[OpenIndiana-discuss] Cisco IPSec VPN

bentahyr at chez.com bentahyr at chez.com
Thu Nov 24 22:30:06 UTC 2016 

Ok, I see.
If I follow the SFE way, could I have an issue running OpenVPN server over TUN on GZ and wanting to run Openconnect client over TUN in NGZ ? Like the device /dev/tun is both used in GZ and NGZ.

Best regards.
Ben

----- Mail original -----
De: "Thomas Wagner" <tom-oi-discuss at tom.bn-ulm.de>
À: "Discussion list for OpenIndiana" <openindiana-discuss at openindiana.org>
Envoyé: Vendredi 25 Novembre 2016 10:16:51
Objet: Re: [OpenIndiana-discuss] Cisco IPSec VPN

For SFE we've solved this by just adding the driver modules to the NGZ
as dead files. So there is no install contraint regarding zones-type.
That way the IPS dependency just matches in any case.

I use a driver match rule in the NGZ to get tun passed through:
<device match="/dev/tun"/>

Thomas

On Thu, Nov 24, 2016 at 09:15:11PM +0100, bentahyr at chez.com wrote:
> By the way, is there a way to install openconnect in a zone ?
> I can't seem to get it running because tap driver doesn't want to install :
> 
> vpnzone# pkg install openconnect
> Creating Plan (Running solver): |
> pkg install: No matching version of network/openconnect can be installed:
>   Reject:  pkg://openindiana.org/network/openconnect@7.7.20161105-2016.1.0.0:20161119T064832Z
>   Reason:  No version matching 'require' dependency driver/network/tap can be installed
>     ----------------------------------------
>     Reject:  pkg://openindiana.org/driver/network/tap@1.3.2-2016.0.0.0:20160730T021914Z
>     Reason:  This version is excluded by installed incorporation consolidation/userland/userland-incorporation at 0.5.11-2016.1.0.7919
>     Reject:  pkg://openindiana.org/driver/network/tap@1.3.2-2016.1.0.1:20161124T055026Z
>              pkg://openindiana.org/driver/network/tap@1.3.2-2016.1.0.1:20161124T172113Z
>     Reason:  Package supports image variant variant.opensolaris.zone=[global] but doesn't support this image's variant.opensolaris.zone (nonglobal)
>     ----------------------------------------
>   Reject:  pkg://openindiana.org/network/openconnect@7.7.20161105-2016.1.0.0:20161119T114634Z
>   Reason:  No version matching 'require' dependency driver/network/tap can be installed
> 
> 
> Best regards.
> Ben
> 
> ----- Mail original -----
> De: "Jim Klimov" <jimklimov at cos.ru>
> À: "Discussion list for OpenIndiana" <openindiana-discuss at openindiana.org>, "Andrey Sokolov" <keremet at solaris.kirov.ru>
> Envoyé: Vendredi 25 Novembre 2016 07:07:36
> Objet: Re: [OpenIndiana-discuss] Cisco IPSec VPN
> 
> 16 но�бр� 2016 г. 14:02:44 CET, Andrey Sokolov <keremet at solaris.kirov.ru> пишет:
> >Hi!
> >I use
> >http://pkg.openindiana.org/sfe/info/0/system%2Fnetwork%2Fvpnc%400.5.3%2C5.11-0.151.1.5%3A20120819T093748Z
> >
> >2016-11-14 15:35 GMT+03:00 Jim Klimov <jimklimov at cos.ru>:
> >
> >> Hi all,
> >>
> >> I am faced with a prospect of connecting to a remote network behind
> >Cisco
> >> IPSec VPN (the one with user, password, group and shared keys; will
> >be
> >> practically trying sometime soon this week). Should I expect it to
> >work in
> >> OI Hipster out of the box? Are there docs/blogs on it, or would
> >Oracle docs
> >> I found so far (some hints about conf files and then ipadm tun
> >commands) be
> >> relevant here? Or should I try some other OS right away?
> >>
> >> TIA, Jim
> >> --
> >> Typos courtesy of K-9 Mail on my Samsung Android
> >>
> >> _______________________________________________
> >> openindiana-discuss mailing list
> >> openindiana-discuss at openindiana.org
> >> https://openindiana.org/mailman/listinfo/openindiana-discuss
> >>
> >_______________________________________________
> >openindiana-discuss mailing list
> >openindiana-discuss at openindiana.org
> >https://openindiana.org/mailman/listinfo/openindiana-discuss
> 
> Thanks,
> 
> In the end vpnc did work for me; also I saw that openconnect could connect to Juniper/Cisco SSL VPNs... so I couldn't resist and now both are packaged in OI/Hipster userland ;)
> 
> Thanks,
> Jim
> --
> Typos courtesy of K-9 Mail on my Samsung Android
> 
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
> 
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
> 

-- 
-- 
Thomas Wagner

------------------------------------------------------------------------
Service rund um UNIX(TM),     Wagner Network Services, Thomas Wagner
Solaris(TM), Linux(TM)        Eschenweg 21, 89174 Altheim, Germany
Windows(TM)                   TEL: +49-731-9807799, FAX: +49-731-9807711
Telekommunikation, LAN,       MOBILE/CELL: +49-171-6135989
Internet-Service, Elektronik  EMAIL: wagner at wagner-net.com

_______________________________________________
openindiana-discuss mailing list
openindiana-discuss at openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the openindiana-discuss mailing list