How-To: Connect to a Cisco VPN with vpnc

This tutorial will show how-to connect to a Cisco VPN Concentrator using vpnc.

vpnc is a VPN client compatible with cisco3000 VPN Concentrator which runs in userspace and uses the tun kernel module.

People who don’t want to be bothered my rather use network-manager-vpnc or kvpnc.

Otherwise, if you intend to connect to a Cisco VPN using the command line or a script, follow up.

1. Package requirement

There is only one package to install in order to connect to a cisco VPN: vpnc. Let’s install it by typing:

$ sudo apt-get install vpnc

This will take care of installing every dependencies.

2. Configuration and connection

vpnc can either be used interactively or configuration files can be used.

2.1. Using a configuration file

When you try to connect to a cisco VPN by typing :

$ sudo vpnc

vpnc will look for the files /etc/vpnc.conf or /etc/vpnc/default.conf. If it does not find such files, vpnc will default to the interactive mode.

However, vpnc can support different configuration files and be called with the name of the file as an argument. For instance, if you create the configuration file /etc/vpnc/myconf.conf, you will be able to call vpnc like this:

$ sudo vpnc myconf

or

$ sudo vpnc myconf.conf

The configuration file has to be in /etc/vpnc/ and it need to have the extension .conf { :.notice–warning}

The syntax of the configuration file need to be as follow:

IPSec gateway gateway.to.use
IPSec ID groupname
IPSec secret passwordforgroup
Xauth username myusername
Xauth password mypassword

Where equivalents in a .pcf file are:

• IPSec gateway -> Host
• IPSec ID -> GroupName
• IPSec secret -> enc_GroupPwd decrypted using http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode
• Xauth username and Xauth password are your username and password

2.2. Using intearactive mode

vpnc enters interactive mode if you call it without any arguments and there is no /etc/vpnc/default.conf or /etc/vpnc.conf.

It will also prompted the user for any argument which was not supplied in the configuration file.

Here is the output when vpnc is called that way:

$ sudo vpnc
Enter IPSec gateway address: example.com
Enter IPSec ID for example.com: examplegroup
Enter IPSec secret for [email protected]:
Enter username for example.com: foobar
Enter password for [email protected]:

Arguments can be set or overridden by passing them though the command line. Use vpnc -h for more details.

3. Disconnecting from a vpn

Once connected, the client can be disconnected using:

$ sudo vpnc-disconnect

4. More on decrypting the Group password

http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode provides the source code use to decrypt the group password.

I have attach this file to this post. Instruction on how to compile this code is detailed in the file.