I’ve compiled VPNC and the requisite TUN/TAP driver for OpenSolaris so that I can access my work network from home. Kazuyoshi’s driver adds TAP functionality to the original TUN driver which hasn’t been updated in nine years. It’s a real testament to the stability of the OpenSolaris kernel ABI that the module still compiles, loads, and works properly.
All of the software can be installed from my repository onto build 111 or higher:
$ pfexec pkg set-publisher -O http://pkg.thestaticvoid.com/ thestaticvoid $ pfexec pkg install vpnc
The tun driver should load automatically and create /dev/tun. Now create a VPN profile configuration in /etc/vpnc/. The configuration contains a lot of private information so I’m not going to share mine here, but /etc/vpnc/default.conf is a good start.
One thing I do like to do is make sure only certain subnets are tunneled through the VPN. That way connecting to the VPN doesn’t interrupt any connections that are already established (for example, AIM). To do that I create a script /etc/vpnc/gwu-networks-script containing
# Only tunnel GWU networks through VPN
CISCO_SPLIT_INC=2
CISCO_SPLIT_INC_0_ADDR=161.253.0.0
CISCO_SPLIT_INC_0_MASK=255.255.0.0
CISCO_SPLIT_INC_0_MASKLEN=16
CISCO_SPLIT_INC_0_PROTOCOL=0
CISCO_SPLIT_INC_0_SPORT=0
CISCO_SPLIT_INC_0_DPORT=0
CISCO_SPLIT_INC_1_ADDR=128.164.0.0
CISCO_SPLIT_INC_1_MASK=255.255.0.0
CISCO_SPLIT_INC_1_MASKLEN=16
CISCO_SPLIT_INC_1_PROTOCOL=0
CISCO_SPLIT_INC_1_SPORT=0
CISCO_SPLIT_INC_1_DPORT=0
. /etc/vpnc/vpnc-script
then add Script /etc/vpnc/gwu-networks-script to the end of my VPN profile configuration.
Connecting to the VPN you should see messages like:
$ pfexec vpnc gwu Enter password for jameslee@<no>: which: no ip in (/sbin:/usr/sbin:/usr/gnu/bin:/usr/bin:/usr/sbin:/sbin) which: no ip in (/sbin:/usr/sbin:/usr/gnu/bin:/usr/bin:/usr/sbin:/sbin) add net 128.164.<no>: gateway 128.164.<no> add host 128.164.<no>: gateway 161.253.<no> add net 161.253.0.0: gateway 128.164.<no> add net 128.164.0.0: gateway 128.164.<no> add net 128.164.<no>: gateway 128.164.<no> add net 128.164.<no>: gateway 128.164.<no> VPNC started in background (pid: 594)...
The vpnc-script will modify your /etc/resolv.conf and routing tables so be sure to run vpnc-disconnect when you are done with the connection to restore the original configuration.
Thanks to the good folks at OpenConnect for a well-maintained vpnc-script which works on Solaris. Spec files for these packages are available from my GitHub repository if you want to roll your own.
Tags: opensolaris, packages, vpnc
Thanks so much! I had already compiled and installed vpnc but I couldn’t find a vpnc-script that actually worked until I came here.
Thanks