# VPN connection to Uni configuration.

## lizardloop

I'm trying to setup a VPN connection with my university but I'm having a little difficulty.

I have installed vpnc. Here is my /etc/vpnc.conf

```

Interface name tun0

IPSec gateway vpn.shef.ac.uk

IPSec ID Unishef

IPSec secret Unishef

Xauth username my-user-name

Perfect Forward Secrecy nopfs

```

When I run vpnc-connect this is what I get:

```

root@09:05:30 etc # vpnc-connect 

Enter password for my-user-name@vpn.shef.ac.uk: 

VPNC started in background (pid: 9536)...

root@09:06:17 etc # 

```

Now when I try to access any websites it just times out. I can ping the vpn server and stuff on my home network okay but anything else just resolves and then timeouts. i.e I can resolve domain names but nothing else. When I run vpnc-disconnect my internet goes back to normal. I am connected to the internet through a computer running smoothwall connected to a cable modem. My ifconfig looks like this when connected:

```

eth0      Link encap:Ethernet  HWaddr 00:40:95:30:0E:88  

          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:1504754 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1446193 errors:0 dropped:0 overruns:4 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:889053035 (847.8 Mb)  TX bytes:723908494 (690.3 Mb)

          Interrupt:5 Base address:0xc400 

lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:10901 errors:0 dropped:0 overruns:0 frame:0

          TX packets:10901 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:460218 (449.4 Kb)  TX bytes:460218 (449.4 Kb)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  

          inet addr:143.167.216.44  P-t-P:143.167.216.44  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1412  Metric:1

          RX packets:2 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1126 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:10 

          RX bytes:136 (136.0 b)  TX bytes:102344 (99.9 Kb)

```

Can anyone think of what I need to do to get this working right?

A few webpages with details of my university's vpn setup are:

http://www.shef.ac.uk/cics/services/internet/vpn

----------

## Cosmin

It might be the setting of your firewall. Double check them! I had a similar problem (in windows), I could resolve an internet host, but I couldn't connect. I had ISA firewall client on my machine (a Microsoft product). When the server moved onto a different network, I got trouble. Took me sometime and without the help of a friend, I would still have.

----------

## lizardloop

What do you mean by check the settings? How do I know if the settings are wrong? What am I looking for? Do I need to forward some ports?

----------

## oisch

I'm using vpnc for the wireless lan at my university.

After starting vpnc I have to do a "route del default" and "route add default tun0" or whichever is your tunnel device.

juste use route -n to check the settings

----------

## Cosmin

Turn on logging for your firewall, then look at /var/log/messages (or wherever your firewall puts the logs). I usually use "tail -f ..." for this. Connect to your VPN and watch the logs for anything unusual, dropped packets especially. If you see lots of them, try to stop it and check if it works without. Do you also have NAT enabled?

Another place to look would be your /etc/resolv.conf. After you enter the uni VPN, you should receive new DNS adresses. Check them, and also use tracepath to see if your packets get routed correctly. If they go through your uni gateway, then the second (or third, don't know for sure) address should be your uni server.

----------

## Foxhacker

i'm having the same problems with my university connection, it says VPNC started in background..same as above and it doesn't connect to the internet, i set, route del default, and route default eth0

it didn't work, i have yet to find whats causing this problem

computing center at my university said that no one has sucessfully to connected to the university wireless with vpn in linux before and i tend to be the first one to do it. support of the gentoo community would really be appreciated, thanks

----------

## primero.gentoo

what about a tcptraceroute to a web site on port tcp 80 ?

i mean, are you sure that when u start the vpn connection then you're allowed to access resources outside your university network?

I normally use a VPN connection made with vpnc to a Cisco VPN Concentrator we have inside our company and everything works fine.

try posting your routing table after the vpnc started, and a tcpdump beetween you and the concentrator while you try the tcptraceroute.

bye

Primeroz

----------

## void81

Yes. You should add a default route and set your DNS in /etc/resolv.conf

----------

## Foxhacker

i connect to the university vpn and it authorizes me but after that i can't ping any website or use links. it just times out

i'll post the route -n here later when i get on campus. my university linux users group hasn't been sucessful in accessing the intenet, after they have athorized either in linux. i hope to get the university computing center the correct vpnc settings so that all the students who have linux can acess wireless on campus.

----------

## Foxhacker

thanks to some help of my mirc networking buddy, we finally got vpnc to work with my university connection

here is the howto.

0. make sure tun support is in kernel, and activate via modprobe tun

1. emerge vpnc

2. edit vpnc.conf <sample vpnc.conf below, just fill in and go>

```

Interface name tun0

IPSec gateway <fill in your wireless gateway here>

IPSec ID <fill in the domain you connecting to here>

IPSec secret <fill in your group password here>

Xauth username <fill in your username>

Xauth password <fill in your password, optional could be left blank until vpnc-connect is run>

```

3. enter your university dns address in resolve.conf

4. vpnc-connect, enter username and pass

5. ping google.com to verify you're connected

----------

## Foxhacker

lizardloop, i believe i solved your problem, all you need to do is talk to your university administrator for your university dns server ip

once you have that...modify /etc/resolv.conf  delete everything else and only have this line in the file

```

nameserver <university dns server ip here>

```

then try to ping google.com

that should solve your probelm, it solved mine.

apparently only dhcpcd servers would modify the resolv.conf file and your uni might not modify it like mine

----------

