How to setup Cisco VPN using VPNC Ubuntu Jaunty (9.04)
Sponsored Link
Let’s begin and follow the steps exactly replacing your own pcf file:
Open terminal and run the following commands
* Create a directory
mkdir vpnclient
Change to that directory:
cd vpnclient
* Download cisco-decrypt file which will be used to decrypt the group password from your pcf file:
wget http://www.debuntu.org/files/cisco-decrypt.c
sudo apt-get install libgcrypt11-dev
gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config
--
libs--
cflags)
chmod +x cisco-decrypt
sudo cp cisco-decrypt /usr/bin
* Download pcf2vpnc to convert pcf files in vpnc configuration format
wget http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc
chmod +x pcf2vpnc
sudo cp pcf2vpnc /usr/bin
* Go to windows vpn profiles directory and convert .pcf files to .conf files
pcf2vpnc cisco.pcf > cisco.conf
Note:replace above cisco.pcf with your own .pcf file.
sudo cp cisco.conf /etc/vpnc/
* install vpnc and connect to vpn
sudo apt-get install vpnc resolvconf
sudo vpnc cisco
Enter username for <vpn> :
Enter password for <vpn>:
VPNC started in background (pid: 6092)...
* To disconnect simply do
sudo vpnc-disconnect
After your VPN has been established then connect to your remote desktop
Go to Applications >> Internet >> Terminal server client
Or
In terminal run
tsclient
Credir goes here
Using the network-manager-vpnc package and doing all this through network manager makes things work much smoother. It even works better and integrates better than the windows client.
vpnc don’t work with certificates. 🙁
I’ve did the above in a much easier way using Network Manager 0.7 (I installed it from the PPA on my Hardy, but it’s available by default on Intrepid and Jaunty):
1- Install vpnc
2- Right-click the network manager icon and click “Edit Connections”
3- Select the “VPN” tab
4- Click the “Import” button to import the .pcf file
5- Use the following URL to decrypt your group password: http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode, note that the group password is found encrypted inside the .pcf file by opening it with any text editor.
6- Now that the setup is complete, just left-click the network manager icon and click “VPN Connections” and there you go :).
vpnc with certificates works
sudo apt-get install libgcrypt11 libgcrypt11-dev libssl-dev libssl0.9.8 vpnc resolvconf
wget http://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-0.5.3.tar.gz
tar xzvf vpnc-0.5.3.tar.gz
cd vpnc-0.5.3.tar.gz
edit Makefile – uncomment these 2 line:
#OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
#OPENSSLLIBS = -lcrypto
save changes
sudo make
test the executable: sudo ./vpnc –version
will display Supported Auth-Methods – psk psk+xauth hybrid(rsa)
backup the orignal vpnc – sudo cp /usr/sbin/vpnc /usr/sbin/vpnc-orig
copy the new exectuable
sudo cp vpnc /usr/sbin/
follow the main article instructions to create the configuration file
get the rootcert from your system administrator. In some cases it is embedded in the cisco vpnclient install file – in this case on windows run the setup to only where it extracts the files to a temporary directory then stop the install – copy the rootcert file to /etc/vpnc/
modify the new vpnc conf file you created:
add the following lines:
IKE Authmode hybrid
CA-File /etc/vpnc/rootcert
test the configuration:
sudo vpnc {filename}.conf
Bob, I followed your instructions for the certificates, and I keep getting:
vpnc: Error loading the CA file or directory
I added .crt extention, I remmed out the CA-File entry in the .conf file and added –ca-file rootcert and even –ca-dir /etc/vpnc to overwrite the default folder, among other changes in a futile attempt to make it work, all to no avail.
What am I missing?
More: I converted my rootcert.crt file to a pem file, and now I’m getting:
vpnc: Error verifying the certificate-chain
Any ideas?
you can run vpnc in debug mode – might get more info:
vpnc –debug 99 {conf file}
Did your system administrator supply you with the rootcert or did you get it from the cisco vpnclient install file? Who issued the certificate – Thawte, Verisign..?
Another option if your company supplies a version of the Cisco VPNClient for Linux is to install it then test that the connection works properly – if it does then use the rootcert from that install file
Never mind. My problem was that the certificate was in a weird format from some of the tests and changes I made. I grabbed the original one and tried again, and I got the same error above about the certificate-chain, so I went in the file and removed the carriage return characters (^M) manually, and left everything else alone, and that worked for me.
Thank you,
Pablo
What do I log in with?
I have a USERNAME & PASSWORD, and the Decrypted GROUP PASSWORD.
Which of the two do I put in the dialog box?
They both ask for passwords, and not username.
I’ve always used Shrew Soft VPN (ike in Synaptics) fro Cisco VPNs. It is much easier to configure and IMHO is more robust/stable.
Works so smooth….Thanks now I can connect seamlessly….
Considering I am new to Linux…but old to Unix…works like a charm
Works great!
I’m a linux disaster, but I like to keep trying and experimenting to see if I can do the things I’m used to do on windows on linux.
To get this working really helps to do more with linux and less with windows.
Thanks!
smooth.
Thanks!
I have a rootcert and a certificate which I have exported from windows. It was possible to import them in cisco-vpn.
Now using vpnc where we have to store them?
should both be stored in /etc/vpnc ?
I am using ubuntu hardy ( 8.042)
Actually cisco vpn rewrites the /etc/resolvconf. Therefore I want to try vpnc
Thanks very much. This is much more stable than the “network manager” method. The “network manager” is one of the first things I uninstall from my system, because it causes too many dropouts, so I was happy to find this command line method.
This is useless for client cert authentication:
server + client certificate (not implemented yet)
thanks to you. this is the only configuration that finally worked for me
i am using karmic alpha 6. i can connect remotely to my machines. thanks a lot.
Thank you! Worked exactly as described.
I am running into following issue,
expected xauth packet; rejected: (ISAKMP_N_PAYLOAD_MALFORMED)(16)
Any idea? I am using Ubuntu 9.04 and usb modem using wvdial.
Thanks
Sachin
Works like a charm. As stated above once you have the decrypted group password you can use the Network Mangler applet to connect; it’s kinda sexy but I always a term or three open anyway.
I did exactly what the how to says and when I run the sudo vpnc cisco karmic returns the following error
vpnc: Error binding to source port. Try ‘–local-port 0’
Failed to bind to 0.0.0.0:500: Address already in use
Please help
I did eaxctly as the how to says but when i run the sudo vpnc cisco the karmic returns the following error
vpnc: Error binding to source port. Try ‘–local-port 0’
Failed to bind to 0.0.0.0:500: Address already in use
Please help
nevermind I found it, I
just used the command
sudo vpnc cisco –local-port 0
Thank you!!
awesome. Worked like a charm on Jaunty. None of the network manager, default keyring and the other unrelated crappy problems… great !
You guys are geniuses. You really saved my butt.
Was on vacation and needed to login to work using a Ubuntu machine. This howto helped me a lot.
Thanks
Moonshiner
I’ve followed the instructions to the letter and after running vpnc. I keep getting prompted for the password?
I’ve confirmed the remote credentials are correct?
What next?
-Russel
I am green hand with Linux, and I followed exactly the steps told.
when, under the folder where cisco.pcf lives, I execute
I get the following erro
decoding input: No such file or directory
Can suggest what’s wrong?
thanks a lot
Matthew
I’m getting the same error as Matt. Using latest Ubuntu 10 b1
Tj – I had the same error, but the file had been created ok and worked. For me it was a red herring!
I’m able to connect properly but I can’t see anything on the network. It works fine in windows and I can ping the IP 172.21.90.102, but I can’t in Ubuntu 10.
Netstat for windows gives this:
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.103 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.21.90.102 255.255.255.255 192.168.150.177 192.168.150.177 1
192.168.2.0 255.255.255.0 192.168.2.103 192.168.2.103 20
192.168.2.15 255.255.255.255 192.168.2.103 192.168.2.103 1
192.168.2.103 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.103 192.168.2.103 20
192.168.150.177 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.150.255 255.255.255.255 192.168.150.177 192.168.150.177 20
207.195.60.25 255.255.255.255 192.168.2.1 192.168.2.103 1
224.0.0.0 240.0.0.0 192.168.2.103 192.168.2.103 20
224.0.0.0 240.0.0.0 192.168.150.177 192.168.150.177 20
255.255.255.255 255.255.255.255 192.168.2.103 192.168.2.103 1
255.255.255.255 255.255.255.255 192.168.150.177 192.168.150.177 1
Default Gateway: 192.168.2.1
===========================================================================
Ubuntu gives this:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.21.91.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
207.195.59.25 192.168.2.1 255.255.255.255 UGH 1500 0 0 eth0
192.168.150.177 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
172.21.90.3 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
172.21.90.102 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
Is there something I need to do to fix this?