how to stabilize vpnc connection on ubuntu

Hi,
today i would like to share with you the experience i had when setting up a vpn connection with a cisco system from an ubuntu distribution. I used ubuntu 10.04 and after so many attempts of installing the cisco’s own client using this tutorial from LAMNK i finaly got it install but it wouldn’t connect. Even though several people succeeded in using that, it didn’t work for me for some reason. I started searching for other solution and i stumbled upon

[bash]
sudo apt-get install vpnc
[/bash]

this little useful application comes with a simple sample configuration of name default.conf located at
/etc/vpnc/default.conf . let’s create our own configuration file. let’s say we want to connect to google vpn, we would then create the file google.conf

[bash]
sudo nano /etc/vpnc/google.conf
[/bash]

we will set the parameters as such:

[bash]
# /etc/vpnc/google.conf

IPSec gateway 192.168.0.2
IPSec ID thisisinfactourgroupname
IPSec secret ourpresharedkey
Xauth username codingpains
Xauth password oupassword
Local Port 10000
DPD idle timeout (our side) 0
NAT Traversal Mode cisco-udp

[/bash]

After saving the configuration file with ctrl+X then y to confirm the operation, let’s try to connect to the vpn. the command vpnc nameoftheconfigfile will be used,but since our configuration is called google.conf we shall use the following:

[bash]
sudo vpnc google
[/bash]

it will output few text with this line : VPNC started in background (pid: 10351)
to check whether you are really connected or not you can use ifconfig command and locate the interface tun. it could be tun0 or tun1 etc depending on your box.

The above configuration has worked for others as they claimed it’s been stable without any disconnection, but it wasn’t the case for me so I had to find other alternatives. In my case as things aren’t bad enough, the network i was trying to connect to has disabled pinging on the host so i used telnet manually to check whether am still connected or not. Manual checking wasn’t sustainable so i created an autoreconnect script based on telnet:

[bash]
sudo nano /etc/init.d/autovpncscript
[/bash]

[bash]
#!/bin/bash
google="192.168.1.10"
LOGFILE=/var/log/vpnc/google.log
exec 3>/dev/tcp/${google}/9000
if [ $? -eq 0 ]
then
echo "$(date +%Y-%m-%d:%T) :Telnet accepting connections" | tee -a $LOGFILE
else
echo "$(date +%Y-%m-%d:%T) Telnet connections not possible" |tee -a $LOGFILE
echo "$(date +%Y-%m-%d:%T) Reconnecting to telnet" | tee -a $LOGFILE
pid=$(pidof vpnc)
if test -z "${pid}"
then
echo "$(date +%Y-%m-%d:%T) pid is null" | tee -a $LOFGILE
echo "$(date +%Y-%m-%d:%T) restarting vpnc" | tee -a $LOGFILE
/usr/sbin/vpnc google | tee -a $LOGFILE
else
echo "$(date +%Y-%m-%d:%T) vpnc is running but not connected. killing ${pid}" | tee -a $LOFGILE
kill -9 ${pid}
echo "$(date +%Y-%m-%d:%T) restarting vpnc" | tee -a $LOFGILE
/usr/sbin/vpnc google | tee -a $LOGFILE
echo "$(date +%Y-%m-%d:%T) vpnc running with pid: $(pidof vpnc)" | tee -a $LOGFILE

fi
fi

[/bash]

let’s make the autoscript file executable and let’s create a folder for our vpnc logging:
[bash]
sudo chmod 755 /etc/init.d/autovpncscript
sudo mkdir /var/log/vpnc
[/bash]

since i wanted the connected to be checked and reinitiated every 5 min i added this script to /etc/crontab

[bash]
#/etc/crontab
#….
*/5 * * * * root /etc/init.d/autovpncscript
[/bash]

I have suspected the system to be flooded with our vpn logs since we are logging every 5 min. there is a nice tool in linux called logrotate which takes care of that:

[bash]
nano /etc/logrotate.conf
[/bash]

let’s put the following at the end of the file:

[bash]
#/etc/logrotate.conf
/var/log/vpnc/google.log{
missingok
daily
create
rotate 7
}
[/bash]

Voila!! we are good to go, i can assure you that the scripts above is exactly what i use and the vpn is up and running for a month at the time of writing this.
I hope this helps