VPNC with Linux
Warning: this is old information and may not work anymore
General information
VPNC is an alternate VPN-Client for the Cisco IPsec servers. In Debian it's available since 3.1 (Sarge) and it should be available in most other modern Linux distributions.
See the end of this HowTo for instructions about manual installation on older Linux distributions such as Debian 3.0 Woody.
Installation
Debian and Ubuntu
In recent version of Ubuntu the package “vpnc” is part of the default desktop installation. Choose the menu Applications→Add/Remove… and search for “vpnc”. If it is not already installed you can do that directly there.
Alternatively you can install the package “vpnc” as root (or with “sudo” prepended) from the command line:
apt-get install vpnc |
Configuration
Using the ISG EE Ubuntu AddOns
For all Debian based dsitrbutions (using the .deb package format) such as Debian and Ubuntu (maybe also Xandros), you can use the isgee-vpnc-ethz package which includes a ready-to-use configuration as well as some helpful helper scripts targeted on usage with the ETHZ VPN.
The package's configuration connects to the ETH public VPZ by default. If you want to connect to your own VPZ, you may need to modify the configuration file /etc/vpnc/ethz.conf or create a new configuration file. See manual configuration below.
Ubuntu
On Ubuntu you can easily install it adding the ISG EE Ubuntu AddOns Repository to your package manager. See https://linux.ee.ethz.ch/AddTheAddOns for details.
Debian
On Debian you can also use the Ubuntu package isgee-vpnc-ethz. For Sarge (3.1) and Etch (4.0) just use the Ubuntu Edgy version of the isgee-vpnc-ethz package.
Non-Debianesk Distributions
Download the source of the isgee-vpnc-ethz package and adjust the scripts to your needs.
Manually
(Said to no more work. Try the isgee-vpnc-ethz scripts mentioned above in that case.)
Create configfile /etc/vpnc.conf:
Interface name tun0
IKE DH Group dh2
Perfect Forward Secrecy nopfs
IPSec gateway 129.132.99.162
IPSec ID Group-Name
IPSec secret Group-Password
Xauth username n.ethz.ch-Login
Get the whole configuration file including Group-Name and Group-Password from https://vpnsoftware.ethz.ch/IPSec VPN Client-all OS/Linux/VPNC/Linux-VPNC-ethz.conf. You will need your n.ethz.ch account and password to access that file.
Starting the client
Manual configuration
vpnc-connect /etc/vpnc.conf |
Using the isgee-vpnc-ethz Ubuntu/Debian package
vpnc-connect ethz |
Compiling the client from source on old Linux Distributions
Make sure you have TUN-driver in your kernel (CONFIG_TUN). Debian's default kernels have it already.
Install iproute:
apt-get install iproute |
This part need to be done when you are using an old Linux distribution like Debian Woody:
Fetch the latest libgpg-error from ftp://ftp.gnupg.org/alpha//gcrypt/alpha/libgpg-error/, I used ftp://ftp.gnupg.org/alpha//gcrypt/alpha/libgpg-error/libgpg-error-0.6.tar.gz
Fetch the latest libgcrypt from ftp://ftp.gnupg.org/alpha//gcrypt/alpha/libgcrypt/, I used ftp://ftp.gnupg.org/alpha//gcrypt/alpha/libgcrypt/libgcrypt-1.1.91.tar.gz
Compile libgpg-error:
tar xvfz libgpg-error-0.6.tar.gz |
Compile libgcrypt:
tar xvfz libgcrypt-1.1.91
./configure |
Be sure to have /usr/local/lib in /etc/ld.so.conf and rebuild library cache with /sbin/ldconfig
This part needs to be done when you are using Debian SID aka unstable:
Install libgcrypt from your distribution, e.g.:
apt-get install libgcrypt7 libgcrypt7-dev |
Fetch the latest vpnc from http://www.unix-ag.uni-kl.de/~massar/vpnc/, I used http://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-0.2-rm+zomb-pre7.tar.gz
Compile vpnc:
tar xvfz vpnc-0.2-rm+zomb-pre7.tar.gz |
