Clemson:VPN
From Linux 101, The beginner's guide to all things Linux.
|
Note: This software is available for easy installation through the Clemson Ubuntu Support Project. |
Contents |
[edit] Introduction
Here we will discuss how to get on the Clemson network while off-campus. This will allow you to access resources that would be otherwise blocked by the firewall from the internet.
There are three ways to connect:
- Official Cisco VPN client
- vpnc on the command line
- vpnc with NetworkManager
[edit] Connecting with the Official Client
To connect, you will need the VPN Client provided by Cisco. Distributions cannot provide this by default because of Cisco's strict licensing terms.
- Requirements
Clemson's package is outdated, but contains the needed VPN configuration (Clemson.pcf).
[edit] Installing the VPN Client
Check your current kernel version:
-
uname -r
and make sure that you have the same exact version of source code or kernel headers under /usr/src. These would be provided by your distribution. In addition, /usr/src/linux should be symlinked to that directory. If it is not, do:
-
su - #
cd /usr/src - #
ln -s <kernel directory> linux
Expand the vpnclient file that you downloaded:
-
tar xzvf <file>.tar.gz
Extract Clemson's VPN configuration file:
-
tar xzvf vpnclient-linux-cu-3.7.2.Rel-k9.tar.gz ./vpnclient/Clemson.pcf
Change to the directory and install it:
-
cd vpnclient -
su - #
./vpn_install
Accept the defaults. Once complete, start the vpnclient service. This could be added to start at boot, if you wish.
- #
/etc/init.d/vpnclient start
All this does is load the cisco_ipsec module. You could also add cisco_ipsec as a module to load on boot and forget about the vpnclient script.
[edit] Using VPN
After installing the client, using it is very easy. As a normal user, you can execute
-
vpnclient connect Clemson
It will ask you for your username and password, which is the same as your Novell one. Answer Y to connect, and you are now on the Clemson University network.
To disconnect, you can either Ctrl-C where you started the program, or you can type
-
vpnclient disconnect
Your regular Internet connection will then be restored.
[edit] Common Problems
- Whenever you upgrade your kernel, you must rerun the
vpn_installscript so that it can rebuild the kernel module.
[edit] Connecting using vpnc
To build vpnc, cd into the source directory and as root type
- #
make && make install
Then make sure you have <-> Universal TUN/TAP device driver set to be compiled in or built as a module in your kernel configuration. It can be found in the network devices section. Also check to make sure you have a /dev/net/tun device. If you don't, type
- #
mkdir /dev/net - #
mknod /dev/net/tun c 10 200
[edit] vpnc from the command line
You will need to convert the Clemson.pcf file found from the above directions into something vpnc can use. To do this run
-
pcf2vpnc Clemson.pcf > Clemson.vpnc
vpnc can then be run as follows
-
vpnc Clemson.vpnc
[edit] vpnc with NetworkManager
|
Note: Make sure vpnc on the command line works before attempting this step! |
After installing NetworkManager, if the vpnc vpn daemon is not installed by your distribution, you will need to build it from source. Grab the branch of NetworkManager from GNOME svn that matches your installed version and
$ cd vpn-daemons/vpnc/$ ./autogen.sh --prefix=/usr$ make# make install
You may need to copy the latest version of include/NetworkManagerVPN.h to /usr/include/NetworkManager for the build to succeed.
After the daemon is successfully installed, restart the NetworkManager daemon. You should now have an extra menu item in the left click menu of the nm-applet called VPN Connections. Select Configure VPN and import the Clemson.vpnc file from the above procedure. On the Optional tab set your Clemson user name and have it only use the vpn for addresses in 130.127.0.0/16. You should now be able to tell nm-applet to connect to the Clemson VPN. The password is your Novell password for the user name you supplied. The group password will need to be extracted from the Clemson.vpnc file with a Cisco decoder. A better way of using the Cisco decoder is to download it and compile it with
-
gcc -o cisco-decrypt.o cisco-decrypt.c -lgcrypt
The only input is the 'IPSec obfuscated secret' field from the Clemson.vpnc file.
