This article explains how to connect your Linux machine to the University VPN.

 

The configuration of Linux can be difficult, as different Linux distributions do things in different ways. The following are guides for the most useful variants, but as a general guideline you will want to install the necessary vpnc packages and avoid having anything to do with strongswan or openconnect  - neither of which appear to work.

Graphical Interface (Ubuntu)

First install the required packages - both the VPN client software and the extensions to the Network Manager that support the VPN client are required. Start the Ubuntu Software Centre as shown in Figure 1.

Linux software centre

Figure 1: Ubuntu software centre

Enter networkm in the search box on the top right hand side and press enter. The box shown in Figure 2 will appear.

gnome network manager window

Figure 2: Network (network-manager-gnome)

Now select Network (network-manager-gnome) and  More Info, Figure 3 will  then appear.

Linux network manager

Figure 3: Network (network-manager-gnome)

Scroll down this window and towards the end you should see a list of packages associated with Network Manager, as shown in Figure 4.

Linux gnome manager

Figure 4: Network-manager-vpnc-gnome

Select Network-manager-vpnc-gnome.

gnome apply changes

Figure 5: Network-manager-vpnc-gnome apply changes windows

Now click Apply Changes.

You will be prompted for your password to apply the software changes, and the installation should proceed. Once finished quit the Software Centre.

To configure a VPN connection go into the network settings. Go to System Settings as shown in Figure 6.

Linux system settings

Figure 6: System Settings Window

Open the Network icon and Figure 7 is displayed.

Linux network settings

Figure 7: Network Settings

You need to create a new network by clicking on the “+” at the bottom left  and select VPN as shown in Figure 7.

Linux interface window

Figure 8: Interface Settings window

The interface shown in Figure 8 will appear, make sure the VPN is selected as the Interface and click Create and Figure 9 will be displayed.

Linux select VPN

Figure 9: Select the VPN

Only the installed vpnc style of VPN will be shown which should be the default choice. but if it isn’t showing as such, select the type of VPN as shown above and click on Create and Figure 10 will appear.

Linux VPN settings

Figure 10: Setting up the VPN

Enter the details as shown (except your username will be different). Your account details are the same as for logging into your University network account  and click Save.

The VPN connection is started and stopped from the Network Manager applet.

The VPN can also be installed and configured via the Command-Line.

Command-Line (Ubuntu, but probably Debian too)

The command-line tools for connecting can be installed with :-

sudo apt-get install vpnc

Once installed you can connect with something as simple as vpnc which will ask you for all the necessary details. However you may wish to prepare command-line options to shorten the question and answer dialog.

The basics should be started with :-

sudo vpnc --gateway gp.vpn.port.ac.uk --id uop --username ${your-username} --no-detach --natt-mode force-natt --vendor cisco

Whilst the VPN connection is required, leave the terminal window alone and once the connection is no longer required, interrupt it with Control-C.

Command-Line (Split Tunnel)

This is “unusual”, and requires rather custom configuration.

The first step is to create a manual routing script called “manual-routes” within /usr/share/vpnc-scripts which runs the standard connection script after overriding what the vpnc connection daemon determines from the VPN gateway :-

#!/bin/sh

# This is a wrapper for the vpnc-script overriding some variables needed

# for setting up split-tunneling

#INTERNAL_IP4_DNS=

#  Clear INTERNAL_IP4_DNS if you want to ignore DNS parameters sent by the VPN

 CISCO_SPLIT_INC=2

# We are manually specifying two routes here

CISCO_SPLIT_INC_0_ADDR=148.197.0.0  #IP range to go into first tunnel

CISCO_SPLIT_INC_0_MASK=255.255.0.0  #Subnet Mask for first tunnel

CISCO_SPLIT_INC_0_MASKLEN=16         #Mask length

CISCO_SPLIT_INC_0_PROTOCOL=0

CISCO_SPLIT_INC_0_SPORT=0

CISCO_SPLIT_INC_0_DPORT=0

CISCO_SPLIT_INC_1_ADDR=10.0.0.0    #IP range to go into the second tunnel

CISCO_SPLIT_INC_1_MASK=255.0.0.0     #Subnet mask

CISCO_SPLIT_INC_1_MASKLEN=8           #Mask length

CISCO_SPLIT_INC_1_PROTOCOL=0

CISCO_SPLIT_INC_1_SPORT=0

CISCO_SPLIT_INC_1_DPORT=0

Once created, the connection can be established with: vpnc --gateway gp.vpn.port.ac.uk --id uop --username ${your-username} --no-detach --natt-mode force-natt --vendor cisco --script /usr/share/vpnc-scripts/manual-routes

The “INTERNAL_IP4_DNS” parameter is commented out for a good reason - if you do not use on-site DNS servers not all DNS lookups for internal services will work correctly.

 

Share
Email
Facebook
Twitter
Reddit
Subscribe
Enter your email address to receive a notification when the article is updated
Email Address
Subscribe
Unsubscribe
Share
To
Subject
Message
Send

Was this article helpful
Thank you for your feedback
How can we improve?