Wednesday, December 24, 2008

Cisco VPN, vpnc and Ubuntu upgrades

I get to do a little work from home here and there. And, I was happy to get my VPN account this fall with my new job. But, knowing that I usually just remote control my workstation at the office to do some of the work, I don't really need to boot into Windows to do this. After all, Ubuntu has a Terminal Server client that will support remote controlling a Windows box. I've done so at home. I had finally got the guts enough to install the Cisco VPN client on Ubuntu. I got it working and all was well with the world for some time.

Earlier this week, I ran some of the suggested Ubuntu updates, which gave me a new kernel version, now sitting at 2.6.24-22-generic. That broke the Cisco VPN client. And, I couldn't figure out why or how to fix it. I tried rebooting, reinstalling, etc. No love. It would start up the vpnclient, but would not be able to read my PCF (connection configuration thinger) file.

I did some searching and found a solution that worked for me. There is a package out there called vpnc. You can install vpnc using apt:

sudo apt-get install vpnc

Once you install it, you will need to convert your PCF file to get the host and address info it requires, You do this using pfc2vpnc. It's a Perl script. It should be installed and you can use it like so:

NOTE: I had copied my pcf file to my home directory. This just tells the Perl script to read it and output the results.

cd /usr/share/vpnc
./pcf2vpnc ~/myPCFFile.pcf

## generated by pcf2vpnc
IPSec ID theipsecid
IPSec gateway something.foo.com
IPSec secret ipsecsecret

IKE Authmode psk

## To add your username and password,
## use the following lines:
# Xauth username
# Xauth password

So, it didn't write that to a file that I could see. So, I wrote it down in a file to keep it handy. Once you have that, you just just start up vpnc and connect.
NOTE: I haven't been able to specify a separate config file yet, so I just typed it all. At least it works.

$ sudo vpnc
Enter IPSec gateway address: something.foo.com
Enter IPSec ID for something.foo.com: theipsecid
Enter IPSec secret for theipsecid@something.foo.com: ipsecsecret
Enter username for something.foo.com: myusername
Enter password for myusername@something.foo.com: pin and/or pass for vpn
VPNC started in background

Now you're connected to work. Or, at least I was.
So, I have to enter those 3 IPSec things for now. That's more than before. But, I'm sure with some tinkering I can figure out how to automate that out of the process and only have to enter my username and pass each time.

Good luck!
Posted by
Labels: , ,

2 comments:

Unknown said...

If you put that output into /etc/vpnc/default.conf, vpnc will pick it up automatically and not ask you for anything when you run 'sudo vpnc'.

March 29, 2010 at 9:01 AM
Kevin Hutson said...

It's worth noting that the latest versions of ubuntu like Karmic, I'm able to simply use the VPN connection control panel in Gnome. Works great. Haven't had to screw with vpnc in a long time.

April 4, 2010 at 11:48 AM

Post a Comment

Subscribe to: Post Comments (Atom)