how to stabilize vpnc connection on ubuntu

Hi,
today i would like to share with you the experience i had when setting up a vpn connection with a cisco system from an ubuntu distribution. I used ubuntu 10.04 and after so many attempts of installing the cisco’s own client using this tutorial from LAMNK i finaly got it install but it wouldn’t connect. Even though several people succeeded in using that, it didn’t work for me for some reason. I started searching for other solution and i stumbled upon

sudo apt-get install vpnc

this little useful application comes with a simple sample configuration of name default.conf located at
/etc/vpnc/default.conf . let’s create our own configuration file. let’s say we want to connect to google vpn, we would then create the file google.conf

sudo nano /etc/vpnc/google.conf

we will set the parameters as such:

# /etc/vpnc/google.conf

IPSec gateway 192.168.0.2
IPSec ID thisisinfactourgroupname
IPSec secret ourpresharedkey
Xauth username codingpains
Xauth password oupassword
Local Port 10000
DPD idle timeout (our side) 0 
NAT Traversal Mode cisco-udp

After saving the configuration file with ctrl+X then y to confirm the operation, let’s try to connect to the vpn. the command vpnc nameoftheconfigfile will be used,but since our configuration is called google.conf we shall use the following:

sudo vpnc google

it will output few text with this line : VPNC started in background (pid: 10351)
to check whether you are really connected or not you can use ifconfig command and locate the interface tun. it could be tun0 or tun1 etc depending on your box.

The above configuration has worked for others as they claimed it’s been stable without any disconnection, but it wasn’t the case for me so I had to find other alternatives. In my case as things aren’t bad enough, the network i was trying to connect to has disabled pinging on the host so i used telnet manually to check whether am still connected or not. Manual checking wasn’t sustainable so i created an autoreconnect script based on telnet:

sudo nano /etc/init.d/autovpncscript
#!/bin/bash
google="192.168.1.10" 
        LOGFILE=/var/log/vpnc/google.log
        exec 3>/dev/tcp/${google}/9000
        if [ $? -eq 0 ]
        then
                echo "$(date +%Y-%m-%d:%T) :Telnet accepting connections" | tee -a $LOGFILE 
        else
                echo "$(date +%Y-%m-%d:%T) Telnet connections not possible" |tee -a $LOGFILE
                echo "$(date +%Y-%m-%d:%T) Reconnecting to telnet" | tee -a $LOGFILE
                pid=$(pidof vpnc)
                if test -z "${pid}" 
                        then
                                echo "$(date +%Y-%m-%d:%T) pid is null" | tee -a $LOFGILE
                                echo "$(date +%Y-%m-%d:%T) restarting vpnc" | tee -a $LOGFILE
                                /usr/sbin/vpnc google | tee -a $LOGFILE
                        else
                                echo "$(date +%Y-%m-%d:%T) vpnc is running but not connected. killing ${pid}" | tee -a $LOFGILE
                                kill -9 ${pid}
                                echo "$(date +%Y-%m-%d:%T) restarting vpnc" | tee -a $LOFGILE
                                /usr/sbin/vpnc google | tee -a $LOGFILE
                                echo "$(date +%Y-%m-%d:%T) vpnc running with pid: $(pidof vpnc)" | tee -a $LOGFILE

                  fi
           fi   

let’s make the autoscript file executable and let’s create a folder for our vpnc logging:

sudo chmod 755 /etc/init.d/autovpncscript
sudo mkdir /var/log/vpnc

since i wanted the connected to be checked and reinitiated every 5 min i added this script to /etc/crontab

#/etc/crontab
#....
*/5 * * * * root /etc/init.d/autovpncscript

I have suspected the system to be flooded with our vpn logs since we are logging every 5 min. there is a nice tool in linux called logrotate which takes care of that:

nano /etc/logrotate.conf

let’s put the following at the end of the file:

#/etc/logrotate.conf
/var/log/vpnc/google.log{
   missingok
   daily
   create
   rotate 7
}

Voila!! we are good to go, i can assure you that the scripts above is exactly what i use and the vpn is up and running for a month at the time of writing this.
I hope this helps

3 Comments

  1. Tyler Style

    Jus an FYI, there is an easier way to approach this if you’re using the network-manager utility to create and edit connections:

    nmcli is the command line client for network manager.

    to list available UUIDs:
    nmcli -p c list
    (“c” is the object to manage: onnection)
    (“-p” is for prettified – headers, progress indicators, etc. )

    to list UUID status:
    nmcli c status uuid

    to start network interface:
    nmcli c up uuid
    (“c” is the object to manage: onnection)
    (“up” to bring up the connection)

    Reply
    1. kodjo-kuma djomeda (Post author)

      Hi , Very nice insight. I will find some time and try it out. Thanks for the input

      Reply
  2. Edu Labs

    Nice solution, but it didn´t work on my Centos server. I made some modifications and it´s working now:

    if ping -c 1 PUT-HERE-YOUR-IP &> /dev/null
    then
    echo 1
    else
    pid=$(pidof vpnc)
    if test -z “${pid}”
    then
    echo “$(date +%Y-%m-%d:%T) pid is null” | tee -a $LOFGILE
    echo “$(date +%Y-%m-%d:%T) restarting vpnc” | tee -a $LOGFILE
    /usr/sbin/vpnc my_config_file| tee -a $LOGFILE
    else
    echo “$(date +%Y-%m-%d:%T) vpnc is running but not connected. killing ${pid}” | tee -a $LOFGILE
    kill -9 ${pid}
    echo “$(date +%Y-%m-%d:%T) restarting vpnc” | tee -a $LOFGILE
    /usr/sbin/vpnc my_config_file | tee -a $LOGFILE
    echo “$(date +%Y-%m-%d:%T) vpnc running with pid: $(pidof vpnc)” | tee -a $LOGFILE

    fi

    fi

    Thanks for share your work !!

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

captcha * Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.