VPN : Connecting to Nortel VPN from Linux

I moved to Ubuntu full-time a while back. See the first part Migrating from Windows to Linux. But VPN into my office from Linux remained an open issue because my organization uses Nortel Contivity. Ubuntu comes with vpn client but that does not work with Nortel. Then I found vpnc-nortel branch of vpnc open source project that can connect to Nortel vpn servers. In this series I will explain how to connect to Nortel VPN from Ubuntu. You may need to tweak few of these instructions for your favourite Linux version. I am on Ubuntu 11.10 x86_64, using vpnc version 0.5.3-481.

First thing is that we have to compile it from source. It is not that difficult as it sounds. To compile vpnc we will need some tools first. At a minimum install

  • build-essential
  • subversion
  • libgcrypt-dev
  • libgnutls-dev

Here is how to get them setup on Ubuntu.

sudo apt-get install build-essential subversion libgcrypt-dev libgnutls-dev

Then we will need the code. So checkout the latest vpnc-nortel code as follows. I preferred to execute this step and next ones as root because I want to install it in /etc/vpnc directory.

svn co http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel/

Then just compile and install as following. There would be some warnings during “make” step but they can be ignored as long as compilation is successful.

cd vpnc-nortel
make install
make distclean

Now comes the tricky part. Configuring the vpnc client. Edit /etc/vpnc/default.conf to save your login credentials, vpn server, encryption details and others. Running vpnc –long-help will provide description of all fields. You can either check with your IT department who handles VPN to get the settings or check the VPN settings on your windows. I checked the vpn logs also on my windows system to get full settings. Because we want to connect to Nortel following are the recommended settings.

Vendor nortel
NAT Traversal Mode nortel-udp
Nortel Client ID 33

You may need to tweak the NAT Traversal Mode if one above does not work. Again vpnc --long-help is your best friend. And Nortel Client ID is as name suggest the Client version ID. That again you can match with what you have installed for Windows.

Once you are all setup just run vpnc.

sudo vpnc

This will create a tap interface or tun interface based on Interface mode in /etc/vpnc/default.conf. All your traffic should start to go into this tunnel.

To disconnect use following and the tap/tun interface will get removed.

sudo vpnc-disconnect

In the next part of this series I will discuss how to split your internet traffic so anything related to your work goes into vpn tunnel but all other traffic works as if there is no tunnel.