How to use vpnc with a cisco vpn server

Build vpnc with Hybrid support need by the cisco vpn.

sudo apt-get build-dep vpnc

sudo apt-get install libssl-dev

mkdir -p ~/tmp/vpnc

cd ~/tmp/vpnc

apt-get source vpnc

cd vpnc-0.5.3r449

# Edit the file Makefile and uncomment line


# Remove existing vpnc
sudo apt-get remove vpnc
sudo dpkg -i ../vpnc_0.5.3r449-2_i386.deb
Verify the hybrid mode by executing
vpnc --version| grep -i auth
Supported Auth-Methods: psk psk+xauth hybrid(rsa)
Extract/Convert Root Cert and Profiles

Download MacOS Cisco VPN client your_company_cisco_client.dmg

Mount HFS Archive to copy the files needed

sudo mkdir /tmp/cisco
sudo mount -t hfsplus your_company_cisco_client.dmg /tmp/cisco -o loop
cd /tmp/cisco
cp -r Profiles/ rootcert
sudo umount /tmp/cisco
sudo rmdir /tmp/cisco

Use pcf2vpn to convert files.

mkdir ~/vpnc

$ for file in Profiles/*.pcf; \
do basename=`basename "$file"`; \
/usr/share/vpnc/pcf2vpnc Profiles/"$basename" ~/vpnc/"${basename%pcf}vpnc"; \

use openssl to convert your root cert to PEM format
openssl x509 -inform DER <> root_certificate.pem
to connect to bayarea (for example)
sudo vpnc --ca-file root_certificate.pem vpnc/bayarea.vpnc

Example vpnc file:

## generated by pcf2vpnc
# CA-File /etc/vpnc/root_certificate.pem
IPSec ID GeneralHybrid
IPSec gateway

IKE Authmode hybrid
IKE DH Group dh2

## To add your username and password,
## use the following lines:
# Xauth username
# Xauth password