VPN for linux, at UMD

Most linux distributions now have builtin support for VPN, via vpnc (CISCO compatible) or OpenVPN. You just need to know the vpn group passwords. What follows below here are more detailed notes and older instructions when VPN installations were still a bit harsh.
Here are some incomplete notes on campus VPN (the old amusing notes on VPN-5000 are here).

An alternative to the Cisco VPN software (described below) is VPNC, which is open source and claimed to be even faster. They are now available for most distributions, it worked fine on Ubuntu for me, and FC4 also has it in their standard packages. For FC3 this report came in from Nicholas Chapman:

  I got vpnc to work.  It required some divergence from the directions you
have linked on your webpage:
1) google for a vpnc rpm ( I couldn't find it with yum install on fc3).
2) after install, figure out where it put vpnc stuff by doing a find on /
	**  or use  "rpm -qpl the-file.rpm" 
	    or      "rpm -ql the-package"
3) move vpnc-script to proper location as demanded by sbin/vpnc
4) edit vpnc-script to put in absolute path for ifconfig and route commands
(both were in sbin).
5) make a profile using the one in your vpnc directions.
6) move vpnc-disconnect command to sbin

I have to run it as root, but it does work!

The starting link on the OIT website was: here, but until their information is up-to-date, look below for a working solution.


Status:  this is now working for me on FC4.
Version  28-jan-2006    (Peter Teuben, teuben@astro.umd.edu)

1) the tar file on OIT's webpage was vpnclient-linux-4.0.4.B-k9.tar.gz
   which in the end didn't work for me (kernel too new).

   I'm using FC4, which is running a 2.6.14 these days, for me.

   After some creative googling i found version 4.7 of the
   vpnclient software for linux.

   Make sure your linux has enough of a kernel source to be able
   to compile modules. For Fedora Core 4, this means the "kernel"
   rpm is not enough, you also need the "kernel-devel" rpm,
   which adds another 40 MB or so to your disk.... Or do this:
	yum install kernel-devel

   For a debian based distribution like Ubuntu you need to
   install the kernel-source package. Do this:
   (sorry, gotta look up the incantation here)

2) install it: (as root)

	tar zxf ...
	cd vpnclient
	./vpn_install		(i could use all default answers)

	    (but i had to comment out two lines of code in linuxcniapi.c
	     since my kernel didn't know about stamp....)

3) get the  rootcert.txt from that OIT webpage. 
   You'll need to be certified using your UMD ID to do this.
   Put this file in /etc/CiscoSystemsVPNClient/Certificates/

4) I needed to put two files
	UMD.pcf    and     UMD-Wireless.pcf
   into /etc/CiscoSystemsVPNClient/Profiles/

   I was lazy and used the ones from my Mac that i had used to store
   my username and password in!!!
   You can probably start from scratch by using the sample.pcf file
   in the source code and edit the following fields in the two

Description=Connection to UMD VPN

Description=Connection for Wireless and Mobile Computers

   hopefully the vpnclient command will ask for a username/password,
   but on the mac it was nice to store the encrypted version in the
   file, so on linux i now have automatic authentication!

5) start the service: (for now, normally it can be done at re/boot)

	/etc/rc.d/init.d/vpnclient_init start

   and pay attention there are no error messages. You can safely always
   start this service (it's just a module loaded in the kernel).
   TUrning VPN on and off is the next step.

6) Even if you are already connected, e.g. at home using cable modem or so,
   you can simple start a VPN connection (it will overload your normal
   connection) by doing:

	vpnclient connect UMD-Wireless

   or any profile you may have stored.   It hit ^C to abort it to fall back
   to the default connection.

   Warning: If you are running your machine in a local LAN, the VPN connection
   will take over your machine, you will not be able to connect to the
   LAN anymore.


Fedora Core 7 comes with OpenVPN. I found the following vpn related packages installed:
The NetworkManager Applet (useful to manage your network connections) has a VPN Connections menu option....
   name the connection
   X.509 vs. ....

See also: