Ubuntu: Cisco VPN Client installation on Intrepid » $ thought

Cisco VPN client for Linux installation doesn't happen out-of-the-box. There is plugin of VPNC which gets integrated with NetworkManager of Ubuntu but I didn't focus on that. Maybe somebody would like to guide the steps for it. I investigated a little and found bunch of articles / blog post about VPN issue. Some of the articles needs an update. Following steps will get VPN client working on Ubuntu Intrepid and use certificate based authentication to connect.

First get the distribution of VPNClient for Linux. This distribution is valid for 32-bit as well 64-bit installations.

wget http://tuxx-home.at/vpn/Linux/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
tar -xvzf  vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
cd vpnclient
sudo ./vpn_install

This command should result in similar output below:

Cisco Systems VPN Client Version 4.8.01 (0640) Linux Installer
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.

By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.

Directory where binaries will be installed [/usr/local/bin]

Automatically start the VPN service at boot time [yes]

In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.

Directory containing linux kernel source code [/lib/modules/2.6.27-7-generic/build]

* Binaries will be installed in "/usr/local/bin".
* Modules will be installed in "/lib/modules/2.6.27-7-generic/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from "/lib/modules/2.6.27-7-generic/build" will be used to build
the module.

Is the above correct [y]

Making module
make -C /lib/modules/2.6.27-7-generic/build SUBDIRS=/home/sachin/vpnsandbox/vpnclient
modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.27-7-generic'
CC [M]  /home/sachin/vpnclient/linuxcniapi.o
In file included from /home/sachin/vpnclient/Cniapi.h:15,
from /home/sachin/vpnclient/linuxcniapi.c:31:
/home/sachin/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
make[2]: *** [/home/sachin/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/sachin/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.27-7-generic'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko".

To get around this error you need to patch couple of files in the existing source. Download the patch and apply it.

wget http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff
patch < ./vpnclient-linux-2.6.24-final.diff

After successful patch of the files you can go ahead to the install procedure again -

sudo ./vpn_install

You can see all files getting compiled successfully. If it is successful you will see a message like below -

* You must run "/etc/init.d/vpnclient_init start" before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.

Now you can copy your vpn configuration files (*.pcf) in /etc/opt/cisco-vpnclient/Profiles folder and you can start connecting the vpn network using command -

vpnclient connect

If you want to use certificate based authentication for the connection then following do following operation.

sudo cisco_cert_mgr -U -op import

This will ask you for the certificate file location and password for the file if required. Enter the passwords for importing certificates if required and try with connection.

amgalitz

Thanks for this!

However patch fails for the
Failed to make module “cisco_ipsec.ko”.
Error.

I have the same headers as in this example:
/usr/src/linux-headers-2.6.27-7-generic/
Intrepid is fully updated as of this date

Here is error message, note xxxxx replaces actual user name:

xxxxx@server:~/vpnclient$ sudo ./vpn_install

Cisco Systems VPN Client Version 4.8.01 (0640) Linux Installer
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
… [matching lines deleted for brevity]

Making module
make -C /lib/modules/2.6.27-7-generic/build SUBDIRS=/home/xxxxx/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.27-7-generic’
scripts/Makefile.build:46: *** CFLAGS was changed in “/home/xxxxx/vpnclient/Makefile”. Fix it to use EXTRA_CFLAGS. Stop.
make[1]: *** [_module_/home/rwcalg/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.27-7-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
………

looked at the indicated Makefile listed below and it seems to be using EXTRA_CFLAGS to my uneducated eye. Question are the “+=” correct or should they be “=” because of a patching error?

—- listing of “/home/xxxxx/vpnclient/Makefile”
#
# KBUILD build parameters.
#
KERNEL_SOURCES ?= /lib/modules/$(shell uname -r)/build
KERNEL_HEADERS := -I$(KERNEL_SOURCES)/include
MODULE_ROOT ?= /lib/modules/$(shell uname -r)/CiscoVPN
SUBARCH := $(shell uname -m)

MODULE_NAME := cisco_ipsec

SOURCE_OBJS := linuxcniapi.o frag.o IPSecDrvOS_linux.o interceptor.o linuxkernelapi.o

ifeq ($(SUBARCH),x86_64)
CFLAGS += -mcmodel=kernel -mno-red-zone
NO_SOURCE_OBJS := libdriver64.so
else
NO_SOURCE_OBJS := libdriver.so
endif

ifneq ($(KERNELRELEASE),)

obj-m := $(MODULE_NAME).o

$(MODULE_NAME)-objs := $(SOURCE_OBJS) $(NO_SOURCE_OBJS)

