Using vpnc instead of Cisco vpn client or kvpnc

Posted on by

Windows users are able to use Cisco VPN Client to establish VPN tunnel. On linux there is a kvpnc that can be used to achieve the same thing. But, for me, command line is much more simpler than kvpnc setup. I am able to establish VPN tunnel much faster that way. Also, i don’t even need graphical environment to do that. So, what needs to be done? I will give you Centos 6 example. I don’t think there is a big difference with other ditributions.

1. Install vpnc

[root@thinker ~]# yum install vpnc

2. Create your vpn tunnel conf file

[root@thinker ~]# cd /etc/vpnc
[root@thinker vpnc]# vi my_tunnel.conf

File content:

IPSec gateway VPN.SERVER.IP.ADDRESS
### ipsec ID
IPSec ID VPN_IPSEC_ID
### group password
IPSec secret GROUP.PASSWOD
### inside user
Xauth username your_vpn_username
Xauth password your_vpn_password

Save and exit from editor

3. Change conf file permissions

[root@thinker vpnc]# chmod 600 my_tunnel.conf
[root@thinker vpnc]# chown root:root my_tunnel.conf

4. Create sudoers file

In order to be able to run vpnc as ordinary user you need to setup sudoers:

[root@thinker ~]# cd /etc/sudoers.d
[root@thinker sudoers.d]# vi vpnc

File content:

Cmnd_Alias VPNC = /usr/sbin/vpnc, /usr/sbin/vpnc-disconnect
sigor ALL=NOPASSWD: VPNC

Save file and exit from editor

5. Change sudoers file permissions

[root@thinker sudoers.d]# chmod 0440 vpnc
[root@thinker sudoers.d]# chown root:root vpnc

6. Check if everything is ok, as ordinary user

[sigor@thinker ~]# sudo -l
User sigor may run the following commands on this host:
(root) NOPASSWD: /usr/sbin/vpnc, /usr/sbin/vpnc-disconnect

7. Create alias for bringing tunnel up and bringing tunnel down

[sigor@thinker ~]# vi .bashrc

Add lines:

# VPN UP
alias my_tunnel='sudo /usr/sbin/vpnc my_tunnel.conf'
# VPN DOWN
alias vd='sudo /usr/sbin/vpnc-disconnect'

8. Rerun your .bashrc

[sigor@thinker ~]# . .bashrc

That’s it. Now you can bring tunnel up as ordinary user:

[sigor@thinker ~]# my_tunnel

And you can bring tunnel down as ordinary user:

[sigor@thinker ~]# vd

Note:
There is only one caveat for this setup: your vpn password is visible in conf file. Kvpnc is holding your password in Kwallet that can be encrypted and password protected. But, if you are the only one that knows root password you don’t have to worry about that.

Leave a Reply