How do I get this Cisco VPN client to connect?

I've got Ubuntu 10.10 64 bit and installed network-manager-vpnc and configured the connection but I keep getting this:

NetworkManager[1217]: <info> Starting VPN service 'org.freedesktop.NetworkManager.vpnc'...                                                   
NetworkManager[1217]: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 4420       
NetworkManager[1217]: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' appeared, activating connections                              
NetworkManager[1217]: <info> VPN plugin state changed: 1                                                                                     
NetworkManager[1217]: <info> VPN plugin state changed: 3                                                                                     
NetworkManager[1217]: <info> VPN connection 'CSI' (Connect) reply received.                                                                  
modem-manager: (net/tun0): could not get port's parent device                                                                                
NetworkManager[1217]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)                                 
NetworkManager[1217]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
kernel: [ 2281.723506] tun0: Disabled Privacy Extensions                                                                                     
avahi-daemon[1109]: Withdrawing workstation service for tun0.                                                                                
NetworkManager[1217]:    SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tun0, iface: tun0)                               
NetworkManager[1217]: <warn> VPN plugin failed: 1                                                                                            
NetworkManager[1217]: <info> VPN plugin state changed: 6                                                                                     
NetworkManager[1217]: <info> VPN plugin state change reason: 0                                                                               
NetworkManager[1217]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.                    
NetworkManager[1217]: <info> Policy set 'Auto eth0' (eth0) as default for IPv4 routing and DNS.                                              
NetworkManager[1217]: <info> Starting VPN service 'org.freedesktop.NetworkManager.vpnc'...                                                   
NetworkManager[1217]: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' started (org.freedesktop.NetworkManager.vpnc), PID 4547       
NetworkManager[1217]: <info> VPN service 'org.freedesktop.NetworkManager.vpnc' appeared, activating connections                              
NetworkManager[1217]: <info> VPN plugin state changed: 1                                                                                     
NetworkManager[1217]: <info> VPN plugin state changed: 3  

I've seen a couple of bugs on Launchpad that could be the same thing or have I done something wrong?


  1. Install vpnc package:

    sudo apt-get install vpnc
    
  2. Create the connect script, copy the contents below into a file called vpn-connect and place it on the path somewhere:

    #!/bin/sh
    
    sudo vpnc --local-port 0 --enable-1des /etc/vpnc/vpn.conf
    
  3. Copy over the .pcf file used by the Windows Cisco VPN client and use this as a basis for step 4.

  4. Now you need to create the vpn.conf file in the /etc/vpnc directory. The content of this file are as follows:

    IPSec ID <your ipsec id>
    IPSec gateway <your gateway address>
    IPSec secret <your ipsec secret>
    
    Xauth username <your username>
    Xauth password <your password>
    IKE Authmode psk
    

    <your username> and <your password> should be obvious.

You now have everything required to connect, so run the script:

vpn-connect

After a few seconds it should come back with the message:

VPNC started in background

And give you a process id.

You should now be connected to the VPN.


I found that in my case the plugin was failing because vpnc was not happy about the encryption method

peer selected (single) DES as "encryption" method.
This algorithm is considered too weak today
If your vpn concentrator admin still insists on using DES
use the "--enable-1des" option.

This message could be only discovered by stracing the vpnc process.

In order to add --enable-1des option to vpnc command line I performed the following:

sudo -s
mv /usr/sbin/vpnc /usr/sbin/vpnc.real
cat <<EOF > /usr/sbin/vpnc
#!/bin/sh
exec /usr/sbin/vpnc.real --enable-1des $*
EOF
chmod +x /usr/sbin/vpnc

Basically I replaced the vpnc binary with a wrapper script that supplied the necessary parameter.

Now NetworkManager VPNC plugin can connect properly.