Sunday, April 05, 2009

HOWTO: Connecting over Cisco VPN in Linux

VPNC is the VPN Client that can be substituted for CISCO VPN on Linux and this article will show how to connect using VPNC to CISCO VPN servers on Fedora. Once connected to the network you can use krdc remote desktop client to connect to a remote Windows desktop.

When you wish to connect to a VPN network, the network administrator will send you a pcf file. You will also be given a username and password to connect. This pcf file contains the connection parameters used by the CISCO VPNClient. This is a plain text file and can be opened in any editor. So fire up your favorite editor and look for these three parameters

Host - This will be the hostname or IP Address of your VPN Server
GroupName - The internal Groupname for authentication
enc_GroupPwd - The internal encrypted hash password for the groupname

Now we need to decrypt the encoded group password! You can write your own C Program in linux using the cryptography libraries or download and compile but the easiest way out is to use an online decoding tool like this one

Online Decoder

C Source File for advanced hackers

Now we need to create a configuration file for vpnc similar to this pcf file. Goto the folder /etc/vpnc in Fedora 10. Other distributions may have other locations but you can use locate vpnc to find the location.

In this folder you will find a file default.conf which you can use as a template. Copy this file and give the new file any name e.g., cp default.conf myVPN.conf

Open myVPN.conf in any text editor such as vi and make sure it contains these lines

IPSec gateway <Enter the Hostname or IP Address of the VPN Server here>
<Enter the Groupname here>
IPSec secret
<Enter the decrypted Group password here>
# your username goes here:
Xauth username
<Enter your username here>
Xauth password
<Enter your password here>

If you do not wish to store the password in plain text, do not enter the last line and you will be prompted to enter the password at connection time. Save this file.

Finally to connect use this command in a root shell.

vpnc myVPN.conf

If you had not entered a password in the conf file, you will be prompted for it. Once connected you will see the welcome message from the VPN Server. Woohoo! We are in! Access Granted!

Now that we are connected to the network, simply launch krdc and type in the IP address of your windows remote desktop.
To disconnect from vpn simply type vpnc-disconnect in the terminal as root.

You may also want to have a look at vpntool the new GUI for vpnc hosted by Google code although its only available for Debian and Mac platforms.