Cisco has this VPN client that a fair number of workplaces use for secure wireless access. It has a Windows, MacOS and Linux client. The problem is the Linux client doesn't actually ever work in my experience. The problem is manyfold depending on where you get it. I've had to use it at NYU as another wireless access means. NYU offers an old version that only works on old kernels. So that's a problem. The fact that it even works as a kernel module that has to be recompiled with every new kernel also is lame. As I say it, I wonder if DKMS solves that problem. The next problem is that its hard to find. It's one of those encryption tools that's considered weaponry by some terrorism law, so it's not made easily downloaded, and it's probably illegal to distribute. Of the Universities that offer it, every one has their version only available to its students. Googling can solve that problem though.
In any case, here's how to get it running on Linux
- First make sure and get the latest version. That way you can be sure that it works with a recent kernel.
- Get the kernel headers for the kernel that you're using. It should be installed automatically on ubuntu at least, but it may not be as is the case with the array.org kernel in use on my eeepc. On ubuntu you can try
apt-cache search linux-headers-`uname -r` -n
and then select a package name and install it with
sudo apt-get install kernel-headers-package-name
- Get the vpn client patch from Alexander Griesser's site. He maintains an unofficial set of patches for the different client versions. Without his work, it would be useless, since I've never actually seen it work anywhere without it.
wget -q http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff
- Extract the vpn client. Let's call it vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
tar xvzf vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
- Move the patch into the vpnclient folder and patch the client
cd vpnclient && mv ../vpnclient-linux-2.6.24-final.diff . && patch < vpnclient-linux-2.6.24-final.diff
- Run the install. There will be prompts. The default options should suffice.
- Run the client with
sudo /etc/init.d/vpn_client start
- Now the actual VPN settings are kept in /etc/opt/cisco-vpnclient/Profiles with a different text file corresponding to a different VPN, each with a .pcf file extension. You can copy the sample one and edit it to make changes.
cd /etc/opt/cisco-vpnclient/Profiles && cp sample.pcf myvpn.pcf
- In the case of NYU there are settings detailed on the official page that can be retrofitted to apply to the Linux version. Someone has already done that though. Here's a copy of the settings that one has to put in their profile. I think the UserPassword field can be filled in so you don't have to put it in yourself everytime you connect, but I wouldn't risk having your password in cleartext like that. The username should have your NetID not the word netid
- Once you've made a profile just run this command to connect. myvpn would be replaced by the name of the profile file you just made sans the .pcf extension
vpnclient connect myvpn