Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Automated connection for Cisco VPN with NetworkManager
- This was NetworkManager 1.4.2 on Fedora 25:
- ```
- rpm -qi NetworkManager
- Name : NetworkManager
- Epoch : 1
- Version : 1.4.2
- Release : 1.fc25
- Architecture: x86_64
- Install Date: Sat 26 Nov 2016 11:33:56 PM EST
- Group : System Environment/Base
- Size : 10567687
- ...
- rpm -qi NetworkManager-vpnc
- Name : NetworkManager-vpnc
- Epoch : 1
- Version : 1.2.4
- Release : 1.fc25
- Architecture: x86_64
- Install Date: Sun 27 Nov 2016 05:18:05 PM EST
- Group : System Environment/Base
- Size : 566511
- ```
- NetworkManager is supposed to be able to import a vpnc file but in my case it simply would not.
- There are a few tools to help with making a vpnc config file if all you have is a Cisco PCF file. There's the
- nm-import-vpnc script found in the contrib/scripts directory of NetworkManager's source distribution, as well
- as pcf2vpnc which comes with vpnc. With a proper vpnc config you should be able to use
- `nmcli con import file ${VPNC_CONFIG_FILE} type vpnc` and that'll be that. It did not work for me.
- I have a couple of VPN links so I give interface names a more desciptive name than "tun0" or similar. In
- this case I went with tunsample:
- ```sh
- con add type vpn ifname tunsample vpn-type vpnc
- ```
- then edit /etc/NetworkManager/system-connections/vpn-tunsample:
- ```ini
- [connection]
- id=vpn-tunsample
- uuid=2c86eb04-65e5-4041-b701-961a008b6790
- type=vpn
- interface-name=tunsample
- permissions=
- secondaries=
- [vpn]
- NAT Traversal Mode=cisco-udp
- ipsec-secret-type=save
- xauth-password-type=save
- IPSec ID={{GroupName from your PCF file}}
- IPSec gateway={{host from PCF}}
- Xauth password-flags=1
- Xauth username={{Username from PCF}}
- service-type=org.freedesktop.NetworkManager.vpnc
- [vpn-secrets]
- IPSec secret={{UserPassword, but NetworkManager does not seem to respect this setting}}
- [ipv4]
- dns-search=
- method=auto
- never-default=true
- [ipv6]
- addr-gen-mode=stable-privacy
- dns-search=
- method=auto
- ```
- Reload the configuration:
- ```sh
- nmcli conn reload
- ```
- I spent a while trying to get it to use credentials stored in the interface definition but I failed. Lots of folks have
- suggestions but none worked with this version of NetworkManager. So, fine, we can use a password file:
- ```sh
- echo vpn.secrets.IPSec:{{this is GroupPwd from the PCF file}} > ${SOME_LOCATION}/sample_secrets
- echo vpn.secrets.Xauth password:{{UserPassword from PCF}} >> ${SOME_LOCATION}/sample_secrets
- nmcli con up vpn-tunsample passwd-file ${SOME_LOCATION}/sample_secrets
- ```
- Feel free to delete the `sample_secrets` file once the connection is up. Or not if it never changes - in my case I have
- this automated via a shell script since the VPN link uses two-factor authentication and the password always changes.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement