VPN Connection in Ubuntu using VPNC

I’ve been using VPNC in my Ubuntu to access my company’s VPN for quite some time now. The story is, I’ve tried using Cisco VPN, but it will only get me as far as connecting to the VPN server. When I’m trying to access the company’s intranet, I’ll get a “page not found” error slapped to my face. I’ve found out it has to do with my machine’s Firestarter. I doesn’t really feel comfortable removing or stopping my Firestarter, so I have to find out ways to access VPN, and still having my Firestarter active.

After doing some googling, I stumbled upon VPNC, alternate VPN client for Cisco servers.

Installing VPNC:
1. Enter the following in the terminal to install VPNC on your computer:
sudo apt-get install vpnc resolvconf

2. Create a <filename>.conf file in /etc/vpnc/ . Enter following command to create myoffice.conf:
sudo gedit /etc/vpnc/myoffice.conf

3. Copy the following text to that myoffice.conf file:
IPSec gateway <server IP address>
IPSec ID <group name>
IPSec secret <group password>
Xauth username <username>

You can get the values for <server IP address>, <group name> and <group password> by opening your Cisco VPN client .pcf file. For <group password>, the value is encrypted. What you have to do is, copy all the characters from the “enc_GroupPwd” value, go to this cisco vpnclient password decoder site, paste the characters and click “Decode”. It will give you the decrypted group password. Now, copy the decrypted password and replace it with the <group password> in your myoffice.conf. Replace your user name to <username>. Save the file and close.

Running VPNC:
You can run VPNC simply by running this command:
sudo vpnc myoffice /etc/vpnc/myoffice.conf

Enter your VPN password once connected. To disconnect:
sudo vpnc-disconnect

Making it work with Firestarter:
You might have a problem accessing for company’s intranet if you have Firestarter installed. Instructions below will make it work.

1. Edit /etc/firestarter/user-pre . First, make the file writable:
sudo chmod 600 /etc/firestarter/user-pre

2. Edit the file:
sudo gedit /etc/firestarter/user-pre

3. Copy the following to the file:
iptables -A INPUT -j ACCEPT -s xxx.xxx.xx.xxx -p esp
iptables -A INPUT -j ACCEPT -s xxx.xxx.xx.xxx -p udp -m multiport --sports isakmp,10000
iptables -A INPUT -j ACCEPT -i tun+
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xx.xxx -p esp
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xx.xxx -p udp -m multiport --dports isakmp,10000
iptables -A OUTPUT -j ACCEPT -o tun+

Replace your VPN server’s IP address to the xxx.xxx.xx.xxx.

4. Save the file and close.
5. Change the user-pre file permission back to the way it was:
sudo chmod 440 /etc/firestarter/user-pre

6. Restart Firestarter:
sudo /etc/init.d/firestarter restart

Thanks to Arun for the tips.

Related Posts:

7 Comments

  1. Bravo! Bravo! I have waited for this information for quite some time.

    Since Ubuntu is Debian I think I can make this work on my Debian server aka router and have an almost permanent VPN connection. Muahahaha (evil laugh).

    Thanks a bunch!!!

  2. Oh yeah… it worked on a pure Debian. Now I have a static route to my Debian server so I don’t have to use the Windows client anymore. Woohoo! Thanks again Nazham.

  3. Glad could help :) . Just don’t forget me when you’re rich and famous.

  4. I took it a little bit too far. I am now using vpnc on my WRT54G router.

    http://www.dd-wrt.com/wiki/index.php/VPNC

    Now I don’t need a server ;-)

  5. I might need to use this in the future :) If…

Trackbacks/Pingbacks

  1. [...] my previous post on VPNC, after modifying the user-pre file in Firestarter, it somehow screws-up my guest-host [...]

  2. [...] a while ago I’ve posted a way to setup your VPN access using VPNC in Ubuntu 8.04 Hardy Heron. Now with Ubuntu 8.10 Interprid Ibex, things will become much more [...]

Leave a Comment



  • recently written