UMLUG Logo
UM Linux Users Group

UMD Resources

AFS

OIT maintains some space on the University network for Linux utilities like various distributions. You can access it from any WAM or GLUE connected computer by going to /afs/glue/group/umlug/.

VPN

Here are instructions on getting the campus Cisco VPN client provided by OIT to work in Linux. Please note that the client provided by OIT at the time of this writing requires that you have the linux kernel sources installed to /usr/src/linux and that it will NOT work with kernels >= 2.5.

[UPDATE 12/23/07] Nick Woodside pointed out this page: http://www.longren.org/2007/05/17/how-to-cisco-vpn-client-on-ubuntu-704-feisty-fawn/

[UPDATE 3/25/06] Peter Teuben has posted directions on using the vpnc client to connect to the campus VPN.

[UPDATE 3/25/06] Daniel Ramsbrock has suggested the following:

As you are probably aware, the vpnclient-linux-4.0.4.B-k9 release available from OIT no longer compiles on kernels 2.6.14 and later because of changes in the sk_buff struct. However, with just four small changes in the source I was able to get it to compile under 2.6.15 and also tested the module--it works like a charm.

Here is the patch file. Apply it by doing the following:

1. Download and extract vpnclient-linux-4.0.4.B-k9.tar.gz from OIT.
2. cd vpnclient
3. Download the patch file into this directory.
4. patch -p0 < vpnclient.patch
5. Proceed with installation as usual: ./vpn_install

Here are brief descriptions of the changes:

Changed lines 301 and 430 of linuxcniapi.c to read:
do_gettimeofday((struct timeval *) &skb->tstamp);

The sk_buff struct renamed the "stamp" member to "tstamp" between kernels 2.6.13 and 2.6.14. The casting to timeval gets rid of warnings at compile time.

Removed the "inline" keyword from lines 49 and 455 in interceptor.c; they now read:
49: static int supported_device(struct net_device *dev);
445: supported_device(struct net_device* dev)

[UPDATE 4/30/04] I've tested the newer version (vpnclient-linux-4.0.3.B-k9) of the client in Gentoo (emerge cisco-vpnclient-3des) on kernel 2.6.4 and it works fine (even better than in 2.4.25) using the same profiles as the older version. You can google to get the newer client. Note that Gentoo applies a patch during the build process in order to make it work with the 2.6 kernel, so you may have to look at the patch in order to make it work with your system if you do not use Gentoo.

[UPDATE 7/22/04] It appears as though you may need to use a newer VPN client (vpnclient-linux-4.0.4.A-k9) if you have kernel 2.6.7 or higher. This has been tested on Gentoo, but needs to be installed manually as it is not in portage as of the time of writing.

  1. Download the Cisco 5000 client, user guide, release notes, and root certificate from OIT (Note: You need a valid UMD Directory ID and password to download each of these items. Visit OIT Helpdesk for more information).
  2. Unzip/untar the package into a working directory. (i.e. tar -zxvf vpnclient-linux-4.0.1.A-k9.tar.gz)
  3. Switch to superuser and run the install script from within the directory you just unzipped. (i.e. cd <install_dir>; ./vpn_install;). Follow the prompts and ignore any warnings.
  4. Copy the root certificate file to /etc/CiscoSystemsVPNClient/Certificates/.
  5. Copy the profile file provided here to /etc/CiscoSystemsVPNClient/Profiles/.
    REMEMBER: Change the Username field to your Directory ID.
    Optionally, you may change the GroupName field to "UMD" if you only want connections bound for UMD to be tunneled. You will also need to change the GroupPwd field. More information regarding group names and passwords are available from this OIT Helpdesk page. Note that comments in the profile are surrounded with square brackets [].
  6. The client should now be installed. Before you can connect to the VPN server, you must run the init script that was installed to your init scripts directory as root. In my configuration, the file was installed to /etc/init.d so to run it, I would type /etc/init.d/vpnclient_init start.
  7. Once you run the init script, you can start the client, by running vpnclient connect umd as a normal user. You should be prompted with your Directory ID and password after which there will be some status messages and you will then be connected to the VPN server. To see if it's working, go to the UMD Whoami page to see what your IP is. If the client is working, then your hostname should start with "vpn".

Note that this has been tested on Gentoo Linux with kernel 2.4.22 and is not guaranteed to work on all systems and configurations. If you have any questions, notice mistakes, have alternate working configurations, etc. please email me.

Red Hat Proxy

Red Hat Proxy is an up2date server that students, staff, and faculty can point their personal copy of RH Advanced Workstation (academic) to, or real licensed copies from the school via the academic licensing program. They need to be on the campus net for it to work, either locally or via VPN. Contact Jeanine Wordin or OIT licensing for more details on accessing it.

© 2003-2005 UMLUG | Email Webmaster