Hi all,

  Somebody have tried to use cisco vpn client to connect to openbsd ipsec 
gateway using user and pass or x509 certificates? Can somebody sends me some 
examples ?

many thanks.


-- 
CL Martinez
carlopmart {at} gmail {d0t} com

This will not work.

The Cisco Client gets his configuration and tunnel policy through the
cisco pix or ipsec-concentrator.


If you are looking for a way better solution take a look at OpenVPN.
There are clients for Win32 - OS/X - Linux - *BSD

For Win/Mac Users it is simmiliar to the vpn client from cisco. Easy to
use. The Admin of a OpenVPN Server can deploy policys and filters and
there are tons of options.

OpenVPN works like a charm on OpenBSD and is imho the better solution.
( For End User stuff. )


--

 Stefan Held                    VI has only 2 Modes:
 obi unixkiste org              The first one is for beeping all the time,
 FreeNode: foo_bar              the second destroys the text.
---------------------------------------------------------------------------
Fedora Ambassador:                 http://fedoraproject.org/wiki/StefanHeld
---------------------------------------------------------------------------
perl -e'map{print pack c,($|++?1:13)+ord,select$,,$,,$,,$|}split//,ESEL.$/'
---------------------------------------------------------------------------
    GPG-Keyprint = 75C0 F029 CA71 F061 6C07  0640 38F7 E5F9 4EA5 A385

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

It's explicitely forbidden in the license. So I didn't took time to try
it, sorry.


Claer

Do you mean that the license forbids using a Cisco vpn client with an
OpenBSD ipsec gateway?  If so, can you point to the URL for the license?

-Lars
Lars NoodC)n (larsnooden@openoffice.org)
         Ensure access to your data now and in the future
         http://opendocumentfellowship.org/about_us/contribute

Exactly. The license obliges Cisco VPN Clients to connect to Cisco 
equipments only.
It is written on the License agreement (EULA) you accept when installing the
client. Here is the interesting part :

"2. Cisco Systems hereby grants you the right to install and use the
Software on an unlimited number of computers, provided that each of
those computers must use the Software only to connect to Cisco Systems
products, and subject to export restrictions in Paragraph 4 hereof."

We responded to a public offer where the client wanted to connect to
free software gateway using the Cisco client, thats why we looked into
the license part.


Claer

IANAL, but sounds quite suspiscious.  IPsec is an IETF standard and such
a restriction doesn't make sense unless there are shortcomings to be
hidden.

-Lars

[snip]

Lars NoodC)n (larsnooden@openoffice.org)
         Ensure access to your data now and in the future
         http://opendocumentfellowship.org/about_us/contribute

Claer wrote:

It's questionable if that is a legal limitation. It's like Ford would 
sell you a car but you could only drive to places Ford had approved of.
Just because it's in a license doesn't mean it's legally valid.

---
Lars Hansson