vpnc
vpnc is a VPN client for Cisco hardware VPNs.
Installation
Configuration
The vpnc configuration files are in /etc/vpnc. It contains a default.conf file that you can copy and modify for your setup.
Executing vpnc --long-help will provide the names and descriptions of the various configuration options. For instance, in that output you will see
--gateway <ip/hostname>
IP/name of your IPSec gateway
conf-variable: IPSec gateway<ip/hostname>
which translates into a line like this in your configuration file:
IPSec gateway gateway.example.com
Starting
The vpnc package comes with a systemd unit vpnc@.service. If you want to use the configuration file /etc/vpnc/client.conf, you would start it with systemctl start vpnc@client.
Troubleshooting
In case the vpnc client crashes with:
May 15 09:11:38 ntrp-mimacom systemd-coredump[5858]: Process 5814 (vpnc) of user 0 dumped core.
Stack trace of thread 5814:
#0 0x00007f835cba3a10 raise (libc.so.6)
#1 0x00007f835cba513a abort (libc.so.6)
#2 0x00007f835cb9c607 __assert_fail_base (libc.so.6)
#3 0x00007f835cb9c6b2 __assert_fail (libc.so.6)
#4 0x000000000040e48c n/a (vpnc)
#5 0x0000000000412348 n/a (vpnc)
#6 0x0000000000404f72 n/a (vpnc)
#7 0x00007f835cb90511 __libc_start_main (libc.so.6)
#8 0x000000000040596a n/a (vpnc)
you will need to monkey patch the the software because an assertion is failing with the latest updates..
Download the sources from http://svn.unix-ag.uni-kl.de/vpnc/trunk/ and patch the file vpnc.c with the following:
Index: vpnc.c
===================================================================
--- vpnc.c (revision 550)
+++ vpnc.c (working copy)
@@ -1206,7 +1206,7 @@
assert(a->af == isakmp_attr_16);
assert(a->u.attr_16 == IKE_LIFE_TYPE_SECONDS || a->u.attr_16 == IKE_LIFE_TYPE_K);
assert(a->next != NULL);
- assert(a->next->type == IKE_ATTRIB_LIFE_DURATION);
+ /* assert(a->next->type == IKE_ATTRIB_LIFE_DURATION); */
if (a->next->af == isakmp_attr_16)
value = a->next->u.attr_16;
Temporary workaround found here: https://bbs.archlinux.org/viewtopic.php?id=225556
Remember to change the PREFIX to /usr instead /usr/local so you overwrite the broken binary.