Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Connecting to a VPN without installation of client software

I must sometimes write software to establish a socket with a particular server residing within a Cisco VPN. I simply write my software as if there were no VPN (making use of the standard sockets library). When it is time to run this program, I manually connect to the VPN using the client software installed on my computer, then run the program itself.

However, it would be desirable to write the software to take advantage of a specialized socket library capable of communicating over the VPN directly, without the use of any installed client software.

Here is some Java code illustrating the functionality I would like:

String vpnHost = ...;
String vpnUser = ...;
String vpnPassword = ...;
VPNConnection vpnConnection = new CiscoVPNConnection(vpnHost, vpnUser, vpnPassword);

String serverHost = ...;
int serverPort = ...;
Socket socket = vpnConnection.openSocket(serverHost, serverPort);

Is it possible to establish such a connection to a VPN without installing any client software?

like image 989
Adam Paynter Avatar asked May 22 '09 18:05

Adam Paynter


People also ask

Can I use VPN without installing software?

Browser VPN allows you to use a VPN without installing any additional Windows or macOS software. Browser VPN is the easiest way to stay secure and private online. Our VPN networks allows you to hide your true IP address and unblock content online from the moment you connect to our Free VPN servers.

How do I connect to VPN on my laptop?

Click on the Windows button, then head into Settings > Network & Internet > VPN. Click on Add a VPN connection. In the fields on the page, select Windows (built-in) for your VPN provider. Give your VPN a name under Connection name.


2 Answers

This depends on how the VPN server is configured.

Most VPN products use IPSEC, a standard protocol for encrypting TCP/IP connections. Most products also use ISAKMP, the Internet Security Architecture Key Management Protocol, also a standard, to set up the session. Source code for IPSEC and ISAKMP is readily available, and may already be installed on your system.

Now for the bad news: although everything I've already mentioned is standard, the authentication schemes that can be used with ISAKMP are almost all proprietary. The two "standard" authentication schemes are pre-shared key, and X.509 certificates. If the VPN server is configured to permit either of these then you have a chance. Otherwise, you cannot really use the VPN, as the protocol is truly proprietary and almost impossible to reverse engineer as the authentication conversation is encrypted.

A far easier path: do you really need a VPN, or is there a way you can tunnel over SSL? I think Java supports SSL; you can just create the secure socket you need and go from there.

If you know what client system you're using, then consider shelling out to invoke the Cisco VPN client for that system.

Otherwise, you'll have to replicate what a VPN client does. The VPN client performs authentication and session setup with ISAKMP, and installs the result into the kernel to create the VPN connection. ISAKMP implementations are available; you need only figure out what authentication is being used and try to set that up. At which point you will have written your own VPN client.

like image 129
d3jones Avatar answered Sep 18 '22 08:09

d3jones


I use the vpnc package on linux in order to connect to my company's Cisco VPN, since we don't have a compatible linux client. vpnc is written in c though, so you'll have to perform a port.

like image 24
Jherico Avatar answered Sep 22 '22 08:09

Jherico