FINALLY got it working!

i got tired of having to connect/disconnect the cisco VPN client every time i needed to do something at work from home... especially since i use multiple computers... and i don't like having the cisco vpn client installed, it likes to mess with things (especially vmware)

so i found this nice little package that will run on dd-wrt called vpnc

it connects to cisco ipsec-based VPNs and basically makes a tunnel interface that can be bridged/NATted/routed on the router.

after 2 hours of playing with it/writing shell scripts, i finally see promising signs on the router itself:

Quote :

"lorazepam:~ emkinney$ ssh root@router.e00.lan DD-WRT v24 vpn (c) 2008 NewMedia-NET GmbH Release: 01/02/08 (SVN revision: 8743) root@router.e00.lan's password: ========================================================== ____ ___ __ ______ _____ ____ _ _ | _ \| _ \ \ \ / / _ \_ _| __ _|___ \| || | || | || ||____\ \ /\ / /| |_) || | \ \ / / __) | || |_ ||_| ||_||_____\ V V / | _ < | | \ V / / __/|__ _| |___/|___/ \_/\_/ |_| \_\|_| \_/ |_____| |_| DD-WRT v24 http://www.dd-wrt.com ========================================================== BusyBox v1.4.2 (2008-01-02 01:56:05 CET) Built-in shell (ash) Enter 'help' for a list of built-in commands. root@router:~# ps | grep vpnc 283 root 408 S /bin/sh /tmp/etc/vpnc/vpnc.sh 903 root 408 S /bin/sh ./vpnc.sh 1147 root 828 S vpnc /tmp/etc/vpnc/vpn.conf 1821 root 284 S grep vpnc root@router:~# "

YAY!!!

i wonder if it works... so i set up an iptables rule allowing traffic to pass internally from the subnet my personal machines are on and deny from everywhere else

this output is from a machine on my network (note: sww.xxx.com (obviously masked) is an intranet URL, it won't even RESOLVE on the internet) (also, IPs, although internal, have been masked):

Quote :

"lorazepam:~ emkinney$ ping sww.xxx.com PING sww.fyi.xxx.com (10.x.x.x): 56 data bytes 64 bytes from 10.x.x.x: icmp_seq=0 ttl=61 time=14.603 ms 64 bytes from 10.x.x.x: icmp_seq=1 ttl=61 time=16.985 ms 64 bytes from 10.x.x.x: icmp_seq=2 ttl=61 time=16.444 ms 64 bytes from 10.x.x.x: icmp_seq=3 ttl=61 time=16.661 ms ^C --- sww.fyi.xxx.com ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 14.603/16.173/16.985/0.927 ms lorazepam:~ emkinney$ traceroute sww.xxx.com traceroute to sww.fyi.xxx.com (10.x.x.x), 64 hops max, 40 byte packets 1 router (192.168.1.1) 1.954 ms 1.521 ms 1.590 ms 2 172.x.x.x (172.x.x.x) 28.372 ms 15.859 ms 15.049 ms 3 10.x.x.x (10.x.x.x) 18.826 ms 15.702 ms 26.579 ms 4 10.x.x.x (10.x.x.x) 18.153 ms 19.347 ms 13.601 ms lorazepam:~ emkinney$ "

YAYYYYYYYYYYYYYYYYYY!!!!

i should not be THIS happy about this

oh well

i also configured dnsmasq to use the opendns servers (208.67.222.222/220.220) for every doman except *.xxx.com, which uses an internal company nameserver

aaand a shell script that pings said nameserver every 10 minutes to keep the connection alive/reconnect it if it goes down

woo! it's nice when things work like you want them to

has anyone else tried this?


oh, and, 16ms ping times aren't too shabby over a heavily encrypted tunnel through the internet

i just tested download speeds from my desktop at work to my laptop at home and got ~200KB/sec

4/14/2008 8:28:38 AM

tech talk is rejecting your ideas until we see your magical IE script

Quote :

"i just finished writing a script (on windows though) that fixes any problems whatsoever with any internet explorer installation on any version of windows."

4/14/2008 9:07:33 AM

cool, but i dont see how you can call this a clientless vpn. it looks like you are just terminating a VPN connection on a router.

4/14/2008 9:14:10 AM

where's the midazolam?

the diazepam

and the clonazepam?

4/14/2008 9:23:10 AM

temazepam

oxazepam?

other benzos get very jealous you know. . .

4/14/2008 9:31:40 AM

^^^^ hahahaha

lets see it!

4/14/2008 9:35:55 AM

that's pretty cool. i see what you are doing.

4/14/2008 9:51:48 AM

Quote :

""i just finished writing a script (on windows though) that fixes any problems whatsoever with any internet explorer installation on any version of windows.""

i actually did write this

and it actually does work

it removes any trace whatsoever of internet explorer
runs sfc
verifies that the tcp/ip stack is functional
and installs IE 6

it's worked on all of our machines so far. stupid IT people pushed an IE7 update to half of our servers (that failed halfway through the install) and this was to fix it.

4/14/2008 10:32:00 AM

Quote :

"cool, but i dont see how you can call this a clientless vpn. it looks like you are just terminating a VPN connection on a router."

well, yeah

i guess a better term would be "transparent client"

i call it clientless because i don't have to mess with it on any of my machines/connect to anything... it just works.

4/14/2008 10:32:42 AM

Quote :

"where's the midazolam? the diazepam and the clonazepam?"

all three of those are machines of mine either at work or in my house

i started naming my shit after benzos, then ran out of benzos, so now i just pick random drugs

4/14/2008 10:35:14 AM

next step:

put together a little Install Shield Wizard package that asks an end-user for the relevant IP information and automatically sets up this "hidden tunnel" for them

profit

4/14/2008 11:08:42 AM

^hah, wouldn't be hard

if they've got dd-wrt w/ ssh enabled, it's just a matter of copying over some shell scripts and rebooting

4/14/2008 11:11:36 AM