How to connect to a Cisco VPN using Ubuntu Linux 10.04

Argh, I spent the whole day figuring out how to connect to the VPN of my current customer. The Windows client on my other computer works just fine, at least after selecting the UDP option. But it is quite some overhead to install Windows on my Linux box just to connect to a VPN. The proprietary Cisco VPN client for Linux works until kernel version 2.6.25 AFAIK. Therefore, this is no option for all users of Ubuntu 10.04 or later.

There is an Open Source client for the cisco vpn concentrator that replaces the Cisco client: vpnc

It can be installed on the command line using

sudo apt-get update && sudo apt-get install vpnc resolvconf

Once you’ve done this, you will want to create a config file for your VPN:

/usr/share/vpnc/pcf2vpnc ciscovpnconfigfile.pcf > default.conf

Now move that file to /etc/vpnc:

sudo mv default.conf /etc/vpnc

Theoretically you should be able to use the VPN like this now:

sudo vpnc

And terminate it like that:

sudo vpnc-disconnect

Of course it would be too easy this way. There were a couple of changes I had to apply to the config file:

First of all and most importantly, the line

Application version Cisco Systems VPN Client 5.0.07.0240:WinNT

simulates a Windows client, which the Cisco concentrator at my customer’s network checked for. If that is the case and it refuses the connection, you won’t see any error that tells you about it, vpnc just won’t connect properly and say “no response from target” after several seconds! It took a long time until I figured that out, but just because I had a similar problem with an older Windows client previously. Also it’s hard to find out, how the version string is supposed to look like.

The other line I added was “NAT Traversal Mode cisco-udp” and if you like “Xauth password XXX” to store your password in the config file, so that you don’t need to enter it each time you connect.

Hope that works for you!