# [SOLVED] Help with connecting to a Cisco IPSec/L2TP VPN serv

## AaylaSecura

Greetings! I'm trying to connect to my University's VPN network but they do not disclose much information about it... I know that it is an IPSec/L2TP Cisco VPN 3000 server, uses RFC 3947, allows both certificate and group password authentication during phase 1 and not much more. For Linux, they recomment using some closed source Cisco client that has an annoying GUI that cannot even be minimized to tray and adds routes to my table to route ALL my trafic through the VPN. This is unsatisfactory, so I went and tried to configure LibreSwan + xl2tp. The only useful thing I could obtain from my Unversity is a Cisco client configuration file that I could import in case I use and OS which they do not already provide the client for. From it I obtained the group name and the (encrypted) password. So with the help of this guide and after some guessing regarding the authentication and hashing methods, I managed to setup up the IPSec tunnel using hybrid authentication (group pwd + xauth). Here are the ipsec configuration file and the log file. All seems fine and my resolv.conf is modified to include the DNS servers of the University. Next, I tried to configure xl2tp but I am receiving the following error when I start the tunnel (after the IPSec tunnel is on):

```
udp_xmit failed to 130.102.1.190:1701 with err=-1:Operation not permitted
```

Here's the configuration file for xl2tp, the ppp options file and the full log of starting the L2TP tunnel. Any ideas?Last edited by AaylaSecura on Mon Aug 24, 2015 1:42 am; edited 1 time in total

----------

## CrankyPenguin

You might try openconnect.  My institution has a slightly different setup but is still purely Cisco based.  I found the closed source client was able to connect but was so slow as to be unusable.  By contrast openconnect worked well right out of the box.

----------

## AaylaSecura

 *CrankyPenguin wrote:*   

> You might try openconnect.  My institution has a slightly different setup but is still purely Cisco based.  I found the closed source client was able to connect but was so slow as to be unusable.  By contrast openconnect worked well right out of the box.

 

Thanks for replying. That is a fairly old topic and some time after I posted I actually found out about vpnc, which is specifically for Cisco servers and it works brilliantly (I especially like the fact it handles the set up of additional routes and it supports hooks that allow you to give it all the info about what routes you want it to set up). I just forgot to edit my post and mark it as solved, my bad.

----------

