In Need of a complete idiot guide to VPN (linux)

I've seen some other posts on this issue and the answer was way over my head. Here is what I'm working with: http://securenet.niu.edu/vpnclientlinux.shtml

 

Are you connecting to a Cisco VPN network?

If so, have you received either a pcf file or a group password from your network administrator?

The vpnclient is the Cisco client.
There is also the native vpnc which will work with it.

Using vpnc is usually easier.
However, if it's a Nortel or Checkpoint VPN, they don't work, as far as I know.

If using the CIsco vpnclient, then you put the pc that you were given into /etc/opt/cisco-vpnclient/Profiles. Suppose the file is called access.pcf. Then you run the vpn client wiht

sudo vpnclient connect access

The command is connect, and access is the pcf file without the .pcf part.

If using vpnc, (my perference) you create a file like (The parts in between <> are what you fill in.

IPSec gateway <the IP they should have given you>
IPSec ID <the group name>
IPSec obfuscated secret <the very very long line in the pcf file that comes after enc_GroupPwd=>

### Put your username here
Xauth interactive

Put that in /etc/vpnc/
Call it default.conf or vpnc.conf--this depends on the system. The version you'd get with Linpus probably uses default.conf

Then when you connect it will ask for your user name and password and you should be on. When finished

sudo vpnc-disconnect

(If they gave you the unencoded group password, then for the IPSec secret line, leave out the word obfuscated. In other words, if your Group password is 1234 then that line would read

IPSec secret 1234

 

Sorry, something went wrong. Did you follow that link I posted? The University has the instructions posted there. I just don't get it.

I downloaded the vpn client the university gives that has the pcf file. I followed both methods to no avail. using the client it tells me command not found. You sure the folder is right? using the vnpc option, i get nothing. I'm not sure if it's set up right or not though. the gave a group name of vpn1.ess.niu.edu instead of a numerical ip address. is this what i want? thanks.

 

No, I should apologize--I didn't realize it was a specific university, I thought you just wanted to learn how to use the program and that was a general tutorial. I shouldn't write in a hurry.

What sort of file did the university give you? The Cisco VPN client for Linux that I've seen is a tarball, meaning it has to be compiled.

I will write more tonight when I have time. I think you will still be better off using vpnc especially if the program your university gave you has to be compiled.

Looking at the link, I see it is a tarball. After untarring it, did you run the vpn_client install?

Again, I'll be able to answer this more completely tonight (EDT, GMT-0400)

 

I found a tutorial on how to compile, so I got that figured out and I'm just about to the last step of the installation when I got a question I cannot answer:

Directory containing linux kernel source code []

What the heck is this? I think I'm almost there.

On a side note, for vpnc, i created that file you wanted with mousepad and saved it, yet nothing happens. Is a login box supposed to magically supposed to pop up or do you have to run something?

 

Hi,
You need to start the VPN manually - sudo vpnc should be enough if you created /etc/vpnc/default.conf
with the your configuration.
See my previous post for more details.

http://www.aspireoneuser.com/forum/viewtopic.php?f=34&t=2287#p39383

Regards
devlin

 

Yes, I think that Devlin's linked post is the best thing to do.
That's the short answer.

Especially when you're new, although it seem safest to use the university supplied program, in this particular case, the client that Cisco makes available has to be configured, as you've found.
The trouble with this is that then you'll also have install headers, libraries and all that good stuff. (That's why it's asking for where the source code is kept.)

Then, although you can just use the configuration file they give you, if you use vpnc instead,
you can, very very easily create your own. It requires fewer resources, is already available--I believe Devlin said it's already installed--and is just as simple to use.
His instructions seem quite clear in that linked thread--if you run into trouble with them, then post. Just remember that vpnc has to be started with sudo in order to access the configuration file (and that all editing of the file will have to be done using sudo.)

I use interactive for the Xauth, but that's just my preference. It's a company VPN and it's just one less thing to be found if my computer were stolen.
(Using interactive, rather rather than putting the name and password in the configuration file, means that I have to type in my user name and password each time--to me, that's not a big deal.)

 

i think i have some progress. I'm getting an error message about the group name not being a hes string or something. I was not at the university when i tried it though so I probably should have gotten an error. i'll give it a shot tomorrow morning and see what happens. thanks.

 

Yes I got that tonight when I upgraded my own configuration. It's usually a copying error. For example, I was sent a pcf file created on a Windows machine. When I opened it on a Linux machine, it had the DOS ^M at the end of the line, which I missed the first time I copied it in.

I'm not sure how much of a newcomer you are--if you see a ^M at the end of any of the lines, delete them. Notepad and other MS text editors use it as an EOL (end of line character, or perhaps a carriage return, I fear I've forgotten which. Unix and Unix like systems such as Linux (with the probable exception of Apple) use different codings, so if you open a file created with a Windows text editor in a Linux text editor, you'll see a bunch of ^M's in it. It's safe to just delete them.

Conversely, if you open a Unix created text file in Notepad, you'll see lines that don't end where they should. It has to do with that EOL character being different. (However, keep in mind, I'm really don't remember if it's an EOL, carriage return or something else, but the result is the same, regardless.)

 

No ^M anywhere. my default.conf is as follows, with the exception of my password:

IPSec gateway vpn1.ess.niu.edu
IPSec ID wireless
IPSec obfuscated secret C4458FBE13111F0B26ACCC402351350C36926************************2F9781AA7C4205596510CCA22
Xauth username z131275
# Xauth password ********

did i make an error anywhere? Thanks again for your help.

 

Firstly, you shouldn't put the obfuscated secret on a public forum, even though part of it is cut off

(I would remove that)
Secondly, if that's a direct cut and paste, then it should look like

IPSec obfuscated secret <long string on same line>

It looks as if you have the password on the line below the line saying IPSec obfuscated secret which would probably cause that error.

 

It is on the the same line. Just copied funny on here cause there wasn't enough room. If that was all then I guess it's right.

I tried it at school today. I'm not sure if i'm supposed to type sudo vpnc in the run program box or the terminal so i did both. In the run program box, nothing happened. In the terminal, I get "vpnc: error: deofuscating of password failed (input not a hex string)"

Any more ideas? If not, then I guess we need to embark on the painful mission of installing the cisco client. Without VPN access, my AA1 is a doorstop.

 

Hi,
You should run the command in the terminal window (for best use at least).

I think you have added a space (or similar character) at the end (or double space in the beginning ?)
of your hex secret. Apparently the newline must come immediately after the hex string.

Regards
devlin

 

You were right Devlin. It let me type in my password when I changed that. After I type in my password and hit enter, I get:

vpnc: can't open /dev/net/tun, check that it is either device char 10 200 or (with DevFS) a symlink to ../misc/net/tun (not misc /net/tun): No such device
vpnc: can't initialize tunnel interface: No such device

I do have a /dev/net/tun file on my computer. it won't open with anything as far as i can tell.

We're getting farther!

 

Hi,

Strange - it should load the tun (network device) driver automatically. Let's try to do it manually.
Try this,
# sudo modprobe tun
# sudo vpnc

Regards
devlin

 

After # sudo modprobe tun, i get:

FATAL: Module tun not found.

 

Hrm, that is peculiar. You have /dev/net/tun, but are getting module not found.

Did you install vpnc from an rpm? (I'm at a bit of a loss here. I'm wondering if perhaps the rpm is broken.)
That is, did you do sudo -y yum install vpnc

 

Ok, first of all you're right. I had Linpus on a USB stick and was able to duplicate this. Someone broke this, whether Linpus or Fedora, I have no idea--neither is famous for quality control

Installing tunctl and/or updating vpnc doesn't work either.

Googling indicates updating the kernel might help, but no kernel marked for update.



I'm not sure at this point.

I'll try to take a deeper look this weekend if I have a chance. (However, I can't promise).

 

The problem seems to be that there's no tun module for the 2.6.23.x kernel. There is one for a 2.6.26.x kernel, but that kernel apparently breaks the MadWifi wireless driver.

I'm not even sure when I got that 2.6.26 kernel rpm.


It seems as if it's a bug. There are various workarounds, but at this point, I'd probably just install something else to a USB stick and use that.

The other option would probably be to get the latest MadWifi snapshot and install that while running the 2.6.26 kernel, which would get MadWifi working again.

If you want to go that route, I have a page on it--not Linpus specific, but the instructions should work, at
http://home.nyc.rr.com/computertaijutsu ... .html#5007

However, I can't guarantee that it won't break something else.

 

Hi,
Arghh, the installed/supplied device drivers on the AA1 seems to be very limited.
One of the first things I did after I got it was to fetch the AA1 linux source (from acer)
and compiled some drivers for USB/Bluetooth and apparaly the tun (virtual network)
driver.
Let's see it the forum attach-file works, download the attachment to your AA1.
# cd /
# sudo tar xvzf /mnt/home/user/Downloads/tun_driver.tgz <or where your downloads are saved>
That should be all which is needed, perhaps you also need to do a #sudo depmod -a.

Regards
devlin