http://devel.oclug.on.ca/wiki/OneGuysExperienceWithCarletonUniversityVNP2011 I just pasted the text below onto the page. Feel free to edit it. bjb On Wed, Oct 05, 2011 at 11:50:29AM -0400, Michael Walma wrote: > Quoting "Stephen Gregory" <oclug [ at ] kernelpanic [ dot ] ca>: > > > On 04/10/11 04:42 PM, Michael Walma wrote: > > > >>> My wife needs access applications through the Carleton University VPN. > >>> The documentation I've seen suggests that one would use a Cisco VPN > > > >> Thanks Singer, I did exactly this and it worked just fine. > > > > This VPN question gets asked every other year. Could you do a quick > > write up of what you did and add it to oclug wiki? I am guessing that > > most important bit is how to get the PCF file and any Carleton specific > > stuff. > > > > -- > > sg > > _______________________________________________ > > Linux mailing list > > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > > http://oclug.on.ca/mailman/listinfo/linux > > > > I'd be happy to do so, if someone would create an empty page in the > right place, I would populate it, with the following: > > 1. Use your distro's package manager to install 'vpnc'. > > 2. Download the WindowsXP CISCO client from the website provided by > Carleton, using the username and password supplied by Carleton. The > file is a self-extracting ZIP file with an .exe extension. > > 3. Use 'unzip' to extract the files to a handy directory. Look for > the ".pcf" file, in my case, it was "CarletonIntranetVPN.pcf". Using > information from that file, you will need to populate the vpnc config > file. In Ubuntu Natty, that is "/etc/vpnc/default.conf". (Ubuntu > created an 'example.conf' that you can copy and edit. Other distros > may do similar or different things.) Copy the values for the fields > "Host" and "GroupName" in the .pcf file to the "IPSec gateway" and > "IPSec ID" fields of the vpnc config file. For the "Xauth username" > and "Xauth password" fields, use the information supplied to you by > Carleton, the same info as you used to download the Windows client > from the Carleton web site. > > 4. The "IPSec secret" field is the only slightly tricky bit. The > .pcf will include a hash of the required value in the "enc_GroupPwd" > field, but vpnc needs the unhashed value. Luckily, this hash can be > decoded easily, and there is a web page that will do it for you: > > http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode > > Decode the value of the "enc_GroupPwd" of the .pcf file and use that > for the "IPSec secret" field in the vpnc config file. I understand > that you can install a utility (it may even be a part of the vpnc > package) to do the decoding locally if you prefer. > > 5. You are good to go. Use some variant of 'sudo vpnc-connect' to > connect (root privileges are required) and 'sudo vpnc-disconnect' to > disconnect. These commands will build the connection, create the > /dev/tun0 device, modify the routing tables properly and then tear it > all down again afterward. There are also KDE and Gnome helper apps, > but I did not investigate or install them. > > Caveats: > > 1. The tiny bit of investigation I did suggested that the routing > table changes were clever enough to keep the local subnet traffic > routed locally, but all other traffic would be routed through the vpn. > I understand that you can do more clever routing so that you could > keep, say, your web surfing, through your own connection while still > routing other traffic through the vpn, but I have not investigated this. > > 2. The Carleton set-up seems to use password-based authentication. > Superficial googling suggests that vpnc may not work so well if > certificate-based authentication is required. I have not investigated. > > 3. The command-line approach described here may wreak havoc or > otherwise not work with boxes running networkmanager's. My box > doesn't, so I don't know. Installing and using the helper apps I > alluded to might help in this respect. > > 4. Your mileage may vary. > > Credits: I used the following general guide from Linux Planet: > > http://www.linuxplanet.com/linuxplanet/tutorials/6773/1 > > Thanks also to Singer for the encouragement to 'just do it.' > > Hoping this helps, > > Michael > > > _______________________________________________ > Linux mailing list > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > http://oclug.on.ca/mailman/listinfo/linux ---end quoted text---