Nicholas A. Yager


Connecting to Cisco IPSec VPNs on Arch Linux

26 Feb 2014

In preparation to some travel abroad to Ivrea, Italy, I decided that I needed a secure way to connect back to my server at college. SUNY Geneseo is kind enough to provide a Cisco IPSec VPN into their heavily firewalled network and, with a little work, we can VPN in without an issue.

VPNoverview

Figure 1: A generic visualization of the priciples of VPN tunneling. In this figure distict networks are able to connect with one another via the internet whilst preserving annonymity. Image by Ludovic.ferre licensed under Creative Commons Attribution-Share Alike 3.0 Unported.

VPNC and the OpenConnect Client

Cisco provides a proprietary VPN client for users, however this application lacks official linux support, and remains unstable on Arch Linux. The open source community has created an alternative to the Cisco VPN client called the OpenConnect Client. Arch Linux has a package in the official repositories called openconnect To install, open a terminal and run

pacman -S openconnect

Once installed, we can configure and initialize a VPN instance using the vpnc command.

vpnc
Enter IPSec gateway address: example.com
Enter IPSec ID for example.com: fakeID
Enter IPSec secret for fakeID@example.com: totallysecretstring
Enter username for example.com: user 
Enter password for user@example.com: password1234
VPNC started in background (pid: ####)...

Now, our computer will be able to connect to IP address on the remote.

Routing Traffic

If we are looking to use the VPN to secure your local connection, we can route all of our traffic through the VPN. First, we must add a route to the VPN server. This can be accomplished by adding a special route to the actual VPN server through our current gateway.

ip route add <SERVER IP> via <CURRENT GATEWAY> dev <INTERFACE>

This will add a route to the VPN outside of your current route. Next, we must add a default route that routes to the VPN server via our VPN IP address.

ip route add default via <VPN IP ADDRESS> dev <INTERFACE>

This adds a default route for all of our traffic through our VPN to our VPN IP address. Lastly, we must delete the original default route.

ip route delete default via <ORIGNIAL GATEWAY> dev <INTERFACE>

To restore your original routing, either reverse the steps listed above, or reboot your computer.

Return to home...