Friday, January 21, 2011

5 VPN Clients for Linux

Cisco VPN Client

Cisco's official VPN client is compatible with Cisco VPN servers. In addition to Linux (Intel), it's available for Windows, Mac OS X, and Solaris UltraSPARC. It currently supports some 64-bit platforms, in addition to 32-bit.
The Cisco VPN Client can be preconfigured for large deployments and requires minimal effort by end-users. It supports Cisco Easy VPN capabilities, which helps simplify the configuration of network security policies at the remote location.
The Cisco VPN Client is included with Cisco ASA 5500 Series Adaptive Security Appliances, except ASA 5505. If you don't already have a copy of the client, you can download it if you have a SMARTnet support contract and encryption entitlement. Otherwise, you can get the client on CD from a reseller. You may also consider using a third-party client, such as VPNC, which is discussed next.
The Cisco VPN Client works with the following products:
  • Cisco 7600/Catalyst 6500 IPsec VPN Services Module and VPN shared port adapter with Cisco IOS Software Release 12.2SX and later
  • Cisco VPN 3000 Series Concentrator Software Version 3.0 and later
  • Cisco IOS Software Release 12.2(8)T and later
  • Cisco PIX Security Appliance Software Version 6.0 and later
  • Cisco ASA 5500 Series Adaptive Security Appliance Software Version 7.0 and later

VPNC for Cisco/Juniper

This is a third-party VPN client, licensed under the GNU General Public License (GPL), for connecting to Cisco and Juniper/Netscreen products. It runs on Linux and Unix-like operating systems. This client was especially useful for users on 64-bit platforms since Cisco's official client only supported 32-bit for some time. It's supposed to work with the following VPN products:
  • Cisco VPN concentrator 3000 Series
  • Cisco IOS routers
  • Cisco PIX / ASA Zecurity Appliances
  • Juniper/Netscreen
To start a connection, you simply run vpnc as root at the command-line. To stop the connection, you'd enter vpnc-disconnect as root. It will look for the configuration file /etc/vpnc.conf or /etc/vpnc/default.conf. To use multiple configuration files, you'd enter the name of the config file as an argument. If no config files are found, it will use interactive mode and ask for configuration settings at the command-line.
Remember, all config files should be place in /etc/vpnc/, have a .conf extension, and use the following syntax:
IPSec gateway
IPSec ID groupname
IPSec secret passwordforgroup
Xauth username myusername
Xauth password mypassword

If you prefer configuration via a GUI, here are a few to check out:
  • jvpnc: Java-based GUI that works with GNOME and KDE.
  • vpnDialer: A gtk2+ GUI for managing connections and configuration profiles.
  • VPNC Front End (VpnFE): GUI written in C++ and QT3.
If you're looking for Nortel Contivity support, consider VPNN, a fork of VPNC-0.3.2.

PPTP Client

The PPTP Client (pptp-linux) works with PPTP-based VPN servers, such as offered in Microsoft Windows. It's licensed under the GNU General Public License (GPL) version 2 or later. It runs on Linux, FreeBSD, NetBSD and OpenBSD. It's also compatible with the Linux PPTP Server, many ADSL service providers, and Cisco PIX.
The PPTP Client supports 128-bit stateless encryption using MPPE. It also supports on-demand or persistent tunnels using pppd, psuedo-tty support and synchronous HDLC PPP encoding.
They offer great documentation with how-tos for many different Linux distributions. Configuration can be performed via the GUI (pptpconfig) or manually using configuration files and commands.


OpenVPN is an open source SSL/TLS-based VPN solution, offering both a server and client. In addition to the free community edition, they offer a premium edition called the OpenVPN Access Server. Authentication can be made via pre-shared secret keys, certificates, or usernames/passwords. OpenVPN clients are also implemented on Linux-based routers (such as DD-WRT, Tomato, and ZeroShell).
The OpenVPN client is configured via a config file (client.conf), located at /etc/openvpn. On a Linux desktop, a sample config file will reside at /usr/share/doc/packages/openvpn or /usr/share/doc/openvpn-2.0 if you installed from an RPM package. This contains settings compatible with the sample server config file, where changes need to be made based upon the server configuration. Rolling out a prefab config to your users with all the correct settings is easy since it's a plain text file, which should be located at /etc/openvpn. You must additionally replace the default ca file with the one used on the server. If you prefer certificate authentication, rather than username/password, you'll also need to replace the cert and key files with the ones generated for each user.
Once the config and certificate files are set, you can start a connection at the Terminal with the client conf file name:
openvpn client.conf
You can configure multiple connections by creating new config files with different names and specifying the file name at the command-line.


OpenL2TP offers both an open source L2TP VPN client and server, compatible with other L2TP/IPsec clients such as Microsoft Windows and Apple OS X. Their solution is designed to support enterprise and ISP environments with hundreds of sessions. For secure VPN access, the L2TP tunnels can be secured by IPSec. If you only want to use OpenL2TP for the client, you may want to disable the server functionality. The sample configuration file is located at /etc/openl2tpd.conf.

No comments:

Post a Comment