How to install the CiscoVPN client

UPDATE: It's a lot easier to ignore everything below and use EduRoam instead. For those that don't know, EduRoam is a WPA system that allows you to authenticate yourself using your UCL login credentials so, long story short, there's no annoying Cisco client to install or use.

UCL RoamNet requires the use of the CiscoVPN client. However, Cisco don't seem to update their client quite as often as they should making kernel updates break things.

Seeing as I had to reinstall the client today I figured I'd let everyone know how I managed it. These instructions have been tested on Ubuntu 8.04 (Hardy Heron) (UPDATE: Also tested on 8.10 (Intrepid Ibex)) but should work on mostly any distribution.

First of all you'll need to get the client and unpack it:

# wget https://www.ucl.ac.uk/is/roamnet/bin/linux \ 
    /48010640-64/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz

# tar -zxvf vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz

Now you'll need to patch the Cisco VPN source. Alexander Griesser maintains patches for the Cisco VPN software at http://projects.tuxx-home.at/?id=cisco_vpn_client

For the version of the client downloaded above, you can get the correct patch using:

# wget http://projects.tuxx-home.at/ \ 
    ciscovpn/patches/vpnclient-linux-2.6.24-final.diff

Now patch the source:

# cd vpnclient

# patch <../vpnclient-linux-2.6.24-final.diff

And install the client as usual using:

# ./vpn_install

The defaults the script gives you should be fine (I normally change the binary installation directory to /opt though).

Now get the rootcert certificate file from the RoamNet website and import the certificate using:

# cisco_cert_mgr -R -op import

And entering the filename when prompted.

Once you've done this you'll need to get the UCL_RoamNet.pcf file, edit it to your needs, and place it in /etc/opt/cisco-vpnclient/Profiles.

You can now connect to RoamNet using:

# sudo /etc/init.d/vpnclient_init start
# /path/to/vpnclient connect UCL_RoamNet

Or you could use the following script, which helps take care of loading the kernel module.

vpn_start

#!/bin/bash

# Cisco VPN Client Script 
# v0.3 2008-09-18
# (C) Luke Pomfrey

#Location of VPN client program
# i.e. wherever you told vpn_install
# to put binary files.
VPN_LOC="/opt"

echo "(Re)starting the kernel module now...";
sudo /etc/init.d/vpnclient_init restart;


echo "All set...";

echo "vpnclient connect UCL_RoamNet";
${VPN_LOC}/cisco-vpnclient/bin/vpnclient connect UCL_RoamNet;

UPDATE: I emailed the UCL IS RoamNet team recently about getting this put on the RoamNet site with the several other GNU/Linux tutorials that are on there at the moment (since mine seems to be the most complete/up to date and, above all, actually working </blowing one's own trumpet>) and apparently they're rolling out a new WPA system Real Soon Now, which hopefully means we'll no longer have to taint our kernels with this Cisco crap. :)

References

• http://projects.tuxx-home.at/?id=cisco_vpn_client
• http://www.longren.org/2007/05/17/how-to-cisco-vpn-client-on-ubuntu-704-feisty-fawn/
• http://www.ucl.ac.uk/is/roamnet/