Configuring VPN on Linux for USC Network

I was using Cisco's VPN client on Linux, which I downloaded from UCLA's website (yes thats UCLA stuff for USC guy) few months ago. Never even bothered to post a query on USCLUG mailing list to ask a question whether USC has VPN client for Linux. Since I could not find VPN client for Linux on http://www.usc.edu/software, I was pretty sure that there was no VPN support from ISD for Linux.

Then suddenly, I found that Garrick Staples (System Admin at USC ISD) did have few versions of Cisco VPN clients. So I thought that may be I should pen down how to get VPN client running on Linux. Following are the steps which I followed. Note that to install VPN client you should be a super user (root).

1)Download the latest version from https://sol.usc.edu/~garrick/usc-priv/USC_VPN_client . You will need your USC username and password to access this site. [ so hereby I loose non USC netizens reading this blog :-( ]

2) unzip the file using
gunzip vpnclient-linux-4.6.00.0045-k9.tar.gz .

3) untar the tar file using
tar xvf vpnclient-linux-4.6.00.0045.k9.tar
This will create a folder called vpnclient.

4) Enter this folder using cd vpnclient. Then run the installer using
./vpn_install

5) Follow the questions that are asked. For most of them select the default settings by pressing . If it asks you whether you want vpn-client to be started during the init step, select yes so that you will not require to initialize the vpn client daemon every time you reboot your computer. Note that this is vpn client daemon and not the vpn client itself. I think daemon is only used to start a service ready to talk to vpn server. Untill you start vpn client with a configuration file, your vpn connection is not established.

6)Now go to /etc/opt/cisco-vpnclient/Profiles directory and open sample.pcf file using your favorite editor [you are dumb if that editor is not vi :-) ].

7) sample.pcf file is a name/value file with format keyword=value. Change Host value to vpn3k.usc.edu and GroupName value to USC. Also change value to your USC user name. Save the file and exit. You can also rename this file to some more relevant name like Username usc.pcf. The sample configuration file is as shown

Description=sample user profile
Host=vpn3k.usc.edu
AuthType=1
GroupName=USC
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPCommand=
Username=kokje
SaveUserPassword=0
EnableBackup=0
BackupServer=
EnableNat=1
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
DHGroup=2
ForceKeepAlives=0
UserPassword=
enc_UserPassword=

8) Start the daemon by using
/etc/init.d/vpnclient_init start

9) Start the vpn client by using
vpnclient connect sample.
If you changed the configuration file to some other name (usc.pcf as suggested above) then use that name without .pcf extension).

10) If everything went well, then script will run asking you for group password.
Enter "GoTrojan" (without quotes) here. Then when scripts ask for your USC password, enter it.

11) And viola !!! You just have acheived what less than 0.1 % of USC students ever try to acheive - Connect to USC network through VPN client on Linux.

12) Note that I have personally tried this method on Mandrake Linux 10.0 official. But I am absolutely confident that same techniques should work on all the Linux distributions. (Tough luck *BSD guys. I encourage you guys to try it running on *BSD).