VPNs, Cisco, and OS X

Although I don’t normally work from home, I really can do most of my work remotely via SSH and a few web applications we use. VPN access to the office is also available, but not strictly necessary, as I am able to access our file server if I SSH through two other machines first. It’s there for a reason though, so I figured I should set it up too just in case I need it. We’re talking about bringing our web-based ticketing system inside so it will only be accessible internally, so I’ll need the VPN for that if I want to avoid trying to tunnel HTTP across three SSH connections.

Today my boss gave me a Linksys “VPN router” to use at home if I need it. It’s what he and the other SA use when connecting to our network remotely. If I understand correctly, it’s just a router that does IPSec pass-through or whatever it’s called, not a special sort of client in itself, so I can’t imagine what it could do that my Cisco can’t. But, try as I might, I am completely unable to establish a connection just using the VPN client built into OS X on my existing network. I checked the docs and my router, a Cisco SOHO 91, lists all sorts of capabilities in this area, as most any halfway decent router will these days, but I don’t know if I have to enable something special to make it work. Googling didn’t even help much. I found lots of information on making VPN connections into a network using one of these, but no information on making outbound connections work. This leads me to believe that it should just work out-of-the-box and there’s something else going on that’s causing the problem.

I’m actually able to SSH into the VPN server (Debian running FreeS/WAN) and watch the syslog but all I got was a bunch of “ignoring vendor ID payload” and “responding to main mode from unknown peer” notices. Not knowing the first thing about VPNs or IPSec, this means nothing to me. On my side, the connection just times out. The fact that I can see myself hitting the logs on the server indicates that the problem is with the traffic getting back to my computer. I should probably try out the Linksys at some point, if for no other reason than to eliminate my router as the source of the problem if possible. There’s no way my router can’t do this, but I also don’t feel like spending hours working on something I’ll rarely have to use.

But even more, I hate the thought of polluting my network with Linksys hardware. Their products are complete garbage in my experience; I bought a Cisco so I could get away from crappy consumer-level network hardware1 and I’m not inclined to go back. I’m aware that Cisco actually bought Linksys a couple years ago, but there’s a reason they’re not putting the Cisco name on this stuff and it’s not entirely about price gouging (although that obviously is a factor).