The vpnc program is used to connect to Cisco VPNs. Although Cisco provides a Linux client, it can often be problematic to build, especially on 64 bit or SMP systems. Additionally, vpnc is quick to install and easy to configure.
Start by installing and enabling the rpmforge repo. Once that is done, vpnc can be installed with
yum -y install vpnc
This will install vpnc, create an /etc/vpnc directory and also install the pcf2vpnc script. The /etc/vpnc directory contains a default sample vpnc.conf and a vpnc-script. The directory and files are owned by root. The vpnc-script must be made executable. As root or with root privilege
chmod 700 /etc/vpnc/vpnc-script
Next create a customized vpnc.conf file. By default, vpnc first looks in /etc/vpnc/ for a file called defaults.conf. If it doesn’t find that, it will then look for /etc/vpnc.conf. The user can either call their custom file vpnc.conf and put it in /etc, or give it its own name and put it in /etc/vpnc. The file should have a .conf suffix, for example, mycompany.conf. If using a custom name, then, when using vpnc, the .conf file will be given as an argument, without the .conf suffix, and the command will be run as
For purposes of this example, the customized config file will be called vpnc.conf and placed directly in /etc. It might be useful to rename the sample vpnc.conf in /etc/vpnc to avoid any confusion, but the program itself will not try to use the default vpnc.conf in /etc/vpnc. It only looks for a vpnc.conf in /etc.
The next step is to create the customized .conf file. Your company will have provided you with a .pcf file. This file will contain various information, including the group ID, group password, and server’s address. It may include additional information, such as your individual user name and password, and IKE Authmode.
To create a .conf file to use with vpnc, use the pcf2vpnc script. If the supplied pcf file is called company.pcf, the command is
pcf2vpnc company.pcf vpnc.conf
You will get a message that it can’t execute cisco-decrypt and it is adding the password in obfuscated form. This is fine. The cisco-decrypt script will, strangely enough, decrypt the encoded password that is in the pcf, however, vpnc can use the encrypted password. There will also be a message that it was written to vpnc.conf with permissions of 100664 and a message to fix the permissions. Do so. Assuming that this has been done as root or with root privilege, it is owned by root. If not, first change its ownership.
chown root vpnc.conf
Then change it to be read write for root only.
chmod 600 vpnc.conf mv vpnc.conf /etc/
If your individual username and password were in the file, they will also be included in the newly created vpnc.conf file. This is relatively rare, and it’s more likely that the file will have the lines
# Xauth username <your username> # Xauth password <your password>
Either add the username and password, (uncommenting the two lines) or, if preferring to enter username and password each time, change it to read
As a Cisco VPN may supply its own DNS servers, the vpnc-script will backup /etc/resolv.conf and replace it. If all goes well, after disconnecting, it will put back the backed up /etc/resolv.conf, but the reader might want to make their own copy before running the command, just in case.
cp /etc/resolv.conf /etc/resolv.conf.orig
Once this is done, you can use the program by typing (as root or with root privilege)
When finished with your vpnc session, disconnect with
After disconnecting, the reader may want to confirm that the vpnc-script replaced the original /etc/resolv.conf. If for some reason it didn’t, and you took the advice above about backing up your resolv.conf file, you can manually put it back with cp /etc/resolv.conf.orig /etc/resolv.conf
This is usually not necessary unless you forgot to disconnect when finished and your session timed out, leaving you with your company’s (probably internal) name servers in the resolv.conf created by the Cisco VPN.