Gold University of Minnesota M. Skip to main content.University of Minnesota. Home page.
CSE Home | One Stop | Directories | Search U of M  
 
 

What's inside.
Account Management

CSE Wiki

E-mail

Hardware and Media

Network and Wireless

Offsite Access

Printing

Processes

Security and Passwords

Software and Tools

Systems Staff

Web Development

 

Help Home

CSE Home

 
 
 
 
 
 
  Home > Offsite Access > VPN Connection

VPN Connection

You need an active CS Account to download and create a VPN connection.

The VPN client software is available from the VPN download page.

Windows

Install the VPN client

  1. Uninstall the old version of the VPN client. If it asks if you want to keep your profiles, say yes. You will need to reboot your computer after uninstalling the old VPN client.
  2. Go to the folder where you downloaded the client software and unpack the (.exe) file. Follow the instructions to install the VPN client. You will need to reboot your computer after the installation.

Configure the VPN client

  1. Start->All Programs->Cisco Systems VPN Client->VPN Client
    *A new window called VPN Client will appear.
  2. Use the "Connection Entries" menu and select "New".
    *A new window called "VPN Client | Create New VPN Connection Entry" will appear.
  3. Name the connection Entry: CS VPN (or whatever you want)
  4. Enter a description in the description field if you want.
  5. Locate the Host, Username, and Password which can be found on the VPN download page.
    Enter this information on the appropriate line.
    *You will need to enter the password in the "Confirm Password" text box as well.
  6. Choose the Transport Tab (next to the Authentication Tab)
    *Make sure Enable Transparent Tunneling is selected IPSec over UDP
  7. Choose Save

Run the VPN client

  1. Start->All Programs->Cisco Systems VPN Client->VPN Client
    *A new window called VPN Client will appear.
  2. Double-click on the connection that you created in Configure the VPN client (above).
  3. In the popup box that prompts you for a username and password, enter your CSE UNIX username/password.
  4. Select "Continue" in the VPN Client Banner box. After the connection is established, you should see a closed lock icon in the System Tray.

Vista Users

Vista is pre-configured to use an LM session security level that is not compatible with our Samba shares, e.g. your Y: drive. When attempting to mount a Samba share remotely, you may get the following error: "The referenced account is currently locked out and may not be logged on to."

If you experience this problem, you may need to use regedit to modify the the following registry key:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
and set the REG_DWORD value to 1.

Macintosh

Install the VPN client

  1. Go to the folder where you downloaded the client software and double-click the file. It will mount a virtual disk image on your desktop called CiscoVPNClient
  2. Go into this new disk that was just created. Double-click on the file called 'Cisco VPN Client.mpkg'. This will start the installer.
  3. Run the installer, clicking 'continue' where required.

Configure the VPN client

  1. Open your Applications folder and find the new program called 'VPNClient'.
  2. Double-click this file to start the client software
  3. Use the "Connection Entries" menu and select "New".
    *A new window called "VPN Client | Create New VPN Connection Entry" will appear.
  4. Name the connection Entry: CS-VPN (or whatever you want)
  5. Enter a description in the description field if you want.
  6. Locate the Host, Username, and Password which can be found on the VPN download page. Enter this information on the appropriate line.
    *You will need to enter the password in the "Confirm Password" text box as well.
  7. Choose the Transport Tab (next to the Authentication Tab)
    *Make sure Enable Transparent Tunneling is selected IPSec over UDP
  8. Choose Save
  9. You can run the the VPNClient software again. Highlight the CS-VPN entry and click Connect. You will be prompted for your CS Unix username and password.
  10. You are now connected to the CS VPN Server.
    *All CS connections will go through the tunnel and all non-UofM connections will go through your ISP.

Ubuntu Linux

Ubuntu Linux has a built-in, open source VPN client that is compatible with our Cisco VPN system, so you don't need to download the Linux client on the VPN download page. These instructions are for Ubuntu 8.04 (hardy), but should be similar for newer versions as well. Run lsb_release -dc to check your version. If you are running anything older than 8.04, we recommend that you upgrade the operating system first, as most older versions no longer receive security updates.

Note: The VPN will not work with an Ubuntu LiveCD/boot disk. You need to use a fully-installed OS.

Install the VPN client

  1. In a terminal on your personally-owned laptop or computer, become root:

    sudo bash

  2. Install the vpnc package:

    aptitude -y install network-manager-vpnc vpnc

    If this command installs the packages, you can skip to Configure the VPN client.

