Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Jun 12, 2010, 02:56 PM   #1
darkplanets
macrumors 6502a
 
Join Date: Nov 2009
VPN shared secret? [Solved]

Hey guys, a quick question.

I'm trying to set up a VPN connection in SL to my schools servers to use smb to grab my on-campus directory, but I'm running into a bit of a snafu. Under SL I have the options of L2TP over IPSec, or Cisco IPSec; I know multiple VPN server addresses for my school, my login credentials, and the group name-- the problem I'm having is the shared secret or certificate. The issue here is that the documented VPN support is through two Cisco VPN clients, AnyConnect and VPNClient, neither of which I care to run, especially given the built in VPN support for SL. They both come pre-configured.

My school's IT department is of no help; I've had zero responses to date from them. I was wondering if it was possible to grab the shared secret from these pre-configured programs, and if so, how? I've done some poking around but I haven't found anything yet. If it's certificate based, could I just go into Keychain and move some certificates around?

Last edited by darkplanets; Jun 22, 2010 at 01:35 PM. Reason: Problem solved
darkplanets is offline   0 Reply With Quote
Old Jun 12, 2010, 11:21 PM   #2
belvdr
macrumors 68040
 
Join Date: Aug 2005
Those secrets are in encrypted form in the profiles. The IT department is acting smart here and not handing that information out.
belvdr is offline   0 Reply With Quote
Old Jun 13, 2010, 01:27 AM   #3
darkplanets
Thread Starter
macrumors 6502a
 
Join Date: Nov 2009
While that would normally be the case; this VPN is available to over 40,000 people; there's not too much secret and safe-keeping done here. Case in point;
the VPN I'm trying to connect to is the public, unknown shared secret VPN, set up by the IT department. The VPN's set up for each department individually all have publicly shared shared secrets, posted on the web. They're even obvious too; the Ag one is AgVPN, etc. I mean if they were secretive about ALL VPN's, then I would be understanding, but this VPN is really much less sensitive than the departmental ones, and set up by the same people. It doesn't make sense to go public on all the important ones and hush hush over the public one...

Not to mention; in the one application they give more specific details about the network, like the mode, protocol, cipher, and secure routes (Ip's and subnets). If you can get all this... why not the shared secret?
darkplanets is offline   0 Reply With Quote
Old Jun 18, 2010, 04:21 PM   #4
Chris.L
macrumors 6502a
 
Chris.L's Avatar
 
Join Date: Jan 2009
Location: UK
If you can get the profile there are ways to decrypt the secret, but there is nothing wrong with the Cisco VPN client
__________________
New to forums?
Chris.L is offline   0 Reply With Quote
Old Jun 21, 2010, 11:52 AM   #5
CaliJ177
macrumors newbie
 
Join Date: Jun 2010
IPSec VPN's can are a tricky beast to troubleshoot.

Any idea what kind of headend device your school uses to terminate the VPN connection? It might be worth trying the clients you school has made available.

In my expirences I have only been able to connect to Cisco VPN's with the built-in SL client if the terminating headend device was a ASA firewall. I am not sure if any of the newer routers would work with the SL client.

If the headend device was a older Cisco router or a VPN concentrator I had to use an older Cisco IPSec client program.

*Edit*

Here is the version number / name of the VPN client software I have used that will connect to older Cisco equipment. It was the last one made before the integrated SL client.

vpnclient-darwin-4.9.01.0180-universal-k9

Last edited by CaliJ177; Jun 21, 2010 at 02:09 PM. Reason: Update to include filename of vpn client
CaliJ177 is offline   0 Reply With Quote
Old Jun 22, 2010, 01:34 PM   #6
darkplanets
Thread Starter
macrumors 6502a
 
Join Date: Nov 2009
While I have no idea which headend device my school uses to terminate the VPN connection, i had tried the clients my school had made available, Cisco EasyConnect and Cisco VPNClient, and was not impressed with either. Not to mention the fact that the integrated aspect into the operating system preferences is a really nice feature to have.

Instead of hacking/decrypting the profile to get the shared secret (since I had the cypher), I instead chose to try logical shared secrets first, and viola, I got it. This was later confirmed by the schools IT department, which in their infinite wisdom responded to my inquiry two weeks later

Long story short, it appears as if my school has multiple VPN servers; vpn., webvpn., ipsec., l2tp., and one for every department as well (vpn.department.edu). I'm pretty impressed. I have both the Cisco Ipsec shared secret as well as the L2TP shared secret, and have chosen to use the L2TP configuration under SL. It works without a hitch, and I can route all my traffic through it or just the SMB connection; its rather nice. The Cisco Ipsec option also works under SL, obviously I just have to use the Ipsec selector when making a new profile instead of L2TP. Both work, but I really just trust L2TP over Ipsec more than CIsco Ipsec, simply because I'm not a huge fan of Cisco
darkplanets is offline   0 Reply With Quote
Old Jun 23, 2010, 08:43 AM   #7
belvdr
macrumors 68040
 
Join Date: Aug 2005
Quote:
Originally Posted by darkplanets View Post
Both work, but I really just trust L2TP over Ipsec more than CIsco Ipsec, simply because I'm not a huge fan of Cisco
You're still using IPsec. It's a standard, not proprietary Cisco.

Whether it's L2TP or not makes no difference really. I'd connect to both and see what encryption is used. Whichever has the stronger encryption, that's the one I'd choose. If they are both using the the same encryption method, I'd go for IKE/IPsec. I was never a big fan of L2TP/PPP tunnels personally, and you never see them in site-to-site (i.e. lan-to-lan) tunnels.
belvdr is offline   0 Reply With Quote
Old Jun 24, 2010, 10:11 AM   #8
darkplanets
Thread Starter
macrumors 6502a
 
Join Date: Nov 2009
Yeah, I was really being sarcastic about the Cisco comment, hence the glasses

All of the methods provided have the same encryption method, so its really pick and choose for me; any of the provided works. The nice thing is if I want to switch methods its nice and easy, just a profile change.
darkplanets is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
General: Secret folder/Secret app jjk454ss Jailbreaks and iOS Hacks 2 Jan 7, 2014 11:21 AM
Connecting to shared drive through VPN lambja OS X 5 Oct 19, 2013 10:25 AM
VPN services: The explain the difference technology between ONSPEED and Strong VPN. animatedude OS X 0 Nov 7, 2012 07:55 PM
VPN + VPN + MS Remote desktop connection only with 1 Mac PtiGuily Windows, Linux & Others on the Mac 0 Oct 15, 2012 11:27 AM

Forum Jump

All times are GMT -5. The time now is 09:02 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC