How To: Cisco VPN Client On Ubuntu
So, I installed Ubuntu 7.04 Feisty Fawn beta about 2 months ago. I installed it on my notebook and one of my workstations, both of which had Windows installed previously. I’m not dual booting on those machine, they’re 100% Ubuntu now.
After getting everything setup and running nicely, I realized I had no way of connecting to the Cisco PIX VPN we have at work. This is really important for me to be able to do, my job depends on it. I immediately went to Google and started searching. Turns out a nice fellow named Alexander Griesser has created a patch for the Cisco VPN client. The most recent CIsco VPN client for linux won’t compile with kernels 2.6.19 or newer. There’s really not much of a difference between his instructions and this how-to. However, I’m including more detailed instructions for those who may not be familiar with compiling software on Linux.
Here’s the steps I took to get the Cisco VPN Client to work under Unbutu 7.04 (Feisty Fawn). In all reality, this should work with any version of Ubuntu, not just 7.04. I used this same method to get the Cisco VPN Client working on Ubuntu 8.04. Note: A $ at the beginning of a line signifies a command to be run from the terminal.
- Download vpnclient-linux-4.8.00.0490-k9.tar.gz (mirror) to your home directory.
- Open a terminal window and untar the vpnclient with the following command:
$ tar xzf vpnclient-linux-4.8.00.0490-k9.tar.gz
This will create a new folder called vpnclient in your home directory. Leave the terminal window open, you’ll need it later. - Download the patch (mirror) and save it to the vpnclient folder that was created in step 2.
- Go back to your terminal window and move into the vpnclient folder:
$ cd vpnclient/ - Now patch the Cisco VPN source with this command:
$ patch < vpnclient-linux-2.6.22.diff - Next we actually build the Cisco VPN client, issue this command:
$ sudo ./vpn_install
Just hit enter for everything it asks you, the defaults are all OK. You may see lots of warnings, but those are OK. - The VPN client is installed, now we need to start it:
$ sudo /etc/init.d/vpnclient_init start - Place your .pcf configuration files in /etc/opt/cisco-vpnclient/Profiles/
- If your .pcf file is called myVPN.pcf, you’ll connect to the VPN with the following command:
$ sudo vpnclient connect myVPN
That’s it! You should now be able to connect to your Cisco VPN with the official Cisco VPN client on Linux. This will probably work on pretty much any linux setup, not just Ubuntu.
UPDATE (8/18/2007): Alexander Griesser released a new patch that works with kernel versions 2.6.22 and greater. The new patch is backwards compatible, so it also works with older kernels as well, such as 2.6.10 and 2.6.21. All the download links above point to the newest release of the patch. I’ll continue to update this how-to as he releases new patches.
UPDATE (10/04/2007): Cisco has finally released a new version of their vpn client for Linux. This new version compiles on all the new 2.6.xx kernels without the need for patching! You can download it from Alexander’s site or you can get it right here.
UPDATE (12/29/2007): Alexander Griesser has a new project page for his Cisco VPN client patches. It contains basic usage information and will most likely always have the latest and greatest patch available for download. In addition to that, Alexander has a new patch to make version 4.8.01.0640-k9 of the Cisco VPN Client compile on 64bit systems. Again, you can download the latest Cisco VPN Client for linux from the following link:
http://www.longren.org/downloads/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
UPDATE (8/11/2011): Marius B commented and mentioned he has a post up on this same subject. It’s worth checking his post out. He basically suggests enabling the option to only use the VPN connection for resources on the network you’re connected to. See his post for more.
I’ve been told that Hardy has the built-in GUI VPN stuff just like Intrepid.
# apt-get install network-manager-vpnc
Then just click on the network manager icon, go to VPN and configure away…
Thanks Rev. Dr., I ended up using KVpnc instead of the network manager. I would rather use the network manager as it is very simple and part of the standard network connection menu, but i don’t have the group key for my company as it is encrypted in the .pcf file, thus can’t get it working. If there is a work around please voice it. KVpnc is easy to set up, simply import the .pcf, put add the domain name on the configuration page, and you should be good to go….
Have you tried asking your network admins for the group password? I had the same problem, and just ended up asking them. They told me without hesitation. Of course, we use unique RSA logins for each connection, so it may be different where you’re at.
I was able to get the Cisco VPN client configured and installed on Ubuntu 8.10. I used this package – http://www.longren.org/downloads/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz, and applied the patch from here : http://tuxx-home.at/projects/cisco-vpnclient/vpnclient-linux-2.6.22.diff and just followed the steps above. Creating the PCF / Profile was probably the hardest part. I’d probably recommend copying a working PCF from another system first.
