VPN Client for Linux at GSU
GSU requires a Cisco VPN client to access many of its network services. I use Linux on my laptop and unfortunately GSU does not offer support for a Linux client. However, after searching and trial and error I now have the Cisco VPN client working. I’m posting this for any interested GSU Linux users.
First, I looked into using VPNC, the open source Cisco-compatible VPN client because it doesn’t require the use of a new kernel module. However, VPNC requires the knowledge of a group password which GSU tech support declined to share with me (the official Cisco VPN client uses an obfuscated hash of the group password which VPNC doesn’t currently support).
I next turned to the Cisco VPN client for Linux. Below are the steps I took to get the Cisco client to work on my Ubuntu Dapper Drake version of Linux:
- Download the Linux kernel headers for your kernel version. Check your Kernel version using: uname -r
- Dowload the Cisco VPN Client version 4.8 for Linux. GSU doesn’t provide this, so try this Google search instead.
- Untar the archieve: tar -xzvf vpnclient-linux-4.8.00.0490-k9.tar.gz -C /usr/local
- Change directories to the new location: cd /usr/local/vpnclient
- Make sure the vpn_install script is executable (chmod +x ./vpn_install), then run: sudo ./vpn_install
- The installer will ask for the location of the kernel heard source. On my machine this is located at: /usr/src/linux-headers-2.6.15-22-686
- Choose “no” when asked if the Cisco file should start at boot time. After the vpn_install script ends, set the VPN_init file to start up automatically: update-rc.d /etc/init.d/vpnclient_init defaults
- From a Windows machine with the GSU VPN profiles installed (you can find the installer file which includes the profiles here), copy the PCF profile files to :/etc/opt/cisco-vpnclient/Profiles. Rename the PCF files so that the filenames do not include any spaces.
- After starting the vpn_init file (/etc/init.d/vpn_init start), start the VPN client by entering: vpnclient connect
profile, where profile is the filename of one of the PCF files in /etc/opt/cisco-vpnclient/Profiles.
In all, this is a good example of why Linux isn’t quite ready for mainstream usage. However, Linux is a very powerful system that is becoming increasingly more user-friendly as a desktop system.
James Sieg said,
Wrote on May 22, 2006 @ 4:25 pm
Hey Tony,
I just wanted to do my little part to ensure your website continues to come up first when your name is googled. I didn’t understand the information systems lingo- but, I doubt I am the target crowd. I hope you have a good day.
-James
p.s.- you should have a picture of a Georgia peach on your website.
brant said,
Wrote on June 2, 2006 @ 8:54 am
Hi - Great howto - just one question. I can successfully connect phase 1, then phase 2 with our RSA SecureID, I then get a message saying Securing Communications channel ( or something ) but then it disconnects stating, ” Firewall policy mismatch “. Any ideas ??
Badri said,
Wrote on July 25, 2006 @ 4:36 pm
Hi Anthony,
You could try the cisco decoder for getting the group password for hash. I use vpnc with this for VPN at my university.
Regards
Badri
Ross said,
Wrote on September 3, 2006 @ 5:58 pm
Is there any chance you could email a copy of the archived VPN installation files? I tried the search and came up with nothing but the Real.com page and I’m nervous about downloading it from there cuz it may not be legal.
Thanks
GSU Student on Ubuntu Dapper
Cisco 6500 said,
Wrote on October 1, 2006 @ 1:41 pm
Great post! I have an associate who has been asking for documentation on getting a Cisco client working on linux.
Thanks!
Ross said,
Wrote on October 5, 2006 @ 6:31 pm
I have finally gotten the VPN client to work, however, I can’t connect to CatChat in Linux while on campus. I’m using Ubuntu Dapper 6.06 and I have the Wireless Assistant v0.5.5 and everytime I try to connect to one of many CatChat networks listed, the connection fails. I chose automatic settings (DHCP). Is there somethign that I’m missing? Connecting to other networks hasn’t been a problem.
Thanks
Ross