Introduction
Cisco VPN is required to connect to many of the University of Oklahoma's (OU's) SOONER domain computing resources. Unlike the Windows client, Cisco's Linux VPN client requires use of the terminal and comparatively little documentation from the OU IT services. I got it working on my Ubuntu box at home and created this guide to show you how. Follow these steps to set up and connect to Cisco VPN Client on Ubuntu 9.04:
Installing the CISCO VPN client
Download and Install the (latest) v4.8.xx VPN client from www.tuxx-homes.at
1. Untar the VPN Client(NOTE:I did not run into any installation issues - but if you do, dig around at the above site as they have an archive of different versions and patches for several platforms)
# tar xzf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
2. Change to the vpnclient directory
# cd vpnclient
3. Install the client
#./vpn_install
Configuring the CISCO VPN Client
The simplest way is to start configuring by modifying the sample configuration file created as: /etc/opt/cisco-vpnclient/Profiles/sample.pcf by the installation.
Simply make a copy of the sample file as your VPN_SITE_NAME.pcf (e.g. - ou.pcf), and make the follwoing minimal changes:
[main]
Description= OU VPN user profile
Host=Your VPNSITE IP or URL (eg - soonerconnect-cox.ou.edu)
AuthType=1
GroupName=users
GroupPwd=ou-vpn
enc_GroupPwd=1
Username= your SOONER DOMAIN 4x4
SaveUserPassword=1
UserPassword= your SOONER DOMAIN PASSWORD
enc_UserPassword=1
(NOTE: A detailed description of each keyword in configuration file can be found in Cisco's guide. )
Start VPN service:
# /etc/init.d/vpnclient_init start
Finally Connect to the VPN site:
# vpnclient connect ou (YOUR Profile file NAME.pcf, without .pcf part)
Disconnect/Terminating the connection:
# vpnclient disconnect
PITFALLS:
VPN service not starting automatically after System reboot
(Reference: Stanford Install and configure the Cisco VPN client on Linux)
If you issued the previously mentioned command to start the VPN service at boot but are receiving the error message:
Could not attach to driver. Is kernel module loaded?
The application was unable to communicate with the VPN sub-system.
after rebooting, your operating system is not actually starting the service.While you could continue issuing the command:
# /etc/init.d/vpnclient_init start
each time you reboot the system. To actually remedy the problem, you need to create symbolic links for the VPN client at different run-levels. The Cisco VPN client, only creates one in runlevel 4, but many Linux OS's don't run at this level. For example, Ubuntu commonly uses runlevel 2. To have the client start at boot for runlevel 2, issue the command:
ln -s /etc/init.d/vpnclient_init /etc/rc2.d/S85vpnclient_init
In addition I needed to reinstall the VPN client after a version/kernel upgrade t0 9.04. Before reinstalling it, first uninstall vpnclient to clean files and directories previously installed:
# ./vpn_uninstall
Alternatives:
There is are two open source clients namely vpnc and openvpn that work fine for most cases and can also be integrated with Ubuntu Network Manager for non-command-line auto connection. However, I had more stable connection experience with the Cisco client. In addition, integration with Network Manager tries to route all Internet traffic through VPN tunnel (as little Arnav asks ... "but why?") ... hence no Internet w/ VPN connected. Workarounds are possible and several guides are available for interested.
Posts
