Monday, May 3, 2010

Create Cisco VPN on Ubuntu Karmic/Lucid

It is very easy to setup a Cisco VPN on Ubuntu. I used the following instructions to get my corporate tunnels running. This tutorial assumes you have already acquired a .pcf file from your network IT staff.

Instructions

Install the vpnc package and any required dependencies:
sudo apt-get install vpnc

Open your vpn pcf configuration file with your favorite text editor.
vim corporatenet.pcf

It will looking something like this:
[main]
Description=
Host=vpn.corpnet.com
AuthType=1
GroupName=CorpNet
GroupPwd=enc_GroupPwd=C555E3A4BE82FF0001601A38260A92D93FF5693A482367E117EF8697CBED681C5FDD7F2AE0DEEA4B37DBBB21434189A46D8955F11916040A
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPPhonebook=
ISPCommand=
Username=
SaveUserPassword=0
UserPassword=
enc_UserPassword=
NTDomain=
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=0
EnableNat=1
TunnelingMode=0
TcpTunnelingPort=10000
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
SendCertChain=0
PeerTimeout=90
EnableLocalLAN=0

Note the values for Host, GroupName and enc_GroupPwd. You'll need these to create your vpnc configuration file.

sudo vim /etc/vpnc/corpnet.conf

Make your configuration file look like this. Just make sure to change the fictional CorpNet values with your own.

IPSec gateway vpn.corpnet.com
IPSec ID CorpNet
IPSec obfuscated secret C555E3A4BE82FF0001601A38260A92D93FF5693A482367E117EF8697CBED681C5FDD7F2AE0DEEA4B37DBBB21434189A46D8955F11916040A
Xauth username YOURUSERNAME
Xauth password YOURPASSWORD

It's important to note the obfuscated option in the group password. Most of the examples and howtos I've seen on the Net leave this out because they were written several years ago before VPNC supported Cisco encrypted passwords. The older guides required you to de-crypt the Cisco string. This isn't necessary anymore with Karmic and Lucid releases.

No comments:

Post a Comment