Kali linux cisco vpn

heatzync / HOWTO.md

This HOWTO explains connecting to a VPN gateway over IPSec in «cert auth mode» utilizing the Cisco VPN client. The «cert auth mode» refers to the terms used in the vpnc man page, i.e. server + client certificates. The «cert auth mode» has not been implemented for vpnc, otherwise we would just use vpnc and avoid the headache that follows. openconnect is another alternative, but it does not support IPSec, only HTTPS/SSL. This HOWTO is written with the aim to provide a single document to describe all the steps required, instead of having to search many different things on the Internet.

This HOWTO was written from the perspective of an openSUSE 12.1 user, running a 3.1.10-1.9-desktop x86_64 kernel. The author does not claim to be an expert on any terms used, so if you find a mistake then please submit a patch.

Get the certificate provided by CompanyA

The company we are trying to connect to should provide us with some sort of a certificate, e.g. certificate.pfx. This type of certificate is a PKCS12 certificate which bundles the CA certificate for server authentication, the client/user certificate as well as the primary key. Save it somewhere on disk, e.g.:

Install and prepare kernel-source for our linux distro

In order to «compile» (Cisco calls it «install») the Cisco IPSec kernel module (see later section) we need the kernel sources for our distro. In openSUSE 12.1 do the following:

sudo zypper install kernel-source 

Make sure the version that will be installed is the same as the version we are currently running:

When the kernel-source has been installed, execute the following as root:

cd /usr/src/linux- make cloneconfig scripts prepare ln -s /usr/src/linux--obj/x86_64/desktop/Module.symvers 

Download, patch and install Cisco VPN client

Now that the kernel-source has been installed we can download, patch and install the Cisco VPN client with the following steps (as root):

cd /usr/local wget http://hlavki.eu/download/vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz tar -xvzf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz cd vpnclient wget http://www.fseitz.de/download/vpnclient.patch-2.6.38 wget https://nowhere.dk/files/vpnclient_linux3.0.diff patch < vpnclient.patch-2.6.38 patch < vpnclient_linux3.0.diff ./vpn_install 

Remember to specify the kernel-source directory as /usr/src/linux-.

The module will be installed to /lib/modules//CiscoVPN/cisco_ipsec.ko.

Start the Cisco VPN daemon

The Cisco VPN client installation suggests starting the vpncclient_init service, so do it:

sudo /etc/init.d/vpnclient_init start 

insmod: error inserting '/lib/modules//CiscoVPN/cisco_ipsec.ko': -1 Invalid module format 

then (1) we compiled/linked the module with the wrong kernel-source or (2) we forgot to symlink the Module.symvers file. We will have to repeat some of the steps above.

Import provided certificate for use with Cisco VPN client

The provided PKCS12 certificate should now be imported. The following commands can be used (as root):

cd /opt/cisco-vpnclient/bin ./cisco-cert-mgr -U -op import 

Supply the certificate filename, e.g. /tmp/certificate.pfx as well as the password with which the certificate is locked/encrypted. Next, enter a password that we will easily remember.

View the imported certificate:

and provide the number of the corresponding certificate when asked. The certificate information will be displayed. Take note of the "Subject" and "Serial #" fields as they will be required in the next step.

Configure Cisco VPN client

Configure a profile for connecting to CompanyA. Let's call the profile "CompanyA". As root:

cp /etc/opt/cisco-vpnclient/Profiles/sample.pcf /etc/opt/cisco-vpnclient/Profiles/CompanyA.pcf 

and change the following properties as follows:

Description= Host= AuthType=3 CertStore=1 CertSubjectName= CertSerialHash=

The moment of truth has arrived. To connect to the VPN of CompanyA, simply execute:

vpnclient connect CompanyA 

assuming /usr/local/bin is in our PATH.

When prompted, provide the certificate password we chose in a previous step as well as our unique username and password that should also have been provided by CompanyA. We should now be connected.

Источник

How To Install openconnect on Kali Linux

In this tutorial we learn how to install openconnect on Kali Linux.

What is openconnect

OpenConnect is an SSL VPN client initially created to support Cisco’s AnyConnect SSL VPN. It has since been extended to support the Pulse Connect Secure VPN (formerly known as Juniper Network Connect or Junos Pulse) and the Palo Alto Networks GlobalProtect SSL VPN.

A corresponding OpenConnect VPN server implementation can be found in the ocserv package.

There are three ways to install openconnect on Kali Linux . We can use apt-get , apt and aptitude . In the following sections we will describe each method. You can choose one of them.

Install openconnect Using apt-get

Update apt database with apt-get using the following command.

After updating apt database, We can install openconnect using apt-get by running the following command:

sudo apt-get -y install openconnect 

Install openconnect Using apt

Update apt database with apt using the following command.

After updating apt database, We can install openconnect using apt by running the following command:

sudo apt -y install openconnect 

Install openconnect Using aptitude

If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Kali Linux. Update apt database with aptitude using the following command.

