Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Can Solaris VPN to a Server without breaking it's other networking rules !?
Special Forums IP Networking Can Solaris VPN to a Server without breaking it's other networking rules !? Post 302844843 by mikecouk on Tuesday 20th of August 2013 06:41:51 AM
Old 08-20-2013
Network Can Solaris VPN to a Server without breaking it's other networking rules !?
Hi All,

Actually a very basic question this one. I've got a Solaris 10 x86 server box on a network. There are a group of other servers I need to connect to from it, but via a VPN connection. If I install a vpn client on my solaris box, can I configure the VPN connection so it only routes certain traffic via the VPN ( i.e. ip range or list of specific IP addresses ), and therefore doesn't break the boxes network connectivity to it's own LAN ?
I'm presuming openvpn is my best bet for doing this ?

Any help welcome !

Mike
 

9 More Discussions You Might Find Interesting

1. Solaris

How to? Setup VPN on Solaris 9/10?

Can you use the new OpenSwan IPsec on Solaris? Or what software does Sun provide for Windows-Solaris integrated VPNs? Thanx. :D (0 Replies)
Discussion started by: Joncamp
0 Replies

2. Solaris

Solaris 10 - breaking of mirror and change new hard disk

Hi, am a newbie at solaris. Need advice and help on this. 1) How do I break the mirror between 2 hard disks. (wish to keep 1 good hard disk as backup) 2) After remove 1 hard disk and put in new hard disk, how do I initialise or fomat the new hard disk? 3) How do I put back the backup... (3 Replies)
Discussion started by: chongkls77
3 Replies

3. Solaris

Solaris 10 - vpn server

I would like to setup my solaris 10 x86 system as a vpn server. I can't seem to find any good links on setting it up. Do you guys have some links that could walk me thru on setting up the vpn server so that windows clients can connect to it? (4 Replies)
Discussion started by: kungpow
4 Replies

4. Solaris

VPN in Solaris

Hi All i need VPN software working in solaris i am use Cisco VPN client in windows what is the equal in solaris (2 Replies)
Discussion started by: jamisux
2 Replies

5. Solaris

Is there a VPN client that can be used on solaris 10 ?

I need to install VPN client on Solaris 10 server. I searched but only Cisco client was available which requires a service agreement. Please suggest some free ware for this and the steps to do that too as i am net to Solaris Admin tasks. (1 Reply)
Discussion started by: kukretiabhi13
1 Replies

6. UNIX for Dummies Questions & Answers

VPN on an online server

Hi there, Believe it or not, the word VPN doesn't give any search result in the forum. I'm trying to get started with VPN. I'm currently in the process of setting up a server. I found a lot of howtos on the web. There's still one thing that I'm not sure of. My plan is to setup the VPN... (4 Replies)
Discussion started by: chebarbudo
4 Replies

7. Shell Programming and Scripting

Ssh to remote server loop is breaking

hi All, cat login.list server1 userid1 server2 userid2 server3 userid3 ---------------------------------------- #SSHSCRIPT.ksh FILE=login.list while read vah vah_id do ssh $vah -l $vah_id "pwd" done < "$FILE" ----------------------------------------- When i... (2 Replies)
Discussion started by: raghur77
2 Replies

8. IP Networking

VPN Server & Client

First of all, hello. I have a problem installing a vpn server and client. My server is a computer running windows 7, and windows, running a virtual machine running debian. In the debian system, I've the vpn server installed (SoftEther VPN Server) The problems come when I try to connect to... (1 Reply)
Discussion started by: Blues23
1 Replies

9. Shell Programming and Scripting

Choosing VPN server based on server response times

Hello all, I am using the VPN provider Private Internet Access. I am using the Raspberry Pi 4 with 4GB of RAM, performance on this upgraded board is great. Anyways I am connecting to its service using systemd's openvpn-client @ US_New_York_City.service I wonder if I can create a... (5 Replies)
Discussion started by: haloslayer255
5 Replies

LEARN ABOUT DEBIAN

openconnect

OPENCONNECT(8)						      System Manager's Manual						    OPENCONNECT(8)

