Wednesday, January 13, 2010

Ubuntu and Cisco VPN

As a consultant I often have to VPN into a client's network and do some work. Up until today, I wasn't aware of a Cisco client for Ubuntu (9.10), so I would fire up my Windows Vista Ultimate VM, install Cisco and log in.

Only Windows Vista Ultimate doesn't play very nicely with the older versions of the Cisco VPN client (pre 5.0). Naturally (stop laughing), I found my old version of Windows XP, booted it up, installed Cisco and connected. Fun huh? It's amazing how resourceful we can be sometimes...

I had to deal with this because I "lost" my Windows image today. By lost I mean I couldn't recover it. I'm still not sure what happened, but it was some kind of invalid or incomplete multibyte or wide character error. The image just disappeared. I tried changing my LANG variable to en_US, but that didn't seem to do any good. I'm not really sure what happened.

Anyway, I found vpnc and began to try and connect. That's no easy task for the likes of me (as you well know).

Just running vpnc, I was prompted for the following:
chet@cdj-laptop:~$ vpnc
Enter IPSec gateway address: vpn.oraclenerd.com
Enter IPSec ID for vpn.oraclenerd.com: something
Enter IPSec secret for something@vpn.oraclenerd.com: 
Enter username for vpn.oraclenerd.com: chet
Enter password for chet@vpn.oraclenerd.com: 
vpnc: unknown host `vpn.oraclenerd.com'
I guessed at the first 2, username and password are no brainers...even for me.

So I looked at the help file.

OK.

gateway? that's vpn.oraclenerd.com
id? defined as your group name. I opened up the connection properties of the Cisco client and found the group name, NERDVPN

and then in the help file there are 2 options for the group password, one in clear text and one obfuscated...but it said "config file only"
  (configfile only option) 
      your group password (cleartext)
  conf-variable: IPSec secret 

  (configfile only option) 
      your group password (obfuscated)
  conf-variable: IPSec obfuscated secret
So I created a file .vpnconfig and put it in the root directory (I was just testing). Here are the contents:
IPSec gateway vpn.oraclenerd.com
IPSec ID NERDVPN
IPSec obfuscated secret ASDFLKJUW3ROUOIUALKJQAEWROIR3379273AFJI;LKQJ3E
Xauth username chet
Then I ran
root@cdj-laptop:/home/chet# vpnc /.vpnconfig
Enter password for chet@vpn.oraclenerd.com: 
VPNC started in background (pid: 3702)...
Voila! I'm connected. Time to do some work.

Note that I did this as root. I'm still figuring out the security aspects of Linux so I'll leave that part up to you. I'd rather not advise you to
chmod ugo+rwx / -R
many of you would be very angry with me for suggesting such a thing...
at

2 comments:

  1. TomJanuary 13, 2010 at 11:46 AM

    If you install vpnc, I think you should see the vpn connector in the upper right hand corner in Gnome if you want a GUI version of it :)

    ReplyDelete
  2. TomJanuary 13, 2010 at 1:33 PM

    Do this

    sudo apt-get install network-manager-vpnc

    ReplyDelete