Since I use Linux exclusively, and have to interface with clients using various Windows technologies, open standards are an important aspect of our tech-life. For example, we use OpenOffice to read Word/Excel/Powerpoint files, and so on.
One thing that comes infrequently is the need to login to a corporate virtual private network (VPN) that uses Cisco's Easy VPN.
The client would send me a .pcf, and since I use Linux and prefer the command line, I have to convert it into vpnc's format.
We found that the easiest way is programmatic, but involves a few steps of preparation.
The steps below assume that you are running Ubuntu 8.04 LTS, but should work pretty much the same for any Debian derived distro. Other distros differ only in the the vpnc configuration path, and the way you install the dependencies needed.
First, we get the pcf2vpnc converter program. This is a perl script.
# Get the pcf to vpnc configuration file converter wget http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc # Make it executable chmod +x pcf2vpnc # Move it to a place in our path mv pcf2vpnc /usr/local/bin/
The above script calls a decrypt program for the group password in the .pcf file. Therefore we need to get the program and compile it. This also involves installing some dependencies for it as well.
# Get the cisco decrypt program wget http://www.unix-ag.uni-kl.de/~massar/soft/cisco-decrypt.c # Get the dependencies needed for it sudo aptitude install libgcrypt-dev libgpg-error-dev # Compile it into a binary gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags) # Move it to a place in our path sudo mv cisco-decrypt /usr/local/bin
We are now ready to run the script against the .pcf file, and save it to a .conf file
# Run the converter, which will call the decrypt program pcf2vpnc Client.pcf > client.conf
We then copy the converted configuration file to vpnc's configuration directory:
sudo cp client.conf /etc/vpnc
And finally, we test the configuration file by logging to the VPN:
sudo vpnc client
Comments
Pablo E (not verified)
Ubuntu working with easier steps
Fri, 2011/10/21 - 12:26Hello Again everyone!
First I really appreciate your job, but I would like to make you know also other steps that I found easier in Ubuntu.
Using network-manager is pretty easy with graphical interface, just make these steps:
1 - install vpnc for network-manager:
sudo apt-get install network-manager-vpnc
2 - Restart computer (or network manager)
sudo service network-manager restart
3 - Import .pcf from graphical network manager config
Go to "Edit Connections" clicking on nm-applet icon
Go to VPN
Click Import
Use it from nm-applet!
Anonymous (not verified)
Thanks very much for the
Sat, 2012/05/19 - 15:14Thanks very much for the useful info ! Works like a charm.
MrRedPants (not verified)
I get this: vpnc: server
Sun, 2012/11/11 - 22:36I get this:
vpnc: server requested domain, but none set (use "Domain ..." in config or --domain
I assume this needs to go in conf file? It is in the file but under IPsec gateway
Pablo Estigarribia (not verified)
Just comment for those using network-manager
Mon, 2012/11/12 - 05:49In ubuntu I have installed sudo apt-get install network-manager-vpnc-gnome and then I was able to use "Import" feature in VPN settings for network-manger (nm-applet) to import pcf file (Cisco VPN Profile).
if it does not shows you the "group password", open the file with gedit and copy group password encrypted. Run cisco-decrypt xxxxxxkey (paste the key) it will show you the group password.
Works very nice and easy, you will be able to connect cisco-vpn from the graphical nm-applet.
RickMura (not verified)
Nice
Tue, 2013/10/01 - 19:53Thanks for this.
Working fine on Opensuse 12.3
Cong (not verified)
cisco vpn client on Ubuntu 14.04 LTS
Wed, 2016/01/06 - 16:34Thanks This worked on Ubuntu 14.04 LTS except that I can't get the RSA soft token working on Ubuntu.
Daniel (not verified)
Right on!
Sat, 2016/09/03 - 02:44This advice is still valid, the provided Links work. I have just successfully tried it on a Raspberry PI.
Thanks a lot!
Pages