Thursday, September 07, 2006

No Cisco Clean client

Here at McMaster they introduced a new annoyance called cisco clean access. Basically it's spyware that scans for other spyware (fantastic!). However not many here at McMaster are aware that you can technically connect to the internet without any additional software.

On Windows XP all you need to do is connect to openport.mcmaster.ca via a PPTP tunnel, this method is still confirmed to work.

Linux users also can avoid installing cisco drivers and go with a standard vpn that supports pptp passthrough.

Encryption will be up the the user, and the whole connection is slightly less secure then IPSec but hey your just checking your email right?

EDIT: Ok I was asked to provide more specific instructions so here goes:
1. attempt a wireless connection to verify you get an ip and are on the Mac wifi
2. XP users click start "connect to", win 2000 users click networking.
3. Add a new connection select "connect to network at my workplace" (hit next)
4. Choose "Virtual Private Network connection" (hit next)
5. Call this "McMaster Openport"
6. If the next screen presents you with "Dial an inital connection" select "no connection".
7. In the hostname section enter: "openport.mcmaster.ca" (without the quotes)
8. hit finish.

Your username should be your MACID, your password should be your MACID pass if you have problems check that your connected to mac wifi first as this will not work off campus.

Additional considerations (security)
Without the cisco clean access client you are running a more insecure network so it might be a good idea to turn off a few features like file sharing if all you need is internet. To do this goto your "McMaster Openport" connection right click and goto "properties". Goto the networking tab uncheck "client for microsoft networks" and "file and printer sharing"

In doing this you won't be able to share files or be able to let other's use your printers while on mac connect but this isn't something normal users want anyways. It's probably a better idea to upload your files for pickup anyways.

Unfortunately UTS will block you if you use any ports that viruses spread from such as RPC ports so it's up to you to keep your machine virus free.

No comments: