[vpnc-devel] Solaris 10

J. Tingiris jtingiris at bellsouth.net
Thu Apr 7 03:12:04 CEST 2005


I got it compiled and working with Solaris 10 x86 (with some minor 
tweaks).  I'm using UDP encapsulation, though, not IP-ESP and I didn't 
spend much time on it.  Necessity was my driver because I was locked out 
(damn vpns) with only a Solaris 10 x86 box at hand.  Regardless, this is 
the process I used and it works for me.  I got in with a little fiddlin' 
and I'm curious to know if it works for anyone else.

1) Install Solaris 8-10 (sparc or x86)

2) Install Blastwave development packages and dependencies (via pkg-get)
        * http://www.blastwave.org/
        * gcc 3.4.3 (CSWgcc3)
        * binutils (CSWbinutils)
        * gnupg (CSWgpgme)
        * libgcrypt (CSWgcrypt)
        * intltool (CSWintltool)
        * libiconv (CSWinconv)

3) Download and install Universal TUN/TAP 1.1 drivers for Solaris
        * compile source from http://vtun.sourceforge.net/tun/tun-1.1.tar.gz
        * OR, package install via http://www.blastwave.org/ (CSWtun)
        * this provides ip_tun.h, etc.

4) Download and untar vpnc 0.3.2 source code
        * http://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-0.3.2.tar.gz

5) Change the following vpnc source files (to compile with Solaris 8-10).
        * sysdep-svr4.c:int unsetenv(const char *name)
        * sysdep.h:extern int unsetenv(const char *name);

6) Make vpnc 0.3.2
        * binary builds at this point, but a warning about unsetenv()

7) An example of my /etc/vpnc.conf:

--cut--
IPSec gateway xxx
IPSec ID User_VPN
IPSec secret uservpnsecret
Xauth username CORP\jtingiri
--cut--

8) I created an additional network routes file, for solaris, that adds 
the tunnel routes after vpnc authenticates:

--/opt/csw/etc/networks.vpnc--
# must use cidr, jjt
10.0.0.0/8
172.16.0.0/12
--/opt/csw/etc/networks.vpnc--


9) Then, I hacked the original vpnc-connect shell script into this, for 
Solaris:

--vpnc-connect-solaris--
#!/bin/bash

#* VPNGATEWAY             -- vpn gateway address (always present)
#* TUNDEV                 -- tunnel device (always present)
#* INTERNAL_IP4_ADDRESS   -- address (always present)
#* INTERNAL_IP4_NETMASK   -- netmask (often unset)
#* INTERNAL_IP4_DNS       -- list of dns serverss
#* INTERNAL_IP4_NBNS      -- list of wins servers
#* CISCO_DEF_DOMAIN       -- default domain name
#* CISCO_BANNER           -- banner from server

if [ "$1" == "stop" ]
then
        echo "stopping vpnc."
        pkill vpnc
        exit 0
fi

networks=/opt/csw/etc/networks.vpnc
defr=/var/run/vpnc/defaultroute
gateway=/var/run/vpnc/gateway
tundev=/var/run/vpnc/tundev
ipaddress=/var/run/vpnc/ipaddress
ifconfig=/var/run/vpnc/ifconfig
routes=/var/run/vpnc/routes
pid=/var/run/vpnc/pid

fix_ip_get_output () {
        sed 's/cache//;s/metric[0-9]\+ [0-9]\+//g' | xargs echo
}

if [ -z "$VPNGATEWAY" ]; then
        if [ -x "`which vpnc`" ]; then
                VPNC="`which vpnc`"
        elif [ -x /opt/csw/sbin/vpnc ]; then
                VPNC=/opt/csw/sbin/vpnc
        elif [ -x /usr/local/sbin/vpnc ]; then
                VPNC=/usr/local/sbin/vpnc
        elif [ -x $(dirname $0)/vpnc ]; then
                VPNC=$(dirname $0)/vpnc
        else
                echo No vpnc daemon found, aborting...
                exit 1
        fi

        for i in "$gateway" "$defr" "$pid"; do
                mkdir -p $(dirname "$i")
        done

        PID="$(cat "$pid" 2> /dev/null)"

        if [ "$PID" ]; then
                if kill -0 "$PID" > /dev/null 2>&1; then
                        echo "vpnc found running (pid: $PID, pidfile: $pid)"
                        exit 1
                fi
        fi

        exec "$VPNC" --pid-file "$pid" --script "$0" "$@" || exit 1
fi

# started from vpnc..

ifconfig $TUNDEV inet $INTERNAL_IP4_ADDRESS $INTERNAL_IP4_ADDRESS 
netmask 255.255.255.255 mtu 1412 up

echo "$VPNGATEWAY" > "$gateway"
echo "$TUNDEV" > "$tundev"
echo "$INTERNAL_IP4_ADDRESS" > "$ipaddress"

cat /dev/null > $routes
if [ -f "$networks" ]
then
        echo "found networks ($networks)"
        for network in `cat $networks | grep -v ^# | awk -F# '{print $1}'`
        do
                echo "adding vpnc route to $network"
                route add $network $INTERNAL_IP4_ADDRESS -interface
        done
fi
exit 0
--vpnc-connect-solaris--

10) Use vpnc-connect-solaris to start (and stop) vpnc.  Works great (for 
me).


More information about the vpnc-devel mailing list