By krbennettmd at 2005-10-20 10:07
Installing the Linux Cisco VPN Client
Download the file vpnclient-linux-x86_64-4.7.00.0640-k9.tar.gz.
As root, untar the tar file into /opt:
Actually, this file can be untarred into any directory. After installation, the main thing you'll need it for is to uninstall and reinstall. A reinstall will need to be done any time you upgrade your kernel.
tar xvzf vpnclient-linux-x86_64-4.7.00.0640-k9.tar.gz
Go into the newly created vpnclient directory and run the installation, accepting the defaults:
This will create and populate the /opt/cisco-vpnclient directory.
Although the vpn service will now start automatically whenever you reboot, you will need to start it manually now unless you reboot:
Now you'll need to create a profile file for each host you'll be connecting to. There is a sample file sample.pcf in /opt/vpnclient; copy this to another file and modify the parameters as necessary. The new file must also have an extension of .pcf. Copy the file to where it will be needed at runtime:
Disable SELinux security:
cp sample.pcf myconfig.pcf
kedit myconfig.pcf # or use whatever editor you like
cp myconfig.pcf /etc/opt/cisco-vpnclient/Profiles
Note: the setenforce command may not be found if you have used sudo to get root access; use su - instead.
Now run the client:
...where myconfig is replaced with the name of your .pcf configuration file. Do not include the extension when you specify the file; it will be assumed.
vpnclient connect myconfig
When you want to disconnect, run:
You can also just close the terminal session in which you made the VPN connection.
Reenable SELinux security:
My experimentation shows that the SELinux security needs to be disabled only at the time the vpnclient program is run. Therefore, it would be a good idea to wrap your vpnclient calls in a shell script as follows:
Create a new file _vpnclient in a directory in your path:
Make it executable:
Then use this shell script instead to run your vpnclient commands, either as root, or using sudo (sudo's a better idea, because the other way, someone can press ctrl-c and have a root shell):
chmod +x _vpnclient
_vpnclient connect myconfig