NAME

       openconnect - Connect to Cisco AnyConnect VPN

SYNOPSIS

       openconnect [--config configfile] [-b,--background] [--pid-file pidfile] [-c,--certificate cert] [-e,--cert-expire-warning days]
		   [-k,--sslkey key] [-K,--key-type type] [-C,--cookie cookie] [--cookie-on-stdin] [-d,--deflate] [-D,--no-deflate]
		   [--force-dpd interval] [-g,--usergroup group] [-h,--help] [-i,--interface ifname] [-l,--syslog] [-U,--setuid user]
		   [--csd-user user] [-m,--mtu mtu] [-p,--key-password pass] [-P,--proxy proxyurl] [--no-proxy] [--libproxy]
		   [--key-password-from-fsid] [--key-type type] [-q,--quiet] [-Q,--queue-len len] [-s,--script vpnc-script] [-S,--script-tun]
		   [-u,--user name] [-V,--version] [-v,--verbose] [-x,--xmlconfig config] [--authgroup group] [--cookieonly] [--printcookie]
		   [--cafile file] [--disable-ipv6] [--dtls-ciphers list] [--no-cert-check] [--no-dtls] [--no-http-keepalive] [--no-passwd]
		   [--non-inter] [--passwd-on-stdin] [--reconnect-timeout] [--servercert sha1] [--useragent string]
		   [https://]server[:port][/group]

DESCRIPTION

       The program openconnect connects to Cisco "AnyConnect" VPN servers, which use standard TLS and DTLS protocols for data transport.

       The  connection happens in two phases. First there is a simple HTTPS connection over which the user authenticates somehow - by using a cer-
       tificate, or password or SecurID, etc.  Having authenticated, the user is rewarded with an HTTP cookie which can be used to make  the  real
       VPN connection.

       The  second  phase uses that cookie in an HTTPS CONNECT request, and data packets can be passed over the resulting connection. In auxiliary
       headers exchanged with the CONNECT request, a Session-ID and Master Secret for a DTLS connection are  also  exchanged,  which  allows  data
       transport over UDP to occur.

OPTIONS

       --config=CONFIGFILE
	      Read further options from CONFIGFILE before continuing to process options from the command line. The file should contain long-format
	      options as would be accepted on the command line, but without the two leading -- dashes. Empty lines, or lines where the first  non-
	      space character is a # character, are ignored.

	      Any option except the config option may be specified in the file.

       -b,--background
	      Continue in background after startup

       --pid-file=PIDFILE
	      Save the pid to PIDFILE when backgrounding

       -c,--certificate=CERT
	      Use SSL client certificate CERT

       -e,--cert-expire-warning=DAYS
	      Give a warning when SSL client certificate has DAYS left before expiry

       -k,--sslkey=KEY
	      Use SSL private key file KEY

       -C,--cookie=COOKIE
	      Use WebVPN cookie COOKIE

       --cookie-on-stdin
	      Read cookie from standard input

       -d,--deflate
	      Enable compression (default)

       -D,--no-deflate
	      Disable compression

       --force-dpd=INTERVAL
	      Use INTERVAL as minimum Dead Peer Detection interval for CSTP and DTLS, forcing use of DPD even when the server doesn't request it.

       -g,--usergroup=GROUP
	      Use GROUP as login UserGroup

       -h,--help
	      Display help text

       -i,--interface=IFNAME
	      Use IFNAME for tunnel interface

       -l,--syslog
	      Use syslog for progress messages

       -U,--setuid=USER
	      Drop privileges after connecting, to become user USER

       --csd-user=USER
	      Drop privileges during CSD (Cisco Secure Desktop) script execution.

       --csd-wrapper=SCRIPT
	      Run SCRIPT instead of the CSD (Cisco Secure Desktop) script.

       -m,--mtu=MTU
	      Request MTU from server

       -p,--key-password=PASS
	      Provide passphrase for certificate file, or SRK (System Root Key) PIN for TPM

       -P,--proxy=PROXYURL
	      Use HTTP or SOCKS proxy for connection

       --no-proxy
	      Disable use of proxy

       --libproxy
	      Use libproxy to configure proxy automatically (when built with libproxy support)

       --key-password-from-fsid
	      Passphrase  for  certificate  file  is  automatically  generated from the fsid of the file system on which it is stored. The fsid is
	      obtained from the statvfs(2) or statfs(2) system call, depending on the operating system. On a Linux  or	similar  system  with  GNU
	      coreutils, the fsid used by this option should be equal to the output of the command:
	      stat --file-system --printf=%i\n $CERTIFICATE
	      It is not the same as the 128-bit UUID of the file system.

