So, I installed Ubuntu 7.04 Feisty Fawn beta about 2 months ago. I installed it on my notebook and one of my workstations, both of which had Windows installed previously. I’m not dual booting on those machine, they’re 100% Ubuntu now.
After getting everything setup and running nicely, I realized I had no way of connecting to the Cisco PIX VPN we have at work. This is really important for me to be able to do, my job depends on it. I immediately went to Google and started searching. Turns out a nice fellow named Alexander Griesser has created a patch for the Cisco VPN client. The most recent CIsco VPN client for linux won’t compile with kernels 2.6.19 or newer. There’s really not much of a difference between his instructions and this how-to. However, I’m including more detailed instructions for those who may not be familiar with compiling software on Linux.
Here’s the steps I took to get the Cisco VPN Client to work under Unbutu 7.04 (Feisty Fawn). Note: A $ at the beginning of a line signifies a command to be run from the terminal.
- Download vpnclient-linux-4.8.00.0490-k9.tar.gz (mirror) to your home directory.
- Open a terminal window and untar the vpnclient with the following command:
$ tar xzf vpnclient-linux-4.8.00.0490-k9.tar.gz
This will create a new folder called vpnclient in your home directory. Leave the terminal window open, you’ll need it later. - Download the patch (mirror) and save it to the vpnclient folder that was created in step 2.
- Go back to your terminal window and move into the vpnclient folder:
$ cd vpnclient/ - Now patch the Cisco VPN source with this command:
$ patch < vpnclient-linux-2.6.22.diff - Next we actually build the Cisco VPN client, issue this command:
$ sudo ./vpn_install
Just hit enter for everything it asks you, the defaults are all OK. You may see lots of warnings, but those are OK. - The VPN client is installed, now we need to start it:
$ sudo /etc/init.d/vpnclient_init start - Place your .pcf configuration files in /etc/opt/cisco-vpnclient/Profiles/
- If your .pcf file is called myVPN.pcf, you’ll connect to the VPN with the following command:
$ sudo vpnclient connect myVPN
That’s it! You should now be able to connect to your Cisco VPN with the official Cisco VPN client on Linux. This will probably work on pretty much any linux setup, not just Ubuntu.
UPDATE (8/18/2007): Alexander Griesser released a new patch that works with kernel versions 2.6.22 and greater. The new patch is backwards compatible, so it also works with older kernels as well, such as 2.6.10 and 2.6.21. All the download links above point to the newest release of the patch. I’ll continue to update this how-to as he releases new patches.
UPDATE (10/04/2007): Cisco has finally released a new version of their vpn client for Linux. This new version compiles on all the new 2.6.xx kernels without the need for patching! You can download it from Alexander’s site or you can get it right here.
UPDATE (12/29/2007): Alexander Griesser has a new project page for his Cisco VPN client patches. It contains basic usage information and will most likely always have the latest and greatest patch available for download. In addition to that, Alexander has a new patch to make version 4.8.01.0640-k9 of the Cisco VPN Client compile on 64bit systems. Again, you can download the latest Cisco VPN Client for linux from the following link:
http://www.longren.org/files/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
Popularity: 89% [?]
Nice tutorial.
Unfortunately, I am getting the following error:
Entering directory `/usr/src/linux-source-2.6.20'
ERROR: Kernel configuration is invalid.
include/linux/autoconf.h or include/config/auto.conf are missing.
Run 'make oldconfig && make prepare' on kernel src to fix it.
WARNING: Symbol version dump /usr/src/linux-source-2.6.20/Module.symvers
is missing; modules will have no dependencies and modversions.
can you help?
thanks!
Just want to add that I received the above error after
sudo ./vpn_installand specifying /usr/src/linux-source-2.6.20 for location of kernel source.I upgraded from Dapper today. It was long and scary but all seems to be working fine except VPN.
I would appreciate the help.
thanks.
mustali: When you run “sudo ./vpn_install”, try leaving the kernel source option at it’s default location (I believe it’s /lib/modules/2.6.20-15-generic/build).
That should do the trick. Let me know if that works or not.
Thanks for replying Tyler.
I am now able to compile with warnings. No more compiler errors! The problem was that on the first try, the default for the location of kernel header was blank ‘[]‘. So I entered /lib/modules/2.6.20-15-386 and created a ‘build’ link within it similar to 2.6.20-15-generic/build.
Now when I used ‘/lib/modules/2.6.20-15-generic/build’ the compilation worked fine.
