cancel
Showing results for 
Search instead for 
Did you mean: 
cyberz
Level 7
Report Inappropriate Content
Message 1 of 8

V8: Approved VPN Client for Linux?

Jump to solution

Hi everybody,

A few knowledgebase articles about VPN clients and the Sidewinder:

  • KB64156 - Support for VPN clients

  • KB64323 - How to create a VPN using the GreenBow client

  • KB67215 - How to create a VPN using the ShrewSoft client

  • KB64219 - How to create a VPN using the SoftRemote client

does anyone knows a linux client?

Greetings

Tim

Nachricht geändert durch cyberz on 09.08.13 07:31:39 CDT
1 Solution

Accepted Solutions
mtuma
Level 13
Report Inappropriate Content
Message 6 of 8

Re: V8: Approved VPN Client for Linux?

Jump to solution

There is a command you can use to see the password:

cf ipsec query Show_Clear_Passwords=yes

-Matt

7 Replies
Highlighted
sliedl
Level 14
Report Inappropriate Content
Message 2 of 8

Re: V8: Approved VPN Client for Linux?

Jump to solution

The firewall does standard IPSEC.  There are many many Linux programs which can do this (Raccoon comes to mind).  Google "Linux IPSEC VPN" and you'll find some good information.

cyberz
Level 7
Report Inappropriate Content
Message 3 of 8

Re: V8: Approved VPN Client for Linux?

Jump to solution

Thanks for your help.

Another Question, it is possible to find the vpn psk in cleartext?

PhilM
Level 14
Report Inappropriate Content
Message 4 of 8

Re: V8: Approved VPN Client for Linux?

Jump to solution

If you mean the VPN password on the Firewall - I don't think this has been possible since v7.

In v6 the 'cf ipsec query' command would reveal the pre-shared key in plain text, but since version 7 I've found that the value is obfuscated.

-Phil.

cyberz
Level 7
Report Inappropriate Content
Message 5 of 8

Re: V8: Approved VPN Client for Linux?

Jump to solution

shit..

>  password='*'

it's not cleartext.

mtuma
Level 13
Report Inappropriate Content
Message 6 of 8

Re: V8: Approved VPN Client for Linux?

Jump to solution

There is a command you can use to see the password:

cf ipsec query Show_Clear_Passwords=yes

-Matt

cyberz
Level 7
Report Inappropriate Content
Message 7 of 8

Re: V8: Approved VPN Client for Linux?

Jump to solution

ohhh, great. big thanks! it works.

PhilM
Level 14
Report Inappropriate Content
Message 8 of 8

Re: V8: Approved VPN Client for Linux?

Jump to solution

Might be worth pointing out that this is a v8-specific command.

I was very excited to read about this, thinking it was a hidden-away nugget of goodness. But there's no mention of it in the man pages on v7 appliances and, indeed, this would confirm that the parameter in question doesn't exist on the older version. But it does indeed work on v8!

It's a pity as I've come across a few scenarios where the customer has chosen to synchronize the move from v7 to v8 with a change in hardware, or have decided to go with a fresh software installation if the access rules have become too much of a mess. But, if they have a number of site-to-site VPNs (and haven't noted the PSKs elsewhere) while the cf ipsec q > filename.txt on the old appliance and cf -f filename.txt on the new appliance has allowed the bulk of the IPSec policy content to be transported across it has then been necessary to re-enter the PSKs.

-Phil.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community