May 8, 2013

shrew vpn client on Linux for Cisco Concentrator

To talk to a Cisco VPN Concentrator, one can use "vpnc" or "shrew vpn client".

My vpnc only stays up for a few hours, while on Windows the Cisco VPN client can stay up for days. So I wanted to give shrew a try.

Shrew can import Cisco .pcf configuration file. After that, a connection entry is created. However, you probably will need to modify the profile for it to work. On the "qikea" window, right click on the profile, then "Modify", go to tab "Phase 2" and make your choices instead of auto. For example, try change PFS Group to "2". This worked for many people.

If you are interested, you can try to use the tool "ike-scan" to probe your vpn server and find out exactly the parameters for this tab.

That solved my problem.

The following screenshot is a Windows screenshot, but the Linux one is very similar.

VPN Setting

I got the this tip from the following post:

