Linux : IPSec and VPNC


Background

Sometimes, you have to connect to old IPSec VPN sites. But unfortunately, latest modern Linux distributions are dropping connectivity after around 24 minutes without any valid understandable reason. It was the case for me with Fedora 25. I've made some researches all over the web without finding a solution until ...


IPSec is very old but still works !

To solve this issue, there is actually 2 specific actions to do : 
  • edit the /etc/vpnc/default.conf 
  • start vpnc with --enable-1des
My default.conf looks like 


# cat /etc/vpnc/default.conf 
IPSec gateway 217.xx.77.xx
IPSec ID XXXXXXXXXXXXXXXXXX
IPSec secret XXXXXXXXXXXXXXXXXXXXX
# your username goes here:
Xauth username XXXXXXXXXXXXXXXXXXX
Xauth password XXXXXXXXXXXXXXXXXXX
IKE Authmode psk
DPD idle timeout (our side) 0

IKE DH Group dh1

Then, call vpnc with the relevant parameter


# vpnc default.conf --enable-1des

Then you are connected for more than 24 minutes ! 
I really hope this trick will help others.

Nowadays, SSL VPN is the norm but some IPSec environments still exists.

Comments

What's hot ?

My journey with Nutanix Community Edition