2 questions - unrelated to each other.

Orion

Background first - building a new pc very shortly and made the decision long ago that it will be MS-free. Fairly new to Linux but not afraid to screw around. I have the basics only but I still managed to get World of Warcraft running in Ubuntu on a test box a few months ago
1. I read on the Dellbuntu thread about not being able to upgrade pre-installed software such as Firefox. Is that accurate? For example if I got the LTS version can I not put FF 2 on it?

2. More importantly. I need to be able to VPN to work from my home pc. My company don't provide the Cisco VPN software for any OS other than Windows. And for obvious reasons won't provide the VPN logon details willy-nilly. So I can't just set up the native VPN myself. Can I use VPC or any other means to use the provided - Windows - VPN solution or am I codding myself?

2A. Assuming that I can use the VPN solution has anyone any experience using remote desktop from Linux to Windows with rdesktop or anything else?

TBH my immediate boss has known for a good while now that I'm not installing Windows on my new rig when I build it - and I'm building it as soon as my SSIA hits my bank account I'm willing to try other solutions except installing Windows. So if my company won't support it and I can't do it natively I'm not spending 200+ on an OS that I neither want nor need anyway. If I have to be taken off the out of hours call list ah well

joe_chicken

As far as 1 goes:

I've never had any problems upgrading any software on Ubuntu, indeed apt and synaptic make the whole process as painless as possible.

I think I remember reading somewhere that FF2 was unsupported on some recent versions i.e. they were hesitant to put it on any main repositories, but it should work fine if you install it manually, as far as I'm aware, I'm using 2.0 at home... I think

I installed a Cisco Linux client at home a while back on fedora, but I can't remember where I got it from.... Should have it at home somewhere.

I used the company supplied setup file to load in the settings, it was relatively easy, but not sure how secure...

As for virtual desktops, you should be able to VNC from linux to windows no problem...
I've always done it the other way round though.

Khannie

Macros42 wrote:

For example if I got the LTS version can I not put FF 2 on it?

You can yeah. It's linux. You can do anything you want. 1.5 is the default with LTS though.

Macros42 wrote:

2. More importantly. I need to be able to VPN to work from my home pc. My company don't provide the Cisco VPN software for any OS other than Windows.

The cisco software is available for linux. I've used it extensively. All you need is the .pcf file that the windows client uses and the IP to connect to. If you have a windows client, you have all the information you need. Installation can be hassle because it uses a kernel module, but it definitely works. The best way (IMO) to use it is to get a virtual machine (linux ones are ready for download) and use that for VPN, that way your actual internet connection doesn't go tits up when you connect.

Macros42 wrote:

And for obvious reasons won't provide the VPN logon details willy-nilly. So I can't just set up the native VPN myself. Can I use VPC or any other means to use the provided - Windows - VPN solution or am I codding myself?

You shouldn't need to do any of this.

Macros42 wrote:

2A. Assuming that I can use the VPN solution has anyone any experience using remote desktop from Linux to Windows with rdesktop or anything else?

I've used rdesktop alright. Worked a charm.

Macros42 wrote:

TBH my immediate boss has known for a good while now that I'm not installing Windows on my new rig when I build it - and I'm building it as soon as my SSIA hits my bank account I'm willing to try other solutions except installing Windows. So if my company won't support it and I can't do it natively I'm not spending 200+ on an OS that I neither want nor need anyway. If I have to be taken off the out of hours call list ah well

Good luck.

niallb

Macros42 wrote:

1. I read on the Dellbuntu thread about not being able to upgrade pre-installed software such as Firefox. Is that accurate? For example if I got the LTS version can I not put FF 2 on it?

Not exactly. Of course you can put it on.
My point was that if it was meant to be supported for several more years,
ubuntu itself should have been providing FF2 as an OS update.

Macros42 wrote:

2. More importantly. I need to be able to VPN to work from my home pc. My company don't provide the Cisco VPN software for any OS other than Windows.

