PDA

View Full Version : how use *.spd file under linux



=?UTF-8?B?R8O8bnRlcg==?= Vollmer
09-24-08, 10:07 AM
Hi,

I have nearly none experience with vpn.

I got a *.spd file and want to install a vpn connection under linux. I
installed vpnc, kvpnc and openVPN. I am able to read the configuration as
openVPN protocoll in kvpnc.

I have a german version and I will translate the output but they may differ
from the original english version!

The first error was that I have no PSK set. I set the checkbox "load PSK
from file" and choose the same file as I used for import.

Next error was a missing vpn gateway and so I set it.

The I wanted to connect but have errors:
Debug: openvpn ist gestartet. (.. is started)

Fehler: OpenvpnManagementHandler: Es kam keine Banner innerhalb von 3
Sekunden von der Managementschnittstelle, es wird erneut versucht.
(Error: ...: No banner recieved from management interface in the last 3
seconds, trying again)

Info: Es wird versucht, zu Server xxxxxx zu
verbinden...
(...: trying to connect to server ...)

Debug: openvpn ist gestartet.
(... is started)

Fehler: Ungültiges Schlüsselmaterial oder Header nicht gefunden!
(Error: invalid key material or header not found)

Erfolg: Verbindungsversuch erfolgreich abgebrochen.
(Success: trying-to-connect successfully stoped)

Fehler: OpenvpnManagementHandler: Es kam keine Banner innerhalb von 3
Sekunden von der Managementschnittstelle, es wird erneut versucht.
(Error: ...: No banner recieved from management interface in the last 3
seconds, trying again)

Fehler: OpenvpnManagementHandler: Es kam keine Banner innerhalb von 3
Sekunden von der Managementschnittstelle, es wird erneut versucht.
(Error: ...: No banner recieved from management interface in the last 3
seconds, trying again)
[.....]*the same message all 3 seconds


Lookinng again in the configuration editor the menue "type of
authentification" in PSK was set to "X.509 certificate". So I tried it
again with this configuration because I hoped the configurator changed it
because the import file says so. But now kvpnc asked for a CA certificate.


My question: is it possible to create a connection with *any* tool under
linux using a *.spd file? Or is there no tool which understands the *.spd?
The executeable NetScreen-Remote VPN Client doen't run under wine. Which
possibilities do I have?

Thank you VERY MUCH for your help!!!

Guenter

H.Janssen
10-05-08, 04:38 AM
Dear Guenter,


Gnter Vollmer wrote:

> Hi,
>
> I have nearly none experience with vpn.
>
> I got a *.spd file and want to install a vpn connection under linux. I
> installed vpnc, kvpnc and openVPN. I am able to read the configuration as
> openVPN protocoll in kvpnc.
>

Are you sure that the .spd file is intended to use with OpenVPN?
I see the .spd extension in relation to SafeNet software, which is based
on IPSec. OpenVPN is to my opinion really excellent VPN software,
but incompatible with IPSec implementations, it should run in server mode on
the other side too...
If IPSec, you could try to configure racoon/setkey, which is far from easy.
Better to consult the admin on the other end of the VPN first about the
software which created your .spd file....

Kind Regards,
H.Janssen
Alkmaar NL

=?UTF-8?B?R8O8bnRlcg==?= Vollmer
10-07-08, 08:32 AM
Hi!

IPSec may be right. I tried with openVPN and kvpnc was able to read the file
so I thought this would be right.

I'm not shure if I want to try racoon/setkey if you say it is far from
easy... :-(

But lots of thanks to you!!

bye
Günter

H.Janssen
10-08-08, 02:47 AM
Dear Guenther,

Günter Vollmer wrote:

> Hi!
>
> IPSec may be right. I tried with openVPN and kvpnc was able to read the
> file so I thought this would be right.
>
> I'm not shure if I want to try racoon/setkey if you say it is far from
> easy... :-(
>
> But lots of thanks to you!!
>
> bye
> Günter

I remember I used software using .spd files myself for IPSec communication
with a Netgear router. Worked fine but produced a bluescreen upon Windows
shutdown.

As far I know, this is only available for Windows.

The SPD file includes e.g.:
Description of the remote network
Description of the client virtual ethernet interface
Remote VPN server IP address
Names of the algorithms for hashing and encrypting
Preshared key
Optional password

Packing all together in a .spd file, it is a kind of plug-and-play software:
load the client, load the .spd file and connect to the VPN..

If you have all those date, you are in theory able to setup this in Linux
with racoon/setkey.
And in my case, it worked before but I'm locked out because the DSL-router,
administrated by the provider, blocks the necessary ports.

Now I'm using OpenVPN, only one user-definable port required, works perfect,
but this should run on the server too.....

Kind Regards,