From b3e1a413fcf544b8ff62213ed2d38fa24d538674 Mon Sep 17 00:00:00 2001
From: kshcherban <k.scherban@gmail.com>
Date: Fri, 11 May 2018 00:08:18 +0200
Subject: [PATCH] Added and documented XAuth support for linux

---
 docs/clients-xauth.md | 23 +++++++++++++++++++++++
 vpnsetup.sh           | 20 ++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/docs/clients-xauth.md b/docs/clients-xauth.md
index a6358d9..8b2e0db 100644
--- a/docs/clients-xauth.md
+++ b/docs/clients-xauth.md
@@ -14,6 +14,7 @@ IPsec/XAuth mode is also called "Cisco IPsec". This mode is generally faster tha
   * [OS X (macOS)](#os-x)
   * [Android](#android)
   * [iOS (iPhone/iPad)](#ios)
+  * [Linux](#linux)
 
 ## Windows
 
@@ -97,6 +98,28 @@ If you get an error when trying to connect, see <a href="clients.md#troubleshoot
 
 Once connected, you will see a VPN icon in the status bar. You can verify that your traffic is being routed properly by <a href="https://encrypted.google.com/search?q=my+ip" target="_blank">looking up your IP address on Google</a>. It should say "Your public IP address is `Your VPN Server IP`".
 
+## Linux
+
+Example is based on Ubuntu 18.04 but may be adapted to any linux flavour.
+
+1. Install `vpnc` and corresponding network manager plugin:
+    ```bash
+    sudo apt-get install network-manager-vpnc network-manager-vpnc-gnome vpnc
+    ```
+1. Add new VPN connection of type **Cisco Compatible VPN (vpnc)** to network connections.
+
+1. If you haven't set `VPN_GROUP` variable during setup, then set **Group Name** to `group`. All other parameters should be set as following:  
+**Gateway** - `Your VPN Server IP`  
+**User name** - `Your VPN Username`  
+**User password** - `Your VPN Password`  
+**Group password** - `Your VPN IPsec PSK`
+1. Save and connect to your new VPN.
+
+Alternatively you can connect with command line: `vpnc --gateway <your server ip> --id <your vpn group> --username <your vpn username>`
+
+Please also check https://help.ubuntu.com/community/VPNClient#VPNC for details how VPNC can be configured in Ubuntu.
+
+
 ## Credits
 
 This document was adapted from the <a href="https://github.com/jlund/streisand" target="_blank">Streisand</a> project, maintained by Joshua Lund and contributors.
diff --git a/vpnsetup.sh b/vpnsetup.sh
index 2b5df53..e814110 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -27,6 +27,7 @@
 YOUR_IPSEC_PSK=''
 YOUR_USERNAME=''
 YOUR_PASSWORD=''
+YOUR_GROUP=''
 
 # Important notes:   https://git.io/vpnnotes
 # Setup VPN clients: https://git.io/vpnclients
@@ -106,6 +107,7 @@ fi
 [ -n "$YOUR_IPSEC_PSK" ] && VPN_IPSEC_PSK="$YOUR_IPSEC_PSK"
 [ -n "$YOUR_USERNAME" ] && VPN_USER="$YOUR_USERNAME"
 [ -n "$YOUR_PASSWORD" ] && VPN_PASSWORD="$YOUR_PASSWORD"
+VPN_GROUP="${YOUR_GROUP:-group}"
 
 if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then
   bigecho "VPN credentials not set by user. Generating random PSK and password..."
@@ -272,6 +274,24 @@ conn xauth-psk
   ikev2=never
   cisco-unity=yes
   also=shared
+
+conn xauth-psk-vpnc
+  auto=add
+  leftsubnet=0.0.0.0/0
+  rightaddresspool=$XAUTH_POOL
+  modecfgdns="$DNS_SRV1, $DNS_SRV2"
+  leftxauthserver=yes
+  rightxauthclient=yes
+  leftmodecfgserver=yes
+  rightmodecfgclient=yes
+  modecfgpull=yes
+  xauthby=pam
+  ike-frag=yes
+  ikev2=never
+  cisco-unity=yes
+  also=shared
+  rightid=@[$VPN_GROUP]
+  aggrmode=yes
 EOF
 
 # Workarounds for systems with ARM CPU (e.g. Raspberry Pi)