Old CS VPN Connection

For current CS VPN users only.
The old VPN server will be turned off soon.

You need an active CS&E Account to download and create a VPN connection.

Windows

Install the VPN client

1. Uninstall any older version of the VPN client. If it asks if you want to keep your profiles, say yes. You will need to reboot your computer after uninstalling the old VPN client.
2. Go to the folder where you downloaded the client software and unpack the (.exe) file. Follow the instructions to install the VPN client. You will need to reboot your computer after the installation.

Configure the VPN client

1. Start->All Programs->Cisco Systems VPN Client->VPN Client
   *A new window called VPN Client will appear.
2. Use the "Connection Entries" menu and select "New".
   *A new window called "VPN Client | Create New VPN Connection Entry" will appear.
3. Name the connection Entry: CS&E VPN (or whatever you want)
4. Enter a description in the description field if you want.
5. Locate the Host, Username, and Password which can be found on the VPN download page.
   Enter this information on the appropriate line.
   *You will need to enter the password in the "Confirm Password" text box as well.
6. Choose the Transport Tab (next to the Authentication Tab)
   *Make sure Enable Transparent Tunneling is selected IPSec over UDP
7. Choose Save

Run the VPN client

1. Start->All Programs->Cisco Systems VPN Client->VPN Client
   *A new window called VPN Client will appear.
2. Double-click on the connection that you created in Configure the VPN client (above).
3. In the popup box that prompts you for a username and password, enter your CS&E UNIX username/password.
4. Select "Continue" in the VPN Client Banner box. After the connection is established, you should see a closed lock icon in the System Tray.

Vista Users

Vista is pre-configured to use an LM session security level that is not compatible with our Samba shares, e.g. your Y: drive. When attempting to mount a Samba share remotely, you may get the following error: "The referenced account is currently locked out and may not be logged on to."

If you experience this problem, you may need to use regedit to modify the the following registry key:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
and set the REG_DWORD value to 1.

Macintosh

Install the VPN client

1. Go to the folder where you downloaded the client software and double-click the file. It will mount a virtual disk image on your desktop called CiscoVPNClient
2. Go into this new disk that was just created. Double-click on the file called 'Cisco VPN Client.mpkg'. This will start the installer.
3. Run the installer, clicking 'continue' where required.

Configure the VPN client

1. Open your Applications folder and find the new program called 'VPNClient'.
2. Double-click this file to start the client software
3. Use the "Connection Entries" menu and select "New".
   *A new window called "VPN Client | Create New VPN Connection Entry" will appear.
4. Name the connection Entry: CS&E-VPN (or whatever you want)
5. Enter a description in the description field if you want.
6. Locate the Host, Username, and Password which can be found on the VPN download page. Enter this information on the appropriate line.
   *You will need to enter the password in the "Confirm Password" text box as well.
7. Choose the Transport Tab (next to the Authentication Tab)
   *Make sure Enable Transparent Tunneling is selected IPSec over UDP
8. Choose Save
9. You can run the the VPNClient software again. Highlight the CS&E-VPN entry and click Connect. You will be prompted for your CS&E Unix username and password.
10. You are now connected to the CS&E VPN Server.
    *All CS&E connections will go through the tunnel and all non-UofM connections will go through your ISP.

Ubuntu Linux

Ubuntu Linux has a built-in, open source VPN client that is compatible with our Cisco VPN system, so you don't need to download the Linux client on the VPN download page. These instructions are for Ubuntu 8.04 (hardy), but should be similar for newer versions as well. Run lsb_release -dc to check your version. If you are running anything older than 8.04, we recommend that you upgrade the operating system first, as most older versions no longer receive security updates.

Note: The VPN will not work with an Ubuntu LiveCD/boot disk. You need to use a fully-installed OS.

Install the VPN client

1. In a terminal on your personally-owned laptop or computer, become root:

   sudo bash

2. Install the vpnc package:

   apt-get -y install network-manager-vpnc vpnc

   If this command installs the packages, you can skip to Configure the VPN client.

3. If apt-get says it can’t find any of the packages, type this in the same terminal:

   synaptic

   In the Synaptic window that opens, click Settings -> Repositories.
   Ensure that the first four repositories are enabled, like this:

   

   • Click "Close" for the repository screen
   • Click "Close" again for any "Repositories changed" messages that pop-up.
   • Click "Reload" in the Synaptic Package Manager window.
   • When that finishes, close Synaptic and run:

     apt-get -y install network-manager-vpnc vpnc

Configure the VPN client

1. Click on the Network Manager icon in the Gnome Panel (toolbar):

   

2. Click on VPN Connections -> Configure VPN.
3. Click Add to create a new VPN configuration. Click Forward.
4. Make sure the Cisco-compatible VPN client is selected:

   

   then click forward.

5. Name your VPN profile in the Connection Name box. Click on the Required tab, if it isn’t showing.

   

   Enter the gateway host and VPN username.
   <VPN Host> and <VPN username> correspond to the VPN Client Information on the VPN download page.

6. Click on the Optional tab.
   Check "Override user name" and enter your CS&E username in the box:

   

7. Click Forward then Apply.

Ubuntu 9.04 (jaunty) configuration

1. This is what the VPN configuration screen will look like if you're running Ubuntu 9.04 (jaunty):

   

2. Reminder: the 'VPN' entries are from the VPN download page.

Run the VPN client

1. Click on the Network Manager again and click VPN Connections and Computer Science (or whatever you named the profile).
2. Enter your CS&E password in the Password box and the VPN password from the VPN download page in the Group Password box.
   You can click all three check boxes to save your passwords for future use.

   

3. The VPN will connect if all the information is entered correctly.

Troubleshooting

• If you have trouble connecting, first double-check your entire VPN configuration, including the gateway host, both usernames, and both passwords.
• If that doesn’t fix the problem, run:

  sudo apt-get update

  and then

  sudo apt-get dist-upgrade

  Let all the updates finish, reboot, then try connecting again.

Other versions of Linux

Ubuntu is the version of Linux supported by systems staff, but a VPN client is available for other versions. However, we cannot provide support for these instructions since there are so many different distributions of Linux available. If you are running Debian or a Debian-based distribution, use the Ubuntu instructions above. You may have to make minor changes to the instructions to fit your particular distribution. Otherwise, you will need to download the Cisco Linux VPN client from the VPN download page to your home directory.

Install the VPN client

1. Uncompress the Linux client:

   tar -xfz <file_name.tar.gz>

2. Go to the program’s directory:

   cd vpnclient

3. Before installing the program, ensure you have the Linux headers for your kernel installed.

   Type: 'uname -r' and 'ls /usr/src'

   Check to see if there is a linux-headers directory that corresponds to your kernel release.
   Also, confirm that basic GNU utilities are available:

   'which gcc', 'which make', and 'which ld'

   Most distributions are ready to go. Otherwise, you will have to find and install the corresponding packages containing the headers and GNU/build utilities. The method will vary depending on how/if your distribution handles software packages.

4. Install the program:

   sudo ./vpn_install

   Follow the on-screen instructions. The default settings should work fine.

5. The default permissions for the VPN config files are too generous.
   Restrict them for added security:

   sudo chmod -R go-w /etc/opt/cisco-vpnclient

6. Start up the VPN daemon:

   sudo /etc/init.d/vpnclient_init start

   You should only have to do this once since the daemon automatically starts at system boot-up.

Configure the VPN client

1. Go to the profiles directory:

   cd /etc/opt/cisco-vpnclient/Profiles

2. Create a new profile:

   sudo cp sample.pcf cs-vpn.pcf

3. Configure the profile:

   sudo vi cs-vpn.pcf

   Configure these lines as follows:

   Description=CS&E VPN
Host=<Host>
GroupName=<Username>
Username=<your_CS&E_Username>


   Where <Host> and <Username> are taken from the bottom of the VPN download page and
   <your_CS&E_Username> is your normal CS&E username. (Don't include the brackets.)

Run the VPN client

To connect to the VPN, type:

sudo vpnclient connect cs-vpn

Enter your sudo password, if necessary. For 'Enter a group password', enter the password from the bottom of the VPN download page. It will ask for your username. The default should be correct, so press <enter>. It will ask for a password and that is your normal CS&E Unix password. To disconnect, you can either send a Ctrl-C break to that same terminal or enter:

sudo vpnclient disconnect
in a different terminal.