Great. But now when I start the vpn service I get this
sudo /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting '/lib/modules/2.6.20-15-386/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
Failed (insmod)
FYI, here is the output from the installation:
Help!
mustali: Reboot your PC and see if “sudo /etc/init.d/vpnclient_init start” works after rebooting. Let me know if that works.
Rebooted and saw the same response.
Man, what could it be? The installer compiled a module that has a bad format!
any ideas?
mustali: Try starting over from the beginning. Remove the vpnclient folder created in step 2 and start over, starting with step #2. Let me know how that works.
figured it out.
It was the flipping headers. I had headers for 2.6.20-15-generic and 2.6.20-15. Synaptic caused the confusion.
After I installed the 2.6.20-16-386 linux headers, it was clockwork.
Thanks for the help Tyler.
Now if only I can get my dual monitor to run correctly…
you see, Fiesty is on my Dell Inspiron 630m. Dual booting XP. At work I have an external Dell CRT. I must have tried at least 500 different configurations of xorg.conf but none are working. Thats an ongoing battle.
Thanks again T!
correction. I meant 2.6.20-15-386
Glad you got it working mustali. Xorg can be difficult to get working exactly the way you want it. Took me about 10 tries to get my Nvidia card to work properly, way more times than it should have taken :)
I take my words back. Earlier I was just trying to get the VPN service start successfully but now when I actually tried to vpn into my office, I couldn’t get around this:
In frustration I turned to google and found that vpnc was being as an alternative to Cisco. With a little perl script, VPN worked instantly. This is what I did:
1) Install vpnc
2) Download and execute a perl script that will convert Cisco pcf files to the vpnc format
3) Connect to your vpn
mustali: That’s pretty funny. I initially started out trying to use vpnc, after hours of tinkering I couldn’t get it to connect. I even used that pcf2vpnc tool. I finally got fed up, dug around and found the official Cisco VPN client for Linux, and was able to get it working without much problem.
I am gonna see if I can’t get vpnc to work now too, I’d like to use the vpnc plugin for Network Manager, seems pretty slick.
Glad you’re able to connect to your office now, even though you weren’t able to use the official Cisco VPN Client. :) Thanks for following up with that info, I’m sure people will find your comments to be quite helpful.
Hey Tyler!
This is a little offtopic of the post (so I do apologize for that) but I’ve also recently moved away from Windows and have been Linux only on my desktop.
I’m totally a Linux-newb, so I was just curious for your thoughts/opinions on Ubuntu. I’ve been using a different distro thus far, but Ubuntu/Kubuntu look pretty appealing.
Thanks, and sorry again for being somewhat offtopic! ;)
Not a problem JJ. Ubuntu, for me, is the ultimate OS. It’s radically easier to use and learn than most linux distributions. Previous to Ubuntu, Slackware was my distribution of choice, which is a lot less n00b-friendly. Ubuntu is the perfect distro for linux newcomers. It’s easy to use (a GUI for almost everything) but still gives you the opportunity to do everything from the command line.
Ubuntu is very polished and 99% of my hardware has “just worked”, with the exception of my Linksys wireless cards and my Nvidia video card. I was so struck by how well put together Ubuntu was, I installed it on all my PC’s, except the router, which still runs Slackware.
Give Ubuntu a try, you’ll love it. I’d never touch Kubuntu, Gnome rocks my socks. KDE makes me want to puke, it’s ugly. I’m sure others would disagree. :)
Following your directions I was able to get the vpn client patched and installed, but when I try to connect to my VPN, it terminates the connection. The exact message is as follows:
Initializing the VPN Client
Secure VPN Connection terminated locally by the Client
Reason: The Connection Manager was unable to read the connection entry, or the connection entry has missing or incorrect information.
My VPN.pcf contains the following:
[main]
Description=AU Wireless VPN
Host=10.6.8.1
AuthType=1
GroupName=Wireless-Users
GroupPwd=
enc_GroupPwd=removed by Tyler
EnableISPConnect=0
ISPConnectType=0
ISPConnect=
ISPCommand=
Username=
SaveUserPassword=0
UserPassword=
enc_UserPassword=
NTDomain=
EnableBackup=0
BackupServer=
EnableMSLogon=1
MSLogonType=0
EnableNat=1
TunnelingMode=0
TcpTunnelingPort=10000
CertStore=0
CertName=
CertPath=
CertSubjectName=
CertSerialHash=00000000000000000000000000000000
SendCertChain=0
VerifyCertDN=
DHGroup=2
ForceKeepAlives=0
PeerTimeout=90
EnableLocalLAN=0
ISPPhonebook=
Any help is greatly appreciated.
