One of the things I need to do with my home machine is occasionally connect to our VPN at work. In 6.06LTS this required downloading the Cisco VPN client, compile it, install it, and hope it will work in the next kernel update. On top of that, you had to run a script to create the VPN connection.
In 8.10 Intrepid Ibex this is much simpler, and much more elgant. First, you need to install the VPN Connection Manager (VPNC) package. When you do this through the Add/Remove Applications, it should install three packages:
- vpnc
- resolvconf
- network-manager-vpnc
The first two are essential, but the third one is the kicker in 8.10: it allows you to manage your VPN certificates, and choose which connections to make and break.
After you’ve installed these three packages, do the following:
- right-click on the Network Manager applet.
- Choose Edit connections
- Click the VPN tab
- You should have the options to Add a connection manually, or to Import a VPN certificate.
VPN connections in network manager applet
- Since our network admin provided me with a certificate, I chose Import, and selected the certificate file.
- The import will try to get as much information as possible out of the selected file. In most cases, you need to provide the group and user password.
- If the group password is encrypted, it can be determined by taking the encrypted string and running it through the Cisco decoder at http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode
- Save your changes
Details of the VPN connection
- Close the Edit Connections screen
You should now be able to left-click on the Network Manager applet, select VPN connections, and click on the newly added connection. The Network icon will show a circling star for a couple of seconds, and then indicate that the VPN connection is established by showing a yellow padlock in the bottom right of the icon.
Disconnecting is just as easy: left-click on the applet, select VPN connections, and select Disconnect VPN.
Related posts:
Is there any security issue with using the decoded Group Password, rather than the encrypted one? I mean, does VPNC broadcast the decoded Group Password “in the clear”?
I’m pretty sure the Group Password is not transmitted in the clear, although I haven’t looked at the packages being sent from the workstation.
However, since the decryption of the password is apparently available, I assume that the encryption is also available. Last but not least, I hope there are additional security measures, since even if the Group Password is sent encrypted, if I know where it is in the stream, I can grab the password, run it through the decrypter, and voila! I have the group password.
Excellent post, crystal clear.
Excellent post, crystal clear.
I’m pretty sure the Group Password is not transmitted in the clear, although I haven’t looked at the packages being sent from the workstation.
However, since the decryption of the password is apparently available, I assume that the encryption is also available. Last but not least, I hope there are additional security measures, since even if the Group Password is sent encrypted, if I know where it is in the stream, I can grab the password, run it through the decrypter, and voila! I have the group password.
Congratulations,
I really appreciate it. Thanks.
Congratulations,
I really appreciate it. Thanks.
thank you very much!
thank you very much!
Perfect! with 8.10 but not working on 9.04. Thanks for the info.
Perfect! with 8.10 but not working on 9.04. Thanks for the info.
humpf! You talk about certificates, but in fact you mean vpn-profiles. So my question on how to install certificates under ubuntu remains unanswered
humpf! You talk about certificates, but in fact you mean vpn-profiles. So my question on how to install certificates under ubuntu remains unanswered
you can go to a IP address site and find yours, and you can also find others, but what you can’t do is find out who they belong to as I am aware of so that is impossible
you can go to a IP address site and find yours, and you can also find others, but what you can’t do is find out who they belong to as I am aware of so that is impossible