I have a client who uses a Cisco VPN to protect their network, and I exclusively use Ubuntu in my consulting work. At the moment, they don’t easily work together out-of-the-box, even though they should. To get access to their network, I was provided with a PCF file, used to configure VPN client software to connect to the VPN server. However, after importing the configuration file, I simply couldn’t connect.
In theory, you can use the standard NetworkManager utility to connect to your Cisco VPN, but it doesn’t actually work. I’ve outlined the process that’s supposed to work, and the one that’s necessary to actually make it happen.
Using the GUI to connect to a Cisco VPN
Note: You can skip the first seven (7) steps if you’re comfortable running “sudo apt-get install network-manager-vpnc-gnome” from the command-line interface.
- Open the Ubuntu Software CentreIn the search box, type “network-manager-gnome”.
When “Network (network-manager-gnome)” comes up, select it.
Hit its “More Info” button.
Check the “Network management framework (VPNC plugin GNOME GUI) (network-manager-vpnc-gnome)” check box.
Hit the Apply Changes button.
Authenticate with your password if required. - Click on the Network Manager applet icon in the status bar » VPN Connections » Configure VPN…
Hit the Add button.
Under VPN, select “Import a saved VPN configuration…”.
Select your PCF file and hit Enter.
Enter your user name and user password.
On the General tab, uncheck “All users may connect to this network”.
On the IPv4 Setting tab, click on “Routes…”, and then check “Use this connection only for resources on its network”. Hit OK.
Hit the Save button.
The above recipe doesn’t actually work for me as I keep running into the bug I filed, NetworkManager can’t connect to Cisco VPN.
Using the Command-Line Interface
I was, however, able to connect using the command-line vpnc client. It took a bit of research, but here’s what did the trick:
Install the command-line client.
sudo apt-get install vpnc
First, we get the pcf2vpnc converter program. This is a Perl script.
wget http:
//svn
.unix-ag.uni-kl.de
/vpnc/trunk/pcf2vpnc
# Make it executable
chmod
+x pcf2vpnc
# Move it to a place in our path
sudo
mv
pcf2vpnc
/usr/local/bin/
The above script calls a decrypt program for the group password in the .pcf file. Therefore we need to get the program and compile it. This also involves installing some dependencies for it as well.
wget http:
//www
.unix-ag.uni-kl.de/~massar
/soft/cisco-decrypt
.c
# Get the dependencies needed for it
sudo
aptitude
install
libgcrypt-dev libgpg-error-dev
# Compile it into a binary
gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
# Move it to a place in our path
sudo
mv
cisco-decrypt
/usr/local/bin
sudo pcf2vpnc Client.pcf client.conf
Convert the PCF file to a native configuration file.
pcf2vpnc NETWORK.pcf NETWORK_NAME.conf
Secure the credentials from prying eyes.
chmod 600 NETWORK_NAME.conf
Edit the NETWORK_NAME.conf file to add your username and password.
Start it with:
sudo vpnc /path/to/vpn/configs/NETWORK/NETWORK_NAME.conf
If it doesn’t work, add the “–enable-1des” option, but make sure to tell the system administrator(s) that they need to upgrade their configuration as it’s not as secure as it could be.
sudo vpnc --enable-1des /path/to/vpn/configs/NETWORK/NETWORK_NAME.conf
client.conf example:
## generated by pcf2vpnc IPSec ID my_id IPSec gateway 154.61.31.153 IPSec secret big_secret Xauth username myuser Xauth password mypassword IKE Authmode psk Local Port 1800
We then copy the converted configuration file to vpnc’s configuration directory:
sudo cp client.conf /etc/vpnc
And finally, we test the configuration file by logging to the VPN:
sudo vpnc clien
t
Terminate your connection as needed.
sudo vpnc-disconnect
NOTE: Convert your Cisco PCF file to VPNC conf format: `perl pcf2vpnc company.pcf vpnc.conf`
Connect to the VPN server: `sudo vpnc ./vpnc.conf` (you will be prompted for you username and password).
For newer Ubuntu, e.g., 14.04, use:
sudo apt-get update && sudo apt-get install openconnect && sudo apt-get install network-manager-openconnect && sudo apt-get install network-manager-openconnect-gnome