Hey guys, this page has helped me a lot. I was using FC6-64 and got tired of not being able to see a lot of the multimedia content available on the web (like youtube). Periodic lock-ups with the vpn client helped me decide to try something new…
So I went to Feisty… vpn is the most important thing for me, working at home is the only reason I really even need Linux at home (although dumping windows is nice). After all the hoops of trying to get the cisco vpn client to work (after finally getting it compiled, it would lock up some minutes into any session - lock up hard, requiring a reset).
I tried that vpnc before and could never get it to work, but I tried it again after reading this page and all I can say is THANK YOU VERY MUCH. It’s one of those Linux things that if it doesn’t work this week, it’ll likely work next week, so you have to keep trying. In fact, I’ve tried Ubuntu before (Edgy, just a few months ago), and it wouldn’t recognize my ethernet card. Feisty’s got no problem with any of my hardware.
Tim… just go ahead and give vpnc a try.
What is it lately- I also installed linux. weird. seems like everyone is in sink. But the problem is my suound card has no drivers - firewire 410 - sucks cuase I would honestly use this OS over zindows any day.
I got a wired problem.
When the first time I want to connect VPN, it always failed, without any exception. Just like this
“Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection. ”
However, I reboot my computer, and then it worked.
It seemed that I didn’t add it to kernel, cause every time I need to run”sudo /etc/init.d/vpnclient_init start”
Any suggestions?
Just to let you know that the vpnc trick mentioned by mustali worked perfectly for me.
Thank you for this informative discussion. I have followed both alternatives (the cisco-client version as well as the vpnc version) and found the former to work but not the latter. I am not sure why vpnc doesn’t work, though (I must admit that I am a novice when it comes to networking technologies and terminology).
Thanks again!.
Srikanth.
Like Tim, I too was having a problem getting Cisco VPN client working on Ubuntu 7.04, The patch and install worked fine, but when trying to connect, would get the following:
Initializing the VPN Client
Secure VPN Connection terminated locally by the Client
Reason: The Connection Manager was unable to read the connection entry, or the connection entry has missing or incorrect information.
While investigating, I tried the sample.pcf, substituting my login specs, and it worked. Returning to my original pcf file, matched it up exactly the same, but still it would not work. After running od and diff and never finding any anomalies, I happened to do an ls of the directory. The file colors were different. Running ls -lda *.pcf revealed that the file modes for mine compared to sample were different.
If you get the above message, please make sure to run:
sudo chmod 644 /etc/opt/cisco-vpnclient/Profiles/*.pcf
Cheers to all!
A couple of problems I found:
################################
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-16-generic #2 SMP Wed May 23 01:46:23 UTC 2007 i686
Config file directory: /etc/opt/cisco-vpnclient
The profile specified could not be read.
################################
was caused by having my profile stored in the wrong folder. This seems obvious, but on my installation the profiles are kept in /etc/
CiscoSystemsVPNClient/Profiles/
This is different from the discription above. Moving my .pcf file to this folder solved the problem.
The following message:
################################
Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
################################
was caused by having my wireless card and ethernet card enabled, while the outside world is only accessible via the ethernet. I think this is probably a routing problem, but temporarily disabling the wireless card solved the problem.
Hope this helps someone.
Good luck
Excellent posts.
Tyler’s Cisco VPN client instructions worked to the T, Jceliason’s chmod fixed one issue and Matt experiencing of disabling the unused network connection completed the hat trick.
Truly great information. Thanks a million.
Thanks for these simple instructions, worked without any problem for me.
Thanks so much for all the help. I had given up on this for a while, but recently came back and the help about chmod by Jceliason fixed the profile configuration file, as well as Matt’s idea of disabling the unused network connection (in my case, I disabled the wired connection and just used wireless).
Thanks again!
The vpnc method worked like a charm for me. I am running Ubuntu 7.04 with the latest kernel (2.6.20-16-generic). Cisco’s client stopped working a kernel or so ago. The vpnc works!!!
Mike
Thank you so much.
I have been struggling with for weeks. You saved me.
Thank you so much. Keep up the good work!!
@Frank
Check your /etc/rc5.d/ directory. It should have a symbolic link to /etc/init.d/vpnclient_init (or something similar, I haven’t yet installed it on mine). If it doesn’t you will have to create a symbolic link to the startup script:
# ln -s /etc/init.d/vpnclient_init /etc/rc5.d/vpnclient_init
Hi,
I am fairly new to Ubuntu. I’ve followed the instructions above and I have both vpnc and Cisco VPN with the patch installed and they seem to work. However they both fail to establish a VPN connection. I am able to establish a VPN connection from the same laptop under Windows.
Is there anything else I need to know about Ubuntu that might be blocking the connection? Or anything else I can try with the VPN configuration?
Thanks,
Andy
I got the cisco vpnclient installed, but I cannot connect using my windows pcf file. I get:
Therre is not much debugging information. Any ideas?
mustali
I needed to thank you for the pcf2conf and vpnc advice! You were a life saver!!
I was fiddling around with Cisco’s vpnclient for a while, but vpnc worked on the first attempt!
Hypatia,
have you started the vpn client service, ie:
sudo /etc/init.d/vpn-somethingICantRemember start
I can never remember the name, but auto complete always knows.
I am glad vpnc worked out for so many when Cisco failed. I wonder what is the unknown piece that causes either one to fail or work.
@Hypatia
Have you tried the ‘network disable’ and ‘profile permission change’ workarounds suggested earlier?
Turns out that Cisco client has started working for me. Probably becuase of the recent automatic upgrades. I am now on 2.6.20-16.
@Fred
Give VPN client another shot ;)
Peace.
Thank you for your work on the instructions! Worked without issue on a Dell Inspiron 6000 w/Feisty.
Fabulous! I’ve been trying all year to get connected to the internet at University College London, and these instructions made it really simple: download the client, patch it, install it, and turn off my wired connection. Just a shame I went all school year without it!
Thanks so much, everyone.
Thanx ! works like a charm !
you are truly one of the linux goodguys !
/Darktux
I am trying to follow the instructions - downloaded, untarred, applied the patch, ran install with defaults. I get this error:
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.20-16-generic/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.20-16-generic/build” will be used to build the module.
Is the above correct [y]
Making module
make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/tmloos/programs/cisco vpn client/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-generic’
make[1]: *** No rule to make target `vpn’. Stop.
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
tmloos@frogger:~/programs/cisco vpn client/vpnclient$
tmloos@frogger:~/programs/cisco vpn client/vpnclient$ *** No rule to make target `vpn’. Stop.
Please help! I too hook in to the home office vpn for access to everything…
Thanks!
@Tom
Remove the 2.6.20-16-generic linux-headers/source packages and install the 2.6.20-16-i386 header/source packages instead. Try vpn_install once again and see what happens.
Mustali
Nice tutorial! Probably had some problem with the patch I used, this one works fine!
Thanks a lot!
Nice tutorial, worked a treat. Thanks.
Hi
thanks for the instructions. However it seems not to work for me
(Kubuntu 7.04 with kernel 2.6.20-16)
Config file directory: /etc/opt/cisco-vpnclient
privsep: unable to drop privileges: group set failed.
The application was unable to communicate with the VPN sub-system.
According to the instructions of my university server I have just
to set the host and the user but no group or anything
is there anything wrong in the configuration?
thanks
Uwe Brauer
Uwe: Did you run the following command?
Tyler:
Yes of course. I now tried the kde backend kvpc, when I import my
pcf conf file I am asked for a group passwd. According to the instructions I have this passwd should not be necessary. I best
talk to our IP guys and report back
Uwe
@Uwe Brauer
Try this
sudo chmod 4111 /opt/cisco-vpnclient/bin/cvpnd
Restart the client
sudo /etc/init.d/vpnclient_init restart
HTH
Used the Cisco client until I upgraded to feisty this week. Compiling the client didn’t work. Thanks to this howto it does now. VPNC did NOT connect (I tried moving to it because it is supported in Ubuntu, so I would not need to recompile each time I upgrade). If anybody finds out why VPNC does not work I like to know. http://ubuntuforums.org/showthread.php?t=410172&highlight=vpnc mention it might be a bug related to wireless, but I find it hard to believe that…
Anyway thanks for the patch/howto.
Just wanted to say THANKS!! I’ve been trying to get this to work for 3 days now, and the directions you published worked perfectly!
Hello!
@Paul Gevers:
Is it possible that vpnc doesn’t work for you (or some of the others above) because it doesn’t support e.g. certificates or hybrid auth (yet) (see http://www.unix-ag.uni-kl.de/~massar/vpnc/). I don’t even completely understand what these are about, but the IT staff at my college told me that this is the reason vpnc can’t connect to their vpn concentrator…
Jörg
This did the trick. Very clearly written and easy to follow. I am a unix sysadmin, but I don’t think that had too much to do with how easy I found the instructions to follow
Jim
Thanks is working fine with 0 errors.
Just wanted to say thanks for well written tutorial.
Worked without any errors on my i686 box with freshly installed Feisty Fawn.
I’m having a really weird issue with both this and vpnc. I can connect, but I can’t resolve anything… vpnc changes my resolv.conf, but I can’t ping anything, and the cisco client doesn’t do anything. I have no idea why this is happening, anyone have any thoughs?
Thanks. It worked in the first attempt in Ubuntu Fiesty (Mac Book Pro)
Just Installed KUBUNTU 7.04, Could’nt get KVPNC working, found this description, worked 1 time. Now I can connect, and open a tunnel. Now I only have some problems with my mouse, which don’t work in the RDP connected window, which bye the way seems a little slow. Thanks for the good yasy followed description.
Excellent…
Thanks for all…
Thanks for this! I just followed this tutorial and everything worked flawlessly!
Mustaliś ( on May 21st, 2007 at 10:51 pm) workaround with converting pcf to vpnc worked for me too .
I downloaded the patch and installed it as you said and the Cisco client works perfect. Thank you…
Hey Tyler. when i try to initialize the vpn client from terminal, i get the following error:-
You have entered an unrecognized command.
Usage:
vpnclient connect [user ] [eraseuserpwd | pwd ]
[nocertpwd]
vpnclient disconnect
vpnclient stat [reset] [traffic] [tunnel] [route] [repeat]
vpnclient notify
vpnclient verify [autoinitconfig]
vpnclient autoinit
I have typed out the command just fine, and excluded the .pcf extension. Not sure what i’m doing wrong? thanks much.
Figured it out. my pcf file name is pretty long with spaces. quoted it with single quotes and connected successfully. only problem left now is that local lan access is forbidden. some posts online say to enable it on the pcf file itself. will see. thanks for the walkthrough.
Thanks for the Great Tutorial, worked first time:- no problems.
Cheers.
Just wanted to say that this works with Ubuntu Gutsy as well. Just use the newer patch (2.6.22) available at the same location.
Thanks for the tutorial.
Dear all,
I need to establish a VPN-connection to the Tilburg University (Netherlands) and followed the instruction of Tyler. However, after executing step 9 (”sudo vpnclient connect myVPN”) I got the following error message:
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
Config file directory: /etc/opt/cisco-vpnclient
Could not attach to driver. Is kernel module loaded?
The application was unable to communicate with the VPN sub-system.
What did I wrong? I’m fairly new to Ubuntu, so please keep it simple (as Tyler did).
Regards,
canti
canti: Try doing step # 7 again and then try executing step #9 again.
Let me know if that works or not.
Hi Tyler,
With your instructions I got no old error message, but a new one arose:
Enter a group password:
Initializing the VPN connection.
Contacting the gateway at 137.56.127.10
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
I found out that I used the wrong password (I accidently used the name of the Group Access Information instead of the password). Now I fixed the connection!
However, I cannot use the normal internet, it seems there could be only one connection at one time, not two connections: VPN and wired (for internet). I need to establish the VPN-connection with the online contents for journal articles, accessible via common internet connection. Do you understand my problem? I’m sorry for my bad English…
I hope you can help me.
Regards,
canti
Dear Tyler,
Now it unexpectedly works! I didn’t change anything, just tried it for the second time, and everything works! I don’t understand it, but in any case I’m very happy!
Now I have one another question, if you may allow me to do that (I hope I’m not boring…). Is there an easier way than to write in the terminal every time I want to establish the vpn-connect? For example selecting the monitor symbol for network in a toolbar? Just a question to make my life with the computer easier, not important.
