Avoid Cisco - Linux VPNC

A lot of institutions such as universities around the world use the Cisco VPN Client to allow their people to get internet access. This is sometimes difficult with current Linux kernels and so a nicer and more open way to use such connections is the vpnc project ...

This HowTo is based on the information on this page by Marcel Holtmann (only in German). What you would need to make things happen is the vpnc-package of your system (e.g. Ubuntu: search for vpnc with synaptic) and you need the profile data of the Cisco VPN Client. That is normally a .pcf-file e.g. direct.pcf and should have come with your Cisco Installation. A normal .pcf for connecting to the WLAN of the University of Bielefeld looks like this:

[main]
Description=VPN-Verbindung zur Uni Bielefeld
Host=vpn-gate-1.uni-bielefeld.de
AuthType=1
GroupName=vpnuni
GroupPwd=
enc_GroupPwd=<encrypted-vpnuni-group-password>
EnableISPConnect=0
ISPConnectType=1
ISPConnect=
ISPCommand=
Username=
SaveUserPassword=0
UserPassword=
enc_UserPassword=
NTDomain=
EnableBackup=0
BackupServer=
EnableMSLogon=0
MSLogonType=0
EnableNat=0
TunnelingMode=0
TcpTunnelingPort=10000
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
SendCertChain=0
VerifyCertDN=
DHGroup=2
ForceKeepAlives=0
PeerTimeout=90
EnableLocalLAN=0
EnableSplitDNS=0

The complement of the .pcf-file for the Linux vpnc is a so called vpnc.conf which should be placed under /etc/vpnc.conf. An example of how such a file should look like can be found under /etc/vpnc/example.conf. A file to connect to the network of the University of Bielefeld looks like this:

IPSec gateway vpn-gate-1.uni-bielefeld.de
IPSec ID vpnuni
IPSec secret <vpnuni-group-password>
Xauth username <unibi-dialin-username>
Xauth password <unibi-dialin-password>

gateway and ID in the .conf-file are identical to Host and GroupName of the .pcf-file. Everything would be easy, if you could just copy the encrypted password as well (I think the newest version of vpnc CAN DO THAT, but I am not sure...) from enc_GroupPWD in the .pcf-file to IPSec secret in the .conf-file...
ormally you would need to ask the administrator, if she/he would be so kind to tell you the password BUT they normally don't do that. So if you are in such a situation (or you are just curious about the password) you can actually decrypt the password quite easily by pasting it into the text field of this page, hit the decrypt button and paste the result into your .conf-file.

When you have created this .conf-file you are almost done. You can connect the vpnc by using the command sudo vpnc or sudo vpnc-connect. All data that are not specified in your .conf-file will be asked. The vpnc will start in the background. To disconnect you simply type sudo vpnc-disconnect.
Author: Frederic Siepmann, published: 2007-05-10 13:30:14