Configuring VPNC on Fedora 9

vpnc is an opensource alternative to using the Cisco VPN client on Linux machines. If your corporate or school VPN is Cisco based, vpnc is a great tool to use compared to the ugly tainted kernel modules produced by the Cisco VPN client. The default vpnc client on Fedora 9 is compiled without OpenSSL suuport, therefore it is not possible to directly use vpnc to connect to VPN's that use SSL certificates (AuthType=5). The solution is simple however, just compile vpnc with OpenSSL support !.

Step 1:
Grab the OpenSSL source from http://www.unix-ag.uni-kl.de/~massar/vpnc/
wget http://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-0.5.1.tar.gz

Step 2:
Untar the sources.
tar xvf vpnc-0.5.1.tar.gz

Step 3:
Uncomment the following lines from the Makefile (lines 49-50).
OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
OPENSSLLIBS = -lcrypto

Step 4:
Make and install.
make && sudo make install

Step 5:
Edit /etc/vpnc/default.conf and add your VPN settings. These can be found from the .pcf file provided by your system admin. The important settings are:
IPSec gateway 10.1.1.0 #IP address of your gateway

IPSec ID MyVPN #Group name of your VPN

IPSec secret mypassword #Group password in plaintext. If not known, use IPSec obfuscated secret

IPSec obfuscated secret 234AB765C #Encrypted group password.

IKE Authmode hybrid #keep this setting unless it's different for your VPN

CA-File /etc/vpnc/rootcert #Full path to the root server certificate file

Step 6:
Start the client.
sudo /usr/local/sbin/vpnc
The client will prompt you for the username and password. You can store these values in the config file by using the XAuth username and XAuth password fields if you want vpnc to automatically login without prompting you.

If the settings are correct, vpnc will fork to the background and start the encrypted tunnel, Your VPN connection is up and running !