  3. If aptitude says it can’t find any of the packages, type this in the same terminal:

    synaptic

    In the Synaptic window that opens, click Settings -> Repositories.
    Ensure that the first four repositories are enabled, like this:

    Screenshot of Software Sources dialog box, with all repository selection boxes checked

    • Click "Close" for the repository screen
    • Click "Close" again for any "Repositories changed" messages that pop-up.
    • Click "Reload" in the Synaptic Package Manager window.
    • When that finishes, close Synaptic and run:

      aptitude -y install network-manager-vpnc vpnc

Configure the VPN client

  1. Click on the Network Manager icon in the Gnome Panel (toolbar):

    Screenshot: selecting the Network Connection icon from the toolbar

  2. Click on VPN Connections -> Configure VPN.

  3. Click Add to create a new VPN configuration. Click Forward.
  4. Make sure the Cisco-compatible VPN client is selected:

    Screenshot: selecting the Cisco-compatible VPN client from the 'Connect to:' menu

    then click forward.

  5. Name your VPN profile in the Connection Name box. Click on the Required tab, if it isn’t showing.

    Screenshot: dialog box for entering a Connection Name

    Enter the gateway host and VPN username.
    <VPN Host> and <VPN username> correspond to the VPN Client Information on the VPN download page.

  6. Click on the Optional tab.
    Check "Override user name" and enter your CS username in the box:

    Screenshot: 'Create VPN Connection - 2 of 2' dialog box

  7. Click Forward then Apply.

Ubuntu 9.04 (jaunty) configuration

  1. This is what the VPN configuration screen will look like if you're running Ubuntu 9.04 (jaunty):

    Screenshot: Ubuntu 9.04 VPN configuration dialog box

  2. Reminder: the 'VPN' entries are from the VPN download page.

Run the VPN client

  1. Click on the Network Manager again and click VPN Connections and Computer Science (or whatever you named the profile).
  2. Enter your CS password in the Password box and the VPN password from the VPN download page in the Group Password box.
    You can click all three check boxes to save your passwords for future use.

    Screenshot: Authenticate VPN prompt

  3. The VPN will connect if all the information is entered correctly.

Troubleshooting

  • If you have trouble connecting, first double-check your entire VPN configuration, including the gateway host, both usernames, and both passwords.
  • If that doesn’t fix the problem, run:

    sudo aptitude update

    and then

    sudo aptitude dist-upgrade

    Let all the updates finish, reboot, then try connecting again.

Other versions of Linux

Ubuntu is the version of Linux supported by systems staff, but a VPN client is available for other versions. However, we cannot provide support for these instructions since there are so many different distributions of Linux available. If you are running Debian or a Debian-based distribution, use the Ubuntu instructions above. You may have to make minor changes to the instructions to fit your particular distribution. Otherwise, you will need to download the Cisco Linux VPN client from the VPN download page to your home directory.

Install the VPN client

  1. Uncompress the Linux client:

    tar -xfz <file_name.tar.gz>

  2. Go to the program’s directory:

    cd vpnclient

  3. Before installing the program, ensure you have the Linux headers for your kernel installed.

    Type: 'uname -r' and 'ls /usr/src'

    Check to see if there is a linux-headers directory that corresponds to your kernel release.
    Also, confirm that basic GNU utilities are available:

    'which gcc', 'which make', and 'which ld'

    Most distributions are ready to go. Otherwise, you will have to find and install the corresponding packages containing the headers and GNU/build utilities. The method will vary depending on how/if your distribution handles software packages.

  4. Install the program:

    sudo ./vpn_install

    Follow the on-screen instructions. The default settings should work fine.

  5. The default permissions for the VPN config files are too generous.
    Restrict them for added security:

    sudo chmod -R go-w /etc/opt/cisco-vpnclient

  6. Start up the VPN daemon:

    sudo /etc/init.d/vpnclient_init start

    You should only have to do this once since the daemon automatically starts at system boot-up.

Configure the VPN client

  1. Go to the profiles directory:

    cd /etc/opt/cisco-vpnclient/Profiles

  2. Create a new profile:

    sudo cp sample.pcf cs-vpn.pcf

  3. Configure the profile:

    sudo vi cs-vpn.pcf

    Configure these lines as follows:

    Description=CS VPN
    Host=<Host>
    GroupName=<Username>
    Username=<your_CS_Username>

    Where <Host> and <Username> are taken from the bottom of the VPN download page and
    <your_CS_Username> is your normal CS username. (Don't include the brackets.)

Run the VPN client

To connect to the VPN, type:

sudo vpnclient connect cs-vpn

Enter your sudo password, if necessary. For 'Enter a group password', enter the password from the bottom of the VPN download page. It will ask for your username. The default should be correct, so press <enter>. It will ask for a password and that is your normal CS Unix password. To disconnect, you can either send a Ctrl-C break to that same terminal or enter:

sudo vpnclient disconnect

in a different terminal.

 
 
©2009 Regents of the University of Minnesota. All rights reserved. Contact U of M | Privacy
The University of Minnesota is an equal opportunity educator and employer.   Last modified on June 23, 2009
CSE Online Help