How to setup Cisco VPN using VPNC Ubuntu Jaunty (9.04)

Sponsored Link
This guide is for ubuntu users who want to connect to Cisco VPN. We will be using VPNC (it is in ubuntu 9.04 repo). This guide assumes you have profile file in .pcf format (we will use cisco.pcf as an example here).

Let’s begin and follow the steps exactly replacing your own pcf file:

Open terminal and run the following commands

* Create a directory

mkdir vpnclient

Change to that directory:

cd vpnclient

* Download cisco-decrypt file which will be used to decrypt the group password from your pcf file:

wget http://www.debuntu.org/files/cisco-decrypt.c

sudo apt-get install libgcrypt11-dev

gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)

chmod +x cisco-decrypt

sudo cp cisco-decrypt /usr/bin

* Download pcf2vpnc to convert pcf files in vpnc configuration format

wget http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc

chmod +x pcf2vpnc

sudo cp pcf2vpnc /usr/bin

* Go to windows vpn profiles directory and convert .pcf files to .conf files

pcf2vpnc cisco.pcf > cisco.conf

Note:replace above cisco.pcf with your own .pcf file.

sudo cp cisco.conf  /etc/vpnc/

* install vpnc and connect to vpn

sudo apt-get install vpnc resolvconf

sudo vpnc cisco

Enter username for <vpn> :
Enter password for <vpn>:
VPNC started in background (pid: 6092)...

* To disconnect simply do

sudo vpnc-disconnect

After your VPN has been established then connect to your remote desktop

Go to Applications >> Internet >> Terminal server client

Or

In terminal run

tsclient

Credir goes here

Sponsored Link

You may also like...

39 Responses

  1. Brett Howard says:

    Using the network-manager-vpnc package and doing all this through network manager makes things work much smoother. It even works better and integrates better than the windows client.

  2. Olly Cat says:

    vpnc don’t work with certificates. 🙁

  3. aamr says:

    I’ve did the above in a much easier way using Network Manager 0.7 (I installed it from the PPA on my Hardy, but it’s available by default on Intrepid and Jaunty):
    1- Install vpnc
    2- Right-click the network manager icon and click “Edit Connections”
    3- Select the “VPN” tab
    4- Click the “Import” button to import the .pcf file
    5- Use the following URL to decrypt your group password: http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode, note that the group password is found encrypted inside the .pcf file by opening it with any text editor.
    6- Now that the setup is complete, just left-click the network manager icon and click “VPN Connections” and there you go :).

  4. Bob says:

    vpnc with certificates works

    sudo apt-get install libgcrypt11 libgcrypt11-dev libssl-dev libssl0.9.8 vpnc resolvconf

    wget http://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-0.5.3.tar.gz

    tar xzvf vpnc-0.5.3.tar.gz

    cd vpnc-0.5.3.tar.gz

    edit Makefile – uncomment these 2 line:
    #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
    #OPENSSLLIBS = -lcrypto

    save changes

    sudo make

    test the executable: sudo ./vpnc –version
    will display Supported Auth-Methods – psk psk+xauth hybrid(rsa)

    backup the orignal vpnc – sudo cp /usr/sbin/vpnc /usr/sbin/vpnc-orig

    copy the new exectuable
    sudo cp vpnc /usr/sbin/

    follow the main article instructions to create the configuration file

    get the rootcert from your system administrator. In some cases it is embedded in the cisco vpnclient install file – in this case on windows run the setup to only where it extracts the files to a temporary directory then stop the install – copy the rootcert file to /etc/vpnc/

    modify the new vpnc conf file you created:
    add the following lines:
    IKE Authmode hybrid
    CA-File /etc/vpnc/rootcert

    test the configuration:

    sudo vpnc {filename}.conf

  5. Pablo says:

    Bob, I followed your instructions for the certificates, and I keep getting:

    vpnc: Error loading the CA file or directory

    I added .crt extention, I remmed out the CA-File entry in the .conf file and added –ca-file rootcert and even –ca-dir /etc/vpnc to overwrite the default folder, among other changes in a futile attempt to make it work, all to no avail.

    What am I missing?

  6. Pablo says:

    More: I converted my rootcert.crt file to a pem file, and now I’m getting:

    vpnc: Error verifying the certificate-chain

    Any ideas?

  7. Bob says:

    you can run vpnc in debug mode – might get more info:
    vpnc –debug 99 {conf file}

    Did your system administrator supply you with the rootcert or did you get it from the cisco vpnclient install file? Who issued the certificate – Thawte, Verisign..?

    Another option if your company supplies a version of the Cisco VPNClient for Linux is to install it then test that the connection works properly – if it does then use the rootcert from that install file

  8. Pablo says:

    Never mind. My problem was that the certificate was in a weird format from some of the tests and changes I made. I grabbed the original one and tried again, and I got the same error above about the certificate-chain, so I went in the file and removed the carriage return characters (^M) manually, and left everything else alone, and that worked for me.

    Thank you,

    Pablo

  9. What do I log in with?
    I have a USERNAME & PASSWORD, and the Decrypted GROUP PASSWORD.

    Which of the two do I put in the dialog box?
    They both ask for passwords, and not username.

  10. Sean says:

    I’ve always used Shrew Soft VPN (ike in Synaptics) fro Cisco VPNs. It is much easier to configure and IMHO is more robust/stable.

