Configuring The Cisco VPN Client For GNU/Linux

<hr>
Rutgers Main | OIT Main | NBCS Main | RU VPN Information Main | Microsoft VPN Information | Cisco VPN Information

Introduction:

VPN, or virtual private networking, is used to virtually extend the Rutgers network so that users of outside ISPs can use Rutgers specific services. The VPN is available to anyone with an RCI or Eden account.

This document goes through the installation and configuration of the Cisco VPN Client for GNU/Linux. Because of the nature of GNU/Linux the Document assumes some working knowledge of GNU/Linux or Unix. These instructions have been tested with Red Hat Linux 8.0, but should work with most distributions of GNU/Linux. This document also assumes the the Cisco VPN Client has not been installed previously on the machine. For instructions on how to upgrade to a newer version of the Cisco VPN Client, please consult the documentation for the client itself.

System Requirements:

  • Linux 2.2 or 2.4 kernel with module and network support
  • A network connection
  • An Eden or RCI account
  • A working compiler
  • Root access
  • A copy of your current kernel's source code
Before you begin:

Before you get too far there are a few things you need to do to prepare your machine for installing the VPN client.

  1. First you need to download the source code for the VPN client and save it to a directory on your machine. The source code can be obtained by clicking here and entering your Rutgers University NetID (username) and password. Remember where you save this file because you will need it later on.
  2. The second thing that you may need is the source code for the kernel that your machine is using. Depending on your system the source code may already be available on the machine. The source code can usually be found in /usr/src/linux. If your machine does not have a /usr/src/linux directory then you probably will need to download and install the kernel source. Information on how to do this can usually be found by going to your distributions website.
Installation:

  1. First open up a terminal widow and log into the GNU/Linux machine as the root user (super user). This can be done by using the su command, and providing the root users password.
  2. Next verify that the directory /etc/rc.d/init.d exists. The installation creates a start-up script in this directory. It will not complain if the directory does not exist, it will just fail to create the script. Later you will later find you want the script to easily install the modules. If the directory does not exist, it can be created by using the following command:
    mkdir /etc/rc.d/init.d
  3. Now Copy the source code for the Cisco VPN Client that was downloaded to a place where it can easily located. This document we will use the directory /usr/src, but the file can be moved to anyplace on the system.
  4. The Cisco VPN Client software comes packaged as a tar archive (also know as a tarball), and compressed using the gzip utility. To unpackage the archive use the following command:
    tar -vxzf linux-vpn-xxx.tar.gz (Where xxx is the version of the Cisco VPN Client
  5. The software should now be extracted into the /usr/src/linux-vpn-xxx directory. The next step is to compile and install the client onto the system. This can be done by running vpn_install script located in this directory. The following commands will do this:
    cd /usr/src/linux-vpn-xxx
    ./vpn_install
  6. For the questions that are displayed on the screen please select the defaults.
    (NOTE: If you are not using Red Hat Linux, some of the install script may complain about some of these options. In that case users may have to do some investigating as to where certain files are and supply those values when prompted by the install script.)
    Parts of the Cisco VPN client will be installed in the following directories:
    Configuration Files: /etc/CiscoSystemsVPNClient
    Binaries: /usr/local/bin/
    Modules: /lib/modules/kernelversion/CiscoVPN
  7. Now reboot the system.
Configuration:

  1. Once the system has rebooted please open a terminal window and log in as the root user.
  2. Prior to starting to configure the VPN Client first verify that the cisco_ipsec module was loaded properly and automatically. This can be done by issuing the command:
    lsmod
    If the cisco_ipsec module is listed please go to step 5. If the nodule is not listed when issuing this command continue to step3.

  3. If the cisco_ipsec module listed, a small adjustment to the script that loads the module will need to be made. This change can be done by using emacs (or any text editor), edit the file /etc/rc.d/init.d/vpnclient_init and removing the line ". /etc/rc.d/init.d/functions" from the file /etc/rc.d/init.d/vpnclient_init. To use emacs to do this, issue the command:
    emacs /etc/rc.d/init.d/vpnclient_init
  4. Now load the module by hand using the command:
    /etc/rc.d/init.d/vpnclient_init start
  5. Now create a file in /etc/CiscoSystemsVPNClient/Profiles called rutgers.pcf. To use the emacs text editor to do this issue the command:
    emacs /etc/CiscoSystemsVPNClient/Profiles/rutgers.pcf
  6. Now cut and paste the following into this file:
    [main]
    Description=Rutgers
    Host=ecomplex-vpn.rutgers.edu
    AuthType=1
    GroupName=rutgers-ipsec
Connecting:

  1. Before attempting to connect to the Rutgers VPN please make sure that any firewall software that may be running is turned off.
  2. To connect to the Rugers VPN enter the command:
    vpnclient connect rutgers
    When prompted for a group password, please enter rutgers in all lowercase letters and press enter.
  3. Next enter in your Rutgers University NetID (ie: username) and the password you use. If no errors are displayed on the screen then a connection to the vpn has been established. Be sure to say YES when it asks if you would like to connect.
  4. To disconnect from the Rutgers VPN enter the command:
    vpnclient disconnect rutgers


    <hr>

    Rutgers Logo