Key search terms: ubuntu intrepid ibex ipsec openswan vpn kvpnc networkmanager huawei e220
I imagine this applies for most versions of Ubuntu. If not, bite me. I'm running 8.10.
I installed the kde-vpn-client - http://home.gna.org/kvpnc/ - which simplifies the use of a whole bunch of different tools. This tool works in gnome too.
PPTP connections worked fine, and OpenVPN connections worked fine - these are also easily configurable in NetworkManager->VPN Connections. This tool includes some nice wizards to get you going. But because some options in IPSEC can be a bit tricky, even the latest version of the kvpnc tool (at writing, 0.9.1) couldn't manage properly some openswan options that I needed and I didn't have the time to slice up config options I know that work and punch them into a GUI, I went the manual (but automate-able route).
sudo apt-get install kvpnc
I found good info here:
I chose the OpenSWAN implementation since this is what my company uses, and we use the relatively more secure X509 certificate authentication and not PSK (pre-shared-key aka passwords). My setup is my laptop, and one of those Huawei E220 modems for mobile broadband so my IP is dynamic at worst. To get that working, I installed the driver download from here:
https://forge.betavine.net/frs/?grou...&release_id=14 and added my ISP connection under NetworkManager. Got the idea from here:
Pre-requisites: openswan, vpn server X509 public certificate from each server you want to tunnel to, your X509 private/public certificate pair which each vpn server is aware of.
That done, set up your local connection in The options provided below are independent of local IP, route and interface, so should work carte-blanche.
sudo apt-get install openswan
Feel free to copy and paste the above options and modify to get things working your way. The above options are fairly common, e.g. NAT.
# right: remote
# left: local
#set some default options that both connections below will use.
#in this example we will use X509 certificates for authentication.
#leftcert= this needs to be YOUR PRIVATE X509 certificate that
#the vpn servers are aware of
#name the connection...
#left=%defaultroute. this is auto-determined at connect time.
#right=remote=public IP address or host-name of the vpn server with openswan
#rightsubnet=the subnet of the internal network you want to connect to
#name the connection...
#some other important options to follow...
# disable opportunistic encryption
Finally, to bring the tunnels up, you need to
This should say something like
sudo /etc/init.d/ipsec restart
The output of produces the following:
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec 2.4.12...
From this you can see the two routes from the rightsubnet= options are now set. i.e. the two rows beginning 193.180. and 10.48.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.64.64.64 * 255.255.255.255 UH 0 0 0 ppp0
22.214.171.124 * 255.255.255.0 U 0 0 0 ppp0
10.48.0.0 * 255.255.0.0 U 0 0 0 ppp0
link-local * 255.255.0.0 U 1000 0 0 ppp0
default 10.64.64.64 0.0.0.0 UG 0 0 0 ppp0
To close the tunnels you need to:
If you want to automate the tunnels to go up and down upon connect of various network interfaces, check out this post which should give you a good example to follow. http://ubuntuforums.org/showthread.php?t=430312 Look at the scripts to go in
sudo /etc/init.d/ipsec stop
and place (links to) scripts here.
I can't adequately explain half of this stuff, but it works for me. ipsec options will be radically different depending on scenario - your mileage will vary. If it doesn't work for you - you're on your own.