I have a client who uses a Cisco VPN to protect their network, and I exclusively use Ubuntu in my consulting work. At the moment, they don't easily work together out-of-the-box, even though they should. To get access to their network, I was provided with a PCF file, used to configure VPN client software to connect to the VPN server. However, after importing the configuration file, I simply couldn't connect.
In theory, you can use the standard NetworkManager utility to connect to your Cisco VPN, but it doesn't actually work. I've outlined the process that's supposed to work, and the one that's necessary to actually make it happen.
Using the GUI to connect to a Cisco VPN
Note: You can skip the first seven (7) steps if you're comfortable running "sudo apt-get install network-manager-vpnc-gnome" from the command-line interface.
- Open the Ubuntu Software Centre
- In the search box, type "network-manager-gnome".
- When "Network (network-manager-gnome)" comes up, select it.
- Hit its "More Info" button.
- Check the "Network management framework (VPNC plugin GNOME GUI) (network-manager-vpnc-gnome)" check box.
- Hit the Apply Changes button.
- Authenticate with your password if required.
- Click on the Network Manager applet icon in the status bar » VPN Connections » Configure VPN...
- Hit the Add button.
- Under VPN, select "Import a saved VPN configuration...".
- Select your PCF file and hit Enter.
- Enter your user name and user password.
- On the General tab, uncheck "All users may connect to this network".
- On the IPv4 Setting tab, click on "Routes...", and then check "Use this connection only for resources on its network". Hit OK.
- Hit the Save button.
The above recipe doesn't actually work for me as I keep running into the bug I filed, NetworkManager can't connect to Cisco VPN.
Using the Command-Line Interface
I was, however, able to connect using the command-line vpnc client. It took a bit of research, but here's what did the trick:
- Install the command-line client.
- sudo apt-get install vpnc
- Convert the PCF file to a native configuration file.
- pcf2vpnc NETWORK.pcf NETWORK.conf
- Secure the credentials from prying eyes.
- chmod 600 NETWORK_NAME.conf
- Edit the NETWORK_NAME.conf file to add your username and password.
- Start it with:
- sudo vpnc /path/to/vpn/configs/NETWORK/NETWORK.conf
- If it doesn't work, add the "--enable-1des" option, but make sure to tell the system administrator(s) that they need to upgrade their configuration as it's not as secure as it could be.
- sudo vpnc --enable-1des /path/to/vpn/configs/NETWORK/NETWORK.conf
- Terminate your connection as needed.
- sudo vpnc-disconnect
The following blog posts were helpful in getting things up and running: