Installation af Cisco VPN på Ubuntu Edgy 6.10

Det første du gør er at downloade nyeste version af Cisco VPN klienten, i skrivende stund vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz, downloaden kan jeg ikke hjælpe dig med, men hvis du har en cco account kan du downloade den fra Ciscos website, ellers spørg din netværksleverandør, eller google :). Der kan være visse problemer med tidligere versioner af Cisco VPN klienten, hvor du er nødt til at patche den. Men med den nyeste version er disse problemer løst, man har du kun adgang til en tidligere klient, så læs mere her.

Gem den i en mappe i dit hjemmekatalog og pak den ud
Start en terminal (Applications -> Accessories -> Terminal).

 

Sørg for at du har installeret GCC så du kan kompilere VPN klienten. Hvis ikke sår kør følgende i en terminal:

 

sudo apt-get install gcc make

 

tar zxvf vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz

Det næste du skal er at skaffe kernel headers der passer til den kernel du kører. (Cisco VPN skal rekompileres hver gang du skifter kernel.)

For at se hvilken version af kernel du har, kør følgende kommando i terminalen. (Alt dette kan selvfølgelig også gøres via Synaptic, hvis du
foretrækker det, resultatet er det samme :).

akh@akh-desktop:~$ uname -r
2.6.17-10-386

Hent og installer:

akh@akh-desktop:~$sudo apt-get install linux-headers-`uname -r`

Gå ind i den mappe hvor du udpakkede Cisco vpn klienten:

cd /home/akh/vpnclient/

Kør Cisco installeren:

akh@akh-desktop:~/vpnclient$ sudo ./vpn_install
Password:

Installeren starter op, du kan se de valg jeg har lavet er highlightet.

Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.17-10-386/build]
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.17-10-386/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.17-10-386/build” will be used to build the module.
Is the above correct [y] y
Shutting down /opt/cisco-vpnclient/bin/vpnclient: Done
Stopped: /etc/init.d/vpnclient_init (VPN init script)
Making module
make -C /lib/modules/2.6.17-10-386/build SUBDIRS=/home/akh/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.17-10-386′
  Building modules, stage 2.
  MODPOST
WARNING: /home/akh/vpnclient/cisco_ipsec.o – Section mismatch: reference to .init.text: from .data between ‘interceptor_dev’ (at offset 0x54) and ‘interceptor_notifier’
WARNING: could not find /home/akh/vpnclient/.libdriver.so.cmd for /home/akh/vpnclient/libdriver.so
make[1]: Leaving directory `/usr/src/linux-headers-2.6.17-10-386′
Copying module to directory “/lib/modules/2.6.17-10-386/CiscoVPN”.
Already have group ‘bin’
Creating start/stop script “/etc/init.d/vpnclient_init”.
    /etc/init.d/vpnclient_init
Enabling start/stop script for run level 3,4 and 5.
Installing license.txt (VPN Client license) in “/opt/cisco-vpnclient/”:
Installing bundled user profiles in “/etc/opt/cisco-vpnclient/Profiles/”:
* Replaced Profiles: sample
Copying binaries to directory “/opt/cisco-vpnclient/bin”.
Adding symlinks to “/usr/local/bin”.
    /opt/cisco-vpnclient/bin/vpnclient
    /opt/cisco-vpnclient/bin/cisco_cert_mgr
    /opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory “/opt/cisco-vpnclient/bin”.
    /opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory “/opt/cisco-vpnclient/lib”.
    /opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory “/opt/cisco-vpnclient/include”.
    /opt/cisco-vpnclient/include/vpnapi.h
Setting permissions.
    /opt/cisco-vpnclient/bin/cvpnd (setuid root)
    /opt/cisco-vpnclient (group bin readable)
    /etc/opt/cisco-vpnclient (permissions not changed)
* You may wish to change these permissions to restrict access to root.
* You must run “/etc/init.d/vpnclient_init start” before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.
akh@akh-desktop:~/vpnclient$

Genstart computeren eller kør følgende kommando.

akh@akh-desktop:~/vpnclient$ sudo /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: Done

vpn klienten er nu installeret, der er lagt en sample konfiguration(sample.pcf) i /etc/opt/cisco-vpnclient/Profiles . Lav en kopi af den og indtast dine egne oplysninger. Du kan se et eksempel på min her.
med fiktive oplysninger dog 🙂 De ændringer jeg har lavet er highlightet.

[main]
Description=sample user profile
Host=vpn.xxx.dk
AuthType=1
GroupName=vpn
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPCommand=
Username=akh
SaveUserPassword=0
EnableBackup=0
BackupServer=
EnableNat=1
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
DHGroup=2
ForceKeepAlives=0

gem den under et filnavn. feks akh.pcf  Så er vi klar til at forbinde

akh@akh-desktop:~$ sudo vpnclient connect akh

Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.17-10-386 #2 Tue Dec 5 22:26:18 UTC 2006 i686
Config file directory: /etc/opt/cisco-vpnclient
Enter a group password:
Initializing the VPN connection.
Contacting the gateway at 192.168.10.1
User Authentication for akh…
Enter Username and Password.
Username [akh]: akh
Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.
Your VPN connection is secure.
VPN tunnel information.
Client address: 192.168.10.5
Server address: 192.168.10.1
Encryption: 168-bit 3-DES
Authentication: HMAC-MD5
IP Compression: None
NAT passthrough is active on port UDP 10000
Local LAN Access is disabled

Lad terminal vinduet stå åbent så længe du vil være online på vpn.
God fornøjelse, læg evt kommentarer i en kommentar, eller mail til anders (at) keis-hansen.dk


Advertisements

Skriv et svar

Udfyld dine oplysninger nedenfor eller klik på et ikon for at logge ind:

WordPress.com Logo

Du kommenterer med din WordPress.com konto. Log Out / Skift )

Twitter picture

Du kommenterer med din Twitter konto. Log Out / Skift )

Facebook photo

Du kommenterer med din Facebook konto. Log Out / Skift )

Google+ photo

Du kommenterer med din Google+ konto. Log Out / Skift )

Connecting to %s