blob: b476ea6f3cf4e4088f489b425056b79a7b8a305f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# example vpnc configuration file for Juniper SRX
# see vpnc --long-help for details
# This file will help you better understand how to get connected with an SRX
# You'll need to know a few things about your SRX configuration (or have an administrator help you out:
# Is the SRX dynamic VPN in shared-ike-id mode? If so, awesome! If not, you need it to be in shared-ike-id mode to use VPNC. If your administrator is super nice, they can usually change it without adverse effects to other Pulse clients.
# Is IKE Phase 1 using a "standard" proposal set? If not, what diffie hellman group is it using?
# You (or an administrator) can check this by:
# show security ike policy <your-vpn-policy>
# Is perfect forward secrecy enabled? If so, what diffie hellman group is it using?
# Check this by:
# show security ipsec policy <your-vpn-ipsec-policy> perfect-forward-secrecy
# Usually group2 is what most people use
# Is IKE phase 1 in aggressive mode? It should be for VPNC to work.
# Check via:
# show security ike policy <your-vpn-policy> mode
# Is IKE Phase 1 using a pre-shared key? You'll need it! If not, you won't be able to use VPNC
# You can view the hash via:
# show security ike policy <your-vpn-policy> pre-shared-key ascii-text
# What's the hostname for IKE Gateway?
#show security ike gateway <vpn-gateway-name> dynamic hostname
# Now, below is a skeleton of a vpnc config for a Juniper SRX
Vendor juniper
#This determines the name of the VPN device that vpnc creates
Interface name tun0
#This corresponds to the diffie hellman group used for IKE Phase 1
#If you're using the "standard" proposal set this will be dh2
#Otherwise, follow the directions above
IKE DH Group dh2
#This is the diffie hellman group used for perfect forward secrecy
Perfect Forward Secrecy dh2
#This is the path to the default vpnc-script
#You may replace this script with something better
Script /etc/vpnc/vpnc-script
#The IP address or hostname of your Juniper SRX device
IPSec gateway my.gateway.com
#This corresponds to the IKE Gateway dynamic hostname
#Refer to the instructions above
IPSec ID myhostname
#This is the IPSEC pre-shared-key
IPSec secret lafamigliamjaac
#This is your username
Xauth username myuser
#This is your password
Xauth password mypassword
#This tells VPNC to use a pre-shared-key
IKE Authmode psk
|