Configuring VPNC

Kernels & Hardware, configuring network, installing services

Configuring VPNC

Postby Ruby » 2015-09-24 19:09

I have debian 8, Jessie, installed and am using vpnc as my VPN client for Cisco. But I saw this warning in the manual page (http://linux.die.net/man/8/vpnc):
OBLIGATORY WARNING: the most used configuration (XAUTH authentication with pre-shared keys and password authentication) is insecure by design, be aware of this fact when you use vpnc to exchange sensitive data like passwords!

I am not sure what authentication mode vpnc is using ny default, I did not change the default configuration. In the manual page some information is given:

--auth-mode <psk/cert/hybrid>
Authentication mode:
• psk: pre-shared key (default)
• cert: server + client certificate (not implemented yet)
• hybrid: server certificate + xauth (if built with openssl support)
Default: psk

And below, in the examples:

This is an example vpnc.conf with pre-shared keys:
IPSec gateway vpn.example.com
IPSec ID ExampleVpnPSK
IKE Authmode psk
IPSec secret PskS3cret!
Xauth username user@example.com
Xauth password USecr3t

It seems that the default authentication mode is psk, but in the example "Xauth" user and pass are required. So I am confused. Am I connecting in a secure way?

Should I be using OpenVpn instead of vpnc? I tried to use that first but it was too complicated to configure.

Thanks.
Ruby
 
Posts: 1
Joined: 2015-09-24 18:45

Return to System configuration

Who is online

Users browsing this forum: No registered users and 12 guests

fashionable