Wednesday 28 May 2008

Configuring VPNC on Fedora 9

vpnc is an opensource alternative to using the Cisco VPN client on Linux machines. If your corporate or school VPN is Cisco based, vpnc is a great tool to use compared to the ugly tainted kernel modules produced by the Cisco VPN client. The default vpnc client on Fedora 9 is compiled without OpenSSL suuport, therefore it is not possible to directly use vpnc to connect to VPN's that use SSL certificates (AuthType=5). The solution is simple however, just compile vpnc with OpenSSL support !.

Step 1:
Grab the OpenSSL source from http://www.unix-ag.uni-kl.de/~massar/vpnc/
wget http://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-0.5.1.tar.gz

Step 2:
Untar the sources.
tar xvf vpnc-0.5.1.tar.gz

Step 3:
Uncomment the following lines from the Makefile (lines 49-50).
OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
OPENSSLLIBS = -lcrypto


Step 4:
Make and install.
make && sudo make install

Step 5:
Edit /etc/vpnc/default.conf and add your VPN settings. These can be found from the .pcf file provided by your system admin. The important settings are:
IPSec gateway 10.1.1.0 #IP address of your gateway

IPSec ID MyVPN #Group name of your VPN

IPSec secret mypassword #Group password in plaintext. If not known, use IPSec obfuscated secret

IPSec obfuscated secret 234AB765C #Encrypted group password.

IKE Authmode hybrid #keep this setting unless it's different for your VPN

CA-File /etc/vpnc/rootcert #Full path to the root server certificate file


Step 6:
Start the client.
sudo /usr/local/sbin/vpnc
The client will prompt you for the username and password. You can store these values in the config file by using the XAuth username and XAuth password fields if you want vpnc to automatically login without prompting you.

If the settings are correct, vpnc will fork to the background and start the encrypted tunnel, Your VPN connection is up and running !

1 comment:

Jorge said...

Thanks for the explanation is was very useful to install the vpnc client. I had some problems with the line:

make && sudo make install

To solve that I installed the package:

libgcrypt-devel-1.4.0-3

And that was all.