Re: Cisco VPN config files converter

Hey Bill,

On Tue, 2005-05-24 at 15:45 -0400, Bill Moss wrote:
> Not all Cisco VPN profiles (*.pcf) files will converter. Clemson uses a 
> profile with an encrypted Group password (Secret).  The encryption is 
> suppose to provide extra security but due to a bug in an early version 
> of the Cisco VPN client, it is easy to decode the Group password and 
> obtain the Secret. Cisco will eventually plug this hole but this will 
> also break backwards compatibility of Cisco VPN clients. Cisco doesn't 
> seem to be moving too fast on this issue. Since the Secret is kind of a 
> joke now, many schools just publish their Secret and depend on username 
> and password.
> My point is for NM users at Clemson, import of a Cisco VPN profile will 
> have to be followed by a manual edit of the Secret. If the user is not 
> aware that he has to do this, then his first attempt at a VPN connection 
> may fail. So the question is how to inform the user. Should the 
> converter inform the reader that the Secret was not available?

Check out the converter again, it will either use the non-encrypted
secret, or use a script on vpnc's home page to get the clear-text secret
key from the encrypted secret key.
We might have to ask Maurice if we can move the script somewhere else if
a lot of people are going to use it, but it certainly did work in my
lame tests.


Bastien Nocera <hadess hadess net>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]