I've also been using the linux client without any problems when required.
Interesting point of Khannie's on using a VM. You can get around it by using
very specific routing, but if you have the machine power, that's a nice simple approach, and gets around any kernel module problems you might have too.

Orion

Thanks lads. That's enough to get me started. I'll hopefully be ordering the parts by the end of the week and building it as soon as they arrive. I'm sure at that stage I'll be popping back in here to ask more questions

Khannie - I have the IP and PCF files - love the idea of keeping my connection up at the same time - I'll be looking into that further. Any particular VM you recommend?

Khannie

Macros42 wrote:

Khannie - I have the IP and PCF files

Sorted.

Macros42 wrote:

love the idea of keeping my connection up at the same time - I'll be looking into that further. Any particular VM you recommend?

Cheers. Yeah, it works well. I downloaded the ubuntu LTS server VM image from the vmware website and apt-get install'd xfce on it so it's nice and lightweight. Works a charm.

FWIW...the newest kernels have virtualisation support built in and your new CPU will support that in hardware, so that's worth investigating if you find it sluggish in the slightest (you wont).

edit: Think I still have the server image with vpn support added. I'll have a look around. Give me a poke when you've got your box up and running.

koloughlin

Macros42 wrote:

2. More importantly. I need to be able to VPN to work from my home pc. My company don't provide the Cisco VPN software for any OS other than Windows. And for obvious reasons won't provide the VPN logon details willy-nilly. So I can't just set up the native VPN myself. Can I use VPC or any other means to use the provided - Windows - VPN solution or am I codding myself?

I tried using vpnc http://www.unix-ag.uni-kl.de/~massar/vpnc/ to connect to two different cisco vpns, my own company's vpn and my client's. It worked with my own company's and wouldn't work with my client's. After much googling I found that it was because my client's vpn concentrator had a setting requiring the "Stateful Firewall" to be turned on. From reading about it it seems that even cisco's own version of the vpn client for linux doesn't support this option.

Vpnc does have a little application called pcf2vpnc to convert your .pcf file to a config file for use with vpnc. The link above also has a way to get the group password back from its encoded form in the pcf file.

niallb

This is interesting.
I've never had the problem with the concentrator requiring stateful firewall on,
but it's bound to come up some day, so I looked into it.
The firewall isn't going to be a part of the vpnc settings, so you shouldn't have any more worries there.
The vpn client for linux doesn't need to support the option.
You'll need to add a few lines to an iptables script to get the feature.
I found these on a LinuxQuestions thread.
They look sufficient, and I'd be interested to hear if they work for you.
Save this stanza as a file such as vpn-firewall-rules and load them up using
iptables-restore < vpn-firewall-rules
Take a check on interface names and network port settings before you run it.

# Firewall configuration written by Cisco Systems
# Designed for the Linux VPN Client 4.8.00.0490 Virtual Adapter
# Blocks ALL traffic on eth0 except for tunneled traffic
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

# Allow all traffic in both directions through the VA adapter
-A INPUT -i cipsec0 -j ACCEPT
-A OUTPUT -o cipsec0 -j ACCEPT

# Accept all encrypted VPN Client traffic in either direction on eth0
-A INPUT -i eth0 -p udp -s 0/0 --sport 500 -d 0/0 --dport 500 -j ACCEPT
-A OUTPUT -o eth0 -p udp -s 0/0 --sport 500 -d 0/0 --dport 500 -j ACCEPT

-A INPUT -i eth0 -p udp -s 0/0 --sport 4500 -d 0/0 --dport 4500 -j ACCEPT
-A OUTPUT -o eth0 -p udp -s 0/0 --sport 4500 -d 0/0 --dport 4500 -j ACCEPT

-A OUTPUT -o eth0 -p udp -s 0/0 --sport 1024: -d 0/0 --dport 29747 -j ACCEPT

# Block all other traffic in either direction on eth0
-A INPUT -i eth0 -j REJECT
-A OUTPUT -o eth0 -j REJECT
COMMIT