5 VPN Clients for Linux
Cisco, JuniperAdministering heterogenous networks means making Mac and Windows play nice with Linux, and each other, even when they don't want to. Here are five Linux VPN clients for Cisco, Juniper, and other VPN servers, with some compatibility tips and getting connected.
Cisco's official VPN client is compatible with Cisco VPN servers. In addition to Linux (Intel), it's available for Windows, Mac OS X, and Solaris UltraSPARC. It currently supports some 64-bit platforms, in addition to 32-bit.
The Cisco VPN Client is included with Cisco ASA 5500 Series Adaptive Security Appliances, except ASA 5505. If you don't already have a copy of the client, you can download it if you have a SMARTnet support contract and encryption entitlement. Otherwise, you can get the client on CD from a reseller. You may also consider using a third-party client, such as VPNC, which is discussed next.
The Cisco VPN Client works with the following products:
- Cisco 7600/Catalyst 6500 IPsec VPN Services Module and VPN shared port adapter with Cisco IOS Software Release 12.2SX and later
- Cisco VPN 3000 Series Concentrator Software Version 3.0 and later
- Cisco IOS Software Release 12.2(8)T and later
- Cisco PIX Security Appliance Software Version 6.0 and later
- Cisco ASA 5500 Series Adaptive Security Appliance Software Version 7.0 and later
This is a third-party VPN client, licensed under the GNU General Public License (GPL), for connecting to Cisco and Juniper/Netscreen products. It runs on Linux and Unix-like operating systems. This client was especially useful for users on 64-bit platforms since Cisco's official client only supported 32-bit for some time. It's supposed to work with the following VPN products:
- Cisco VPN concentrator 3000 Series
- Cisco IOS routers
- Cisco PIX / ASA Zecurity Appliances
To start a connection, you simply run vpnc as root at the command-line. To stop the connection, you'd enter vpnc-disconnect as root. It will look for the configuration file /etc/vpnc.conf or /etc/vpnc/default.conf. To use multiple configuration files, you'd enter the name of the config file as an argument. If no config files are found, it will use interactive mode and ask for configuration settings at the command-line.
Remember, all config files should be place in /etc/vpnc/, have a .conf extension, and use the following syntax:
IPSec gateway gateway.to.use
IPSec ID groupname
IPSec secret passwordforgroup
Xauth username myusername
Xauth password mypassword
If you prefer configuration via a GUI, here are a few to check out:
- jvpnc: Java-based GUI that works with GNOME and KDE.
- vpnDialer: A gtk2+ GUI for managing connections and configuration profiles.
- VPNC Front End (VpnFE): GUI written in C++ and QT3.
If you're looking for Nortel Contivity support, consider VPNN, a fork of VPNC-0.3.2.