CompUSA VPN Access from Linuxtm

Note: You now have a choice between Cisco's client or the open source vpnc. Besides being open source, vpnc works on SMP boxes. Here is the required configuration file for vpnc (put in /etc/vpnc.conf):
Interface name vpnlink
IKE DH Group [put group here]
Perfect Forward Secrecy nopfs
IPSec gateway [put gateway here]
IPSec ID TermServices
IPSec secret [put secret here]
Xauth username [your username]
Xauth password [your password]
The Xauth applies only if you're connecting to an X server. Just remove the lines if you are not (otherwise it will fail with an authentication error)
Load the "Universal TUN/TAP device driver" like this:
modprobe tun
Then start the VPN like this:
vpnc /etc/vpnc.conf
Set up a route ($VARIABLES provided by vpnc):
ifconfig $TUNDEV inet $INTERNAL_IP4_ADDRESS pointopoint $INTERNAL_IP4_ADDRESS netmask mtu 1412 up
After connection, proceed with Winframe or rdp server.

Here is an example script which I use - CompUSA

For Cisco's vpnclient:
1. Install vpnclient-linux-3.7.3.A-k9.tar.gz to a local directory:
Alternately, (I haven't tried this version), vpnclient-linux-4.0.4.B-k9.tar.gz

    tar -zxvf vpnclient-linux-3.7.3.A-k9.tar.gz  -C /usr/local

2.  Check out Cisco's documentation:

3. cd /usr/local and run "vpn_install".    Note it creates a module "cisco_ipsec" in the currect OS module's tree (you'll have to re-do if you upgrade your kernel).  It puts the executable "vpnclient" in /usr/local/bin.

4.  reboot or run "service vpnclient_init start"

5.  cd /etc/CiscoSystemsVPNClient/Profiles
    cp sample.pcf CompUSA.pcf
    edit CompUSA.pcf and change these lines:
        Description=CompUSA VPN
        Host=[target host]
        Username=[your domain username]
        NTDomain=[domain login]

    and if your box is physically secure:
        GroupPwd=[secret here]
        UserPassword=[your domain password]

    This skips the passwd prompts but the domain passwd is removed without encoding it like the GroupPwd is.   However you are still prompted with the legal warning.  You'll have to write a wrapper for that.

6.  Refer to

    Basically, just run "vpnclient connect CompUSA"

    You can leave the window up (it needs to be) and end the session with Ctrl-C or "vpnclient disconnect" from another window.

     Run "vpnclient stat" for status of session.

Terminal Services Client for linux

1. download from here: RDesktop  You'll have to look elsewhere for a package.

2.  For auto-login, run rdesktop like this:
rdesktop -g 1024x768 -u [user-name] -d NA -p [password]
Note: if there is a hiccup talking to remotets, the vpnclient will disconnect; just re-run the vpnclient.


To connect as quickly and painlessly as possible, I went thru all the steps above once, and created a pcf with my auto-login info.
I wrote these scripts to connect (all under "root")

# this answers the legal warning.
echo y | vpnclient connect Compusa

Above script is called by this script, /usr/local/bin/CompUSA:
cd /etc/CiscoSystemsVPNClient/Profiles
cp CompUSA.pcf
xterm -e vpnclient.compusa &
echo -e "Waiting.\c"
until host|grep -q "has address"; do echo -e ".\c"; sleep 1;done
echo Connected!
#/usr/lib/ICAClient/wfica -desc CompUSA
rdesktop -g 1024x768 -u [user-name] -d NA -p [password]

Then just run "CompUSA".  In total, less than 10 seconds to be logged in to the terminal server.