Emergency Information
 General Information

VPN 3000 Client Configuration Instructions (Linux)

If you haven't already done so, please read the VPN 3000 overview and sign up to use the VPN service.

Important note for Library journal database users

Remote journal access should now be done through the Library's authenticated proxy server using your IMSS username and password. No special URL is needed; when you visit the Library pages and click on a database link, the Library proxy server will automatically detect whether you are connecting from a campus address, and will ask for your IMSS username and password if you are connecting from off campus. VPN is no longer necessary for Library journal database access.

Download, installation, and connection information:

Note that Cisco's Linux client now supports kernel 2.6.x.

Before you start, please note that if you have the VPN 5000 client installed, you should remove it. If you are having difficulty doing so, click here to go to Cisco's instructions for manually removing the VPN 5000 client.

  1. Download the VPN 3000 client installation file from the link below, as well as the relevant documentation.
Description Download file (Use your IMSS username and password to log in)
VPN 3000 installation file for Linux (newer kernels, e.g. RH9/Suse9 or later; for 32 bit systems) VPN3000-Linux-V4802.tar.gz
VPN 3000 installation file for Linux (newer kernels, e.g. RH9/Suse9 or later; for 64-bit systems only) VPN3000-Linux-V4802-x86_64.tar.gz
VPN 3000 installation file for Linux (older kernels. Specifically for 2.6.18, current in RedHat Enterprise 5) VPN3000-Linux-V4802-x86_64_2.6.18.tar.gz
VPN 3000 installation file for Linux (older kernels, e.g. versions prior to RH9/Suse9 -- see readme file) VPN3000-Linux-V4700.tar.gz
User guide for the Linux VPN Client, version 4.6 vpnclient-linux-4.6-UserGuide.pdf
Release notes for version 4.8.00 vpnclient-linux-4.8.00-readme.txt
Release notes for version 4.8.01 vpnclient-linux-4.8.01-readme.txt
  1. Unpack the downloaded file using the following command, which will create a folder named vpnclient with the necessary installation files:
tar zxvf VPN3000-Linux-V4xxx.tar.gz
Replace the file name with the name of the installation file you downloaded.
Older versions may need to do:

zcat VPN3000-Linux-V4xxx.tar.gz | tar -xv
  1. Install the VPN client.
If you haven't done so already, change your working folder to the vpn_client folder:
cd vpn_client

Now install the VPN client by running ./vpn_install and accepting the defaults prompted.

Your Cisco VPN 3000 client should now be installed.
  1. To run the VPN client, you'll have to start the vpn service first by either rebooting your computer, or starting the vpn service manually by typing:
/etc/init.d/vpnclient_init start
  1. From the installed vpnclient folder, start the VPN 3000 client by typing and entering your IMSS username and password when prompted:
vpnclient connect Caltech-Only-Hybrid

Caltech-Only-Hybrid is the default connection type. The profile tunnels traffic to the Caltech network, and a small number of selected sites (see which sites are being tunneled). Any other network traffic is sent as it normally would be as if you were not using the Caltech VPN connection. Library journal access should be done through the proxy server: http://library.caltech.edu/databases/proxy.htm

or

vpnclient connect Caltech-TunnelAll-Hybrid

Caltech-TunnelAll-Hybrid: Use this profile if you are connected through an insecure network (unsecured wireless access point, hotel DSL connection, etc). Tunnels all network traffic being generated by your computer, with the potential exception of your local LAN if you enable the 'Exclude Local LAN' option for the profile.

***Note: The command vpnclient connect Caltech-TunnelAll-Hybrid.pcf will not work -- this may be particularly relevant if you are using tab completions for filenames.

  1. After you are connected, check to make sure that you are connected to the VPN tunnel:
Click on this Caltech link, you should see that you have an IP address starting with 131.215.250.xxx or 131.215.251.xxx

Click on this DSLreports.com link, you should see that you have your normal IP address as assigned by your ISP (if using Caltech-Only-Hybrid), or a Caltech IP address starting with 131.215.250.xxx or 131.215.251.xxx (if using Caltech-TunnelAll-Hybrid).

To make modifications to the standard configuration, edit the profiles in /etc/CiscoSystemsVPNClient/Profiles/

The lines you'll most likely need to edit are:

EnableNat=0 (off by default, change to '1' to enable Transparent Tunneling)
Enable LocalLAN=1 (on by default, change to '0' to disable)

If you are having difficulty getting your VPN 3000 client to work as expected, you may wish to visit our troubleshooting page.

Please direct any comments or problems to vpn@caltech.edu.
 Remote Access/VPN Services