VPN Connection

You need an active CS Account to download and create a VPN connection.

The VPN client software is available from the VPN download page.

Windows

Install

Uninstall the old version of the VPN client. If it asks if you want to keep your profiles, say yes. You will need to reboot your computer after uninstalling the old VPN client.
Go to the folder where you downloaded the client software and unpack the (.exe) file. Follow the instructions to install the VPN client. You will need to reboot your computer after the installation.

Configure the VPN client

Start->programs->Cisco Systems VPN Client->vpn client
*A new window called VPN Client will appear.
Use the "Connection Entries" menu and select "New".
*A new window called "VPN Client | Create New VPN Connection Entry" will appear.
Name the connection Entry: CS VPN (or whatever you want)
Enter a description in the description field if you want.
Locate the Host, Username, and Password which can be found on the VPN download page.
Enter this information on the appropriate line.
*You will need to enter the password in the "Confirm Password" text box as well.
Choose the Transport Tab (next to the Authentication Tab)
*Make sure Enable Transparent Tunneling is selected IPSec over UDP
Choose Save

Macintosh

Install

Go to the folder where you downloaded the client software and double-click the file. It will mount a virtual disk image on your desktop called CiscoVPNClient
Go into this new disk that was just created. Double-click on the file called 'Cisco VPN Client.mpkg'. This will start the installer.
Run the installer, clicking 'continue' where required.

Configure the VPN client

Open your Applications folder and find the new program called 'VPNClient'.
Double-click this file to start the client software
Use the "Connection Entries" menu and select "New".
*A new window called "VPN Client | Create New VPN Connection Entry" will appear.
Name the connection Entry: CS-VPN (or whatever you want)
Enter a description in the description field if you want.
Locate the Host, Username, and Password which can be found on the VPN download page. Enter this information on the appropriate line.
*You will need to enter the password in the "Confirm Password" text box as well.
Choose the Transport Tab (next to the Authentication Tab)
*Make sure Enable Transparent Tunneling is selected IPSec over UDP
Choose Save
You can run the the VPNClient software again. Highlight the CS-VPN entry and click Connect. You will be prompted for your CS Unix username and password.
You are now connected to the CS VPN Server.
*All CS connections will go through the tunnel and all non-UofM connections will go through your ISP.

Ubuntu Linux

Ubuntu Linux has a built-in, open source VPN client that is compatible with our Cisco VPN system, so you don't need to download the Linux client on the VPN download page. These instructions are for the Breezy, Dapper, and Edgy versions of Ubuntu. Run 'lsb_release -c' to check your version. If you are running Warty or Hoary, we recommend that you upgrade the operating system first, as these versions no longer receive security updates.

Install

In a terminal on your personally-owned laptop or computer, become root:
sudo bash
Install the vpnc package:
aptitude install vpnc
If this command installs the package, you can skip to Configure the VPN client.
If aptitude says it couldn’t find the "vpnc" package, type:
lsb_release -c
The output indicates your Ubuntu version. At the top-left of the screen, select:
System -> Administration -> Synaptic Package Manager
then select:
Settings -> Repositories
For Edgy machines, the window will look like this:

Make sure all the check marks are checked in the Ubuntu 6.10 tab, as shown.
Hit 'Close' and 'Reload'. Close the Synaptic Package Manager and (as root) rerun:

aptitude install vpnc

For Dapper machines, the window will look like this:

Make sure the 'Ubuntu 6.06 LTS (Binary) - Community maintained (Universe)' entry is checked in the
Installation Media tab, as shown. Hit 'Close' and 'Reload'. Close the Synaptic Package Manager and (as root) rerun:

aptitude install vpnc

For Breezy machines, click on 'Add'. The window will look like this:

Under the 'Ubuntu 5.10 "Breezy Badger"' repository, ensure all four components are checked, as shown.
Click on Ok, Ok, and then Yes to reload the repository database.
Close the Synaptic Package Manager and (as root) rerun:

aptitude install vpnc

Configure the VPN client

While still as root, go to the vpnc config directory:
cd /etc/vpnc
Create a custom profile:
cp example.conf cs-vpn.conf
Edit cs-vpn.conf (e.g. 'pico cs-vpn.conf')
At the top you’ll see something like this:

IPSec gateway 192.0.2.32 IPSec ID myGroup IPSec secret myGroupPWD Xauth username myUserName
Set the following information:

IPSec gateway <Host> IPSec ID <Username> IPSec secret <Password> Xauth username <your_CS_username>
Where <Host>, <Username>, and <Password> are taken from the bottom of the VPN download page
and <your_CS_username> is your normal CS username. (Don't include the brackets.)
Save the file and exit. Logout from root within the terminal.

Running the VPN client

In order to connect to the VPN, just type:

sudo vpnc cs-vpn

Enter your CS password when prompted.
To disconnect, type:

sudo vpnc-disconnect

Other versions of Linux

Ubuntu is the version of Linux supported by systems staff, but a VPN client is available for other versions. However, we cannot provide support for these instructions since there are so many different distributions of Linux available. If you are running Debian or a Debian-based distribution, use the Ubuntu instructions above. You may have to make minor changes to the instructions to fit your particular distribution. Otherwise, you will need to download the Cisco Linux VPN client from the VPN download page to your home directory.

Install

Uncompress the Linux client:
tar -xfz <file_name.tar.gz>
Go to the program’s directory:
cd vpnclient
Before installing the program, ensure you have the Linux headers for your kernel installed.
Type 'uname -r' and 'ls /usr/src'.
Check to see if there is a linux-headers directory that corresponds to your kernel release.
Also, confirm that basic GNU utilities are available:
'which gcc', 'which make', and 'which ld'.
Most distributions are ready to go. Otherwise, you will have to find and install the corresponding
packages containing the headers and GNU/build utilities. The method will vary depending on
how/if your distribution handles software packages.
Install the program:
sudo ./vpn_install
Follow the on-screen instructions. The default settings should work fine.
The default permissions for the VPN config files are too generous. Restrict them for added security:
sudo chmod -R go-w /etc/opt/cisco-vpnclient
Start up the VPN daemon:
sudo /etc/init.d/vpnclient_init start
You should only have to do this once since the daemon automatically starts at system boot-up.

Configure the VPN client

Go to the profiles directory:
cd /etc/opt/cisco-vpnclient/Profiles
Create a new profile:
sudo cp sample.pcf cs-vpn.pcf
Configure the profile:
sudo vi cs-vpn.pcf

Configure these lines as follows:
Description=CS VPN Host=<Host> GroupName=<Username> Username=<your_CS_Username>
Where <Host> and <Username> are taken from the bottom of the VPN download page and
<your_CS_Username> is your normal CS username. (Don't include the brackets.)

Running the VPN client

To connect to the VPN, type:

sudo vpnclient connect cs-vpn

Enter your sudo password, if necessary. For 'Enter a group password', enter the password from
the bottom of the VPN download page. It will ask for your username. The default should be correct,
so press <enter>. It will ask for a password and that is your normal CS Unix password.
To disconnect, you can either send a Ctrl-C break to that same terminal or enter:

sudo vpnclient disconnect

in a different terminal.

©2008 Regents of the University of Minnesota. All rights reserved.	Contact U of M \| Privacy
The University of Minnesota is an equal opportunity educator and employer.	Last modified on January 3, 2008

CSE Online Help