// Admin tip: use a CNAME DNS RR as alias for services like DynDNS.com

Dynamic DNS services like DynDNS are very useful, e.g. for LAN access via VPN in combination with non-static IP addresses. But the dynamic DNS hostname is normally a subdomain of the service (e.g. example.dyndns.org) which is often hard to remember. And this name is tying yourself up to the service you are using because a change may be really annoying (you have to change documentation, inform users and stuff).

I'm always wondering why most admins don't use a simple trick to solve all these problems: Use a sub-domain of your own domain (e.g. vpn) and set a CNAME RR for it. Let it simply point to your dynamic DNS hostname:

vpn.example.com.   CNAME  example.dyndns.org.

That's all, you are be able to use vpn.example.com from now on. A sub-domain of your main address should be much easier to remember and you can switch to another dynamic DNS service whenever you want. Without any noticeable difference for a common user.

// VPN KIT (former Uni Karlsruhe): use it with Ubuntu Linux

Connecting to university VPNs is always… fun. This is also true for the KIT VPN, especially because there is so much outdated information out there. E.g. there is no more Cisco compatible endpoint1) but tons of vpnc tutorials! You have to use the Juniper Networks software jnc now.


However… it worked after all. The IT guys were friendly enough to put helpful information at the online help. :-) But to make it even easier, here are a my hints to get the KIT University Karlsruhe VPN connection running:

  1. Make sure you got a working Java RE. I used sun-java6-jre, therefore I don't know if it runs with OpenJDK.
  2. If you are running a 64bit Ubuntu,2) you need some 32bit wrapper libraries for jnc:
    sudo apt-get install libc6-i386 lib32z1 lib32nss-mdns
  3. Open a terminal, download and untar the jnc archive the KIT VPN help provides for Linux:
    cd ~
    wget https://www.scc.kit.edu/scc/sw/juniper/7.0/linux_vpn_7.0.tar.gz
  4. Extract the archive and remove it afterwards:
    tar -xzf linux_vpn_7.0.tar.gz
    rm linux_vpn_7.0.tar.gz
  5. There should be a juniper_linux directory within your home dir now. Change into it and run the included vpn-install.sh script:
    cd ~/juniper_linux

    Simply follow the instructions (e.g. you have to enter your RZ username).

  6. Make sure jnc is executable:
    sudo chmod a+xr /usr/local/bin/jnc
  7. You can remove the temporary juniper_linux directory now:
    rm -rf ~/juniper_linux

    That's it.


To establish the connection, open a terminal and type jnc -n kit. The program should start and prompt you for your account's password. Example output:

user@computer:~$ jnc -n kit
Server certificate verified and CN is vpn.kit.edu. Saving in /home/user/.juniper_networks/network_connect/config/vpn.kit.edu.der.
Connecting to vpn.kit.edu : 443.
Waiting for ncsvc for 3 seconds... done
ncsvc is running, but tunnel is not established yet. Waiting for 3 seconds... done.
ncsvc is running in background (PID: 2448):
tunnel interface tun0, addr:

You can use jnc stop to close the VPN connection. Example output:

user@computer:~$ jnc stop
ncsvc is running, sending signal... terminated.

2011-10-25: Updated the installation instructions, there is a new VPN software version (7.0).

This means the Cisco compatible vpnc does not work!
You can check this by opening a terminal: If uname -m prints out x86_64, you are running a 64bit Ubuntu

// VPN Uni Freiburg: use it with Ubuntu Linux

I helped my girlfriend's sister to configure the university's VPN on her Ubuntu notebook a few weeks ago. The available documents simply… :-x. Only two PDFs are containing some hints. Additionally, the IT guys can't help you.3)

However… it worked after all. If someone has the same problem, here are a my hints to get the University Freiburg VPN connection established:

  1. Install VPNC:4) sudo apt-get install network-manager-vpnc
    Please restart your network or reboot after installation, otherwise it may not work.
  2. Open the network manager/VPN applet:
  3. Click on “Add…”. A wizard opens, helping you to create the needed VPN profile. Please choose “Cisco compatible VPN client (vpnc)” and click on “Create…”.
  4. “Username” is your RZ account username.
  5. “Password” is your RAS password (:!: NOT your common RZ account password).
  6. Fill out the gateway5) and groupname + grouppassword:
    • if you are using the campus network (WLAN/red LAN boxes):
      ipsec-rz.vpn.uni-freiburg.de and campus + campus
    • if you want to connect via internet:
      home-rz.vpn.uni-freiburg.de and home + home
  7. Choose NAT-T as NAT-Traversal.

Now you should be able to establish/close the connection by a simple click on the VPN profile using the network manager applet (look at the first screenshot, there you can see the profile “VPN Uni Freiburg Home” I created before writing this post). Hope that helps :-)

really, the RZ support is not able to help 'cause the guys there simply don't know what to do.
VPNC will be embedded into the common VPN GUI of the GNOME network manager, you will find some more options after installing it.
I'm no native speaker (English)
Please let me know if you find any errors (I want to improve my English skills). Thank you!
QR Code: URL of current page
QR Code: URL of current page start (generated for current page)