Terry : Update Security Certificate

The old certificate expired on July 1, 2010.

You'll see error like below:

[root@tux ~]# /etc/rc.d/vpnc start
:: Connecting to VPN                                                     [BUSY] Enter password for weicwang_au@hq-enc.oracle.com:
/usr/sbin/vpnc: Error verifying the certificate-chain

                                                                         [FAIL]
[root@tux ~]#

Update the certificate

ftp://obiftp.us.oracle.com/modules/unlicensed/global/ciscovpn/4.8.02.0030/vpnclient-linux-README

Starting July 2010, a new root certificate is required to communicate with the VPN gateway.
The new rootcert is provided with the latest vpnclient version, so please update your vpnclient software.

If you choose not to update, you can import the new certificate manually:

1. Download ftp://obiftp/modules/unlicensed/global/ciscovpn/4.8.02.0030/rootcert2
2. Import it on your system using 'cisco_cert_mgr -R -op import -f rootcert2'
3. Confirm the import was successfully with 'cisco_cert_mgr -R -op list' which should return 2 certificate files

For vpnc

1. Download the new certificate rootcert2
2. Edit /etc/vpnc/default.conf
3. Update the root cert path, for example /etc/vpnc/rootcert2
4. Start vpnc /etc/rc.d/vpnc start

The /etc/vpnc/default.conf looks like:

[root@tux vpnc]# cat default.conf
## generated by pcf2vpnc
IPSec ID Ora-Hybrid-Gen
IPSec gateway hq-enc.oracle.com
IPSec secret S!xhundr3dTh1rtyN!n3

Xauth username weicwang_au
Application version Cisco Systems VPN Client 4.8.0 (A):Linux
IKE Authmode hybrid
CA-File /etc/vpnc/oracle.cert

# example vpnc configuration file
# see vpnc --long-help for details

#Interface name tun0
#IKE DH Group dh2
#Perfect Forward Secrecy nopfs

# You may replace this script with something better
#Script /etc/vpnc/vpnc-script
# Enable this option for NAT traversal
#UDP Encapsulate

#IPSec gateway my.gateway.com
#IPSec ID someid
#IPSec secret somesecret
#Xauth username myusername
#Xauth password mypassword
[root@tux vpnc]#

Start/stop vpnc

[root@tux ~]# /etc/rc.d/vpnc start
:: Connecting to VPN                                                     [BUSY] Enter password for weicwang_au@hq-enc.oracle.com: 
VPNC started in background (pid: 15240)...
                                                                         [DONE] 
[root@tux ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:5B:54:ED  
          inet addr:10.187.65.196  Bcast:10.187.65.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe5b:54ed/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24673 errors:1 dropped:1 overruns:0 frame:0
          TX packets:13289 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:30481464 (29.0 Mb)  TX bytes:1204085 (1.1 Mb)
          Interrupt:19 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:280 (280.0 b)  TX bytes:280 (280.0 b)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.175.255.96  P-t-P:10.175.255.96  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1412  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

[root@tux ~]# /etc/rc.d/vpnc stop
:: Disconnecting from VPN                                                [BUSY] Terminating vpnc daemon (pid: 15240)
                                                                         [DONE] 
[root@tux ~]# 

Attachments:

rootcert2 (application/octet-stream)