Setting up the new CSD VPN client on Linux

Note: In order to use the department VPN, you must already have a department Windows NT/2000 account and an internet connection.

Download the VPN client, for Linux. Also grab the config file that will be put in place for the new setup. You may have to right click and choose "Save Target Link as..." to download the file. Save both files to a known location (on Linux this would most likely be your home directory; on MacOS X this might be your home directory or your desktop.)

Note that due to export restrictions, these files may only be directly downloaded if you are using the department's local network.

First you need to open a xterm or a command line window. If you are using Linux and have already
access to the command line then skip these next few steps.

Under MacOS X this is done by the following,

Open up in the Finder a window and go to your Applications folder.
    Picture of Application Folder
Next you will want to click on the Utilities folder.
    Picture of the Utilities folder
Scroll down until you find the Terminal application, and double click it.
    Picture of the Terminal Window
You should now have a prompt.

If you saved the file to your desktop, type:

cd Desktop

otherwise just continue. If you have saved the file somewhere else, change to that directory.

Untaring and Installing the Client

You will now have a file called vpnclient-macosx-{some numbers and letters}.tar.gz
or under linux vpnclient-linux-{some numbers and letters}.tar.gz
You will want to untar and ungzip the file, this can be done from in one step by using,

tar -xzvf vpnclient-{arch}-{version}.tar.gz

on the command line. The file name should be the one that you just downloaded. You should get
out a list of files it just extracted.

Next change the directory again to the directory that was just created,

cd vpnclient

Next go to the section for your OS, Linux or MacOS X.

Linux

Now you will want to need to "su root" on linux. Then we can start running the install script.

./vpn_instal

It will ask you where you want the binaries installed, /usr/local/bin is the default. This should
be somewhere that is in your path. (echo $PATH)

It will next ask you to automatically start the VPN service at boot time. This is the users choice
most likely they should just say yes.

Next it will ask you where your kernel source is installed, if you don't have the source installed
you will have to find the rpm or whatever pkg mechinism that is provided and install it.

For RedHat 6.x users these files are installed in /usr/src/linux by default
For RedHat 7.x users these files are installed in /usr/src/linux-2.4 by default
For Suse 7.3 users these files are installed in /usr/src/linux-2.4.10.SuSE by default

Directory containing linux kernel source code [/usr/src/linux-2.4]

Then it will ask you if it all looks ok, if you say yes it will build the module and put it into a place where it can find it. Usually /lib/modules/{kernel-version}/CiscoVPN.

Next we will want to copy the config file we downloaded into the profiles directory,

cp csd.pcf /etc/CiscoSystemsVPNClient/Profiles

To insert the VPN kernel module there should be an init script, you can start load the module by typing,

/etc/init.d/vpnclient_init start

Finally skip down to running the client.

MacOS X

If you are running MacOS X you will instead use this command to start the vpn install. It will
ask you for your password, this is the one that you use to log into MacOS X or perform other
installs with.

sudo ./vpn_install
Password:

Now the install script will ask you a few questions, first it will ask you where you want the binaries
installed. This should be somewhere in your path. Usually /usr/local/bin is a good place to put the
binaries.

Directory where vpn binaries will be installed [/usr/local/bin]

If the directory does not exist then it will ask you to create it, if it does just press enter.

Directory "/usr/local/bin" doesn't exist. Create ? [y]

It will ask you if you want to load the kernel extension at boot time and you should just press enter.

Automatically load the VPN NKE at boot time [yes]

You should now see it ask you if the following is correct, if not then type n and go back if
yes then just press enter.

----------------------------------------------------------------------
  - Cisco Systems VPN installation -

  | the installation is configured to install the following
  | files onto this system:

        vpn resource files : "/etc/CiscoSystemsVPNClient"
                 IPSec NKE : "/System/Library/Extensions/CiscoVPN.kext".
          vpn applications : "/usr/local/bin".
      NKE autostart bundle : "/System/Library/StartupItems/CiscoVPN".
---------------------------------------------------------------------

Is the above correct [y]

 ==> creating directory for vpn applications: "/usr/local/bin".
 ==> copying NKE to default system location: "/System/Library/Extensions/CiscoVPN.kext".
 ==> creating startup bundle for NKE in default location: "/System/Library/StartupItems/CiscoVPN".
 ==> creating directory tree for VPN resource files in "/etc/CiscoSystemsVPNClient".
 ==> creating default vpn initialization file "/etc/CiscoSystemsVPNClient/vpnclient.ini".
 ==> installing profiles into "/etc/CiscoSystemsVPNClient/Profiles/":
 ==> added the following profiles: sample 
 ==> copying vpn applications into "/usr/local/bin".
 ==> setting permissions on applications and resource file

       /usr/local/bin/cvpnd (setuid root)
       /etc/CiscoSystemsVPNClient (world writeable)
       /etc/CiscoSystemsVPNClient/Profiles (world writeable)
       /etc/CiscoSystemsVPNClient/Certificates (world writeable)

 ==> touching kernel extensions directory to update cache.

 NOTE: You may wish to change these permissions to restrict access to root.

 ==> The Cisco Systems IPSec NKE will load automatically when you boot this system.

     to load:    /System/Library/StartupItems/CiscoVPN/CiscoVPN start
     to unload:  /System/Library/StartupItems/CiscoVPN/CiscoVPN stop
     to restart: /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

----------------------------------------------------------------------
  Cisco Systems VPN client installation completed successfully.
----------------------------------------------------------------------

It should then spit out something like what is above, depending on what you entered.
Next you need to load the kernel extension, or just reboot. Just type this and it will load
the kernel extension,

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN start

Now we need to copy the config file into place, the following command will copy the config
into the appropriate place.

sudo cp csd.pcf /etc/CiscoSystemsVPNClient/Profiles

Running the Client

Now we can start running the client, all you have to do is run the client with the right config,

/usr/local/bin/vpnclient connect csd

Now it should prompt you for a group passwd, this is sushisushi. Type it in and then press
enter.

Next it should ask you for a Username, type in your Windows username. Then it will prompt you
for a password, this is your Windows password. Finally it will ask you for domain, this should be
UMD-CSD-NT, it may be alreay the default (in the [] brackets) which case you can just press enter.

In your terminal you should now see a bunch of lines to the effect of

Negotiating security policies.

Your link is secure.

IPSec tunnel information.

Client address: 172.16.2.13

Server address: 128.8.128.18

Encryption: 168-bit 3-DES

Authentication: HMAC-MD5

IP Compression: None

NAT passthrough is inactive.

Local LAN Access is disabled.

You can not close the terminal with out closing the vpn tunnel!

You can check to see if your vpn connection is working by bringing up a another terminal and then typing in

traceroute www.cs.umd.edu

It should output four lines to the effect of

traceroute to www.cs.umd.edu (128.8.128.160), 30 hops max, 40 byte packets

 1  newvpn.cs.umd.edu (128.8.128.18)  3.271 ms  9.064 ms  2.992 ms

 2  proxy172.cs.umd.edu (172.16.0.2)  3.101 ms  4.185 ms  3.033 ms

 3  www.cs.umd.edu (128.8.128.160)  24.677 ms  3.169 ms  3.133 ms

You can now use your cs resources, if you have any questions please email staff@cs.umd.edu.