Using the Cisco VPN Client with Ubuntu Linux 7.04 at the University of Karlsruhe

Install the Software

To install the software you need to get the latest archive from the university's repository: http://www.rz.uni-karlsruhe.de/rd/vpn.php. There are basically three important files linked.

• The package itself, something like vpnclient-linux-4.8.00.0490-k9.tar.gz
• The DFN root certificate
• The access profile

Starting from kernel version 2.6.19 internal constants changed like the CHECKSUM_HW value that was replaced by CHECKSUM_PARTIAL and CHECKSUM_COMPLETE. Further more all <linux/config.h> includes must be replaced by <linux/autoconf.h>. All necessary changes that need to be applied are in a patch provided by Alexander Griesser.

1. Untar the archive

   $ tar xvzf vpnclient-linux-4.8.00.0490-k9.tar.gz

2. Download the patch:

   $ wget -q http://tuxx-home.at/projects/cisco-vpnclient/vpnclient-linux-2.6.19+-rev1.diff

3. Change to the vpnclient directory:

   cd vpnclient

4. Apply the patch:

   $ patch <../vpnclient-linux-2.6.19+-rev1.diff
   patching file IPSecDrvOS_linux.c
   patching file frag.c
   patching file interceptor.c
   patching file linuxcniapi.c
   

5. Now start the install procedure:

   $ sudo ./vpn_install

Setup the Client

Now you have to copy the profile into the Cisco's Profiles directory and import the DFN certificate:

$ sudo cp vpn-v1.pcf /etc/CiscoSystemsVPNClient/Profiles/
$ sudo cisco_cert_mgr -R -op import
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-15-generic #2 SMP Sun Apr 15 07:36:31 UTC 2007 i686

[ Importing Certificate ]

	Enter filename: dfnpca-02.der
	Success: certificate imported from path: /home/martin/dfnpca-02.der

Once all this worked without causing problems one should be able to start the client by simply issuing the following commands:

$ sudo /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: Done
$ sudo vpnclient connect vpn-v1
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-15-generic #2 SMP Sun Apr 15 07:36:31 UTC 2007 i686
Config file directory: /etc/opt/cisco-vpnclient

Initializing the VPN connection.
Contacting the gateway at 193.197.62.6
Contacting the gateway at 193.197.62.1 (balancing)
User Authentication for vpn-v1...

Enter Username and Password.

Username [uxxx]: 
Password []: 
Authenticating user.
Negotiating security policies.
Securing communication channel.

Your VPN connection is secure.

VPN tunnel information.
Client address: 141.3.161.49
Server address: 193.197.62.1
Encryption: 168-bit 3-DES
Authentication: HMAC-MD5
IP Compression: None
NAT passthrough is active on port UDP 4500
Local LAN Access is enabled