View previous topic :: View next topic |
Author |
Message |
Banana Moderator
Joined: 21 May 2004 Posts: 1800 Location: Germany
|
Posted: Mon Dec 14, 2015 11:48 am Post subject: Cisco AnyConnect and Safenet Auth Client |
|
|
Hello,
to connect to a company network I need to use the Cisco AnyConnect Secure Mobility Client and a USB Authentication stick with a safeNet Software (http://www.safenet-inc.com/)
Does anybody have experience with that?
The company does only has Windows support (software for OSX is working but has no user support)
Currently I use XFCE as my desktop enviroment. _________________ Forum Guidelines
PFL - Portage file list - find which package a file or command belongs to.
My delta-labs.org snippets do expire |
|
Back to top |
|
|
Banana Moderator
Joined: 21 May 2004 Posts: 1800 Location: Germany
|
|
Back to top |
|
|
Chiitoo Administrator
Joined: 28 Feb 2010 Posts: 2741 Location: Here and Away Again
|
Posted: Wed Dec 16, 2015 7:43 am Post subject: ><)))°€ |
|
|
Teegrins, *_-=Banana=-_*!
The fact that there are only Windows and OS X clients(?) available will likely have an effect on its popularity, and as such, an effect on the support available for it within our forums here. ^^
How does one actually use the software? That is, can it be used with a Gentoo installation somehow, or is it purely Windows/OS X only? Depending on which it is, this will fit better under either Unsupported Software or Off the Wall.
The only package that I can find in Portage that seems somewhat related, is net-misc/openconnect, but I imagine that's not an option at all (nor do I even know if it's doing any of the same things the ones you mentioned do!). _________________ Kindest of regardses. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54642 Location: 56N 3W
|
Posted: Wed Dec 16, 2015 5:10 pm Post subject: |
|
|
*_-=Banana=-_*,
I need to use Cisco AnyConnect Secure Mobility Client too, but only username and password.
Its possible to dig the keys out of the windows registry and connect with some random VPN client but I don't know how you would make the USB Authentication stick work.
I did ask our IT if I could connect using my own hardware. They said I probably could but would rather I didn't, so I have respected that request.
I bet Windows in Virtualbox will work. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54642 Location: 56N 3W
|
Posted: Wed Dec 16, 2015 5:14 pm Post subject: |
|
|
Moved from Networking & Security to Gentoo Chat.
As the topic is about getting VPN working on Gentoo to mimic a VPN client not available for Linux.
OTW seems a bit harsh and the topic will be of interest to other Gentoo users too.
Well, I'm interested. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Wed Dec 16, 2015 5:29 pm Post subject: |
|
|
NeddySeagoon wrote: | *_-=Banana=-_*,
I did ask our IT if I could connect using my own hardware. They said I probably could but would rather I didn't, so I have respected that request.
I bet Windows in Virtualbox will work. |
Possibly Wine. |
|
Back to top |
|
|
likewhoa l33t
Joined: 04 Oct 2006 Posts: 778 Location: Brooklyn, New York
|
Posted: Wed Dec 16, 2015 6:21 pm Post subject: |
|
|
I use vpnc instead of cisco anyconnect for my company and it works great. |
|
Back to top |
|
|
Banana Moderator
Joined: 21 May 2004 Posts: 1800 Location: Germany
|
Posted: Thu Dec 17, 2015 1:35 pm Post subject: |
|
|
First, that you for all the answers.
The process works as follows:
- You Install the safenet-inc Client (the company is now called Gemalto and was named aladdin even before).
- You install the Cisco Anyconnect Mobility Softtware.
- To Connect to your secure network you plug in the USB device.
- Start the Cisco application and enter your target address.
- a window will popup to unlock your password secured USB stick after a connection is made to the target system
- then the user Information (in this case the Windows AD user information) is prompted.
- after that the connection is done and you are "in"
@Chiitoo
The Cisco client is available für Linux:
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/release/notes/b_Release_Notes_AnyConnect_4_0.html#ID-1454-0000039b
I can get it to work and the GUI will start nicely, but it does not recognize that the Access USB stick is needed. Needed to install some dependencies which I get by ldd the binaries..
There are only pkg and deb packages availbale for the USB stick software
http://www.safenet-inc.com/multi-factor-authentication/security-applications/authentication-client-token-management/
But rpm2targz will to the trick. You need to keep track about the installation files, since it is not in the portage.
(there is an overlay but with some old Aladdin client software and some pay-click-source...)
I will look into http://www.infradead.org/openconnect/. I've only found https://github.com/OpenSC/OpenSC/wiki so far and I do not know if this will work since I do not know if the
safenet-inc software will work correctly or how...
@NeddySeagoon
Official Support is windows only but they respect if you get it done in another way and do not bother them. And if they know you know what are you doing. I'm intern IT too, but not the one who does the network stuff.
@Tony0945
nah not wine... I can still use my Windows box as alternative.
@likewhoa
The "problem" is that I need the secure USB stick and not only username and password. _________________ Forum Guidelines
PFL - Portage file list - find which package a file or command belongs to.
My delta-labs.org snippets do expire |
|
Back to top |
|
|
Chiitoo Administrator
Joined: 28 Feb 2010 Posts: 2741 Location: Here and Away Again
|
Posted: Thu Dec 17, 2015 2:51 pm Post subject: |
|
|
I did take a quick look into it before, but didn't stumble upon the Linux client at all.
Many thanks for the clarification, as well as for the additional information! _________________ Kindest of regardses. |
|
Back to top |
|
|
Banana Moderator
Joined: 21 May 2004 Posts: 1800 Location: Germany
|
|
Back to top |
|
|
Banana Moderator
Joined: 21 May 2004 Posts: 1800 Location: Germany
|
|
Back to top |
|
|
Banana Moderator
Joined: 21 May 2004 Posts: 1800 Location: Germany
|
Posted: Mon Dec 21, 2015 8:50 am Post subject: |
|
|
Got an update:
there is a /etc/init.d/SACSrv which starts just fine. Well no errors... If I start SACTools after starting this service I get the following error in /var/log/everything/current
Code: | ec 21 09:47:53 [kernel] [ 9632.811759] traps: SACTools[20457] general protection ip:7ff1dfa635dd sp:7ffd04194be0 error:0 in libc-2.21.so[7ff1dfa2e000+191000] |
Anyone who knows something about this?
UPDATE:
nope I get the above error event without the service. I think a recompile from GTK+ made this happen.... _________________ Forum Guidelines
PFL - Portage file list - find which package a file or command belongs to.
My delta-labs.org snippets do expire |
|
Back to top |
|
|
Banana Moderator
Joined: 21 May 2004 Posts: 1800 Location: Germany
|
Posted: Tue Jan 05, 2016 7:21 am Post subject: |
|
|
Some update to this story:
I don't get any further with this. Switching from Xfce4 only to a gnome Desktop did not solve any problem at all.. (ran into some trouble since I use the no-multilib profile and thought using the overlay profile gnome without systemd would easily work...)
Will keep you updated. _________________ Forum Guidelines
PFL - Portage file list - find which package a file or command belongs to.
My delta-labs.org snippets do expire |
|
Back to top |
|
|
|