• Home

  • Custom Ecommerce
  • Application Development
  • Database Consulting
  • Cloud Hosting
  • Systems Integration
  • Legacy Business Systems
  • Security & Compliance
  • GIS

  • Expertise

  • About Us
  • Our Team
  • Clients
  • Careers

  • Blog

  • EpiTrax

  • VisionPort

  • Contact
  • Our Blog

    Ongoing observations by End Point Dev people

    Problem with Cisco VPN on Ubuntu 12.04

    By Szymon Lipiński
    May 7, 2012

    A couple of days ago I had to change my notebook. I installed Ubuntu 12.04 on the new one, while on the previous one there was Ubuntu 11.10. There were no problems with copying all the files from the old to the new machine, including GPG and SSH keys. Everything went smoothly and I could connect to all the machines I needed.

    The only problem was with VPN. While working for one of our clients, I need to connect to their VPN. On the old machine I did that through the Network Manager. Nothing easier, I went to the Network Manager, chose the Export option and saved all the settings to a file. I copied the file to the new computer and loaded it into the Network Manager.

    The file loaded correctly. I could switch the VPN on. It said everything works. But in fact it didn’t. The message was “VPN is connected”, I could switch it on and off, but I couldn’t access any of the client’s resources available from my previous notebook.

    The first thing I checked was the content of /etc/resolv.conf on both computers. The file without connecting to VPN looked like this on both computers:

    $ cat /etc/resolv.conf
    # Generated by NetworkManager
    nameserver 127.0.0.1
    

    When I connected to the VPN the files on both computers were quite different. For example on my new computer (and Ubuntu 12.04) the content of the file looked like this:

    $ cat /etc/resolv.conf
    # Generated by NetworkManager
    domain something.net
    search something.net
    nameserver 127.0.0.1
    

    I changed the data a little bit of course, so the domain names and IP addresses (except for 127.0.0.1) are not real.

    On my old computer the resolv.conf file had a lot more entries, however I thought the above file should work as well. The problem was still the same: I couldn’t connect to the client’s resources.

    The client is using the CISCO VPN, so I had to install network-manager-vpnc. This is just a plugin for network-manager which uses the vpnc program internally. I thought that maybe the plugin was doing something wrong.

    I checked the plugin versions. Yes, they really differ. I started thinking about using the program without the Network Manager.

    It turned out to be very simple to use. I need just a config file. The file is really simple:

    IPSec gateway   something.net
    IPSec ID        something.id
    IPSec secret    somethingpass
    Xauth username  mylogin
    Xauth password  mypass
    

    I keep all my local scripts in ~/bin (which can also be accessed as /home/szymon/bin). The directory ~/bin is added to the PATH environment variable. This way I can access all the scripts placed there in the console without providing the whole path. I did it by adding the following line at the end of my local ~/.bashrc file.

    PATH=$PATH:$HOME/bin
    

    To keep the things together I saved the config file at the same location ~/bin/vpn.conf.

    Now I can connect to the VPN using:

    $ sudo vpnc-connect /home/szymon/bin/vpn.conf
    

    I can also stop the VPN using:

    $ sudo vpnc-disconnect
    

    To automate it a little bit I created a simple script stored at ~/bin/vpn:

    #!/usr/bin/env bash
    
    case "$1" in
    
    start)
      sudo vpnc-connect /home/szymon/bin/vpn.conf
      ;;
    stop)
      sudo vpnc-disconnect
      ;;
    status)
      ps uaxf | grep vpnc-connect | grep -v grep
      ;;
    restart)
      sudo vpnc-disconnect
      sudo vpnc-connect /home/szymon/bin/vpn.conf
      ;;
    *)
      echo "Usage: vpn (start|stop|status|restart)"
      exit 1
      ;;
    
    esac
    
    

    This way I can simply write:

    $ vpn start
    [sudo] password for szymon:
    VPNC started in background (pid: 13771)...
    

    I noticed that now the /etc/resolv.conf file contains different entries than when using the Network Manager plugin:

    $ cat /etc/resolv.conf
    #@VPNC_GENERATED@ -- this file is generated by vpnc
    # and will be overwritten by vpnc
    # as long as the above mark is intact
    # Generated by NetworkManager
    nameserver 1.2.3.4
    nameserver 1.2.3.4
    search something.net
    

    I can also disconnect from the VPN with simple command:

    $ vpn stop
    Terminating vpnc daemon (pid: 13771)
    

    I’m using this script for a couple of days and I don’t have any problems with the CISCO VPN. It seems like the vpnc program in Ubuntu 12.04 is OK, however there is something wrong with the Network Manager plugin for vpnc.

    virtualization ubuntu networking


    Comments