EXTRA_CFLAGS += -Wall \
-D_LOOSE_KERNEL_NAMES \
-DCNI_LINUX_INTERFACE \
-DHAVE_CONFIG_H

ifeq ($(PATCHLEVEL), 4)
$(obj)/$(MODULE_NAME).o: $($(MODULE_NAME)-objs)
$(LD) $(EXTRA_LDFLAGS) -r -o $@ $($(MODULE_NAME)-objs)
endif #PATCHLEVEL

else #KERNRELEASE

default:
$(MAKE) -C $(KERNEL_SOURCES) SUBDIRS=$(PWD) modules
clean:
-rm -f $(SOURCE_OBJS)
-rm -f $(MODULE_NAME).mod.*
-rm -f $(MODULE_NAME).{o,ko}

endif #KERNRELEASE
—– end of listing

THANKS IN ADVANCE!!

cheers
http://volodymyr-bober.blogspot.com/ Volodymyr

Sachind,

(by the way, there are no places where your name can be found, except a link under your photo at “About Me” page)

Thank you for the post. Every thing went just fine, like you described.

2_amgalitz
you probably should try exactly the same build of Cisco vpn-client, I did have a trouble with another build too.

Regards
Magnus

Thank you SO MUCH!!! I was looking for a Cisco VPN client that actually works in Ubuntu for a long time.
Lauren

Worked great! Thank you. Wish I’d found this page before trying several other procedures.

The only other problem I had was my own fault. I was adding the .pcf extension to the profile name when using the connect command. Once I dropped that, life was good.
http://n/a Oliver

Hi all,
Thank you for the steps. They do not work on my Intrepid install. The issue is exactly the same as Amgalitz above. I have the exact same VPN build and the exact same error message. Where should I troubleshoot this ?
Fast

This worked on my 8.10 (64-bit)

http://ubuntuforums.org/showthread.php?t=765975

It got around the problems described previously.
Lauren

I’ve reinstalled Intrepid since my last post on 12/5/08. On the fresh install, I hit a minor hickup when applying the vpnclient-linux-2.6.24-final.diff patch:

bash: patch: command not found

I downloaded the Patch utility at this URL, and after installing this package was able to complete the VPN client installation:

http://packages.ubuntu.com/intrepid/patch

Thanks again!
http://www.lightourworld.com James Moffitt

These instructions were wonderful. Only one problem…

:~$ vpnclient connect kiawah
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.27-9-generic #1 SMP Thu Nov 20 21:57:00 UTC 2008 i686
Config file directory: /etc/opt/cisco-vpnclient

Could not attach to driver. Is kernel module loaded?
The application was unable to communicate with the VPN sub-system.

Any assistance would be appreciated… Thanks
Sachin

You need to start the vpnclient by issuing command:

sudo /etc/init.d/vpnclient_init start

You can either put this command in your /etc/rc.local so that it automatically starts or you can issue this command manually everytime you start computer.
Lars Lindner

Hi,

I have installed Ubuntu 8.1 on my ThinkPad X61T.
uname -a gives
2.6.27-11-generic #1 SMP Thu Jan 29 19:24:39 UTC 2009 i686 GNU/Linux

I have installed the Cisco VPN client according to the instructions above and now I have no problem to connect through VPN but……..
after a while, a couple of minutes or so, my PC freezes.
The only way to get it out of this state is to power off.
I have reinstalled the VPN client a couple of times, with no other result.
Any one of you having a clue of what can be causing this?
Jan

Hi,

I have the exact same problem as Lars on an Asus Z53S with interpid 2.6.27-11-generic.

What can I do?

Please help!
Dave Holmes-Kinsella

My problem is right at the end – the install seems ok;
but when I try to fire the connection up
vpnclient connect fthq
it comes back with an error
“The profile specified cannot be read”

the file fthq.pcf is in the /etc/opt/cisco_vpnclient directory
http://www.ubun2.com Ubuntu Answers

You dont even need a cisco vpn client. http://www.ubun2.com/question/155/how_remote_connect_ubuntu_without_linux_cisco_vpn_client Now you can connect even without it.
Nice

Very useful information.Thanks!
http://unfoldingcode.com/ Marius B.

Btw, as a performance tip after the installation, you might also want to enable the option to only use the VPN connection for resources on its network: http://www.unfoldingcode.com/2011/08/how-to-install-cisco-vpn-client-on.html