Connecting a Linux Computer to a VPN

  1. Download and install vpnc.

    • This program is found in many of the distributions package management systems. So, before you go after the source code try searching your package repositories first.

    • If you must download the source code, the install is still quite simple: enter the source directory and run:

      make && su -c "make install"

      If you are on ubuntu or require sudo to have root access it is:

      make && sudo make install

  2. Check that the tun/tap device driver is built into your kernel (vpnc will tell you if it is or isn't when you run vpnc).

  3. Edit the configuration file:

    • Example: (/etc/vpnc.conf)

      #Interface name tun0
      IPSec gateway 199.17.118.250
      IPSec ID wireless
      IPSec secret XXXXXXXXXXXXXXX
      Xauth username (Your DragonMail UserName)
      [Xauth password (Your DragonMail Password)] <- Optional

      Only use the password line if you don't want to have to type your password every time. Please, email your name and dragonID to Alex Brandt to get the password that goes on the IPSec secret line. (Thanks to Conor Shenk for getting the password decrypted.)

    • If you decide to include your password in the configuration file; then take the necessary precautions (i.e. chmod 600 /etc/vpnc.conf), and don't forget to remove the square brackets surrounding it.

  4. Now, if everything is properly configured and installed; then all you need to do is (as root for now) run vpnc. If it works congratulations, continue to learn how to make it so certain users can run vpnc without becoming root. If it did not work try going through the steps again, and experiment a little. If you truly can't get it you can email Alex Brandt, but I do not guarantee a speedy reply. I also do not guarantee that I know all of the answers. The first place you should check is the vpnc homepage.

  5. If you want vpnc to start everytime you start your computer put it in your rc.local file. This is located in different places based on the distribution you are running; so, please, consult the documentation for your distribution if you don't know where it is. You will also want to add vpnc-disconnect to your shutdown scripts (this isn't required, but is good practice).

  6. If you want to have a user be able to connect the network, but not on startup; I recommend installing sudo to handle the security. Using the visudo editor (I know how much some people like vim, but there is a tutor available). (If you need some help getting used to vim I suggest you use the tutor by running vimtutor.) Now, just add this line to your sudoers file (using our handy visudo):

    username hostname = NOPASSWD:/usr/bin/vpnc,/usr/bin/vpnc-disconnect

    Now, your specified user can start the vpn client with the following statement: sudo vpnc, and stop it with sudo vpnc-disconnect.

  7. Using aliases you can make your life even easier. The user can add the following lines to his ~/.bashrc file to simplify commands requiring the school's network.

    alias vpnc="sudo vpnc"
    alias vpnc-disconnect="sudo vpnc-disconnect"
    alias program="sudo vpnc && program && sudo vpnc-disconnect"

    This last one is invaluable if you need to log into the network for a specific program's license or whatnot, but use your imagination and you can make your computing experience as easy as you like.