  11. Kishore says:

    Works so smooth….Thanks now I can connect seamlessly….

    Considering I am new to Linux…but old to Unix…works like a charm

  12. Chris says:

    Works great!

    I’m a linux disaster, but I like to keep trying and experimenting to see if I can do the things I’m used to do on windows on linux.

    To get this working really helps to do more with linux and less with windows.

    Thanks!

  13. Prashanth says:

    smooth.

    Thanks!

  14. chinna_saeb says:

    I have a rootcert and a certificate which I have exported from windows. It was possible to import them in cisco-vpn.
    Now using vpnc where we have to store them?
    should both be stored in /etc/vpnc ?
    I am using ubuntu hardy ( 8.042)
    Actually cisco vpn rewrites the /etc/resolvconf. Therefore I want to try vpnc

  15. chris says:

    Thanks very much. This is much more stable than the “network manager” method. The “network manager” is one of the first things I uninstall from my system, because it causes too many dropouts, so I was happy to find this command line method.

  16. marian says:

    This is useless for client cert authentication:

    server + client certificate (not implemented yet)

  17. Sayantan Das says:

    thanks to you. this is the only configuration that finally worked for me
    i am using karmic alpha 6. i can connect remotely to my machines. thanks a lot.

  18. kevin says:

    Thank you! Worked exactly as described.

  19. Sachin says:

    I am running into following issue,

    expected xauth packet; rejected: (ISAKMP_N_PAYLOAD_MALFORMED)(16)

    Any idea? I am using Ubuntu 9.04 and usb modem using wvdial.

    Thanks
    Sachin

  20. Oscar the Grouch says:

    Works like a charm. As stated above once you have the decrypted group password you can use the Network Mangler applet to connect; it’s kinda sexy but I always a term or three open anyway.

  21. kan3nas says:

    I did exactly what the how to says and when I run the sudo vpnc cisco karmic returns the following error

    vpnc: Error binding to source port. Try ‘–local-port 0’
    Failed to bind to 0.0.0.0:500: Address already in use

    Please help

  22. kan3nas says:

    I did eaxctly as the how to says but when i run the sudo vpnc cisco the karmic returns the following error

    vpnc: Error binding to source port. Try ‘–local-port 0’
    Failed to bind to 0.0.0.0:500: Address already in use

    Please help

  23. kan3nas says:

    nevermind I found it, I
    just used the command

    sudo vpnc cisco –local-port 0

    Thank you!!

  24. Nippun says:

    awesome. Worked like a charm on Jaunty. None of the network manager, default keyring and the other unrelated crappy problems… great !

  25. Moonshiner says:

    You guys are geniuses. You really saved my butt.

    Was on vacation and needed to login to work using a Ubuntu machine. This howto helped me a lot.

    Thanks
    Moonshiner

  26. Russel says:

    I’ve followed the instructions to the letter and after running vpnc. I keep getting prompted for the password?

    I’ve confirmed the remote credentials are correct?

    What next?

    -Russel

  27. Matt says:

    I am green hand with Linux, and I followed exactly the steps told.

    when, under the folder where cisco.pcf lives, I execute

    I get the following erro

    decoding input: No such file or directory

    Can suggest what’s wrong?

    thanks a lot

    Matthew

  28. Tj says:

    I’m getting the same error as Matt. Using latest Ubuntu 10 b1

  29. Jon says:

    Tj – I had the same error, but the file had been created ok and worked. For me it was a red herring!

  30. gary says:

    I’m able to connect properly but I can’t see anything on the network. It works fine in windows and I can ping the IP 172.21.90.102, but I can’t in Ubuntu 10.

    Netstat for windows gives this:
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.103 20
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    172.21.90.102 255.255.255.255 192.168.150.177 192.168.150.177 1
    192.168.2.0 255.255.255.0 192.168.2.103 192.168.2.103 20
    192.168.2.15 255.255.255.255 192.168.2.103 192.168.2.103 1
    192.168.2.103 255.255.255.255 127.0.0.1 127.0.0.1 20
    192.168.2.255 255.255.255.255 192.168.2.103 192.168.2.103 20
    192.168.150.177 255.255.255.255 127.0.0.1 127.0.0.1 20
    192.168.150.255 255.255.255.255 192.168.150.177 192.168.150.177 20
    207.195.60.25 255.255.255.255 192.168.2.1 192.168.2.103 1
    224.0.0.0 240.0.0.0 192.168.2.103 192.168.2.103 20
    224.0.0.0 240.0.0.0 192.168.150.177 192.168.150.177 20
    255.255.255.255 255.255.255.255 192.168.2.103 192.168.2.103 1
    255.255.255.255 255.255.255.255 192.168.150.177 192.168.150.177 1
    Default Gateway: 192.168.2.1
    ===========================================================================

    Ubuntu gives this:
    Kernel IP routing table
    Destination Gateway Genmask Flags MSS Window irtt Iface
    172.21.91.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
    207.195.59.25 192.168.2.1 255.255.255.255 UGH 1500 0 0 eth0
    192.168.150.177 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
    172.21.90.3 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
    172.21.90.102 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
    192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
    169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
    0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0

    Is there something I need to do to fix this?

Leave a Reply

Your email address will not be published. Required fields are marked *