Connect to Cisco VPN from Android
- Rooted G1 (clean JesusFreke v1.51 US image)
- VPN connection settings or a pcf file
- If you need to decrypt enc_GroupPwd from pcf, Linux box with vpnc installed
- Something to extract bz2 files
- BusyBox (or alternative copy method that doesn’t use tar)
- Get-a-robot-vpnc package
- Root access!
First of all, this is an alternative version of instructions from xda-developers post by Phlogiston. I’ve included more complete details for those people who wouldn’t know the first thing about getting started with vpnc. Big win credit to wmealing for bringing vpnc to Android!
Extract the bz2 file (not on the phone yet). Note the directory structure is
/data/data/org.codeandroid.vpnc/..., this is designed to be extracted directly to the root of the phone.
/data/data/org.codeandroid.vpnc/etc/vpnc/vpnc.conf and place your VPN connection settings in there. Very important that you remove or comment out the line “
IKE authmode hybrid” or later you will have errors about missing openssl components. If you are not sure about the
vpnc.conf settings and you have the .pcf file, map the following values…
|Host||IPSec gateway (lowercase)|
|Username (usually omitted)||Xauth username|
|UserPassword (usually omitted)||Xauth password|
You should know your user name and password. Of course I’m not going to recommend that you store them in plain text in this file, but it sure does make life a whole lot simpler.
*If GroupPwd is blank and instead you have enc_GroupPwd you need to use the cisco-decrypt tool that usually comes with a standard vpnc installation (in my distro it’s found at
/usr/lib/vpnc/cisco-decrypt). Simply run:
/usr/lib/vpnc/cisco-decrypt <enc_GroupPwd hash>
/data/data/org.codeandroid.vpnc/etc/vpnc/vpnc-script and change the first line to “
#!/system/bin/sh” (replace bash with just sh).
Now you need to get it all on to your phone. Confirm you have the tar command on the phone by opening up the terminal app and typing “
tar“. If you don’t have it, you might want to get BusyBox.
From the directory where you extracted the bz2 file, run the following to make a tarball:
$ tar -cvf vpnc.tar ./data/data
Copy that to the phone’s sdcard. While you have the sdcard mounted on your PC, create a directory called
vpnc and create two empty files in there named
prep (you can name them anything really).
go and paste the following (this is one single long line of text):
/data/data/org.codeandroid.vpnc/bin/vpnc /data/data/org.codeandroid.vpnc/etc/vpnc/vpnc.conf --script /data/data/org.codeandroid.vpnc/etc/vpnc/vpnc-script --pid-file /data/data/org.codeandroid.vpnc/etc/vpnc/vpnc-pid --no-detach --debug 1
prep and paste the following:
ln -s /dev/tun /dev/net/tun
These scripts will help you type less on the handset. Now unmount the sdcard and wait for the phone to check it. Open up a terminal and run the following:
# cp /sdcard/vpnc.tar /data
# cd /data
# tar xvf vpnc.tar
# rm vpnc.tar
# cd /sdcard/vpnc
# sh prep
# sh go
If all went well you should see the following happy little message!
… and to later kill the VPN connection, just press Ball+C. Note: You only need to run the
prep script the first time during the session (when the phone reboots you’ll need to run it again).
If you want to undo it all and start from scratch, just do a recursive delete of
/data/data/org.codeandroid.vpnc directory and reboot.