# Automated connection for Cisco VPN with NetworkManagerThis was NetworkManage

1. # Automated connection for Cisco VPN with NetworkManager
2.  
3. This was NetworkManager 1.4.2 on Fedora 25:
4.  
5. ```
6. rpm -qi NetworkManager
7. Name : NetworkManager
8. Epoch : 1
9. Version : 1.4.2
10. Release : 1.fc25
11. Architecture: x86_64
12. Install Date: Sat 26 Nov 2016 11:33:56 PM EST
13. Group : System Environment/Base
14. Size : 10567687
15.  
16. ...
17.  
18. rpm -qi NetworkManager-vpnc
19. Name : NetworkManager-vpnc
20. Epoch : 1
21. Version : 1.2.4
22. Release : 1.fc25
23. Architecture: x86_64
24. Install Date: Sun 27 Nov 2016 05:18:05 PM EST
25. Group : System Environment/Base
26. Size : 566511
27. ```
28.  
29. NetworkManager is supposed to be able to import a vpnc file but in my case it simply would not.
30.  
31. There are a few tools to help with making a vpnc config file if all you have is a Cisco PCF file. There's the
32. nm-import-vpnc script found in the contrib/scripts directory of NetworkManager's source distribution, as well
33. as pcf2vpnc which comes with vpnc. With a proper vpnc config you should be able to use
34. `nmcli con import file ${VPNC_CONFIG_FILE} type vpnc` and that'll be that. It did not work for me.
35.  
36. I have a couple of VPN links so I give interface names a more desciptive name than "tun0" or similar. In
37. this case I went with tunsample:
38.  
39. ```sh
40. con add type vpn ifname tunsample vpn-type vpnc
41. ```
42.  
43. then edit /etc/NetworkManager/system-connections/vpn-tunsample:
44.  
45. ```ini
46. [connection]
47. id=vpn-tunsample
48. uuid=2c86eb04-65e5-4041-b701-961a008b6790
49. type=vpn
50. interface-name=tunsample
51. permissions=
52. secondaries=
53.  
54. [vpn]
55. NAT Traversal Mode=cisco-udp
56. ipsec-secret-type=save
57. xauth-password-type=save
58. IPSec ID={{GroupName from your PCF file}}
59. IPSec gateway={{host from PCF}}
60. Xauth password-flags=1
61. Xauth username={{Username from PCF}}
62. service-type=org.freedesktop.NetworkManager.vpnc
63.  
64. [vpn-secrets]
65. IPSec secret={{UserPassword, but NetworkManager does not seem to respect this setting}}
66.  
67. [ipv4]
68. dns-search=
69. method=auto
70. never-default=true
71.  
72. [ipv6]
73. addr-gen-mode=stable-privacy
74. dns-search=
75. method=auto
76. ```
77. Reload the configuration:
78.  
79. ```sh
80. nmcli conn reload
81. ```
82.  
83. I spent a while trying to get it to use credentials stored in the interface definition but I failed. Lots of folks have
84. suggestions but none worked with this version of NetworkManager. So, fine, we can use a password file:
85.  
86. ```sh
87. echo vpn.secrets.IPSec:{{this is GroupPwd from the PCF file}} > ${SOME_LOCATION}/sample_secrets
88. echo vpn.secrets.Xauth password:{{UserPassword from PCF}} >> ${SOME_LOCATION}/sample_secrets
89.  
90. nmcli con up vpn-tunsample passwd-file ${SOME_LOCATION}/sample_secrets
91. ```
92.  
93. Feel free to delete the `sample_secrets` file once the connection is up. Or not if it never changes - in my case I have
94. this automated via a shell script since the VPN link uses two-factor authentication and the password always changes.