The Cisco VPN client, vpnc, enables your Linux workstation to connect to a Cisco 3000 series VPN concentrator PIX firewall. Until vpnc existed, corporate employees were often relegated to connecting to their company's network via a Windows machine or with Cisco's problematic VPN client for Linux. Thankfully, those days are over, but not without slight configuration effort. In this article we show you how to get it up and running.

Information You Will Need

Before you can connect, you will likely need to know the following information. If you do not have it, now is a good time to gather:

• IPSEC gateway: the hostname or IP of the VPN server
• IPSEC ID: the groupname
• IPSEC secret: the shared password for the group
• your username
• your password

The group name and shared password is the most often used method for connecting to the Cisco IPSEC VPN. In lieu of certificates, this pre-shared key enables the forming of an IPSEC tunnel based on the shared secret.

Install Options

Depending on your Linux distribution, you will need to install the vpnc program before we can begin. Fedora, by default, now installs vpnc, so Fedora users can skip to the next section. Ubuntu users can run apt-get install vpnc as root.

You will likely want to use NetworkManager to enable quick VPN connections with a mouse-click in GNOME. Fedora's NetworkManager is already prepared, but in Ubuntu you will need to install the network-manager-vpnc package.

Configuring vpnc Manually

If you are short on time, or the "just make it work" type, this section is optional, so feel free to skip ahead to the NetworkManager section below.

Now that vpnc is installed, you will notice an /etc/vpnc/ directory. This is where we will be working for a bit. Creating a configuration file is optional, but without it, you will enter all the necessary information manually every time you wish to connect to the VPN. If you wish to test your IP, group information, and user credentials, go ahead and manually run 'vpnc' as root.

The configuration file for vpnc is quite simple. Create a file named after the network you wish to connect to, for example: /etc/vpnc/enp.conf

Inside, you need to enter the information we talked about in the beginning of this article. Replace the example values with your information:

• IPSec gateway: vpn17.example.com
• IPSec ID: groupa
• IPSec secret: groupapassword
• Xauth username: charlie
• Xauth password: passw0rd

Except, the group password needs to be decoded before handing it to vpnc. This is the major pain point for most users, and vpnc should automatically do this, but it does not. Enter the group password you were given by the VPN administrator into this Web page, and use the result as your group password: http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode.

If you enter your username and password into the configuration file, ensure the permissions do not allow world-read access, especially if other user accounts exist on your workstation or laptop. In fact, you should think twice about storing this password at all, just in case your machine is ever compromised. If your password is not stored in the configuration file, you will be prompted for it when connecting.

Next: Connecting and Disconnecting, Network Manager »