can open ipsec connections:
ipsec up <conn_name_configured_in_ipsec.conf>
Conclusion
Now that you have configured different ports for those daemons, it’s quite simple to used both at the same time. This approach enables you to use Linux, and open source software, instead of $$indows and $$isco proprietary software.
Eso es todo wero, pudriendo las companies jajaja
Avoiding stupid “windows at work ” corporate rules!
Lets do nitpicking: I hope vpnc does not pick ‘by random’ the same port as StrongSwan.
Nice job finding out nontheless