In preparation to some travel abroad to Ivrea, Italy, I decided that I needed a secure way to connect back to my server at college. SUNY Geneseo is kind enough to provide a Cisco IPSec VPN into their heavily firewalled network and, with a little work, we can VPN in without an issue.
VPNC and the OpenConnect Client
Cisco provides a proprietary VPN client for users, however this application lacks official linux support, and remains unstable on Arch Linux. The open source community has created an alternative to the Cisco VPN client called the OpenConnect Client. Arch Linux has a package in the official repositories called openconnect To install, open a terminal and run
pacman -S openconnect
Once installed, we can configure and initialize a VPN instance using the
openconnect Enter IPSec gateway address: example.com Enter IPSec ID for example.com: fakeID Enter IPSec secret for fakeID@example.com: totallysecretstring Enter username for example.com: user Enter password for firstname.lastname@example.org: password1234 VPNC started in background (pid: ####)...
Now, our computer will be able to connect to IP address on the remote.
If we are looking to use the VPN to secure your local connection, we can route all of our traffic through the VPN. First, we must add a route to the VPN server. This can be accomplished by adding a special route to the actual VPN server through our current gateway.
ip route add <SERVER IP> via <CURRENT GATEWAY> dev <INTERFACE>
This will add a route to the VPN outside of your current route. Next, we must add a default route that routes to the VPN server via our VPN IP address.
ip route add default via <VPN IP ADDRESS> dev <INTERFACE>
This adds a default route for all of our traffic through our VPN to our VPN IP
address. Lastly, we must delete the
ip route delete default via <ORIGNIAL GATEWAY> dev <INTERFACE>
To restore your original routing, either reverse the steps listed above, or reboot your computer.