After updating apt database, We can install openconnect using aptitude by running the following command:

sudo aptitude -y install openconnect 

How To Uninstall openconnect on Kali Linux

To uninstall only the openconnect package we can use the following command:

sudo apt-get remove openconnect 

Uninstall openconnect And Its Dependencies

To uninstall openconnect and its dependencies that are no longer needed by Kali Linux, we can use the command below:

sudo apt-get -y autoremove openconnect 

Remove openconnect Configurations and Data

To remove openconnect configuration and data from Kali Linux we can use the following command:

sudo apt-get -y purge openconnect 

Remove openconnect configuration, data, and all of its dependencies

We can use the following command to remove openconnect configurations, data and all of its dependencies, we can use the following command:

sudo apt-get -y autoremove --purge openconnect 

References

Summary

In this tutorial we learn how to install openconnect using different package management tools like apt, apt-get and aptitude.

Источник

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Cisco VPN Client with patches for Kali Linux

forjok/Kali-Cisco-VPN

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README

====================================================== ====================================================== This script is to install the Cisco VPN client for linux on the Kali distrobution. This is all licensed under the GPLv3 and is maintained by James Luther. Recently during a pentest I had to connect to the systems that were being tested by using a Cisco VPN which only supported certificate based authentication. This normally isn't an issue but I use a custom build of Kali during penetration tests unless we find something specific that we want to target which then we move on to one of the special/specific linux builds. Either way I couldn't vpn from the pentesting workstation. Initially I used proxychains to make my tools available then I broke down and did this. I certainly hope it saves some of you time and effort. Enjoy! ======================================================= WARNING!! ======================================================= If you are running a 64 bit version of Kali you must install ia32-libs! If you don't install this you will receive a "No such file or directory" error when attempting to run the vpnclient or any of the newly installed cisco software. There is an additional script in the folder downloaded from git repo that does this for you. It is named 64-Bit. This will be incorporated into the installer script in newer versions. Until then it needs to be ran manually. ======================================================= Installing Cisco VPN Client in Kali ======================================================= 1. Clone this repository on your local machine. 2. Run VPN-Installer script. 3. Import user certificates. 3a. The only certificate needed is the DS p12 3b. Certificates are imported using: cisco_cert_mgr -U -op import Follow the onscreen instructions from there. 4. Copy your connection profile from a windows machine. 4a. Profile connections are stored: C:\Program Files (x86)\Cisco Systems\VPN Client\Profiles 4b. Copy the connection profile to the Profiles location on Backtrack /etc/opt/cisco-vpnclient/Profiles/ 4c. You can also create your own. I'm not going into that though. 5. Edit your Profile Configuration File (.pcf) to show the certificate store used in linux. 5a. vi /etc/opt/cisco-vpnclient/Profiles/xxxxx.pcf 5b. The field "CertStore=2" needs to be changed to "CertStore=1" 6. Verify all certificates are installed correctly. 6a. cisco_cert_mgr -U -op verify Follow the on screen instructions and verify all imported certificates cisco_cert_mgr -R -op verify Again, follow the on screen instructions and verify all imported certificates 7. Start the vpn service 7a. /etc/init.d/vpnclient_init start 8. Connect the vpn 8a. vpnclient connect xxxx 

About
Cisco VPN Client with patches for Kali Linux
Источник
Cisco VPN Client on Kali Linux
I’m not going to make this a long winded post as the only change in this process is switching from Backtrack to Kali. Well, let me get into it before I just stop here.
Recently I came across an issue where I needed to be able to connect to a Cisco VPN using certificate authentication from my Kali box. I previously used Backtrack which is why I originally did this work. Usually I just use vpnc and go about my day but this time I couldn’t because this vpn was configured for only certificate based authentication. After searching for quite some time on installing the vpnclient software from Cisco I realized the software was last built for the 2.6.24 kernel. This isn’t helpful as Kali uses the 3.7 kernel. Needless to say this made life pretty painful. I have patched the most recent release of the Cisco vpnclient and have written a bash script to run the installation so hopefully nobody else has to deal with my pain. The following steps get it installed for you:
1. Download the files from my github by either going to the site and downloading or just running a git clone. (git clone https://github.com/captainhooligan/Kali-Cisco-VPN.git).
2. Change to the Kali-Cisco-VPN directory that was created during the git clone process and verify you have all the files listed in the git repo.
3. Now is where we start setting up the VPN! Here we run the VPN-Installer script with ./VPN-Installer and follow the on screen instructions. There are only a few questions that are asked. Locations can easily be left default. The part that I change from default is when asked whether or not the service for the vpnclient is to start automatically on boot. I choose No because I prefer to manage it myself.
From here everything is pretty self explanatory for the installation.
4. Once the installation is completed there is an additional step for those of us that use 64 bit versions of Kali. If you notice in the original Kali-Cisco-VPN folder there was a file named 64-Bit. Run this with ./64-Bit and all of the missing libraries and all other requirements to run the vpnclient will be installed.
5. Now that we have everything installed the rest is just configuration. In the README file it goes into everything you need to do. If you need more guidance when it comes to this check out the BT5-Cisco-VPN post which has screenshots guiding through the configuration.
Источник