Software
Linux
UBVPN
Requirements
- Internet connection
- Ability to configure firewall to allow VPN connection
- Kernel Headers for the currently running kernel
- GNU Compiler & Development tools
- Superuser privileges (root/sudo)
Network Configuration
You may need to allow traffic on these ports for the VPN to work:
- UDP port 500 (ISAKMP)
- TCP protocol 50 (ESP)
- UDP port 4500 (for use with NAT-T, for users utilizing NAT)
Kernel Headers/Sources
Depending on your distribution, you may already have these installed,
To check if you have your Kernel Headers installed run this:
# ls -la /lib/modules/`uname -r`/build
If you get a "File not found" error then you need to install the Kernel Headers for your system:
| Distribution | Command | |
|---|---|---|
| Ubuntu Based | sudo apt-get install linux-headers-`uname -r` | |
| Red Hat Based (Fedora/CentOS) | sudo up2date -i kernel-devel kernel-smp-devel | |
| Gentoo | sudo emerge -av linux-headers |
Compiler & Development Tools
You will need make, gcc and ld to bulid the VPN client. Test each command to check if you already have them. If you have the tool then it will look like this:
# gcc
gcc: no input files
If not, then you'll get a 'command not found' message:
# gcc -bash: gcc: command not found
Refer to your distribution's documentation to install the missing tools.
Download and unpack the vpn client
Download the appropriate file. Red Hat customers shoulds download and install the rpm version, restart and the vpnclient will be ready for use.
Customers using other distribution should use the tarball version for 2.6 kernels.
Unpack the vpnclient:
# tar xvzf vpnclient-linux-4.8.02.0030-ub1.tar.gz # cd vpnclient
Installation
Make sure no other VPN software is running when you install the client. Remove previous versions before installing the new version.
# sudo ./vpn_install
You will be prompted for a directory in which to install the binaries. The default is /usr/local/bin.
You can have the VPN service start automatically when the computer boots up. This might not work on some Linux distributions. This does not establish a VPN tunnel to anywhere; the service just loads the kernel modules.
As the install progresses, you will be asked to confirm that the selections are correct, usually you can safely enter 'y' if the files are where you want them to be.
Fixing the startup script
Some distributions handle startup scripts differently, so you may need to fix the new script, if you want to have the vpn module loaded automaticlly:
| Distribution | Command | |
|---|---|---|
| Ubuntu-based | # sudo update-rc.d -f vpnclient_init remove # sudo update-rc.d -f vpnclient_init default | |
| Gentoo | # sudo eselect rc add vpnclient_init default |
Red Hat Based Distributions do not need any extra configuration.
Before the install is complete, you'll want to start the script so you can use the VPN client without rebooting:
# sudo /etc/init.d/vpnclient_init start
Uninstalling the VPN Client
To uninstall the VPN Client, run the following command as root from the vpnclient directory that was created during installation:
# sudo ./vpn_uninstall
Troubleshooting
Check that the module is loaded
If the module is loaded it will look like this:
# lsmod | grep 'cisco_ipsec' cisco_ipsec 6000412 0
If nothing is printed from the command above, then the module is not loaded. It can be loaded manuelly:
# sudo modprobe cisco_ipsec
If the above command fails with the error: ' FATAL: Module cisco_ipsec not found.' then you will need to re-run the installation procedure above, then retry loading the module. A kernel upgrade will cause this problem.
This should resolve any problems with the module, so that the vpnclient will function. If you continue to have problems email a log of the installation and any error messages to ublinux-support@buffalo.edu.
Check the log files
To setup the vpnclient to keep log files edit the file /etc/opt/cisco-vpnclient/vpnclient.ini and change EnableLog=0 to EnableLog=1 . The log levels for each component range from 0 (disabled) to 3 (verbose).
Decide on a location suitable for keeping the log, /var/logs is usually a good choice to store this. Next, run the command to start the log:
sudo /usr/local/bin/ipseclog /var/log/vpn.txt &
Do this before starting the VPN Client to enable logging. If the file already exists, the file will be overwritten by the new data.
Try running the VPN client now that logging is now enabled. The log files may shed some light on what is wrong. If you are unable to pinpoint and solve the problem, email a copy of the log and a summary of your system configuration to ublinux-support@buffalo.edu.
Additional Information