Thank you anyway for the clear instructions!
canti
works! so far anyway. running 7.04. snags:
1. incorrect kernel headers - installed mine as per ‘uname -a’:
.Linux ubuntu-desktop 2.6.20-16-386 #2 Thu Jun 7 20:16:13 UTC 2007 i686 GNU/Linux
2. symlinked kernel header dir to /usr/src/linux so vpn_install would find them easily. optional.
thanks for sharing the information, this saved me sooo much time :D
Trying to install. I followed all the instructions and got the following error:
Making module
make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/oracle/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-generic’
make[2]: *** No rule to make target `/home/oracle/vpnclient/libdriver64.so’, needed by `/home/oracle/vpnclient/cisco_ipsec.o’. Stop.
make[1]: *** [_module_/home/oracle/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
I am using Feisty EMT64 bit release. Is there an additional library set I need? It appears this is a needed file for the install.
I have installed gcc,build-essentials,libc6,libstdC++5
This is Alan again, sorry for the issues. I found the lib in another copy I had of the download. It has compiled now…
Nice Tip,
I was searching for it for a long time.
It works great with my Kubuntu 7.04
Thanks for sharing this information.
AT
Thanks all. This tutorial really save my life :D. It works in my KUBUNTU 7.04. Just to remind other people, if you get this message after installing and trying to run the cisco vpn client:
Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
Just Disable your unused network device. For example, if you connect using LAN then disable your wireless.
Cheers.
I try and execute the command:
sudo vpnclient connect EMSInc
And Got:
sudo: unable to execute /usr/local/bin/vpnclient: No such file or directory
Here is an actual strace with the issue:
It appears the issue is with /etc/ld.so.preload and so forth…
oracle@oracledev:~$ strace sudo vpnclient connect EMSInc
execve(”/usr/bin/sudo”, ["sudo", "vpnclient", "connect", "EMSInc"], [/* 31 vars */]) = 0
brk(0) = 0×51c000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0×2ab7704bf000
uname({sys=”Linux”, node=”oracledev”, …}) = 0
access(”/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0×2ab7704c0000
access(”/etc/ld.so.preload”, R_OK) = -1 ENOENT (No such file or directory)
open(”/etc/ld.so.cache”, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=53091, …}) = 0
mmap(NULL, 53091, PROT_READ, MAP_PRIVATE, 3, 0) = 0×2ab7704c2000
close(3) = 0
access(”/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
open(”/lib/libpam.so.0″, O_RDONLY) = 3
read(3, “\177ELF\2\1\1\3>\1\240\35″…, 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=34256, …}) = 0
mmap(NULL, 2129448, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0×2ab7706c0000
mprotect(0×2ab7706c8000, 2093056, PROT_NONE) = 0
mmap(0×2ab7708c7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0×7000) = 0×2ab7708c7000
close(3) = 0
access(”/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
open(”/lib/libdl.so.2″, O_RDONLY) = 3
read(3, “\177ELF\2\1\1\3>\1 \16″…, 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14624, …}) = 0
mmap(NULL, 2109728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0×2ab7708c8000
mprotect(0×2ab7708ca000, 2097152, PROT_NONE) = 0
mmap(0×2ab770aca000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0×2000) = 0×2ab770aca000
close(3) = 0
access(”/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
open(”/lib/libc.so.6″, O_RDONLY) = 3
read(3, “\177ELF\2\1\1\3>\1\340\331″…, 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1367432, …}) = 0
mmap(NULL, 3473592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0×2ab770acc000
mprotect(0×2ab770c13000, 2097152, PROT_NONE) = 0
mmap(0×2ab770e13000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0×147000) = 0×2ab770e13000
mmap(0×2ab770e18000, 16568, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0×2ab770e18000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0×2ab770e1d000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0×2ab770e1e000
arch_prctl(ARCH_SET_FS, 0×2ab770e1db00) = 0
mprotect(0×2ab770e13000, 12288, PROT_READ) = 0
munmap(0×2ab7704c2000, 53091) = 0
geteuid() = 1000
write(2, “sudo: “, 6sudo: ) = 6
write(2, “must be setuid root”, 19must be setuid root) = 19
write(2, “\n”, 1
) = 1
exit_group(1) = ?
Process 7290 detached
Hi Tyler -
Thanks for the great tutorial–I am now able to access my work files on my new linux machine. One minor setback I am having is that whenever I restart the OS and go to start vpnclient I get the following message:
matt@matt-desktop:~$ vpnclient connect ISPtoPSU &
[1] 6232
matt@matt-desktop:~$ Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
Config file directory: /etc/opt/cisco-vpnclient
Could not attach to driver. Is kernel module loaded?
The application was unable to communicate with the VPN sub-system.
