vpnc connection script to Nortel / Avaya Contivity (Netas version)

There a few pages in the Internet describing the use of the Nortel branch of vpnc which supports group password authentication used by the Contivity line of VPN products.

I got my inspiration from the fine article Foscode.com http://www.foscode.com/connect-nortel-contivity-vpn-ubuntu/

In a nutshell for Ubuntu 11.10:

sudo apt-get install libcrypt*
sudo apt-get install gnutls-bin
sudo apt-get install libgnutls-dev*
sudo apt-get install resolvconf
sudo apt-get install subversion #if you don't already have it
svn checkout http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel/
cd vpnc-nortel
make
sudo make install

Then you either modify the default.conf as follows:

IPSec gateway <gateway name or IP>
IPSec ID <groupname>
IPSec secret <grouppasswd>
NAT Traversal Mode nortel-udp
Vendor nortel
Enable Single DES
DPD idle timeout (our side) 0
Nortel Client ID V07_01
IKE Authmode gpassword
Xauth username <youruser>
Xauth password <yourpass>
Debug 3

Or you can opt to use command line options:

sudo vpnc –gateway <gateway> –id <groupid> –username <username> –natt-mode nortel-udp –enable-1des –dpd-idle 0 –debug 3 –auth-mode gpassword –vendor nortel –nortel-client-id V07_01

But mind you that with this you can not give group password or user password and have to manually enter it each time, which could be cumbersome but preferred by security concerned users.

Our Contivity server automagically sets up the required routing tables via post connection scripts so an extra local script to do all that is not needed. On the other hand the server tends to disconnect within the minute of connection hence I added the DPD idle option set to 0 (zero) as suggested at this link (although I am not 100% sure it is beneficial or not).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.