Saturday, 26 July 2008
VPN to AAUE using Linux
« Eget domæne på Gratissip | Main | Komponenter i et mini VoIP system »Since quite a number of people have asked me how to do this now, then it's probably time for a short blog on how you exactly get it up and running.
Hardy comes with a lot of nice features, so luckily the configuration here can be purely GUI based (I am showing commands for package installation, but you can do it from Synaptic),
Install vpnc
Vpnc a VPN client which is compatible with Cisco's "EasyVPN" equipment. This is what is in use at AAUE, so we are home free. If anyone has tried the "real" Cisco VPN client for Linux, then they know what a horror it is to make working.
You want to get both vpnc and the plugin for network manager:
sudo apt-get install vpnc network-manager-vpnc
Configure VPN
This is a multiple step process, but very easy, just follow the steps outlined here below:
Connecting
First time you are connecting to the VPN, you will need to enter two passwords, your AAUE password, and a Group password. Your AAUE password you should know, and luckily, the Group password, we can get without asking administrators (that is the usual procedure, you ask your administrator about the group password).
To get the grouppassword, you must download the VPN client for linux from the AAUE website. You need to get the file vpnlinux-student.tar.gz. Once you have downloaded this archive file, you can need to find the file aaue-student.pcf inside of the archive, and inside this file, find theenc_GroupPwd. In simple cut'n'paste commands it is like this:
tar zxOvf vpnlinux-student.tar.gz vpnclient/aaue-student.pcf | grep enc_GroupPwd
Now you take this encrypted group password, and copy it into this neat webservice, which can "decrypt" the password: http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode, and voila, you have the Group password.
Then we can go on with connecting.
Next is that you should install a tool like FoxyProxy in Firefox, so you can easily switch between the AAUE proxy proxy.aue.aau.dk:3128 and your usual settings.
SSH out from AAUE network
Just a small extra tip. If you use SSH a lot, then I find it convenient to have configured two versions of each host, one that uses normal setup, and one that uses the VPN setup. To ssh out through the AAUE proxy, you can use the tool connect-proxy (sudo apt-get install connect-proxy).
One example from my ~/.ssh/config:
Host tanesha.net
Hostname tanesha.net
Port 22
User sorenad
Compression yes
ForwardX11 yes
Host tanesha.net-aaue
Hostname tanesha.net
Port 22
User sorenad
Compression yes
ForwardX11 yes
ProxyCommand connect-proxy -H proxy.aue.aau.dk:3128 %h %p
With this, I can do ssh tanesha.net-aaue when I am connected to the AAUE vpn, and ssh tanesha.net when I am on "plain" internet. It takes some more time to establish the connection through the AAUE proxy for some reason, but when it has been established, it goes fast like usual.
Technorati Tags: aaue.dk vpn vpnc linux ssh connect-proxy tutorial
[Trackback URL for this entry]
