• Home
  • Custom Ecommerce
  • Application Development
  • Database Consulting
  • Cloud Hosting
  • Systems Integration
  • Legacy Business Systems
  • Security & Compliance
  • GIS
  • Expertise
  • About Us
  • Our Team
  • Clients
  • Blog
  • Careers
  • CasePointer
  • VisionPort
  • Contact

    • Our Blog

    Ongoing observations by End Point Dev people

    Problem with Cisco VPN on Ubuntu 12.04

    Szymon Lipiński

    By Szymon Lipiński
    May 7, 2012

    A couple of days ago I had to change my notebook. I installed Ubuntu 12.04 on the new one, while on the previous one there was Ubuntu 11.10. There were no problems with copying all the files from the old to the new machine, including GPG and SSH keys. Everything went smoothly and I could connect to all the machines I needed.

    The only problem was with VPN. While working for one of our clients, I need to connect to their VPN. On the old machine I did that through the Network Manager. Nothing easier, I went to the Network Manager, chose the Export option and saved all the settings to a file. I copied the file to the new computer and loaded it into the Network Manager.

    The file loaded correctly. I could switch the VPN on. It said everything works. But in fact it didn’t. The message was “VPN is connected”, I could switch it on and off, but I couldn’t access any of the client’s resources available from my previous notebook.

    The first thing I checked was the content of /etc/resolv.conf on both computers. The file without connecting to VPN looked like this on both computers:

    $ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 127.0.0.1

    When I connected to the VPN the files on both computers were quite different. For example on my new computer (and Ubuntu 12.04) the content of the file looked like this:

    $ cat /etc/resolv.conf
# Generated by NetworkManager
domain something.net
search something.net
nameserver 127.0.0.1

    I changed the data a little bit of course, so the domain names and IP addresses (except for 127.0.0.1) are not real.

    On my old computer the resolv.conf file had a lot more entries, however I thought the above file should work as well. The problem was still the same: I couldn’t connect to the client’s resources.

    The client is using the CISCO VPN, so I had to install network-manager-vpnc. This is just a plugin for network-manager which uses the vpnc program internally. I thought that maybe the plugin was doing something wrong.

    I checked the plugin versions. Yes, they really differ. I started thinking about using the program without the Network Manager.

    It turned out to be very simple to use. I need just a config file. The file is really simple:

    IPSec gateway   something.net
IPSec ID        something.id
IPSec secret    somethingpass
Xauth username  mylogin
Xauth password  mypass

    I keep all my local scripts in ~/bin (which can also be accessed as /home/szymon/bin). The directory ~/bin is added to the PATH environment variable. This way I can access all the scripts placed there in the console without providing the whole path. I did it by adding the following line at the end of my local ~/.bashrc file.

    PATH=$PATH:$HOME/bin

    To keep the things together I saved the config file at the same location ~/bin/vpn.conf.

    Now I can connect to the VPN using:

    $ sudo vpnc-connect /home/szymon/bin/vpn.conf

    I can also stop the VPN using:

    $ sudo vpnc-disconnect

    To automate it a little bit I created a simple script stored at ~/bin/vpn:

    #!/usr/bin/env bash

case "$1" in

start)
  sudo vpnc-connect /home/szymon/bin/vpn.conf
  ;;
stop)
  sudo vpnc-disconnect
  ;;
status)
  ps uaxf | grep vpnc-connect | grep -v grep
  ;;
restart)
  sudo vpnc-disconnect
  sudo vpnc-connect /home/szymon/bin/vpn.conf
  ;;
*)
  echo "Usage: vpn (start|stop|status|restart)"
  exit 1
  ;;

esac

    This way I can simply write:

    $ vpn start
[sudo] password for szymon:
VPNC started in background (pid: 13771)...

    I noticed that now the /etc/resolv.conf file contains different entries than when using the Network Manager plugin:

    $ cat /etc/resolv.conf
#@VPNC_GENERATED@ -- this file is generated by vpnc
# and will be overwritten by vpnc
# as long as the above mark is intact
# Generated by NetworkManager
nameserver 1.2.3.4
nameserver 1.2.3.4
search something.net

    I can also disconnect from the VPN with simple command:

    $ vpn stop
Terminating vpnc daemon (pid: 13771)

    I’m using this script for a couple of days and I don’t have any problems with the CISCO VPN. It seems like the vpnc program in Ubuntu 12.04 is OK, however there is something wrong with the Network Manager plugin for vpnc.

    virtualization ubuntu networking

    Comments

    Popular Tags

    Archive