Problem with Cisco VPN on Ubuntu 12.04
May 7, 2012
A couple of days ago I had to change my notebook. I installed Ubuntu 12.04 on the new one, while on the previous one there was Ubuntu 11.10. There were no problems with copying all the files from the old to the new machine, including GPG and SSH keys. Everything went smoothly and I could connect to all the machines I needed.
The only problem was with VPN. While working for one of our clients, I need to connect to their VPN. On the old machine I did that through the Network Manager. Nothing easier, I went to the Network Manager, chose the Export option and saved all the settings to a file. I copied the file to the new computer and loaded it into the Network Manager.
The file loaded correctly. I could switch the VPN on. It said everything works. But in fact it didn’t. The message was “VPN is connected”, I could switch it on and off, but I couldn’t access any of the client’s resources available from my previous notebook.
The first thing I checked was the content of /etc/resolv.conf on both computers. The file without connecting to VPN looked like this on both computers:
$ cat /etc/resolv.conf # Generated by NetworkManager nameserver 127.0.0.1
When I connected to the VPN the files on both computers were quite different. For example on my new computer (and Ubuntu 12.04) the content of the file looked like this:
$ cat /etc/resolv.conf # Generated by NetworkManager domain something.net search something.net nameserver 127.0.0.1
I changed the data a little bit of course, so the domain names and IP addresses (except for 127.0.0.1) are not real.
On my old computer the resolv.conf file had a lot more entries, however I thought the above file should work as well. The problem was still the same: I couldn’t connect to the client’s resources.
The client is using the CISCO VPN, so I had to install network-manager-vpnc. This is just a plugin for network-manager which uses the vpnc program internally. I thought that maybe the plugin was doing something wrong.
I checked the plugin versions. Yes, they really differ. I started thinking about using the program without the Network Manager.
It turned out to be very simple to use. I need just a config file. The file is really simple:
IPSec gateway something.net IPSec ID something.id IPSec secret somethingpass Xauth username mylogin Xauth password mypass
I keep all my local scripts in ~/bin (which can also be accessed as /home/szymon/bin). The directory ~/bin is added to the PATH environment variable. This way I can access all the scripts placed there in the console without providing the whole path. I did it by adding the following line at the end of my local ~/.bashrc file.
To keep the things together I saved the config file at the same location ~/bin/vpn.conf.
Now I can connect to the VPN using:
$ sudo vpnc-connect /home/szymon/bin/vpn.conf
I can also stop the VPN using:
$ sudo vpnc-disconnect
To automate it a little bit I created a simple script stored at ~/bin/vpn:
#!/usr/bin/env bash case "$1" in start) sudo vpnc-connect /home/szymon/bin/vpn.conf ;; stop) sudo vpnc-disconnect ;; status) ps uaxf | grep vpnc-connect | grep -v grep ;; restart) sudo vpnc-disconnect sudo vpnc-connect /home/szymon/bin/vpn.conf ;; *) echo "Usage: vpn (start|stop|status|restart)" exit 1 ;; esac
This way I can simply write:
$ vpn start [sudo] password for szymon: VPNC started in background (pid: 13771)...
I noticed that now the /etc/resolv.conf file contains different entries than when using the Network Manager plugin:
$ cat /etc/resolv.conf #@VPNC_GENERATED@ -- this file is generated by vpnc # and will be overwritten by vpnc # as long as the above mark is intact # Generated by NetworkManager nameserver 184.108.40.206 nameserver 220.127.116.11 search something.net
I can also disconnect from the VPN with simple command:
$ vpn stop Terminating vpnc daemon (pid: 13771)
I’m using this script for a couple of days and I don’t have any problems with the CISCO VPN. It seems like the vpnc program in Ubuntu 12.04 is OK, however there is something wrong with the Network Manager plugin for vpnc.