Posted by chantra on August 11th, 2007
This tutorial will show how-to connect to a Cisco VPN Concentrator using vpnc.
vpnc is a VPN client compatible with cisco3000 VPN Concentrator which runs in userspace and uses the tun kernel module.
People who don't want to be bothered my rather use network-manager-vpnc or kvpnc.
Otherwise, if you intend to connect to a Cisco VPN using the command line or a script, follow up.
1. Package requirement
There is only one package to install in order to connect to a cisco VPN: vpnc. Let's install it by typing:
$ sudo apt-get install vpnc
This will take care of installing every dependencies.
2. Configuration and connection
vpnc can either be used interactively or configuration files can be used.
2.1. Using a configuration file
When you try to connect to a cisco VPN by typing :
$ sudo vpnc
vpnc will look for the files /etc/vpnc.conf or /etc/vpnc/default.conf. If it does not find such files, vpnc will default to the interactive mode.
However, vpnc can support different configuration files and be called with the name of the file as an argument. For instance, if you create the configuration file /etc/vpnc/myconf.conf, you will be able to call vpnc like this:
$ sudo vpnc myconf
$ sudo vpnc myconf.conf
The configuration file has to be in /etc/vpnc/ and it need to have the extension .conf
The syntax of the configuration file need to be as follow:
IPSec gateway gateway.to.use
IPSec ID groupname
IPSec secret passwordforgroup
Xauth username myusername
Xauth password mypassword
Where equivalents in a .pcf file are:
- IPSec gateway -> Host
- IPSec ID -> GroupName
- IPSec secret -> enc_GroupPwd decrypted using http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode
- Xauth username and Xauth password are your username and password
2.2. Using intearactive mode
vpnc enters interactive mode if you call it without any arguments and there is no /etc/vpnc/default.conf or /etc/vpnc.conf.
It will also prompted the user for any argument which was not supplied in the configuration file.
Here is the output when vpnc is called that way:
$ sudo vpnc
Enter IPSec gateway address: example.com
Enter IPSec ID for example.com: examplegroup
Enter IPSec secret for email@example.com:
Enter username for example.com: foobar
Enter password for firstname.lastname@example.org:
Arguments can be set or overridden by passing them though the command line. Use vpnc -h for more details.
3. Disconnecting from a vpn
Once connected, the client can be disconnected using:
$ sudo vpnc-disconnect
4. More on decrypting the Group password
http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode provides the source code use to decrypt the group password.
I have attach this file to this post. Instruction on how to compile this code is detailed in the file.