How To Connect Ubuntu Linux to Cisco VPN

I have a client who uses a Cisco VPN to protect their network, and I exclusively use Ubuntu in my consulting work. At the moment, they don’t easily work together out-of-the-box, even though they should. To get access to their network, I was provided with a PCF file, used to configure VPN client software to connect to the VPN server. However, after importing the configuration file, I simply couldn’t connect.

In theory, you can use the standard NetworkManager utility to connect to your Cisco VPN, but it doesn’t actually work. I’ve outlined the process that’s supposed to work, and the one that’s necessary to actually make it happen.

Using the GUI to connect to a Cisco VPN

Note: You can skip the first seven (7) steps if you’re comfortable running “sudo apt-get install network-manager-vpnc-gnome” from the command-line interface.

  • Open the Ubuntu Software CentreIn the search box, type “network-manager-gnome”.
    When “Network (network-manager-gnome)” comes up, select it.
    Hit its “More Info” button.
    Check the “Network management framework (VPNC plugin GNOME GUI) (network-manager-vpnc-gnome)” check box.
    Hit the Apply Changes button.
    Authenticate with your password if required.
  • Click on the Network Manager applet icon in the status bar » VPN Connections » Configure VPN…
    Hit the Add button.
    Under VPN, select “Import a saved VPN configuration…”.
    Select your PCF file and hit Enter.
    Enter your user name and user password.
    On the General tab, uncheck “All users may connect to this network”.
    On the IPv4 Setting tab, click on “Routes…”, and then check “Use this connection only for resources on its network”. Hit OK.
    Hit the Save button.

The above recipe doesn’t actually work for me as I keep running into the bug I filed, NetworkManager can’t connect to Cisco VPN.

Using the Command-Line Interface

I was, however, able to connect using the command-line vpnc client. It took a bit of research, but here’s what did the trick:

Install the command-line client.
sudo apt-get install vpnc

First, we get the pcf2vpnc converter program. This is a Perl script.

# Get the pcf to vpnc configuration file converter
wget http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc
# Make it executable
chmod +x pcf2vpnc
# Move it to a place in our path
sudo mv pcf2vpnc /usr/local/bin/

The above script calls a decrypt program for the group password in the .pcf file. Therefore we need to get the program and compile it. This also involves installing some dependencies for it as well.

# Get the Cisco decrypt program
wget http://www.unix-ag.uni-kl.de/~massar/soft/cisco-decrypt.c
# Get the dependencies needed for it
sudo aptitude install libgcrypt-dev libgpg-error-dev
# Compile it into a binary
gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
# Move it to a place in our path
sudo mv cisco-decrypt /usr/local/bin

Next we run the script against the .pcf file, and save it to a .conf file

# Run the converter, which will call the decrypt program
sudo pcf2vpnc Client.pcf client.conf

Convert the PCF file to a native configuration file.
pcf2vpnc NETWORK.pcf NETWORK_NAME.conf
Secure the credentials from prying eyes.
chmod 600 NETWORK_NAME.conf
Edit the NETWORK_NAME.conf file to add your username and password.
Start it with:
sudo vpnc /path/to/vpn/configs/NETWORK/NETWORK_NAME.conf
If it doesn’t work, add the “–enable-1des” option, but make sure to tell the system administrator(s) that they need to upgrade their configuration as it’s not as secure as it could be.
sudo vpnc --enable-1des /path/to/vpn/configs/NETWORK/NETWORK_NAME.conf

client.conf example:

## generated by pcf2vpnc
IPSec ID my_id
IPSec gateway 154.61.31.153
IPSec secret big_secret
 
Xauth username myuser
Xauth password mypassword
IKE Authmode psk
Local Port 1800

We then copy the converted configuration file to vpnc’s configuration directory:

sudo cp client.conf /etc/vpnc

And finally, we test the configuration file by logging to the VPN:

sudo vpnc client

Terminate your connection as needed.
sudo vpnc-disconnect

NOTE: Convert your Cisco PCF file to VPNC conf format: `perl pcf2vpnc company.pcf vpnc.conf`
Connect to the VPN server: `sudo vpnc ./vpnc.conf` (you will be prompted for you username and password).

For newer Ubuntu, e.g., 14.04, use:
sudo apt-get update && sudo apt-get install openconnect && sudo apt-get install network-manager-openconnect && sudo apt-get install network-manager-openconnect-gnome