1. Home
  2. Cisco Systems
  3. API for Ciscpo VPN client?

API for Ciscpo VPN client?

Hello,

I'm not a regular here, but I've searched the archives and haven't found what we need. Maybe I'm looking for the wrong thing?

We have a number of database applications that connect to a database server over a VPN connection. We use Cisco VPN clients and the database is an IBM UniData product that runs on AIX. Locally, we use a mix of Windows and Linux. The VPN client works fine for our query prompt to UniData, which involves users sitting at the console running UniQuery statements by hand.

We also have a large volume of queries that run in the off hours with Perl scripts. These scripts use expect to connect via the Cisco VPN client. For reasons that I won't go into, we are in the process of rewriting the Perl scripts as Java. We have used a Java class, ExpectJ, which mimics Unix Expect, except it doesn't return the status codes, which creates a problem.

Question: does the Cisco VPN client have an API that I can use to programatically connect via Java? If so, where can I obtain the appropriate libraries or class files?

Thanks, CC.

Reply to
cartercc
Loading thread data ...

You may have some reasons to do it that way, but IMHO that is a horrible solution. Why don't you get a VPN box (the ones from Linksys are pretty cheap), create a VPN tunnel hardware-to-hardware and use regular non-encrypted TCP/IP communications?

That's the way all businesses do it. You don't even need to worry about passwords and all communication between the two sites are automatically encrypted without user's knowledge or intervention.

Are you under the impression that the only way to perform VPN is from a software client to a hardware box?

-Ramon

Reply to
Ramon F Herrera

In Cisco VPN client Q & A:

formatting link
Q. How do I access information regarding the Cisco VPN Client API? A. Examples and documentation pertaining to the API can be found in the Download area for the Cisco VPN Client on Cisco.com.

--john

Reply to
John

Thanks for your suggestions.

Unfortunately, this is my first experience with setting up a VPN connection, and my only previous experience has been either invoking the CPN client to establish a connection, and using Perl and expect to hack a connection. I actually have no real objection to using expect, but in practice, the DB folks at the other end keep changing the interface, so it's not unusual to come in in the morning and find all your processes failed, and then the data entry people drinking coffee and smoking cigarettes until the downloads complete, not getting the work done.

CC

Reply to
cartercc

CC:

You have two entirely separate problems to solve: (1) the encrypted tunnel and (2) your regular day-to-day process. In this forum, I will only advice you on problem (1).

With a small investment you can make the first problem go away entirely, without having to spend resources in API programming/ maintenance. Once you set up the VPN tunnel with the company(ies) at the other end, you will never have to worry about it. You will end up connecting two networks, as opposed to one PC on your side to the remote network. Any machine in you side will be abe to connect to any machine in the remote end with no encrypting software. All you will need is to add a route: "this is the way to company example.com".

I would suggest an entry level VPN box from Cisco. If you are really short on funds get a Linksys (company owned by Cisco).

Or, even better...

The ASA-5500 (the cheapest one, about the size of a book) is simply amazing. A few months ago I tried to get one all over the Internet but it was sold out months in advance. In addition to VPN it has firewall (PIX) and malware checking with a very decent GUI (or CLI), all for about $500. I used to pay for that several grand.

-Ramon

Reply to
Ramon F Herrera

formatting link

It also has a command line method of connecting - vpnclient connect - you could just execute a batch file at the right time to connect and then another one to disconnect when finished - Can you run external commands from your Java App?

Reply to
Martin

Yes, we use the connect comand. I have copied below part of the VPN class with methods open(), close(), and checkVpnStat(). You can see that we run the command 'vpnclient connect and pass the username, password, and profile.

We run the VPN in one thread and the query and FTP processes in a second thread, using a synchronized shared object where we set boolean variables isConnected and isFinisted, calling checkVpnStatus(), open(), and close() according to the value of isConnected and isFinished. If checkVpnStatus returns false, we connect and run our queries, all is well. However, if checkVpnStatus returns true, the VPN thread should notify and wait, but it hangs, and the query thread never executes.

It appears that hardware solution is out. This is a management decision that I cannot overrule.

CC

-----------code below---------------

private static final String COMMAND = "/usr/local/bin/vpnclient"; ... public void open() throws expectj.ExpectJException { try { String command = COMMAND + " connect " + pr; SpawnedProcess sp = exp.spawn(command); sp.expect("Username"); sp.send(un + "\\n"); if (sp.isLastExpectTimeOut()){ System.err.println("Did not match"); System.exit(1); } sp.expect("Password"); sp.send(pw + "\\n"); sp.expect("Do you wish to continue"); sp.send("y\\n"); } catch(Exception e) { System.out.println(e); } }

public boolean checkVpnStat(String s) { String arg = s; boolean statTest = false; try { String command = COMMAND + " stat"; SpawnedProcess sp = exp.spawn(command); statTest = sp.blnExpect(arg,20L); } catch (Exception e) { System.out.println(e); } return statTest; }

public void close() throws expectj.ExpectJException { try { String command = COMMAND + " disconnect"; SpawnedProcess sp = exp.spawn(command); } catch(expectj.ExpectJException e) { System.out.println(e); } }

Reply to
cartercc

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.