Ubuntu how to setup a vpn connection, tsocks, corporate wifi with openconnect and openvpn or socks

These are just notes.

Cisco vpn setup with CSD support [corporate setup]


# install
sudo apt-get install openconnect network-manager-openconnect-gnome gconf2 lib32z1 lib32ncurses5 libpangox-1.0-0

#restart network-manager or reboot the laptop


Create ~/.cisco folder

mkdir ~/.cisco 

Download the csd-wrapper-sh from github

https://gist.github.com/l0ki000/56845c00fd2a0e76d688#file-csd-wrapper-sh

copy the csd-wrapper.sh to that folder

Edit the file and set the CSD_HOSTNAME

CSD_HOSTNAME=vpn-1-gci.yourcompany.com

Run the script to download the resources, one time, and make sure the resources are downloaded.

bash ~/.cisco/csd-wrapper.sh

On gnome shell, settings->network add a vpn connection


Command line with CSD support:

# open a connection with csd support, use --background to run as daemon
sudo openconnect --user=lafa --csd-user=lafa --csd-wrapper=/home/lafa/.cisco/csd-wrapper.sh --background --pid-file=${HOME}/vpn.pid vpn-1-gci.yourcompany.com:443/GeneralHybrid

Without CSD support

# select dynamic updates
sudo dpkg-reconfigure resolvconf

Gnome network manager GUI configuration

[This is not needed for Ubuntu 15.04 and 16.10]. The default routing rules are missing in ubuntu openconnect 15.10/16.04. After the network manager establishes the connection, the work around is to add a default route as specified below after the connection is established. Start a console and type the command below with the correct arguments.

sudo route add default netmask 255.255.255.0 gw 10.87.154.223 dev vpn0

run ifconfig to figure out the vpn device name, the gateway ip of the vpn device normally tun0 or vpn0.

Execute the command above and the default route should make the openconnect vpn work.

Command line without network manager

# open a connection, use --background to run as daemon
sudo openconnect --user=USERID server/group/

# open a connection with csd support, use --background to run as daemon
sudo openconnect --user=lafa --csd-user=lafa --csd-wrapper=/home/lafa/.cisco/csd-wrapper.sh --background --pid-file=${HOME}/vpn.pid vpn-1-gci.yourcompany.com:443/GeneralHybrid


# to stop the connection you can ctrl-c the terminal running openconnect or

sudo killall openconnect*

Setup openvpn using ibvpn.com provider and openvpn

sudo apt-get install openvpn easy-rsa network-manager-openvpn-gnome

goto http://www.ibvpn.com

setup a free account

extract openvpn.tgz where you want

On UbuntuGnome goto settings->network->add
select vpn->Import from file

Select ibVPN-US-Dallas.ovpn


Type your email
Get the password from the ibvpn website, this is not you ibvpn account password.




Select Add.
And try it out.

Using  a socks proxy instead of VPN


# run a local socks server
ssh -D 9999 proxy.server

# setweb browser proxy or gnome network proxy in gnome network settings.
proxy: localhost:9999

# To use other apps with socks install
sudo apt-get install tsocks

# Change config file to (remove everything else)
/etc/tsocks.conf
server = 127.0.0.1
server_port = 9999

# ssh to a machine
tsocks ssh -X bla.corp.com

# eclipse to a machine
tsocks eclipse

Using Cisco client


sudo apt-get update
sudo apt-get install lib32z1 lib32ncurses5 network-manager-openconnect libpangox-1.0-0
cd ~/Downloads
tar -xzvf anyconnect-predeploy-linux-64-4.3.05017-k9.tar\ 6.59.23\ AM.gz
sudo vpn_install.sh
sudo apt-get install network-manager-openconnect
sudo systemctl daemon-reload

# check if the process is running
ps auxw | grep vpnagentd | grep -v grep

# add alias to bash
cat >> ~/.bash_aliases
alias vpn='/opt/cisco/anyconnect/bin/vpn'
alias vpnui='/opt/cisco/anyconnect/bin/vpnui'
^D

# Fix certificates to use ubuntu certs
cd /opt/.cisco/certificates
sudo mv ca ca.orig
sudo ln -sf /etc/ssl/certs/ ca
sudo /etc/init.d/vpnagentd restart

Cisco download

https://software.cisco.com/download/home/286281283/type/282364313/release/4.6.01103

Reference: http://www.socsci.uci.edu/~jstern/uci_vpn_ubuntu/

Comments