Hi out there,
installing the Cisco VPN Client 4.8.00 should be no problem (just run “vpninstall” with kernel headers installed). But running it from the notebook in an insecure environment needs a host firewall on the mobile device. I love setting the default policies of a chain to “DROP”!
But the VPN Client communicates via loopback interface, and complains with
The application was unable to communicate with the VPN sub-system.
So use this ruleset for peace:
# Prepare iptables -t filter -F # Default Policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT #VPN-Client needs loopback communication iptables -t filter -A INPUT -i lo -j ACCEPT # VPN-Client needs incoming UDP stuff iptables -t filter -A INPUT -p udp -s 0/0 --sport 500 -d 0/0 --dport 500 -j ACCEPT iptables -t filter -A INPUT -p udp -s 0/0 --sport 4500 -d 0/0 --dport 4500 -j ACCEPT # General useability iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t filter -A INPUT -j REJECT --reject-with icmp-port-unreachable
BTW: The VPN Client’s traffic is NATable, no need to open special ports if ESTABLISHED,RELATED is open already.
Regards
Usn