Connecting to Netscreen Series (NetScreen-5) VPN with Ubuntu 9.04 (Jaunty - AMD64)

I recently struggled through the details of establishing a VPN connection from my Ubuntu 64 desktop to a Juniper Networks Netscreen-5. There are a number of ways to skin the VPN cat in linux and I'm not going to detail them all here. I'll just tell you how I solved it.

My Netscreen-5 was configured with some typical settings:
Phase 1Pre-shared key "your-pre-shared-key-here"Encryption "pre-g2-aes128-sha"Phase 2Encryption "g2-esp-3des-sha"
To configure the client-side, I decided to use Racoon and KVpnc:
  1. On my Jaunty install (Ubuntu 9.04) I first installed the repository version of racoon:
    apt-get install racoon
  2. Then I downloaded the latest build of KVpnc. They only had an intrepid build when I wrote this (kvpnc_0.9.1_intrepid-1_amd64.deb) and it worked for me, but it's worth checking if a Jaunty build is available.
  3. My Netscreen config translates to the following choices under KVpnc's Racoon options:
    • sha1
    • aes
    • hmac_sha1
    • aes
    • agressive
    • modp1024
    • modp1024
    • Remote Identifier Type: asn1dn
    • Local Identifier Type: user_fqdn
    • Local Identifier Value: (we used email addresses for client ids on the netscreen so the Local Identifier value in KVpnc is an email address)

Your VPN gateway is entered under General and don't forget to complete the Network/General portion of your KVpnc profile as well. That's where your destination network goes (for a Host to Network configuration like mine).

Share Comments