So, let’s say your workplace uses a Cisco IPSEC VPN solution. Many places do. Let’s also say you at home have a Linux machine. Being the good Linux user that you are, you keep your system well patched and run a recent kernel release.
You download the Cisco VPN client – from your corporate website since, of course. Cisco would never make such a thing publicly downloadable.. who does that anyway?
You extract the tarball, run the
vpn_install script as instructed and BAM. The whole thing bombs! Why? Because your system is too cutting edge for the guys at Cisco to keep up (clearly!). So, your possible solutions are:
- Dig through a bunch of random internet forums, searching for the right combination of patches and command incantations that will make the damn thing work on your particular OS and kernel version.
- Ditch the piece of junk altogether and install something nicer.
So which should we do? Alright.. let’s go with option 1… just kidding, I mean 2.
Enter a wonderful piece of software called vpnc. Now, I’ll be the first to admit I don’t know much about how this particular piece of software works. And that’s the great thing. Getting the VPN connection up and going was just that simple. So here’s how:
- I presume your company uses a PCF file along-side their Cisco VPN client. If not, you have to figure out how to enter the settings yourself. Download this .pcf file and put it somewhere. Say
- Download http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc
- Install vpnc. If you use Ubuntu, this means
aptitude install vpnc. Yes, that is all.
pcf2vpnc mycompany.pcf mycompany.conf
cp mycompany.conf /etc/vpnc/
sudo vpnc mycompany
- There is no step 6!
Oh yeah, at some point you want to disconnect and go do something else other than work. For that use
I tested this on Hardy Heron, results may vary between distributions.
When running pcf2vpnc you may receive the following message:
Can't exec "cisco-decrypt": No such file or directory at ./pcf2vpnc line 30.
cisco-decrypt not in search path,
adding passwords in obfuscated form
Update 2009/02/20: Someone has posted a howto which can work for OS X as well: http://www.gdanko.net/vpnc.html
If you receive an error message such as
vpnc: no response from target
you need to add the line
NAT Traversal Mode cisco-udp