How to: Cisco VPN using VPNC Ubuntu 9.04

[ukripper]

This guide is for ubuntu users who want to connect to Cisco VPN. We will be using VPNC (it is in ubuntu 9.04 repo). This guide assumes you have profile file in .pcf format (we will use cisco.pcf as an example here).

Let’s begin and follow the steps exactly replacing your own pcf file:

Go to terminal:
* Create a directory:

Code:

mkdir vpnclient

Change to that directory:

Code:

cd vpnclient

* Download cisco-decrypt file which will be used to decrypt the group password from your pcf file:

Code:

 wget http://www.debuntu.org/files/cisco-decrypt.c

Code:

sudo apt-get install libgcrypt11-dev

Code:

gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)

Code:

 chmod +x cisco-decrypt

Code:

 sudo cp cisco-decrypt /usr/bin

* Download pcf2vpnc to convert pcf files in vpnc configuration format

Code:

wget http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc

Code:

chmod +x pcf2vpnc

Code:

sudo cp pcf2vpnc /usr/bin

* Go to windows vpn profiles directory and convert .pcf files to .conf files

Code:

pcf2vpnc cisco.pcf > cisco.conf

Note:replace above cisco.pcf with your own .pcf file.

Code:

sudo cp cisco.conf  /etc/vpnc/

* install vpnc and connect to vpn

Code:

sudo apt-get install vpnc resolvconf

Code:

sudo vpnc cisco

Enter username for <vpn> :
Enter password for <vpn>:
VPNC started in background (pid: 6092)...

* To disconnect simply do

Code:

sudo vpnc-disconnect

After your VPN has been established then connect to your remote desktop

Go to Applications >> Internet >> Terminal server client

Or

In terminal run

Code:

tsclient

Goodluck

[zong1]

This is a rip from another guide, but still useful here although it won't work because, just like the guide you C&Pasted from, I think that you have replicated an important error:

i) $ grep enc_GroupPwd *.pcf|sed -e 's/!enc_GroupPwd=//'
Please note the ticks are not back-ticks.

e.g 23EEEEA7E675AA2BA3333333387AEE5E17EEFB69C27E708933 33333353E8B6D621111117C2DA11E494025C3EDD4969CDBABB 97A222223C73FEAE168DDD45F70014A1234567890123456789 0

ii) Copy the result and use it as input for the cisco-decrypt command
e.g $ cisco-decrypt 23EEEEA7E675AA2BA3333333387AEE5E17EEFB69C27E708933 33333353E8B6D621111117C2DA11E494025C3EDD4969CDBABB 97A222223C73FEAE168DDD45F70014A1234567890123456789 0

iii) Take the result and place it into the vpnc profile e.g /etc/vpnc/default.conf, and add it to this varible, e.g

Code:

IPSec secret MySillyPasswordIsPOOH

[zong1]

My mistake. I just looked at the pcf2vpnc perl script and it actually searches for the cisco-decrpt command. Ignore my post

[ukripper]

This is a rip from another guide, but still useful here although it won't work because, just like the guide you C&Pasted from, I think that you have replicated an important error:

i) $ grep enc_GroupPwd *.pcf|sed -e 's/!enc_GroupPwd=//'
Please note the ticks are not back-ticks.

e.g 23EEEEA7E675AA2BA3333333387AEE5E17EEFB69C27E708933 33333353E8B6D621111117C2DA11E494025C3EDD4969CDBABB 97A222223C73FEAE168DDD45F70014A1234567890123456789 0

ii) Copy the result and use it as input for the cisco-decrypt command
e.g $ cisco-decrypt 23EEEEA7E675AA2BA3333333387AEE5E17EEFB69C27E708933 33333353E8B6D621111117C2DA11E494025C3EDD4969CDBABB 97A222223C73FEAE168DDD45F70014A1234567890123456789 0

iii) Take the result and place it into the vpnc profile e.g /etc/vpnc/default.conf, and add it to this varible, e.g

Code:

IPSec secret MySillyPasswordIsPOOH

No idea what you on about but the guide I posted works for me. It is not copy paste from any other guide, it is taken from plenty of other web resources and added as what works in easy steps.

