Hi,
today i would like to share with you the experience i had when setting up a vpn connection with a cisco system from an ubuntu distribution. I used ubuntu 10.04 and after so many attempts of installing the cisco’s own client using this tutorial from LAMNK i finaly got it install but it wouldn’t connect. Even though several people succeeded in using that, it didn’t work for me for some reason. I started searching for other solution and i stumbled upon
sudo apt-get install vpnc
this little useful application comes with a simple sample configuration of name default.conf located at
/etc/vpnc/default.conf . let’s create our own configuration file. let’s say we want to connect to google vpn, we would then create the file google.conf
sudo nano /etc/vpnc/google.conf
we will set the parameters as such:
# /etc/vpnc/google.conf IPSec gateway 192.168.0.2 IPSec ID thisisinfactourgroupname IPSec secret ourpresharedkey Xauth username codingpains Xauth password oupassword Local Port 10000 DPD idle timeout (our side) 0 NAT Traversal Mode cisco-udp
After saving the configuration file with ctrl+X then y to confirm the operation, let’s try to connect to the vpn. the command vpnc nameoftheconfigfile will be used,but since our configuration is called google.conf we shall use the following:
sudo vpnc google
it will output few text with this line : VPNC started in background (pid: 10351)
to check whether you are really connected or not you can use ifconfig command and locate the interface tun. it could be tun0 or tun1 etc depending on your box.
The above configuration has worked for others as they claimed it’s been stable without any disconnection, but it wasn’t the case for me so I had to find other alternatives. In my case as things aren’t bad enough, the network i was trying to connect to has disabled pinging on the host so i used telnet manually to check whether am still connected or not. Manual checking wasn’t sustainable so i created an autoreconnect script based on telnet:
sudo nano /etc/init.d/autovpncscript
#!/bin/bash google="192.168.1.10" LOGFILE=/var/log/vpnc/google.log exec 3>/dev/tcp/${google}/9000 if [ $? -eq 0 ] then echo "$(date +%Y-%m-%d:%T) :Telnet accepting connections" | tee -a $LOGFILE else echo "$(date +%Y-%m-%d:%T) Telnet connections not possible" |tee -a $LOGFILE echo "$(date +%Y-%m-%d:%T) Reconnecting to telnet" | tee -a $LOGFILE pid=$(pidof vpnc) if test -z "${pid}" then echo "$(date +%Y-%m-%d:%T) pid is null" | tee -a $LOFGILE echo "$(date +%Y-%m-%d:%T) restarting vpnc" | tee -a $LOGFILE /usr/sbin/vpnc google | tee -a $LOGFILE else echo "$(date +%Y-%m-%d:%T) vpnc is running but not connected. killing ${pid}" | tee -a $LOFGILE kill -9 ${pid} echo "$(date +%Y-%m-%d:%T) restarting vpnc" | tee -a $LOFGILE /usr/sbin/vpnc google | tee -a $LOGFILE echo "$(date +%Y-%m-%d:%T) vpnc running with pid: $(pidof vpnc)" | tee -a $LOGFILE fi fi
let’s make the autoscript file executable and let’s create a folder for our vpnc logging:
sudo chmod 755 /etc/init.d/autovpncscript sudo mkdir /var/log/vpnc
since i wanted the connected to be checked and reinitiated every 5 min i added this script to /etc/crontab
#/etc/crontab #.... */5 * * * * root /etc/init.d/autovpncscript
I have suspected the system to be flooded with our vpn logs since we are logging every 5 min. there is a nice tool in linux called logrotate which takes care of that:
nano /etc/logrotate.conf
let’s put the following at the end of the file:
#/etc/logrotate.conf /var/log/vpnc/google.log{ missingok daily create rotate 7 }
Voila!! we are good to go, i can assure you that the scripts above is exactly what i use and the vpn is up and running for a month at the time of writing this.
I hope this helps
Jus an FYI, there is an easier way to approach this if you’re using the network-manager utility to create and edit connections:
nmcli is the command line client for network manager.
to list available UUIDs:
nmcli -p c list
(“c” is the object to manage: onnection)
(“-p” is for prettified – headers, progress indicators, etc. )
to list UUID status:
nmcli c status uuid
to start network interface:
nmcli c up uuid
(“c” is the object to manage: onnection)
(“up” to bring up the connection)
Hi , Very nice insight. I will find some time and try it out. Thanks for the input
Nice solution, but it didn´t work on my Centos server. I made some modifications and it´s working now:
if ping -c 1 PUT-HERE-YOUR-IP &> /dev/null
then
echo 1
else
pid=$(pidof vpnc)
if test -z “${pid}”
then
echo “$(date +%Y-%m-%d:%T) pid is null” | tee -a $LOFGILE
echo “$(date +%Y-%m-%d:%T) restarting vpnc” | tee -a $LOGFILE
/usr/sbin/vpnc my_config_file| tee -a $LOGFILE
else
echo “$(date +%Y-%m-%d:%T) vpnc is running but not connected. killing ${pid}” | tee -a $LOFGILE
kill -9 ${pid}
echo “$(date +%Y-%m-%d:%T) restarting vpnc” | tee -a $LOFGILE
/usr/sbin/vpnc my_config_file | tee -a $LOGFILE
echo “$(date +%Y-%m-%d:%T) vpnc running with pid: $(pidof vpnc)” | tee -a $LOGFILE
fi
fi
Thanks for share your work !!