If I restart vpn with:
matt@matt-desktop:~$ sudo /etc/init.d/vpnclient_init restart
I am then able to run vpn successfully:
matt@matt-desktop:~$ vpnclient connect ISPtoPSU
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Contacting the gateway at 128.118.97.125
User Authentication for ISPtoPSU…
Any ideas regarding what I can do to fix this and, further, if it is possible to have linux open my vpn connection on startup is possible.
Thanks much, Matt
i have ubuntu feisty fawn with kernel 2.6.20.16 and when i run patch, it FAILS. i tryed with patch 2.6.19, 2.6.22, 2.6.20.6 and nothing, HELP please!!
my email is egpextasis@hotmail.com
Thanks Tyler,
Very helpful tutorial, I could able to set up & get connected & access the office files in no time on my ubuntu fiesty fawn (gnome-love it).
awesome tutorial, but after it is successful, nothing happens in the term and i can’t mount the network shares i’m trying to get at. am i missing something?
I followed the exact same steps mentioned above. I got the following error when I do vpn_install. But install appears good. When I try to access vpn it’s not working any idea?
Making module
make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/root/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-generic’
CC [M] /root/vpnclient/linuxcniapi.o
CC [M] /root/vpnclient/frag.o
CC [M] /root/vpnclient/IPSecDrvOS_linux.o
CC [M] /root/vpnclient/interceptor.o
/root/vpnclient/interceptor.c: In function ‘handle_vpnup’:
/root/vpnclient/interceptor.c:313: warning: assignment from incompatible pointer type
/root/vpnclient/interceptor.c:337: warning: assignment from incompatible pointer type
/root/vpnclient/interceptor.c:338: warning: assignment from incompatible pointer type
/root/vpnclient/interceptor.c: In function ‘do_cleanup’:
/root/vpnclient/interceptor.c:386: warning: assignment from incompatible pointer type
CC [M] /root/vpnclient/linuxkernelapi.o
LD [M] /root/vpnclient/cisco_ipsec.o
Building modules, stage 2.
MODPOST 1 modules
WARNING: /root/vpnclient/cisco_ipsec.o - Section mismatch: reference to .init.text: from .data between ‘interceptor_dev’ (at offset 0xb4) and ‘interceptor_notifier’
WARNING: could not find /root/vpnclient/.libdriver.so.cmd for /root/vpnclient/libdriver.so
CC /root/vpnclient/cisco_ipsec.mod.o
LD [M] /root/vpnclient/cisco_ipsec.ko
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-generic’
Copying module to directory “/lib/modules/2.6.20-16-generic/CiscoVPN”.
Already have group ‘bin’
Creating start/stop script “/etc/init.d/vpnclient_init”.
/etc/init.d/vpnclient_init
Enabling start/stop script for run level 3,4 and 5.
Creating global config /etc/opt/cisco-vpnclient
Installing license.txt (VPN Client license) in “/opt/cisco-vpnclient/”:
Installing bundled user profiles in “/etc/opt/cisco-vpnclient/Profiles/”:
* New Profiles : sample
Copying binaries to directory “/opt/cisco-vpnclient/bin”.
Adding symlinks to “/usr/local/bin”.
/opt/cisco-vpnclient/bin/vpnclient
/opt/cisco-vpnclient/bin/cisco_cert_mgr
/opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory “/opt/cisco-vpnclient/bin”.
/opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory “/opt/cisco-vpnclient/lib”.
/opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory “/opt/cisco-vpnclient/include”.
/opt/cisco-vpnclient/include/vpnapi.h
Setting permissions.
/opt/cisco-vpnclient/bin/cvpnd (setuid root)
/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient/Profiles (group bin readable)
/etc/opt/cisco-vpnclient/Certificates (group bin readable)
* You may wish to change these permissions to restrict access to root.
* You must run “/etc/init.d/vpnclient_init start” before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.
root@xaviea-ubuntu:~/vpnclient#
./start_vpn
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
Hello,
Thanks for the GREAT tutorial and patches. I was able to successfully connect to the VPN. However, I have a strange error that once I disconnect, I cannot reconnect. I get the following:
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a TCP connection.
There are no new notification messages at this time.
Oh, and it DOES attempt to connect. This is the whole message:
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-16-generic #2 SMP Fri Aug 31 00:55:27 UTC 2007 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Initiating TCP to xx.xx.xx.xx, port 10000
Contacting the gateway at xx.xx