(Thanks to Alexander Griesser's useful guide and his work[1][2])
After several hours try, finally I got it work this way.
1.Download cisco VPN client and its patch : suitable for 2.6.24 kernel.
client:http://www.longren.org/files/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
patch:http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff
Upon building, I am using:
It is a user developed cisco vpn client, however, I have not tried it, because I think the official one should work better.
2.Unpack and build the client(Suppose the diff file is in the SAME folder as the gzipped file)
$ tar xzvf vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
$ cd vpnclient
$ patch < ../vpnclient-linux-2.6.24-final.diff
If patched correctly, you may now proceed.
$ sudo ./vpn_install
# some options here, remember to INSTALL your ``linux kernel header''(src file for development) before!!!
3. Set up the user profile
Go to CSE homepage and download the package. Unzip and note there are two important files:
vpn2.pcf and cert.p12
4. Copy the user profile 'vpn2.pcf' to /etc/opt/cisco-vpnclient/Profiles
and change its mode if neccesary.
5. Import the certificate into vpnclient's certificate repository[3].
$ cisco_cert_mgr -U -op import -f /path/to/your/cert.p12
the password should be input accroding to your identity in the department ( csepg if you are a PG )
you may enter a password to protect the certificate in this step.
Use
$ cisco_cert_mgr -U -op list
to see if it is correctly imported.
6. start the ipsec service and connect
$ sudo /etc/init.d/vpnclient_init start
$ sudo vpnclient connect vpn2 # this parameter should match the one put in the Profiles dir, i.e. vpn2.pcf
and then enter your CSE account.
The log should look like this:
Ref:
[1]http://www.longren.org/2007/05/17/how-to-cisco-vpn-client-on-ubuntu-704-feisty-fawn/#projectpage
[2]http://projects.tuxx-home.at/?id=cisco_vpn_client
[3]http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/nonwin35/user_gd/certs.htm
After several hours try, finally I got it work this way.
1.Download cisco VPN client and its patch : suitable for 2.6.24 kernel.
client:http://www.longren.org/files/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
patch:http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff
Upon building, I am using:
iveney@iveney-laptop:~$ uname -aThere's another available client:vpnc
Linux iveney-laptop 2.6.24-19-generic #1 SMP Wed Jun 18 14:43:41 UTC 2008 i686 GNU/Linux
It is a user developed cisco vpn client, however, I have not tried it, because I think the official one should work better.
2.Unpack and build the client(Suppose the diff file is in the SAME folder as the gzipped file)
$ tar xzvf vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
$ cd vpnclient
$ patch < ../vpnclient-linux-2.6.24-final.diff
If patched correctly, you may now proceed.
$ sudo ./vpn_install
# some options here, remember to INSTALL your ``linux kernel header''(src file for development) before!!!
3. Set up the user profile
Go to CSE homepage and download the package. Unzip and note there are two important files:
vpn2.pcf and cert.p12
4. Copy the user profile 'vpn2.pcf' to /etc/opt/cisco-vpnclient/Profiles
and change its mode if neccesary.
5. Import the certificate into vpnclient's certificate repository[3].
$ cisco_cert_mgr -U -op import -f /path/to/your/cert.p12
the password should be input accroding to your identity in the department ( csepg if you are a PG )
you may enter a password to protect the certificate in this step.
Use
$ cisco_cert_mgr -U -op list
to see if it is correctly imported.
iveney@iveney-laptop:/etc/opt/cisco-vpnclient/Profiles$ cisco_cert_mgr -U -op list
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.24-19-generic #1 SMP Wed Jun 18 14:43:41 UTC 2008 i686
Cert # Common Name
------- ------------
0 csecert-pg
6. start the ipsec service and connect
$ sudo /etc/init.d/vpnclient_init start
$ sudo vpnclient connect vpn2 # this parameter should match the one put in the Profiles dir, i.e. vpn2.pcf
and then enter your CSE account.
The log should look like this:
iveney@iveney-laptop:~$ sudo vpnclient connect vpn2
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.24-19-generic #1 SMP Wed Jun 18 14:43:41 UTC 2008 i686
Config file directory: /etc/opt/cisco-vpnclient
Enter Certificate password:
Initializing the VPN connection.
Contacting the gateway at 137.189.90.166
User Authentication for vpn2...
Enter Username and Password.
Username [yourname]:
Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.
Welcome to CSE VPN 2 (vpn2.cse.cuhk.edu.hk)!
Do you wish to continue? (y/n): y
Your VPN connection is secure.
VPN tunnel information.
Client address: 192.168.232.4
Server address: 137.189.90.166
Encryption: 168-bit 3-DES
Authentication: HMAC-MD5
IP Compression: LZS
NAT passthrough is active on port UDP 10000
Local LAN Access is disabled
Ref:
[1]http://www.longren.org/2007/05/17/how-to-cisco-vpn-client-on-ubuntu-704-feisty-fawn/#projectpage
[2]http://projects.tuxx-home.at/?id=cisco_vpn_client
[3]http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/nonwin35/user_gd/certs.htm
No comments:
Post a Comment