How do I get this Cisco VPN client to connect?
Solution 1
-
Install vpnc package:
sudo apt-get install vpnc
-
Create the connect script, copy the contents below into a file called vpn-connect and place it on the path somewhere:
#!/bin/sh sudo vpnc --local-port 0 --enable-1des /etc/vpnc/vpn.conf
Copy over the .pcf file used by the Windows Cisco VPN client and use this as a basis for step 4.
-
Now you need to create the vpn.conf file in the /etc/vpnc directory. The content of this file are as follows:
IPSec ID <your ipsec id> IPSec gateway <your gateway address> IPSec secret <your ipsec secret> Xauth username <your username> Xauth password <your password> IKE Authmode psk
<your username>
and<your password>
should be obvious.
You now have everything required to connect, so run the script:
vpn-connect
After a few seconds it should come back with the message:
VPNC started in background
And give you a process id.
You should now be connected to the VPN.
Solution 2
I found that in my case the plugin was failing because vpnc was not happy about the encryption method
peer selected (single) DES as "encryption" method.
This algorithm is considered too weak today
If your vpn concentrator admin still insists on using DES
use the "--enable-1des" option.
This message could be only discovered by stracing the vpnc process.
In order to add --enable-1des
option to vpnc command line I performed the following:
sudo -s
mv /usr/sbin/vpnc /usr/sbin/vpnc.real
cat <<EOF > /usr/sbin/vpnc
#!/bin/sh
exec /usr/sbin/vpnc.real --enable-1des $*
EOF
chmod +x /usr/sbin/vpnc
Basically I replaced the vpnc binary with a wrapper script that supplied the necessary parameter.
Now NetworkManager VPNC plugin can connect properly.
Related videos on Youtube
Comments
-
Will C over 1 year
I've got Ubuntu 10.10 64 bit and installed network-manager-vpnc and configured the connection but I keep getting this:
NetworkManager[1217]: <info> Starting VPN service 'org.freedesktop.NetworkManager.vpnc'... NetworkManager[1217]: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 4420 NetworkManager[1217]: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' appeared, activating connections NetworkManager[1217]: <info> VPN plugin state changed: 1 NetworkManager[1217]: <info> VPN plugin state changed: 3 NetworkManager[1217]: <info> VPN connection 'CSI' (Connect) reply received. modem-manager: (net/tun0): could not get port's parent device NetworkManager[1217]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0) NetworkManager[1217]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found. kernel: [ 2281.723506] tun0: Disabled Privacy Extensions avahi-daemon[1109]: Withdrawing workstation service for tun0. NetworkManager[1217]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tun0, iface: tun0) NetworkManager[1217]: <warn> VPN plugin failed: 1 NetworkManager[1217]: <info> VPN plugin state changed: 6 NetworkManager[1217]: <info> VPN plugin state change reason: 0 NetworkManager[1217]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active. NetworkManager[1217]: <info> Policy set 'Auto eth0' (eth0) as default for IPv4 routing and DNS. NetworkManager[1217]: <info> Starting VPN service 'org.freedesktop.NetworkManager.vpnc'... NetworkManager[1217]: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 4547 NetworkManager[1217]: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' appeared, activating connections NetworkManager[1217]: <info> VPN plugin state changed: 1 NetworkManager[1217]: <info> VPN plugin state changed: 3
I've seen a couple of bugs on Launchpad that could be the same thing or have I done something wrong?
-
Will C almost 13 yearsThanks for the help but since I asked the question I got a new job (yea!) so I really don't need to get this working.
-
Thomas Ward almost 13 years@WebWeasel You can still mark it as an answer :P
-
Ferruccio almost 11 yearsThe correct option is
--enable-1des
.