[ndmaque]

thanks, 9.1 network manager failed to connect after importing the pcf file and i hoped this would work first time (dream on)

but i got this (i changed some details both here and in the cisco.conf before posting it!)

Enter password for xxuser@86.134.137.205:
vpnc: Error binding to source port. Try '--local-port 0'
Failed to bind to 0.0.0.0:500: Address already in use


if it helps my cisco.conf file ended up like this and has the correct decoded IPsec ...



## generated by pcf2vpnc
IPSec ID CountyRAS
IPSec gateway 86.134.137.205
IPSec secret KD8XCh9ivkakHCJTn3Ci

Xauth username xxfuser
IKE Authmode psk


so i added local-port 0 but it kept prompting for password and eventually i got Password for VPN xxfuser@86.134.137.205:
vpnc: no response from target

i know the user password is correct as i have windows virtualbox wich runs fine (i got an install from checkpoint.com) which took the pcf straight in

in my windows one i notice i had to quote a domain like xx.county.com and i wasn't prompted for this and its not in the pcf file

[oggie]

I’m able to connect properly but I can’t see anything on the network. It works fine in windows and I can ping the IP 172.21.90.102, but I can’t in Ubuntu 10.

Netstat for windows gives this:

Code:

===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.103 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.21.90.102 255.255.255.255 192.168.150.177 192.168.150.177 1
192.168.2.0 255.255.255.0 192.168.2.103 192.168.2.103 20
192.168.2.15 255.255.255.255 192.168.2.103 192.168.2.103 1
192.168.2.103 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.103 192.168.2.103 20
192.168.150.177 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.150.255 255.255.255.255 192.168.150.177 192.168.150.177 20
207.195.60.25 255.255.255.255 192.168.2.1 192.168.2.103 1
224.0.0.0 240.0.0.0 192.168.2.103 192.168.2.103 20
224.0.0.0 240.0.0.0 192.168.150.177 192.168.150.177 20
255.255.255.255 255.255.255.255 192.168.2.103 192.168.2.103 1
255.255.255.255 255.255.255.255 192.168.150.177 192.168.150.177 1
Default Gateway: 192.168.2.1
===========================================================================

Ubuntu gives this:

Code:

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.21.91.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
207.195.59.25 192.168.2.1 255.255.255.255 UGH 1500 0 0 eth0
192.168.150.177 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
172.21.90.3 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
172.21.90.102 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0

Is there something I need to do to fix this? Can I just add a route or two after the connection is completed?

[JamesR404]

http://www.debuntu.org/files/cisco-decrypt.c <-- This file appears to be removed. I'm getting a 404.

Does anyone still have the script please? ^^

[JamesR404]

Yay, googled for cisco-decrypt.c and found it here:
http://www.unix-ag.uni-kl.de/~massar...isco-decrypt.c

Hope it's the same file Will go forward with the procedure now ^^

[freesparks]

Hello All,

I've done this many times without fail and now I have a new system that I'm trying to setup Cisco vpnc on to no avail. Here are my findings.

I get this as an error:

Code:

decoding input: No such file or directory

after I run this:

Code:

pcf2vpnc cisco.pcf > cisco.conf

In the past, all I did was take the contents of my .pcf file and copied the contents of it to the cisco.pcf file. But, for some reason this time out, it's not working. The rest of the instructions are pretty much straight forward.

Also, are there any other files and directories I should know about and their contents? I am aware of the files files that reside in /etc/vpnc and /usr/bin. Are there anymore directories I should be aware of? Any help or insight would be greatly appreciated.

Best Regards,

freesparks

[ukripper]

Hello All,

I've done this many times without fail and now I have a new system that I'm trying to setup Cisco vpnc on to no avail. Here are my findings.

Are you using ubuntu 10.04? it should work as it is on 10.04 and 10.10 which i have tested on.