SuSE 10.1 VPN, Samba and Remote Desktop


Objective.
Install and configure certain communication features of SuSE 10.1.

Tasks.
Install and configure Vpnc for remote access into Cisco networks.
Connect to a Windows file server via a VPN connection.
Remote Desktop to a server.

Recommendations.
As with any installation on any computing platform, it is good practice to ensure important data is backed up in case unforeseen difficulties arise.
Review all instructions on this page before you begin.

Page dependencies (ensure you have access to everything you need before you begin).
Commands issued at the command prompt in this section are done so as superuser or root unless otherwise specified.
VPN configuration will require group access information for the network you wish to connect to.
KVpnc GUI front end for vpnc can be downloaded from http://home.gna.org/kvpnc
Access to domain resources after establishing a VPN connection will require domain authentication.
YaST2 installations will require access to installation sources (CD, DVD, network or Internet archives).

Text file editing from the command line.
If these instructions require the editing of text based files then a handful of vi commands are listed below for reference. For a full command list go to http://www.chem.brown.edu/instructions/vi.html or search Google.
---
vi [filename] Opens the vi text editor. [filename] creates or opens a particular file to edit.
i or INSERT key Enters 'insert' mode allowing editing of text within a file.
ESCape key Exits insert mode.
: (colon) Shows command input line.
u Undo last change (when not in Insert mode)
q! When entered on the input line this command will quit without saving changes.
wq When entered on the input line this command will write changes and quit.

Page format.
Text in this format indicates command line entry by the user.
Text in this format indicates an error returned by the system.
Text in this format indicates a normal return from the system.
Beware of similar characters such as 1(one), l(lowercase L), 0(zero), O(uppercase 'o'), | (pipe – Shift ' ' usually).
Text enclosed in [square brackets] indicates a build-specific variable such as a version number or user name.

Conditions.
This page was written for SuSE 10.1 and may contain content or instructions that are not relevant to other distributions.
This information is provided for guidance only. Use of these instructions is deemed to be at your own risk.
R3UK Limited welcomes comment on this information but cannot guarantee a reply and provides no technical support. Please use one of the many dedicated Linux forums or IRC channels if you require assistance.
Text colours and fonts used in the formatting of this page relating to command input and output are used for illustration purposes. Actual command line colours and fonts will vary according to individual system preferences.
GUI instructions were written for the KDE desktop environment and may differ for other desktop environments.

Procedure.
I require IPSec VPN access to access the R3UK Limited LAN from elsewhere so tried out Vpnc. This is included on the SuSE distro so I used YaST2 Software Management to select vpnc. The vpnc application was installed to /usr/sbin and from the command line I could execute the program with vpnc. When run, it asks for the IPSec Gateway Address, IPSec ID (group access name), IPSec Secret (group access password), user name and user password. Inputting the necessary details results in a 'VPNC started in background' confirmation message. To disconnect, the command vpnc-disconnect is used on the command line.

Also available, but not installed by default, is a GUI front end for vpnc called KVpnc. This can also be installed by YaST2 but the version installed by YaST (0.8.2) is very buggy. There is an updated version (0.8.5.1 at the time of writing) which can be downloaded (see page dependencies above). If installed it will appear under System/Network and will allow you to avoid the command line shenanigans. It also offers to import Cisco .pcf profiles which worked nicely when I tested it.

Still, for those who want to do without the pretty GUI, the pain can be taken out of the command line by creating a config file. Navigate to /etc/vpnc and use vi to create a file as below...

cd /etc/vpnc
vi vpnc.conf

[opens vi (a text editor). Assuming vpnc.conf doesn't alreadt exist in this directory, a new file should be created.]
Press INSERT on your keyboard or type i to enter insert mode. Enter the following text:

IPSec gateway [type the gatway IP address here]
IPSec ID [type your group access name here]
IPSec secret [type your group access password here]
Xauth username [if you don't want the username prompt, type your username here]
Xauth password [if you don't want to be prompted for the password for the above username, type it here]
Press the ESCape key to exit Insert mode
Type a colon (:) to bring up the input prompt
Type wq and press enter (to write changes and quit)

Now using the command vpnc vpnc.conf will establish your VPN connection without prompting for some (or all) of the information. Note - from my trawling of Google I see some distributions of vpnc have a vpnc-connect script which also searches for a config file. I don't have that script so I can't give any information on that.

Once connected to my workplace VPN I could do the fun work things I needed to do such as....

Map a network drive from konqueror.
In my case by entering the location as smb://192.168.1.14/share (smb is used as the protocol because the server I'm connecting to here is a Windows machine so I need Samba to talk to it). Remember, although I have gained access to my work LAN via VPN, this doesn't give me access to my workplace domain which is why I specified the server by IP address rather than by name. As I'm only logged in to the network and not the domain I will receive an authentication request when trying to access this resource, so username will have to be entered as domainusername followed by my domain password.

Remote access using Krdc.
This app is found under System/Network. I could remote access to my workplace domain controller simply by entering rdp:/192.168.1.2



Did the information on this page help you? If so, please help to fund this site by clicking one of our sponsored ads...