VPN-access with KVpnc (Linux)
Short manual on how to set up VPN-connections to the VPN-gateway of the ZIV with the help of KDE-frontends KVpnc.
Below you will find an instruction on how to set up a VPN-connection to the VPN-server of the university using the open-source-combination vpnc/kvpnc (i.e. without using the proprietary Cisco-driver).
In this context it is assumed that both
vpnc and
KVpnc installiert sind. have been installed. Both programs are at least available as packages in the newer distributions and can be installed by means of
apt-get (Ubuntu) or
yast (Suse). Alternatively, you can find the source codes under
http://www.unix-ag.uni-kl.de/~massar/vpnc/ or at
http://home.gna.org/kvpnc/en/index.html.
Instructions:
Starting
kvpnc
(you will be asked for the root-password). The surface of KVpnc will appear.
Choose
Profile/New Profile (Assistant) in the menu.
Click
continue.
Choose
Cisco (free) as VPN-Type and click
continue.
Choose
Import PCF-file and click
continue.
You will now be asked for the VPN-Profile (PCF-file). You can download the VPN-profile provided by the ZIV
here.
You must now choose the downloaded file. (Normally this file is called
vpnstandard.pcf.)
You will now be asked for the user ID and the
password for network access (
not the standard-password).
You can change the passwords at the portal
MeinZIV.
Take care: The password will be saved in the clear text, but it can only be read with Root-rights. Entering the password here is optional. If you do not give any details here, KVpnc will ask for the information every time you want to set up a connection.
Now click
continue three times.
If everything is ok, the KVpnc-surface will reappear.
In order to complete the remaining settings, choose
set up settings/kvpnc in the menu:
Choose the category
Profile/Network/NAT.
Activate the button
Use UDP (NAT-T). As
UDP port for NAT-T enter, for example,
10000.
Note: If you use a router with integrated firewall, it might be necessary to transfer the relevant port. The router handbook will provide information about how to proceed. It might also be necessary to configure the Linux-Firewall (if applicable) accordingly.
If you want to set up a VPN-connection, you can now choose the requested profile (in this case:
vpnstandard) and click
connect.
You will now be asked for the group password:
It is slightly more difficult to get the group password. First open the file
vpnstandard.pcf with a text editor. There you will find the string:
!enc_GroupPwd=*PASSWORT*
This
password must now be deciphered by entering it on
http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode and using the deciphered password as group password.
(for vpnstandard.pcf currently: The_preshardkey_$4$_vpnstandard%
You might also be asked to enter your password for network access (see above). After that an encrypted VPN-connection to the VPN-Gateway of the ZIV will be set up. Job done.
The connection can be dropped by clicking
Disconnect.
The configurations made can be saved under
~root/.kde/share/config/kvpnrc
.
If you want to start anew, you can also delete this file (a restart of KVpnc will re-set them).
Problems with (k)vpnc at more specific client gateways
Beside the general VPN-Gateway ("vpnstandard") the ZIV also operates many more specific gateways used to connect into other net zones (comp.
http://www.uni-muenster.de/ZIV/Technik/Netz/VPN.html).
For those gateways you need especially provided VPN-profiles and the users must be especially authorized for this connection.
Unfortunately, the use of these more specific client gateways does not work with the (k)vpnc at present. This might be because of the authentication with "user@xyz" necessary for these gateways: in the
TODO-list for the
vpnc 0.5.3 it says: "research/bugs: - usernames containing "@" unable to login".
In this case your only choice is to use the Cisco-client (see
here).
--
LauraOeste - 2011-05-10