All -
I just spent some time figuring out how to successfully install the Linux Cisco VPN Client, so I figured I'd write it up and share it with you all. Feel free to add/correct.
Linux Cisco VPN Client Installation Instructions
Download the file vpnclient-linux-x86_64-4.7.00.0640-k9.tar.gz.
As root, untar the tar file into /opt:
Code:
cd /opt
tar xvzf vpnclient-linux-x86_64-4.7.00.0640-k9.tar.gz
Actually, this file can be untarred into any directory. After installation, the main thing you'll need it for is to uninstall and reinstall. A reinstall will need to be done any time you upgrade your kernel.
Go into the newly created vpnclient directory and run the installation, accepting the defaults:
Code:
cd vpnclient
./vpn_install
This will create and populate the /opt/cisco-vpnclient directory.
Although the vpn service will now start automatically whenever you reboot, you will need to start it manually now unless you reboot:
Code:
/etc/init.d/vpnclient_init start
Now you'll need to create a profile file for each host you'll be connecting to. There is a sample file sample.pcf in /opt/vpnclient; copy this to another file and modify the parameters as necessary. The new file must also have an extension of .pcf. Copy the file to where it will be needed at runtime:
Code:
cd /opt/vpnclient
cp sample.pcf myconfig.pcf
kedit myconfig.pcf # or use whatever editor you like
cp myconfig.pcf /etc/opt/cisco-vpnclient/Profiles
Disable SELinux security:
Note: the setenforce command may not be found if you have used sudo to get root access; use su - instead.
Now run the client:
Code:
vpnclient connect myconfig
...where myconfig is replaced with the name of your .pcf configuration file. Do not include the extension when you specify the file; it will be assumed.
When you want to disconnect, run:
Code:
vpnclient disconnect
You can also just close the terminal session in which you made the VPN connection.
Reenable SELinux security:
My experimentation shows that the SELinux security needs to be disabled only at the time the vpnclient program is run. Therefore, it would be a good idea to wrap your vpnclient calls in a shell script as follows:
Create a new file _vpnclient in a directory in your path:
Code:
#! /bin/sh
/usr/sbin/setenforce 0
/opt/cisco-vpnclient/bin/vpnclient $*
/usr/sbin/setenforce 1
Make it executable:
Code:
chmod +x _vpnclient
Then use this shell script instead to run your vpnclient commands, either as root, or using sudo (sudo's a better idea, because the other way, someone can press ctrl-c and have a root shell):
Code:
_vpnclient connect myconfig
_vpnclient disconnect