The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cisco vpnclient

Discussion in 'General Discussion' started by inalto, Dec 20, 2007.

  1. inalto

    inalto Member

    Joined:
    Mar 27, 2004
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I have compiled the cisco vpn client on a server with cpanel, it seems that when i run the vpnclient_init service the cpanel license becomes invalid.

    My goal is to have an ipsec connection to a customer (custom) database on a windows environment, behind a cisco router. The customer asked me to use cisco vpn client.

    is ipsec or vpnclient breaking the cpanel license? if yes why?

    if i stop vpnclient_init the cpanel license become active, so i can use it for testing purposes and not on a production environment.
     
  2. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    you need to use a split tunnel in order for this to work, otherwise your outbound server traffic will go via the VPN instead of directly out
     
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Try executing this command via SSH before activating the VPN client:

    curl http://www.cpanel.net/showip.cgi

    After activating the VPN client, activate that command again. Does it show a different IP address? If so, that's why the software stops recognizing an active license. All of our licensing is done on the basis of IP address, if the primary IP address of your server changes then the IP on your license must be updated as well to ensure continued functionality of cPanel/WHM.
     
  4. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    David,

    It will be because the server is connecting out via the VPN when it is connected, by default a cisco VPN doesnt use a split tunnel (split tunnel = allowing the machine which is connected to the VPN to use its own connectivity to route traffic apart from when trying to reach LAN addresses on the VPN side) so modifying the VPN configuration will rectify this issue.
     
  5. inalto

    inalto Member

    Joined:
    Mar 27, 2004
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I have tried and the ip remains the same before and afteri run vpnclient.

    I was not precise, the service vpnclient_init is not responsible, the license problem happens when i run vpnclient connect myresource

    a cipsec0 appears.

    cipsec0 Link encap:Ethernet HWaddr 00:0B:FC:F8:01:8F
    inet addr:A.B.C.D Mask:255.0.0.0
    inet6 addr: fe80::20b:fcff:fef8:18f/64 Scope:Link
    UP RUNNING NOARP MTU:1356 Metric:1
    RX packets:19 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:26 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


    A.B.C.D is the ip that remote vpn assign to me.

    E.F.G.H and E.F.G.J are two servers i neet to reach inside the external vpn.

    Kernel IP routing table before the vpnclient connect:

    Destination Gateway Genmask Flags MSS Window irtt Iface
    ***.***.***.6 * 255.255.255.255 UH 0 0 0 eth0
    ***.***.***.4 * 255.255.255.255 UH 0 0 0 eth0
    ***.***.***.5 * 255.255.255.255 UH 0 0 0 eth0
    ***.***.***.3 * 255.255.255.255 UH 0 0 0 eth0
    ***.***.***.0 * 255.255.255.248 U 0 0 0 eth0
    169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
    default 209.51.133.1 0.0.0.0 UG 0 0 0 eth0

    Kernel IP routing table after run of vpnclient


    Destination Gateway Genmask Flags MSS Window irtt Iface
    ***.***.***.6 * 255.255.255.255 UH 0 0 0 eth0
    remotevpnserver. ***.***.***.1 255.255.255.255 UGH 0 0 0 eth0
    ***.***.***.4 * 255.255.255.255 UH 0 0 0 eth0
    ***.***.***.5 * 255.255.255.255 UH 0 0 0 eth0
    E.F.G.H A.B.C.D 255.255.255.255 UGH 0 0 0 cipsec0
    ***.***.**.3 * 255.255.255.255 UH 0 0 0 eth0
    E.F.G.J A.B.C.D 255.255.255.255 UGH 0 0 0 cipsec0
    ***.***.***.0 * 255.255.255.248 U 0 0 0 eth0
    169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
    A.0.0.0 * 255.0.0.0 U 0 0 0 cipsec0
    default ***.***.***.1 0.0.0.0 UG 0 0 0 eth0


    seems a routing problem, i will investigate how to create a split tunnel.
     

Share This Page