Howto: Connect to a Cisco VPN using Ubuntu Linux 10.04
Argh, I spent the whole day figuring out how to connect to the VPN of my current customer. The Windows client on my other computer works just fine, at least after selecting the UDP option. But it is quite some overhead to install Windows on my Linux box just to connect to a VPN. The proprietary Cisco VPN client for Linux works until kernel version 2.6.25 AFAIK. Therefore, This is no option for all users of Ubuntu 10.04.
There is an Open Source client for the cisco vpn concentrator that replaces the Cisco client: vpnc
It can be installed on the command line using
sudo apt-get update && sudo apt-get install vpnc resolvconf
Once you’ve done this, you will want to create a config file for your VPN:
/usr/share/vpnc/pcf2vpnc ciscovpnconfigfile.pcf > default.conf
Now move that file to /etc/vpnc:
sudo mv default.conf /etc/vpnc
Theoretically you should be able to use the VPN now like this:
sudo vpnc
And terminate it like that:
sudo vpnc-disconnect
Of course it would be too easy this way. There were a couple of changes I had to apply to the config file:
First of all and most importantly, the line
Application version Cisco Systems VPN Client 5.0.07.0240:WinNT
simulates a Windows client, which the Cisco concentrator at my customer’s network checked for. If that is the case and it refuses the connection, you won’t see any error that tells you about it, vpnc just won’t connect properly and say “no response from target” after several seconds! It took a long time until I figured that out, but just because I had a similar problem with an older Windows client previously. Also it’s hard to find out, how the version string is supposed to look like.
The other line I added was “NAT Traversal Mode cisco-udp” and if you like “Xauth password XXX” to store your password in the config file, so that you don’t need to enter it each time you connect.
Hope that works for you!
yup, that worked perfectly, although i decrypted the vpn group password using the cicso-decrypt.c utility. I didn’t include the xauth password as we use RSA tokens for authentication, and wanted to be prompted each time.
Comment by peacekeepa — August 11, 2010 @ 12:02
I’m getting the following error when trying to create the config file:
“bash: default.conf: Permission denied”
This happens even when I use sudo. I know this is probably something silly. Can anyone please let me know what it is?
Thanks in advance for your time!
Comment by Alan — August 26, 2010 @ 00:20
Great, It works on Maverick!
Comment by AT — September 27, 2010 @ 21:05
Works on 10.10. I had “error binding to source port” and added the option –local-port 0 as the program suggested. I was trying earlier to use KVpnc but couldn’t get it past this binding program. I also had to –enable-1des as it suggested.
Comment by pete — October 20, 2010 @ 05:07
The disconnect command “sudo vpn-disconnect” was not recognized. Any ideas?
Comment by pete — October 20, 2010 @ 16:27
Should be sudo vpnc-disconnect
Comment by David Turanski — December 1, 2010 @ 14:04
Thanks!
Comment by Michael — December 3, 2010 @ 18:28
Thank you so much, I had found so many other tutorials and blog articles on this that didn’t mention the critical piece for me, the Application version to fake being a Windows machine.
Comment by Peter — September 26, 2011 @ 03:39
Wow man, worked like a charm.
I first did pcf2vpnc, then added the 2 lines as you suggested (1: Windows faking thing, 2: NAT related). Thereafter I got the bind error, so used –local-port 0 on the command line.
It asked me the VPN password, I prefer it that way, and sailed through!
Thanks much!
Comment by Aniket Anikhindi — January 24, 2012 @ 11:07