Skip to main content

How to use vpnc with a cisco vpn server

Build vpnc with Hybrid support need by the cisco vpn.

sudo apt-get build-dep vpnc

sudo apt-get install libssl-dev

mkdir -p ~/tmp/vpnc

cd ~/tmp/vpnc

apt-get source vpnc

cd vpnc-0.5.3r449

# Edit the file Makefile and uncomment line
#OPENSSL_GPL_VIOLATION=yes

dpkg-buildpackage

# Remove existing vpnc
sudo apt-get remove vpnc
sudo dpkg -i ../vpnc_0.5.3r449-2_i386.deb
Verify the hybrid mode by executing
vpnc --version| grep -i auth
Supported Auth-Methods: psk psk+xauth hybrid(rsa)
Extract/Convert Root Cert and Profiles

Download MacOS Cisco VPN client your_company_cisco_client.dmg

Mount HFS Archive to copy the files needed

sudo mkdir /tmp/cisco
sudo mount -t hfsplus your_company_cisco_client.dmg /tmp/cisco -o loop
cd /tmp/cisco
cp -r Profiles/ rootcert
cd
sudo umount /tmp/cisco
sudo rmdir /tmp/cisco

Use pcf2vpn to convert files.

mkdir ~/vpnc

$ for file in Profiles/*.pcf; \
do basename=`basename "$file"`; \
/usr/share/vpnc/pcf2vpnc Profiles/"$basename" ~/vpnc/"${basename%pcf}vpnc"; \
done

use openssl to convert your root cert to PEM format
openssl x509 -inform DER <> root_certificate.pem
to connect to bayarea (for example)
sudo vpnc --ca-file root_certificate.pem vpnc/bayarea.vpnc

Example vpnc file:

## generated by pcf2vpnc
# CA-File /etc/vpnc/root_certificate.pem
IPSec ID GeneralHybrid
IPSec gateway vpn.company.com
IPSec secret XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

IKE Authmode hybrid
IKE DH Group dh2

## To add your username and password,
## use the following lines:
# Xauth username
# Xauth password

Post a Comment

Popular posts from this blog

Ubuntu GNOME 17.04 running with HiDPI and touch screen support

Ubuntu GNOME 17.04 running with HiDPI and touch screen support








See my previous post on how to install Ubuntu on Yoga Pro 2 for Ubuntu GNOME 16.10.

I think Ubuntu GNOME is the best flavor of Ubuntu if you are running in HiDPI mode 3200x1800. All screen captured images are at HiDPI resolution.
Touch support Ubuntu gnome support for touch screen is pretty good on the desktop shell.
Chrome browser supports touch screen very well and much better than Firefox without any plug-ins.
The windows key on the screen panel works as the windows key on the keyboard.
Screen rotation is supported on the new gnome and disables the keyboard when the yoga is used as a tablet, side lock rotation button works to lock the screen in a certain rotation.



 What works Almost everything works great out of the box, there isn't many changes you need to do.
UbuntuGnome ships with gnome 3.24 and will boot with full resolution HiDPI and touch screen support enabled
Screen HiDPI supportBrightness, resolution keys, o…

Ubuntu 17.10 review. Running with hidpi, touch screen and wayland support

Ubuntu GNOME 17.10

I think Ubuntu GNOME is the best flavor of Ubuntu if you are running in HiDPI mode 3200x1800 with a touchscreen. All screen captured images are at HiDPI resolution.

Since I prefer the standard gnome-session experience, I installed the "gnome-session" package and rebooted the system. And on the cog icon next to the sign in button, select the "GNOME" instead of ''Ubuntu" option before clicking the sign in button.

sudo apt install gnome-session

Touchpad
I increased the speed, enabled "tap to click", "two finger scrooling". and on gnome-tweak enabled click method to "fingers".
Touch support Ubuntu gnome support for touchscreen is pretty good on the desktop.
Chromium browser supports touch screen very well and much better than Firefox without any plug-ins.
In my Yoga pro 2, the windows key on the screen panel works as the windows key on the keyboard.
Screen rotation is supported on the new gnome and disables …

Using a socks proxy

#ssh to a machine on the network you need access and start # a local socks server ssh -D 9999 httpserver.blah.com
# setweb browser proxy to proxy: localhost:9999
# To use other apps with socks install sudo apt-get install tsocks
# Change config file to (remove everything else) /etc/tsocks.conf server = 127.0.0.1 server_port = 9999
# ssh to a machine tsocks ssh -X httpserver.blah.com
# eclipse to a machine tsocks eclipse
reference: using tsocks for tunneling cmds lines and everything else http://www.plenz.com/tunnel-everything