sycx's Blog

Nothing here.

Cisco IPSec VPN Automatic Routing Table

What’s wrong?

In PPTP/L2TP world:

  • /etc/ppp/ip-up will be run on VPN startup
  • /etc/ppp/ip-down will be run on VPN shutdown

But Cisco IPSec just ignore these files, why?

After doing some Googling, I figured out the difference:

  • PPTP/L2TP managed by pppd
  • Cisco IPSec managed by racoon

And, here is the solution

Base environment configure

  1. Backup your racoon.conf

  2. 1
    sudo cp /etc/racoon/racoon.conf{,.bak}
  3. Make a directory /etc/racoon/remote to put our custom config files

  4. 1
    sudo mkdir /etc/racoon/remote
  5. Patch racoon.conf to include our directory

  6. 1
    sudo sh -c 'echo "include \"/etc/racoon/remote/*.conf\" ;" >> /etc/racoon/racoon.conf'

Make custom vpn conf file per server

  1. Connect your Cisco IPSec VPN first

  2. racoon will create a configuration file based your vpn server’s IP under /var/run/racoon/, Copy that file to our directory

  3. 1
    sudo cp /var/run/racoon/YOUR_VPN_SERVER_IP.conf /etc/racoon/remote/
  4. Edit /etc/racoon/remote/YOUR_VPN_SERVER_IP.conf, insert two lines below:

  5. 1
    script "/etc/ppp/ip-up" phase1_up; 
    script "/etc/ppp/ip-down" phase1_down;
  6. Have fun!