       --key-type=TYPE
	      Type of private key file (PKCS#12, TPM or PEM)

       -q,--quiet
	      Less output

       -Q,--queue-len=LEN
	      Set packet queue limit to LEN pkts

       -s,--script=SCRIPT
	      Invoke  SCRIPT to configure the network after connection. Without this, routing and name service are unlikely to work correctly. The
	      script  is  expected  to	be  compatible	with  the   vpnc-script   which   is   shipped	 with	the   "vpnc"   VPN   client.   See
	      http://www.infradead.org/openconnect/vpnc-script.html  for  more	information.  This  version  of  OpenConnect  is configured to use
	      /usr/share/vpnc-scripts/vpnc-script by default.

       -S,--script-tun
	      Pass traffic to 'script' program over a UNIX socket, instead of to a kernel tun/tap device. This allows the VPN  IP  traffic  to	be
	      handled entirely in userspace, for example by a program which uses lwIP to provide SOCKS access into the VPN.

       -u,--user=NAME
	      Set login username to NAME

       -V,--version
	      Report version number

       -v,--verbose
	      More output

       -x,--xmlconfig=CONFIG
	      XML config file

       --authgroup=GROUP
	      Choose authentication login selection

       --cookieonly
	      Fetch webvpn cookie only; don't connect

       --printcookie
	      Print webvpn cookie before connecting

       --cafile=FILE
	      Cert file for server verification

       --disable-ipv6
	      Do not advertise IPv6 capability to server

       --dtls-ciphers=LIST
	      Set OpenSSL ciphers to support for DTLS

       --no-cert-check
	      Do  not require server SSL certificate to be valid. Checks will still happen and failures will cause a warning message, but the con-
	      nection will continue anyway. You should not need to use this option - if your servers have SSL certificates which are not signed by
	      a  trusted  Certificate  Authority,  you can still add them (or your private CA) to a local file and use that file with the --cafile
	      option.

       --no-dtls
	      Disable DTLS

       --no-http-keepalive
	      Version 8.2.2.5 of the Cisco ASA software has a bug where it will forget the client's SSL  certificate  when  HTTP  connections  are
	      being  re-used  for multiple requests. So far, this has only been seen on the initial connection, where the server gives an HTTP/1.0
	      redirect response with an explicit Connection: Keep-Alive directive. OpenConnect as of v2.22 has	an  unconditional  workaround  for
	      this, which is never to obey that directive after an HTTP/1.0 response.

	      However, Cisco's support team has failed to give any competent response to the bug report and we don't know under what other circum-
	      stances their bug might manifest itself. So this option exists to disable ALL re-use of HTTP sessions and cause a new connection	to
	      be  made	for  each request. If your server seems not to be recognising your certificate, try this option. If it makes a difference,
	      please report this information to the openconnect-devel@lists.infradead.org mailing list.

       --no-passwd
	      Never attempt password (or SecurID) authentication.

       --non-inter
	      Do not expect user input; exit if it is required.

       --passwd-on-stdin
	      Read password from standard input

       --reconnect-timeout
	      Keep reconnect attempts until so much seconds are elapsed. The default timeout is 300 seconds,  which  means  that  openconnect  can
	      recover VPN connection after a temporary network down time of 300 seconds.

       --servercert=SHA1
	      Accept server's SSL certificate only if its fingerprint matches SHA1.

       --useragent=STRING
	      Use STRING as 'User-Agent:' field value in HTTP header.  (e.g. --useragent 'Cisco AnyConnect VPN Agent for Windows 2.2.0133')

LIMITATIONS

       Note that although IPv6 has been tested on all platforms on which openconnect is known to run, it depends on a suitable vpnc-script to con-
       figure the network. The standard  vpnc-script  shipped  with  vpnc  0.5.3  is  not  capable  of	setting  up  IPv6  routes;  the  one  from
       git://git.infradead.org/users/dwmw2/vpnc-scripts.git will be required.

AUTHORS

       David Woodhouse <dwmw2@infradead.org>

																    OPENCONNECT(8)
All times are GMT -4. The time now is 06:52 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy