Last night I had to connect to an Cisco VPN server for the first time. All my computers use 64 bit operating systems. And this fact excludes using the original Cisco VPN client in its actual 5.0.01 version: It supports 32 bit only.
So I will show how to install and use the VPNC on the example connecting to the HTW Dresden.
The VPNC is available as official debian package. It is very comfortable to let the client handle the route settings in your resolv.conf so you will also need resolvconf. Just do as root
# aptitude install vpnc resolvconf
The computer center of the HTW Dresden offers complete config files only for the Cisco VPN client. So you will have to convert the .pcf files to VPNC configs. This handles the small pcf2vpnc for you. Get it:
$ wget http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc
But there is another problem: If there is a group password given in the config this has to be converted, too. So you need to download and compile cisco-decrypt.c Following christos tutorial this tool depends on libgcrypt-dev so you should get that first:
# aptitude install libgcrypt-dev
$ wget http://www.unix-ag.uni-kl.de/~massar/soft/cisco-decrypt.c
$ gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
To ease the handling of this 2 programms you should copy them to a searchable path:
# cp pcf2vpnc cisco-decrypt /usr/local/bin/
Now you can convert you config:
$ pcf2vpnc my_config_file.pcf > /etc/vpnc/my_config_file.conf
Note: The .conf file name extension is obligatory.
You may add your VPN username and password to the config file:
# echo -e "Xauth username xxxxxxxx@htw-dresden.de \nXauth password my_secure_password" >> /etc/vpnc/my_config_file.conf
Thats all! Now you can start the vpn by calling as root:
# vpnc my_config_file
and stop:
# vpnc-disconnect
To test the vpnc you could watch the content of your resolv.conf:
$ cat /etc/resolv.conf
prints something like
xx.xx.xx.xx
# vpnc my_config_file
$ cat /etc/resolv.conf
results in
zz.zz.zz.zz
yy.yy.yy.yy
xx.xx.xx.xx
Note for connecting to the HTW Dresden:
A username and password are requested when downloading the configs and establashing the vpn connection. If you do not have a direct HTW account you can also use i.e. your TU Dresden login for both. Just append “@tu-dresden.de” to your username (i.e.: sxxxxxxx@tu-dresden.de). The password is the same.
The profile HTW_Internet_2 gives you an HTW associated IP only for certain sites. To access all pages via the HTW VPN you have to use the HTW_Internet_3 profile. (Of course, this is also mentioned in the tutorial of the computer center, but… you know… 
)
Vielen Dank, diese Anleitung hat mir sehr geholfen! Ich habe hier einen Server mit amd64 aufgesetzt und habe vorher ewig erfolglos versucht dort den Cisco Clienten zu installieren oder von einem Rechner hinter dem Server (der als NAT fungiert) per IPSEC zu connecten.
Eine Anmerkung noch zu folgender Zeile:
“gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config –libs –cflags)”
Falls jemand wie ich diese Zeile einfach per copy & paste übernehmen sollte verschwinden möglicherweise die doppelten Bindestriche vor “libs” und “cflags” und es kommt zu einem Fehler.
Kommentar von Felix Ebert — 3. März 2009 @ 01:44