Linux VPN Clients
From HelpdeskWiki (external)
Linux provides a number of facilities for VPN, usually via different command line utilites such as vpnc and pptp. Fortunately, most modern distributions today also include a fairly recent version of Gnome's Network Manager which provides a nice GUI for handling wired and wireless network connections with (or without) VPN.
You are probably best off avoiding the Linux Cisco VPN client provided by CIS. It requires rebuilding the VPN module on every kernel upgrade and in the past has been known to panic the kernel on large downloads.
Contents |
Fedora
The VPN features in the latest Fedora's NetworkManager seem to be well integrated with SELinux and iptables/ip6tables (as of Fedora 10/11). At present, there is no need to disable either SELinux or make any changes to your iptables. YMMV. Here's a list of current packages to install (openvpn isn't needed for CSE VPN but it won't hurt).
- NetworkManager
- NetworkManager-glib
- NetworkManager-gnome
- NetworkManager-openvpn
- NetworkManager-pptp
- NetworkManager-vpnc
To get all those at once, copy/paste the below (and provide the root password to su):
su -c "yum -y install NetworkManager NetworkManager-glib NetworkManager-gnome NetworkManager-openvpn NetworkManager-pptp NetworkManager-vpnc"
After they are all installed, logout and reboot your computer (or start the NetworkManager service via Start->System->Services and logout/login... either way requires you restart Fedora's default Gnome desktop).
Once those are installed, you've restarted and logged in again, click on the Network Manager icon in the notification area of your tool/menubar, choose VPN Connection->Configure VPN... On that screen, click Add and then see below.
Cisco VPN
To set up a Cisco VPN client, choose "Cisco Compatible VPN (vpnc)".
Click on Create... and the following appears:
Give it whatever Connection Name you like. Fill in the server name (vpn.cse.tamu.edu), group name (cpsc), your CSE password and the group password (cs@hrbb). Under Optional, if your local login is different than your CSE login, put your CSE login in the "User name:" box. Put CPSC for the Domain. Be sure the Encryption method is Secure (default). Leave NAT traversal at Cisco UDP (default). Leave IPv4 Settings at their default of Automatic(VPN). Press OK (note, on small notebooks, the OK button can be accessed by holding down the Alt key and dragging the window up with the mouse).
PPTP
To set up a PPTP client, choose Point-to-Point Tunneling Protocol (PPTP)
Click on Create... and the following appears:
Give it whatever Connection Name you like. Fill in the Gateway (pptp.cse.tamu.edu). Under Optional, if your local login is different than your CSE login, put your CSE login in the "User name:" box. Put CPSC for the NT Domain. Leave IPv4 Settings at their default of Automatic(VPN).
Very important: Click on Advanced... The following screen appears.
You _must_ disable EAP in the list of Authentication methods. You also _must_ enable the Use Point-to-Point encryption (MPPE) option. Failure to disable the former or to enable the latter will lead to connection failure (with no details in the GUI other than it failed) and /var/log/messages will have errors along the line of something like "LCP terminated by peer". If it fails to start, grep that file for that message and if it is there, make the necessary corrections.
Ubuntu
Ubuntu uses essentially the same packages just without the uppercase letters. e.g. networkmanager-vpnc
Gentoo/VPNC via console
The full details are here. Ensure that you have the necessary TUN/TAP device driver compiled into your kernel, or loaded as a module.
Install vpnc (via "emerge -av net-misc/vpnc" )
Set your /etc/vpnc/default.conf to read:
IPSec gateway vpn.cs.tamu.edu
IPSec ID cpsc
IPSec secret cs@hrbb
IKE Authmode psk
Xauth username USER
Xauth password PASSWD
You need simply run "vpnc" to connect to the VPN, and "vpnc-disconnect" to close the connection
Notes
- For (old) reference, there are (3+ year old) notes using pptpconfig and vpnc on Fedora Core 2/3 here.
