User Tools

Site Tools


oneguysexperiencewithcarletonuniversityvnp2011

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

oneguysexperiencewithcarletonuniversityvnp2011 [2015/06/09 15:23] (current)
Line 1: Line 1:
 +Connecting to Carleton University VPN with Linux
 +
 +1.  Use your distro'​s package manager to install '​vpnc'​.
 +
 +2.  Download the WindowsXP CISCO client from the website provided by Carleton, using the username and password supplied by Carleton. ​ The file is a self-extracting ZIP file with an .exe extension.
 +
 +3.  Use '​unzip'​ to extract the files to a handy directory. ​ Look for the "​.pcf"​ file, in my case, it was "​CarletonIntranetVPN.pcf"​. ​ Using information from that file, you will need to populate the vpnc config file.  In Ubuntu Natty, that is "/​etc/​vpnc/​default.conf"​. (Ubuntu created an '​example.conf'​ that you can copy and edit.  Other distros may do similar or different things.) ​ Copy  the values for the fields "​Host"​ and "​GroupName"​ from the .pcf file to the "IPSec gateway"​ and "IPSec ID" fields of the vpnc config file.   For the "Xauth username"​ and "Xauth password"​ fields, use the information supplied to you by Carleton, the same info as you used to download the Windows client from the Carleton web site.
 +
 +4.  The "IPSec secret"​ field is the only slightly tricky bit.  The .pcf will include a hash of the required value in the "​enc_GroupPwd"​ field, but vpnc needs the unhashed value. ​ Luckily, this hash can be decoded easily, and there is a web page that will do it for you:
 +
 +http://​www.unix-ag.uni-kl.de/​~massar/​bin/​cisco-decode
 +
 +Decode the value of the "​enc_GroupPwd"​ of the .pcf file and use that for the "IPSec secret"​ field in the vpnc config file.  I understand that you can install a utility (it may even be a part of the vpnc package) to do the decoding locally if you prefer. ​ No other fields are required, at least not for Carleton.
 +
 +5.  You are good to go.  Use some variant of 'sudo vpnc-connect'​ to connect (root privileges are required) and 'sudo vpnc-disconnect'​ to disconnect. ​ These commands will build the connection, create the /dev/tun0 device, modify the routing tables properly and then tear it all down again afterward. ​ There are also KDE and Gnome helper apps, but I did not investigate or install them.
 +
 +Caveats:
 +
 +1.  The tiny bit of investigation I did suggested that the routing table changes were clever enough to keep the local subnet traffic routed locally, but all other traffic would be routed through the vpn.  I understand that you can do more clever routing so that you could keep, say, your web surfing, through your own connection while still routing other traffic through the vpn, but I have not investigated this.
 +
 +2.  The Carleton set-up seems to use password-based authentication. Superficial googling suggests that vpnc may not work so well if certificate-based authentication is required. ​ I have not investigated.
 +
 +3.  The command-line approach described here may wreak havoc or otherwise not work with boxes running networkmanager'​s. ​ My box doesn'​t,​ so I don't know.  Installing and using the helper apps I
 +alluded to might help in this respect.
 +
 +4.  Your mileage may vary.
 +
 +Credits: ​ I used the following general guide from Linux Planet:
 +
 +http://​www.linuxplanet.com/​linuxplanet/​tutorials/​6773/​1
 +
 +Thanks also to Singer for the encouragement to 'just do it.'
 +
 +Michael Walma
  
oneguysexperiencewithcarletonuniversityvnp2011.txt ยท Last modified: 2015/06/09 15:23 (external edit)