You are not logged in.
Hello
I am a "new" user of archlinux. I have a config fle for my vpn connection and works fine on Ubuntu without any errors. On archlinux it starts my vpn and works fine too, but it gives an error on the follwoing line:
Target Networks *.*.14.0/24 *.*.161.0/24 *.*.7.0/24 # *.* are normally numbers but I replaced them hre on this forum with a *.
It says in my terminal "warning: unknown configuration directive in /etc/vpnc/default.conf at line 9". Without these line, i cannot print anymore, so it is necessary to have this line.
Thanks.
Smika
Offline
I treid it also with one network adress like:
Target Networks 192.168.14.0
But this doesn't work also. Is there a know issue with Traget Networks? I can;t find anything with google.
Thanks,
Smika
Offline
AFAIR Target Networks only works with the debian patches for vpnc.
I installed vpnc with deb2targz from debian. Maybe someone could make a package in AUR.
Offline
Thanks for your reply. I donwload the deb files and convert it to tar.gz with deb2targz. After that I extract de tar.gz and copy the vpnc files to the correct directories. Now eveything works fine!! Thanks!!!
Offline
Stumbled on this thread when looking for the same answer myself after moving from Ubuntu to arch and wanted to post the correct solution in case anyone else runs into the same issue. As it turns out the debian patches to make the "Target Networks" configs work are deprecated in favour of the solution provided by vpnc itself.
The fix is to add a Script line in your config that calls a wrapper script to set variable that the vpnc-script uses to establish the routes. Here is my example:
default.conf:
IPSec gateway vpn.server.com
IPSec ID myID
IPSec secret mySecret
Xauth username Sylphid
Script /etc/vpnc/route-wrapper
route-wrapper:
#!/bin/sh
# this effectively disables changes to /etc/resolv.conf
INTERNAL_IP4_DNS=
# This sets up split networking regardless
# of the concentrators specifications.
# You can add as many routes as you want,
# but you must set the counter $CISCO_SPLIT_INC
# accordingly
CISCO_SPLIT_INC_0_ADDR=131.246.89.7
CISCO_SPLIT_INC_0_MASK=255.255.255.255
CISCO_SPLIT_INC_0_MASKLEN=32
CISCO_SPLIT_INC_0_PROTOCOL=0
CISCO_SPLIT_INC_0_SPORT=0
CISCO_SPLIT_INC_0_DPORT=0
This is not as quick when you have a large number of routes you want to configure, however it does seem to only require the address and netmask or masklen lines.
Documentation for this can be found in the source README file, or at http://svn.unix-ag.uni-kl.de/vpnc/trunk/README
========= Using a modified script ==========================================
Please note that vpnc itself does NOT setup routing. You need to do this
yourself, or use --script "Script" in the config file.
The default script is /etc/vpnc/vpnc-script which sets a default route
to the remote network, or if the Concentrator provided split-network
settings, these are used to setup routes.
This option is passed to system(), so you can use any shell-specials you
like. This script gets called three times:
$reason == pre-init: this is befor vpnc opens the tun device
so you can do what is neccessary to ensure that it is available.
Note that none of the variables mentioned below is available
$reason == connect: this is what used to be "Config Script".
The connection is established, but vpnc will not begin forwarding
packets until the script finishs.
$reason == disconnect: This is called just after vpnc received a signal.
Note that vpnc will not forward packets anymore while the script is
running or therafter.
Information is passed from vpnc via enviroment variables:
#* reason -- why this script was called, one of: pre-init connect disconnect
#* VPNGATEWAY -- vpn gateway address (always present)
#* TUNDEV -- tunnel device (always present)
#* INTERNAL_IP4_ADDRESS -- address (always present)
#* INTERNAL_IP4_NETMASK -- netmask (often unset)
#* INTERNAL_IP4_DNS -- list of dns serverss
#* INTERNAL_IP4_NBNS -- list of wins servers
#* CISCO_DEF_DOMAIN -- default domain name
#* CISCO_BANNER -- banner from server
#* CISCO_SPLIT_INC -- number of networks in split-network-list
#* CISCO_SPLIT_INC_%d_ADDR -- network address
#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0)
#* CISCO_SPLIT_INC_%d_MASKLEN -- subnet masklen (for example: 24)
#* CISCO_SPLIT_INC_%d_PROTOCOL -- protocol (often just 0)
#* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0)
#* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0)
Currently vpnc-script is not directly configurable from configfiles.
However, a workaround is to use a "wrapper-script" like this, to
disable /etc/resolv.conf rewriting and setup a custom split-routing:
------------------------------
#!/bin/sh
# this effectively disables changes to /etc/resolv.conf
INTERNAL_IP4_DNS=
# This sets up split networking regardless
# of the concentrators specifications.
# You can add as many routes as you want,
# but you must set the counter $CISCO_SPLIT_INC
# accordingly
CISCO_SPLIT_INC=1
CISCO_SPLIT_INC_0_ADDR=131.246.89.7
CISCO_SPLIT_INC_0_MASK=255.255.255.255
CISCO_SPLIT_INC_0_MASKLEN=32
CISCO_SPLIT_INC_0_PROTOCOL=0
CISCO_SPLIT_INC_0_SPORT=0
CISCO_SPLIT_INC_0_DPORT=0
. /etc/vpnc/vpnc-script
------------------------------
Store this example script, for example in /etc/vpnc/custom-script,
do a "chmod +x /etc/vpnc/custom-script" and add
"Script /etc/vpnc/custom-script" to your configuration.
Offline
Hi,
I was having very same problem. The solution by Live Oak TX works well.
BTW man vpnc is misleading as it mentions both '--target-network' and 'conf-variable: IPSEC target network'...
Offline