The Long Story
You can get to the Short Story by scrolling down
After getting a new wireless router and moving my desktop PC (running Windows XP) upstairs to the hallway, I went to work getting my VPN connection to SnagAJob.com up and working again. My plan was to try it out from the desktop PC (which worked when it was directly connected to the cable modem) and ensure that the VPN connection worked over the wireless network. Afterwards, I would then try to get a the Cisco VPN client working on my laptop, which is running Ubuntu (v8.04).
I was completely unsuccessful in getting my XP box to connect to the VPN client. The client would attempt to initialize the connection but would fail each time. The obvious culprit must have been the router. I am using the Netgear WPN824v3 Rangemax router. I tried changing the following settings on the router but with no success:
-
turned off the SPI (stateful packet inspection) firewall
-
turned off NAT filtering
-
turned on “respond to ping requests from the internet”
-
turned on port forwarding that are relevant for my type of VPN connection.
After a few hours of increasing frustrating results and feeling strangely exposed to the bad boys on the internet, I let things idle for a while. A couple days later, I attempted to connect to the VPN using my laptop. I wanted to use the Cisco VPN client and found the following instructions (http://www.longren.org/2007/05/17/how-to-cisco-vpn-client-on-ubuntu-704-feisty-fawn/). However, the instructions make clear that the client would not work on my version of the Linux kernel.
Feeling dejected and alone (and still exposed), I searched for other VPN clients that would work. Very quickly, I found that KVpnc (http://home.gna.org/kvpnc/en/index.html) may work. I installed that and then installed the free Cisco client, vpnc (http://www.unix-ag.uni-kl.de/~massar/vpnc/) using the Synaptic Package Manager. I fired up KVpnc and imported the Cisco client profile for my VPN connection (*.pcf). I selected the imported profile and went to connect. Success! I then started dialing back all the router changes I made and testing connectivity after each change. Each time, I was successful in connecting.
Next on the list was to remote desktop into my work machine so I could access my dev environment. I fired up rdesktop and tried to connect to my work machine over port 3389. I had no luck. After a little more searching, I found that the tsclient program was better suited for my needs. I fired that up and entered the relevant info. I experimented with different resolution sizes, but ended up selecting the full screen option. I was able to remote into my work PC. However, I had no way to get back to my local desktop. Tsclient does not have a toolbar like the Windows version does. I could log off my work PC to end the session but I like to toggle from local to remote a lot during a work day. After more searching, I found that Ctrl+Alt+enter should toggle me back to my local PC. I did this and the screen flickered to the local workspace and then went back to the remote PC. After more searching (as an aside, I would be a complete idiot without Google search – I need a direct neural interface to their search engine) I found that this behavior was due to a bug in rdesktop. It appeared to revolve around the Desktop Effects feature that makes things “pretty”. There were a multitude of workarounds suggested but after reviewing these, it seemed the most practical solution was to just turn off desktop effects altogether. Just like I want my coffee black, I like having a desktop that is “effect free” I kept the OS default desktop effect option up until now since it did not appear to impact system performance, but this rdesktop bug was a great excuse to turn the effects off. After turning the Desktop effects off, I was able to use the Ctrl+Alt+Enter key combo to toggle from local to remote. Finally!
I still have not had success in getting my XP desktop to connect to my work VPN. I am giving up on that box since my laptop now works.
The Short Story
To connect to a Cisco VPN from Ubuntu 8.04 (note that there are different Cisco VPN configs out there. These steps worked for me but mileage may vary).
Environment
- Ubuntu 8.04 (Hardy Heron) on local machine
- Windows 2003 server on remote machine
- Wireless network with Netgear WPN824v3 Rangemax router – default router options
- Cisco VPN (unsure of exact type used at work)
- Already have a known Cisco client profile that works in XP (when directly connected to local cable modem)
Assumptions
You know how to install applications on Ubuntu using the Synaptic package manager or the Applications → Add/Remove feature. If not, see
Steps used to connect to VPN
- Open up first bottle of Sam Adams, take small swig
- Install KVpnc using the Synaptic package manager or using the Applications → Add/remove feature
- Copy your Cisco client profile from your Windows box to a directory on your Ubuntu installation
- Run KVpnc (should be located at Applications → Internet) and select Profile → Import Cisco pcf file. Navigate to the location where you stored the pcf file and select it. Click OK.
- Install vpnc using the Synaptic package manager or using the Applications → Add/remove feature
- In KVpnc, go to Settings → configure kvpnc and select “Daemons” under “Programs”.
- Check that the path used for vpnc is correct and that it points to where the vpnc program was installed to. Once you are set, click OK.
- Get another beer.
- On the main kvpnc window, you should see a Profile dropdown that has the name of the profile you imported. Select that profile and click Connect.
You should now be connected.
If you want to remote desktop into a another PC follow the following steps:
- Go to System → Preferences → Appearance
- Go to the Visual effects tab and select “None”. Click Close.
- If you really are attached to the visual effects used in Ubuntu, you can try the workarounds located at https://bugs.launchpad.net/ubuntu/+source/rdesktop/+bug/153995. I have not tried them and do not know if they work.
- Run tsclient (Applications → Internet → Terminal Server Client)
- Click the Display tab.
- Select “Operate in full screen mode”
- Note: you can select your own resolution as well here. The default was 800×600 but that just doesn’t fly with me.
- Note 2: Do not click “use alternate full screen switch”. It added an invalid command to the command list for rdesktop and hosed the connection attempt
- Go back to the General tab and enter the computer name and your user name and password. You can save this info via the “Save As” button. Once you do this, the profile will be available under the “Quick Connect” dropdown
- Click Connect
- Get the nachos and another beer if you are so inclined.
- Sit back back down and wonder if the ability to log back into work from home is such a good thing after all.