Using vpnc and Gnome Shell to connect to Cisco VPN

Most of this stuff is easily available on the web and easy to do. But just for fun here it is anyway. Fedora Core 16 (x86_64), Gnome 3 Shell, Cisco IPSEC VPN.



  • Get the required software.
                  sudo yum install vpnc NetworkManager-vpnc
  • Get the .pcf file from your entity that is providing the VPN service.
  • Get the pcf2vpnc perl script from here for example.
  • Run the pcf2vpnc perl script against your .pcf file and put the result into /etc/vpnc/default.conf.
  • Invoke vpnc - for me it's /usr/sbin/vpnc. And vpnc-disconnect does the expected.
  • To integrate this into the Gnome Shell
    • Go to Network Manager from top panel.
    • Very Important - on a new setup until I added an entry via nm-connection-editor there was NO VPN section on top panel Network Manager! Run nm-connection-editor if no VPN entries are showing up in your NM panel.
    • In the VPN section create a menu entry and make sure it's of type "Cisco Compatible VPN (vpnc)" from the offered choices.
    • The fields (in the VPN tab) that need to be filled in come from /etc/vpnc/default.conf
      • Gateway = IPSEC gateway in  /etc/vpnc/default.conf
      • User name = Xauth username in /etc/vpnc/default.conf
      • User password = blank for me - new one required each time
      • Group name = IPSec ID in /etc/vpnc/default.conf
      • Group password = IPSec secret in /etc/vpnc/default.conf
  • Now to connect to the vpn you can click on the desired entry under the Network icon in the Gnome Shell.  And you can click on it again to take the tunnel down.

Comments

Unknown said…
Thank you,

this worked for me the first time on Fedora 20 / gnome.

I didn't need anything other than the perl script
the vpnc and network manager were already installed in my default desktop
February 26, 2014 at 7:19 AM
Post a Comment

Popular posts from this blog

Hit failing alternator with a hammer to confirm diagnosis of failing alternator due to bad brushes

Hitting something with a hammer often feels good but does nothing useful. Here's one case where it actually helps. On my 2004 Ford Explorer the alternator light came on. I brought it to the auto parts store and they put a volt meter on it. The alternator needs to put out a voltage that is higher than the battery's full charged voltage in order to properly function - somewhere in the 14 volt range. Mine came in low - probably below 13.5 volts. So the guy at the auto parts store took a rubber mallet to the alternator and just briefly, for a period of 10 seconds or maybe less the voltage jumped up into the normal range before falling back to where it was before. This confirmed the diagnosis of a bad alternator in general and worn brushes in particular. The brushes are spring loaded, are located in the are a wearable item and must make contact with the fixed part of the alternator. Tapping the alternator with the hammer temporarily changes spatial relationships between the brushes
Read more

alternatives --install gets stuck: failed to read link: No such file or directory

Alternatives utility gets stuck doing install. Fedora 17 x86_64. Removing the /var/lib/alternatives/javaws file resolved the issue (for me). # alternatives --install /usr/bin/javaws javaws /usr/java/jdk1.7.0_07/jre/bin/javaws  20000 failed to read link /usr/bin/javaws: No such file or directory # ls /usr/bin/javaws ls: cannot access /usr/bin/javaws: No such file or directory # ls -al /var/lib/alternatives/javaws -rw-r--r--. 1 root root 105 Sep 22 11:39 /var/lib/alternatives/javaws # rm /var/lib/alternatives/javaws rm /var/lib/alternatives/javaws rm: remove regular file `/var/lib/alternatives/javaws'? y # alternatives --install /usr/bin/javaws javaws /usr/java/jdk1.7.0_07/jre/bin/javaws  20000 # which javaws /bin/javaws # ls /usr/bin/javaws /usr/bin/javaws # ls -al /var/lib/alternatives/javaws -rw-r--r--. 1 root root 65 Sep 22 11:50 /var/lib/alternatives/javaws # cat /var/lib/alternatives/javaws auto /usr/bin/javaws /usr/java/jdk1.7.0_07/jre/bin/
Read more

Using SSH, SOCKS, tsocks, and proxy settings to create a simultaneous "dual use" work/home computer

The Problem: Allow one linux workstation to be simultaneously used for both work and non-work purposes so that work and non-work traffic are segregated. The Requirements: I would like to be able to use the following applications in the corporate environment VNC Web (typically Google Chrome but potentially other browsers as well) Email - IMAP, SMTP, LDAP using Thunderbird IM - pidgin As already mentioned here the corporate network has an SSH server that you authenticate and connect to and from there you can reach the other corporate network resources. I would like non-work related traffic to bypass the corporate network - this is mostly web traffic but might also include things like Spotify, yum updates, and other assorted tasks. Finally it would be nice (but not essential) to wrap all this up in a handy GUI operation or series of operations. The Environment:  Fedora Core 16 (x86_64) and Gnome 3. The Solution:  Use SSH, SOCKS, tsocks
Read more