Linux VPN Client for Cisco VPNs: vpnc
The Cisco VPN client, vpnc, enables your Linux workstation to connect to a Cisco 3000 series VPN concentrator PIX firewall. Until vpnc existed, corporate employees were often relegated to connecting to their company's network via a Windows machine or with Cisco's problematic VPN client for Linux. Thankfully, those days are over, but not without slight configuration effort. In this article we show you how to get it up and running.
Information You Will Need
- IPSEC gateway: the hostname or IP of the VPN server
- IPSEC ID: the groupname
- IPSEC secret: the shared password for the group
- your username
- your password
The group name and shared password is the most often used method for connecting to the Cisco IPSEC VPN. In lieu of certificates, this pre-shared key enables the forming of an IPSEC tunnel based on the shared secret.
Depending on your Linux distribution, you will need to install the vpnc program before we can begin. Fedora, by default, now installs vpnc, so Fedora users can skip to the next section. Ubuntu users can run apt-get install vpnc as root.
You will likely want to use NetworkManager to enable quick VPN connections with a mouse-click in GNOME. Fedora's NetworkManager is already prepared, but in Ubuntu you will need to install the network-manager-vpnc package.
Configuring vpnc Manually
If you are short on time, or the "just make it work" type, this section is optional, so feel free to skip ahead to the NetworkManager section below.
Now that vpnc is installed, you will notice an /etc/vpnc/ directory. This is where we will be working for a bit. Creating a configuration file is optional, but without it, you will enter all the necessary information manually every time you wish to connect to the VPN. If you wish to test your IP, group information, and user credentials, go ahead and manually run 'vpnc' as root.
The configuration file for vpnc is quite simple. Create a file named after the network you wish to connect to, for example: /etc/vpnc/enp.conf
Inside, you need to enter the information we talked about in the beginning of this article. Replace the example values with your information:
- IPSec gateway: vpn17.example.com
- IPSec ID: groupa
- IPSec secret: groupapassword
- Xauth username: charlie
- Xauth password: passw0rd
Except, the group password needs to be decoded before handing it to vpnc. This is the major pain point for most users, and vpnc should automatically do this, but it does not. Enter the group password you were given by the VPN administrator into this Web page, and use the result as your group password: http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode.
If you enter your username and password into the configuration file, ensure the permissions do not allow world-read access, especially if other user accounts exist on your workstation or laptop. In fact, you should think twice about storing this password at all, just in case your machine is ever compromised. If your password is not stored in the configuration file, you will be prompted for it when connecting.
Sponsored by BlackBerry
BlackBerry® Enterprise Server Express enables businesses of any size to quickly and easily get started with the BlackBerry solution. It provides advanced BlackBerry smartphone features with no additional software or user license fees, and works with any Internet-enabled BlackBerry data plan or a BlackBerry enterprise data plan. Download now!