(Thanks to
Alexander Griesser's useful guide and his work[1][2])
After several hours try, finally I got it work this way.
1.Download cisco VPN client and its patch : suitable for 2.6.24 kernel. client:
http://www.longren.org/files/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gzpatch:
http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff Upon building, I am using:
iveney@iveney-laptop:~$ uname -a
Linux iveney-laptop 2.6.24-19-generic #1 SMP Wed Jun 18 14:43:41 UTC 2008 i686 GNU/Linux
There's another available client:vpnc
It is a user developed cisco vpn client, however, I have not tried it, because I think the official one should work better.
2.Unpack and build the client(Suppose the diff file is in the SAME folder as the gzipped file) $ tar xzvf vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
$ cd vpnclient
$ patch < ../vpnclient-linux-2.6.24-final.diff
If patched correctly, you may now proceed.
$ sudo ./vpn_install
# some options here, remember to INSTALL your ``linux kernel header''(src file for development) before!!!
3. Set up the user profileGo to CSE homepage and
download the package. Unzip and note there are two important files:
vpn2.pcf and cert.p12 4. Copy the user profile 'vpn2.pcf' to /etc/opt/cisco-vpnclient/Profiles and change its mode if neccesary.
5. Import the certificate into vpnclient's certificate repository[3].$ cisco_cert_mgr -U -op import -f /path/to/your/cert.p12
the password should be input accroding to your identity in the department ( csepg if you are a PG )
you may enter a password to protect the certificate in this step.
Use
$ cisco_cert_mgr -U -op list
to see if it is correctly imported.
iveney@iveney-laptop:/etc/opt/cisco-vpnclient/Profiles$ cisco_cert_mgr -U -op list
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.24-19-generic #1 SMP Wed Jun 18 14:43:41 UTC 2008 i686
Cert # Common Name
------- ------------
0 csecert-pg
6. start the ipsec service and connect$ sudo /etc/init.d/vpnclient_init start
$ sudo vpnclient connect vpn2 # this parameter should match the one put in the Profiles dir, i.e. vpn2.pcf
and then enter your CSE account.
The log should look like this:
iveney@iveney-laptop:~$ sudo vpnclient connect vpn2
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.24-19-generic #1 SMP Wed Jun 18 14:43:41 UTC 2008 i686
Config file directory: /etc/opt/cisco-vpnclient
Enter Certificate password:
Initializing the VPN connection.
Contacting the gateway at 137.189.90.166
User Authentication for vpn2...
Enter Username and Password.
Username [yourname]:
Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.
Welcome to CSE VPN 2 (vpn2.cse.cuhk.edu.hk)!
Do you wish to continue? (y/n): y
Your VPN connection is secure.
VPN tunnel information.
Client address: 192.168.232.4
Server address: 137.189.90.166
Encryption: 168-bit 3-DES
Authentication: HMAC-MD5
IP Compression: LZS
NAT passthrough is active on port UDP 10000
Local LAN Access is disabled
Ref:[1]
http://www.longren.org/2007/05/17/how-to-cisco-vpn-client-on-ubuntu-704-feisty-fawn/#projectpage [2]
http://projects.tuxx-home.at/?id=cisco_vpn_client[3]
http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/nonwin35/user_gd/certs.htm