vpnc configuration from Ubuntu 7.04[摘]

From:http://www.blog.arun-prabha.com/2006/11/16/installing-cisco-vpn-and-vpnc-in-ubuntu

Installing VPNC:

Enter the following command in the terminal

sudo apt-get install vpnc resolvconf

This will install vpnc in your system. Once installed, you have to create a <filename>.conf file in /etc/vpnc/ where <filename> is the name you give (without the <>). Enter the following command to create a file called myoffice.conf

sudo gedit /etc/vpnc/myoffice.conf

and copy and paste the following in that file.

IPSec gateway xxx.xxx.xx.xxx
IPSec ID <group name>
IPSec secret <group password>
Xauth username <username>

Enter the IP address of your company’s server under IPSec gateway. I got the IP address when I started the Cisco VPN client (see the output above. It’ll be under server address). I got the group name by opening the .pcf file I got from my company’s website. Replace <group name> with that group name. I got the group password also from that file. The password will be encrypted with lots of characters. Copy those characters, go to this page [cisco vpnclient password decoder] and paste those characters in the password box and click the Decode button. It’ll give you the password. Copy that password and paste it under the IPSec secret by replacing the <group password>. Enter your username for <username>. Save the file and close.

Enter this command to start vpnc

sudo vpnc myoffice (name of the conf file you created)

It’ll ask you to enter the password and once entered, it’ll connect to your office’s server.

If you want to disconnect, issue the following command

sudo vpnc-disconnect

If you have firestarter installed, you may not be able to connect or even if you connect, you may not be able to access the server. Follow the steps below to make it work:

You have to edit user-pre file under /etc/firestarter/. First make the file writable by issuing the command

sudo chmod 600 /etc/firestarter/user-pre

Then edit the file

sudo gedit /etc/firestarter/user-pre

Copy and paste the following lines in that file:

iptables -A INPUT -j ACCEPT -s xxx.xxx.xx.xxx -p esp
iptables -A INPUT -j ACCEPT -s xxx.xxx.xx.xxx -p udp -m multiport –sports isakmp,10000
iptables -A INPUT -j ACCEPT -i tun+
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xx.xxx -p esp
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xx.xxx -p udp -m multiport –dports isakmp,10000
iptables -A OUTPUT -j ACCEPT -o tun+

Enter your company server’s IP address in place of xxx.xxx.xx.xxx. Save and close the file. Restart the firestarter using

sudo /etc/init.d/firestarter restart

Now try connecting using sudo vpnc myoffice. It should work. I didn’t try connecting the Cisco VPN client after I modified the firestarter setting. I’ll give that a try and update here. Once I disconnected from vpnc, I wasn’t able to access my internet. I had to reboot to access the web. You can still access the web when you are connected through VPN or VPNC.

Update: The firewall changes for vpnc didn’t help to make Cisco vpn to work.