VPN with linux at the EUI

Why VPN?

You can use VPN at the EUI for the following purposes:

• for access the local network: if you are for instance on the beach with your girl/boyfriend and suddenly you get the need to read Les Nouvelles in order to know which seminars are going on at the EUI, you can use VPN and become happy!
• for the same reason you can also move documents from your computer to your user account at the EUI
• important for me is that I also can send emails with my eui.eu adress without using this awful Microsoft Webmail (that is using my mail agent program, kmail). For more details see here.

As usual, the EUI uses a propietary solution for its VPN configuration, and instead of using OpenVPN, they use the VPN solution of the Cisco Company.

Installation and configuration

The installation of VPN is not really easy (I have to admit it). But: if you follow these instructions you will be successful. There are following steps:

Step 1: installing the headers of the kernel and programs for compiling

Step 2: installing and configuring VPN

Step 3: Running VPN

Stopping VPN

Step 1: installing the headers of the kernel and programs for compiling

You have to install the headers of the kernel (I will not explain what this is... it does not matter now for you, but if your are interested, look at here). It sounds difficult, but it's not. The steps are as follows

Step 1.1

You need to know the version of your kernel. Open a console and type:

uname -r

you will get then version of your kernel (in my case: 2.6.20-16-386).

Step 1.2

Now we install the headers of the kernel:

sudo apt-get install linux-headers-THENUMBERYOUGOT

maybe it is necessary to install other packages, but it happens automatically...

Step 1.3

And now we install the programs needed for the compilation of others programs (don't care about what this means...). It's also very easy, but important.

sudo apt-get install build-essential

Step 2: Installing and configuring VPN

With the previous steps we have now the needed tools for installing the VPN-Client in our system. The following steps sound also very complicated, but... don't worry!

Step 2.1

Download and unpack this file in a directory. Open a console, go to this directory by typyng

cd THENAMEOFTHEDIRECTORY

and type the following command:

make

This will compile the VPN-Client on your system.

Step 2.2

Then we install the program by typing:

sudo ./vpn_install

Attention: you will be ask for your password.

Step 2.3

You will get with 3 questions:

Directory where binaries will be installed [/usr/local/bin]

Answer: yes

Automatically start the VPN service at boot time [yes]

Answer: no (yes it also possible, but I do not recommend it)

Directory containing linux kernel source code []

in my case the answer is: /usr/src/linux-headers-2.6.20-16.

But: it could be different on your system (anyway it will be something like: /usr/src/linux-headers-YOURKERNELVERSIONNUMMER).

and then the compiling procedure will begin... and end succesfully...

Step 2.4

The last step is to configure the access options for the VPN-Client. For this you have to download this file and you have to put it into the directory /etc/opt/cisco-vpnclient/Profiles and we also have to change the file's permissions and owner. This is done on the console like this:

sudo cp IEURadius.pcf /etc/opt/cisco-vpnclient/Profiles/
sudo chmod 644 /etc/opt/cisco-vpnclient/Profiles/IEURadius.pcf
sudo chown root:root /etc/opt/cisco-vpnclient/Profiles/IEURadius.pcf

Step 3: Running VPN

Now the VPN-Client is already installed on your system... but it is not running yet. There are now several possibilities. I put here the simplest one, and maybe not the most attractive for not power users. BUT: it is easy (really!).

You just have to download this script I made and put it in your home directory and then change the permissions to make it executable. Very easy: open a console and write

chmod +x vpneui

Now you can start the client by typing:

./vpneui

You will be asked for your password and then you will get something like that:

Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-16-386 #2 Thu Jun 7 20:16:13 UTC 2007 i686
Config file directory: /etc/opt/cisco-vpnclient

Initializing the VPN connection.
Contacting the gateway at 192.167.90.3
User Authentication for IUERadius...

Enter Username and Password.

Username []:
Password []:

Here you put your username at the EUI in this form: iuedom\YOURUSERNAME. And then

Authenticating user.
Negotiating security policies.
Securing communication channel.

YOU ARE IN RESEARCHER GROUP: WARNING! Unauthorized Access is Forbidden
!!!
Do you wish to continue? (y/n): 

of course: yes...

Your VPN connection is secure.

VPN tunnel information.
Client address: 192.168.12.109
Server address: 192.167.90.3
Encryption: 56-bit DES
Authentication: HMAC-MD5
IP Compression: None
NAT passthrough is active on port UDP 4500
Local LAN Access is disabled

Success!

If you're here: you are connected!! You can now download your email with thunderbird or kmail or evolution. And you can access the electronic journals of the institute from your browser. For all this there is nothing special to do! (as far as I understand the system, all your internet requests are sending over the VPN... but I'm not completely sure).

How to stop the VPN-Client

To stop the VPN (which is a good idea, if you don't use it...) is very easy. Go to the console where VPN is running and press CTRL+C. That's all.

Note

The main informations are taken from http://popey.com/node/62. I only adapted them to our necessities.

Note

The last version we are using of the CISCO driver is: Cisco Systems VPN Client Version 4.8.01 (0640).