Well it was for me, hopefully this will help it not be so for you.
Thanks - this is the accumulation of much distilled knowledge - these are the forums/blogs that have helped me and I have to pass on my thanks to them - they know a lot more than me about this so if you have any problems you can comment here and I'll see if I can help but these are worth a look for more information (that being said you probably found them before this)
Note 1 : First this is what I have 'solved':
Installing and running vpnc on an asus eee 900 running ubuntu Intrepid Ibex (with a madwifi wireless wrapper). With vpnc the final hurdle was getting it to access the UCL roamNet.
Note2 : Ibex network manager does come with vpn compatibility installed - this doesn't work if your vpn needs certificate files to work. The pcf file given to you by your uni/ work etc will have the following lines in it if some form of cert is used:
Note 3 : as of yet I haven't got the network-manager-vpnc client to work with this (will give it another go soon and post a how-to if i succeed)
so to work:
1. Download the vpnc source files by typing in a terminal:
sudo apt-get source vpnc
This will download and unpack the vpnc source files in your current directory - I recommend you use your home dir.
2. Install openssl and openssl-dev - at the moment these are available from the synaptic package manager (or similar) search for them and they should be available (certainly in ubuntu) install them and then open up a terminal
3. Get all the other dependencies needed by vpnc, type:
sudo apt-get build-dep vpnc
in the folder that the step 1 created (called something like vpnc-0.5xxxxx)
4. Stop synaptic and update manager killing your custom version of vpnc
sudo vim control
Use which ever text editor you want but you need to change the version number - I recommened just putting a '-1' after the last digit.
5. Edit Makefile to allow use of ssl
sudo vim Makefile
you need to uncomment the two lines that read
OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
OPENSSLLIBS = -lcrypto
you do this by removing the leading '#' characters. These two lines are the key to using certificates - due to licensing issues they can't package binaries of vpnc with openssl support but you can build them with it
6. Build still in the vpnc-05xxxx folder type the following:
This will create several move files and hopefully not display any errors. Once its built you may want to hide this folder and the 4 files that will now be cluttering up your home dir - you can do this by putting a '.' at the start of their file name. These are the files:
- The folder vpnc-0.5xxxxxx
- vpnc_0.5xxxxx.tar.gz -This is the original source package
- vpnc_0.5xxxxx.diff.gz -this is the latest patch
- vpnc_0.5xxxxx.deb - the debian package
- vpnc_0.5xxxx.changes - I think this is the update as to what you've done
7. Install your custom package, still in the vpnc folder type:
dpkg -i vpnc
This step actually installs the packaged (if you now go to synaptic package manager and search for vpnc you should see that its checked with a little star in the box and the version number is the one you set it to)
Thats the installation over - now the configuration (deep joy)
This part is relativly painless...
8. Download this very helpful script to the same file as the .pcf that you will have been given by your uni or work (right click and select save link as and call it pcf2vpnc.pl)
9. now make it executable
chmod u+x pcf2vpnc.pl
10. now execute it thus (still in the folder containing it and your .pcf):
./pcf2vpnc < the pcf > < the name you want to output>
The profile name should be something simple and easy to remember as you'll have to type it in every time you use the vpn - if you want use default as the output name and it will load when ever you use vpnc
The odds are that this stage will complain about not being able to crypt/ decrypt some passwords - don't worry
11. now move your config file to the vpnc folder
sudo mv default /etc/vpnc/default.conf
This should move it to where vpnc can access it
12. to run vpnc just type
if you do that at this stage most likely you'll get an error message so read on to check you've got a properly configured file
you should now want to have a default.conf file that looks something like this:
IPSec ID < foo>
IPSec obfuscated secret <234feab34b45b3446.........................>
IPSec gateway < 184.108.40.206>
Xauth username < username>
Xauth password < password>
IKE Authmode hybrid
CA-File < /etc/vpnc/rootcert.pem>
< NAT Traversal Mode cisco-udp>
if not then some things need to be changed (the bits in <> are custom to you).
First the ID should be what ever your is next to the 'group name' in the pcf file that you were given.
The obfuscated secret may just be called secret - in which case go here http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode?enc=&.submit=decode! and copy the secret into the box and you should get a long string of hexedecimal code (numbers and the letters a-f) this can be put back into your conf file and 'secret' changed to 'obfuscated secret'
The gateway can be found next to 'host' in the pcf - this is the IP to connect via
The username/password bit is optional - if you want get rid of them, you will be asked to supply them every time you run vpnc - I keep just the username as un-ecrypted passwords aren't a good idea.
The 'ca-file' is the location of the certificate that you were given - this is best put in /etc/vpnc along with the conf file for ease of location and change
the Nat traversal bit is if you see the error ' vpnc: no response from target' - I can't guarentee it will work but it did for me
****There may be other things that are included depending on your pcf file****