At work we have to use a Cisco VPN to connect to a GNS3 Server for some training. Since the Cisco VPN Redirects all network traffic into the VPN it is not possible to use any other tool while connected to the VPN which is not very useful.
To get around this issue, I use Linux Network Namespaces to connect the VPN.
Preparation
Make sure that the vpnc package is installed.
sudo apt install vpnc
I’ve got a VPN-GNS3.pcf file as VPN Configuration; this can be
easily converted to a vpnc Config with
pcf2vpnc VPN-GNS.pcf VPN-GNS.conf
Setup the VPN
I’ve got a VPN-GNS3.pcf file as VPN Configuration; this can be
easily converted to a
Create the network namespace and start the loopback
sudo mkdir -p /etc/netns/vpn-gns3
sudo cp /etc/resolv.conf /etc/netns/vpn-gns3
sudo ip netns add vpn-gns3
sudo ip -n vpn-gns3 link set dev lo up
Setup a virtual ethernet network between the root network namespace
(NS) and the new vpn-gns3 NS. The network uses the RFC1918 Adress
Range 192.168.234.224/28, the root NS gets the ip address
192.168.234.225 and the vpn-gns3 NS get the ip address
192.168.234.234.
sudo ip link add veth0 type veth peer name veth0_1
sudo ip link set dev veth0_1 netns vpn-gns3 name eth0
sudo ip link set dev veth0 up
sudo ip addr add 192.168.234.225/28 dev veth0
sudo ip -n vpn-gns3 link set dev eth0 up
sudo ip -n vpn-gns3 addr add 192.168.234.234/28 dev eth0
sudo ip -n vpn-gns3 route add default via 192.168.234.225
Make sure that the traffic from the NS vpn-gns3 is NATed behind the
outbound interface IP Adress
sudo iptables -t nat -A POSTROUTING -s 192.168.234.224/28 ! -d 192.168.234.224/28 -j MASQUERADE
Start the VPN in the NS vpn-gns3
sudo ip netns exec vpn-gns3 vpnc ./GNS-VPN.conf
and finaly start the GNS3 in NS vpn-gns3
sudo ip netns exec vpn-gns3 sudo -u steve gns3
Shutdown the VPN
to cleanup after use:
sudo ip netns exec vpn-gns3 vpnc-disconnect
sudo ip netns del vpn-gns3
sudo ip link del dev veth0
sudo iptables -t nat -D POSTROUTING -s 192.168.234.224/28 ! -d 192.168.234.224/28 -j MASQUERADE
have fun!