VPN on x86_64 Linux

So, I recently got an Athlon 64 box and put pure 64-bit Gentoo on it, but then I couldn't get CiscoVPN to connect. Apparently, there's an open source solution that works for the Cisco 3000 VPN boxes, and it's called VPNC. Look at the whole entry for setup instructions.

It's really easy to setup, just download it, make && sudo make install, and setup up your conf file like so (I'm not going to publish the specifics, just the required entries. If you're associated with Case, you can get the information needed to connect from the casevpn.pcf file):
/etc/vpnc.conf:

IPSec gateway *****.case.edu
IPSec ID ****
IPSec secret *****
Xauth username nxj18
Xauth password *****

Where the gateway is the server you connect to, the ID is in the pcf file, the secret is the group password (you can get that from a network admin if you ask nicely, or you can hack the casevpn file and decrypt it yourself), and your password is your Case network password.

Next, make sure you have the tun module compiled and load it before you run the vpn. It's CONFIG_TUN, and I have it set as a module:

/usr/src/linux/.config:
CONFIG_TUN=m

Finally, you can manually start the VPN client as follows:

$ sudo modprobe tun
$ sudo vpnc-connect

and similary disconnect:

$ sudo vpnc-disconnect
$ sudo rmmod tun

Or use this handy init script (for gentoo):


#!/sbin/runscript

depend() {
need net
}

start() {
ebegin "Attempting to load IP tunnelling"
/sbin/modprobe tun &>/dev/null
eend $? "An error occurred while attempting to load tunnelling"

ebegin "Instantiating VPN client..."
vpnc-connect &>/dev/null
eend $? "An error occurred while attempting to start VPN."
}

stop() {
ebegin "Disconnecting VPN client"
vpnc-disconnect &>/dev/null
eend $? "An error occurred while attempting to disconnect"

ebegin "Unloading module tun"
/sbin/rmmod tun &>/dev/null
eend $? "An error occurred while unloading module tun"
}

That's it, it's a piece of cake.

Trackbacks

Trackback URL for this entry is: http://blog.case.edu/nxj18/mt-tb.cgi/2030

Comments

Thanks for the help Nate.

To decrypt the secret group password, follow these instructions.

Download the CaseVPN.pcf from here (CWRUnetID required):
https://vpnsetup.case.edu/vpn/CaseVPN.pcf

On a Linux machine, download this file:
http://www.unix-ag.uni-kl.de/~massar/soft/cisco-decrypt.c

Compile it:
gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)

Run it against the CaseVPN.pcf file:
grep enc_GroupPwd CaseVPN.pcf | awk -F= '{print $2 }' | xargs ./cisco-decrypt

The resulting output string is the CaseVPN decrypted group password.

Posted by Benjamin Chodroff on November 16, 2006 04:34 PM

That's how I did it originally... But now, the Cisco VPN client works with AMD64, as long as you have a newer kernel (>=2.6.16, I think). Originally, some of the declarations in the VPN client's module were architecture dependent, but that's been fixed.

It's advantageous to use Cisco's client, since it overcomes one basic limitation of vpnc, that being that vpnc isn't able to renew the cert at 12 hours, so the client needs to restarted after 12 hours, however Cisco's will run indefinitely.

Posted by Nate on November 16, 2006 08:50 PM

Hi Nate,

I'm in the process of switching from Windows to Ubuntu and can't seem to get vpn working correctly. I can login and I notice that my ip address is correct (129.22.x.x) but my connection becomes extremely slow. It gets to the point where there is lag doing a simple ssh connection with a server sitting 2 feet away from me on the network. I've tried both vpnc and the cisco client, any advice?

Posted by Benjamin Golub on December 11, 2006 01:31 AM

Post a comment