It works fine from the CLI.
I also decided to look for a GUI, so I installed the KVpnc application which uses the vpnc package. I am also able to use it, but I simply imported the working PCF file that I used above. Seems pretty nice.
Thanks a lot!!!
I had tried installing the vpn client with or without the patch, but it just doesn’t work (see) error messages below:
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.27-11-generic/build]
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.27-11-generic/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.27-11-generic/build” will be used to build the module.
Is the above correct [y]
Making module
make -C /lib/modules/2.6.27-11-generic/build SUBDIRS=/home/nightcrawler/Download/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.27-11-generic’
CC [M] /home/nightcrawler/Download/vpnclient/linuxcniapi.o
In file included from /home/nightcrawler/Download/vpnclient/Cniapi.h:15,
from /home/nightcrawler/Download/vpnclient/linuxcniapi.c:31:
/home/nightcrawler/Download/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
make[2]: *** [/home/nightcrawler/Download/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/nightcrawler/Download/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.27-11-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
Any suggestions?
I have the same problem.
Did you solve it?
Do you have any suggestions?
Thanks.
Such a nice post it is
It helped a lot! Thanks
very nice thanks
마이커피의 생각…
How To: Cisco VPN Client On Ubuntu…
How can I fix this error:
Making module
make -C /lib/modules/2.6.27-11-generic/build SUBDIRS=/home/henry/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.27-11-generic’
CC [M] /home/henry/vpnclient/linuxcniapi.o
In file included from /home/henry/vpnclient/Cniapi.h:15,
from /home/henry/vpnclient/linuxcniapi.c:31:
/home/henry/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
make[2]: *** [/home/henry/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/henry/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.27-11-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
Thanks.
You need to install the patch, as is instructed in step 5.
patch < vpnclient-linux-2.6.22.diff
then run the install.
Got the same problem, same kernel, patch doesn’t work for me.
Tried this version: http://www.longren.org/downloads/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
Upgraded to Jaunty and could not start the client, so I tried to reinstall, but failed. Here is the output:
lori@lori-laptop:~$ tar xfv vpnclient-linux-4.8.00.0490-k9.tar.gz
vpnclient/
vpnclient/libvpnapi.so
vpnclient/vpnapi.h
vpnclient/cisco_cert_mgr
vpnclient/vpnclient
vpnclient/ipseclog
vpnclient/cvpnd
vpnclient/vpn_install
vpnclient/vpnclient_init
vpnclient/vpn_uninstall
vpnclient/driver_build.sh
vpnclient/sample.pcf
vpnclient/vpnclient.ini
vpnclient/license.txt
vpnclient/license.rtf
vpnclient/interceptor.c
vpnclient/linuxcniapi.c
vpnclient/linuxcniapi.h
vpnclient/vpn_ioctl_linux.h
vpnclient/IPSecDrvOS_linux.c
vpnclient/linux_os.h
vpnclient/frag.h
vpnclient/frag.c
vpnclient/linuxkernelapi.c
vpnclient/GenDefs.h
vpnclient/mtu.h
vpnclient/IPSecDrvOSFunctions.h
vpnclient/IPSecDrvOS_linux.h
vpnclient/Cniapi.h
vpnclient/unixcniapi.h
vpnclient/unixkernelapi.h
vpnclient/config.h
vpnclient/libdriver.so
vpnclient/Makefile
lori@lori-laptop:~$ cp vpnclient-linux-2.6.22.diff vpnclient/
lori@lori-laptop:~$ cd vpnclient/
lori@lori-laptop:~/vpnclient$ patch < vpnclient-linux-2.6.22.diff
patching file frag.c
patching file interceptor.c
patching file IPSecDrvOS_linux.c
patching file linuxcniapi.c
patching file linux_os.h
lori@lori-laptop:~/vpnclient$ sudo ./vpn_install
Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]no
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.28-11-generic/build]
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.28-11-generic/CiscoVPN”.
* The VPN service will *NOT* be started automatically at boot time.
* Kernel source from “/lib/modules/2.6.28-11-generic/build” will be used to build the module.
Is the above correct [y]
Making module
make -C /lib/modules/2.6.28-11-generic/build SUBDIRS=/home/lori/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.28-11-generic’
CC [M] /home/lori/vpnclient/linuxcniapi.o
In file included from /home/lori/vpnclient/Cniapi.h:15,
from /home/lori/vpnclient/linuxcniapi.c:30:
/home/lori/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
make[2]: *** [/home/lori/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/lori/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.28-11-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
lori@lori-laptop:~/vpnclient$ ls /lib/modules/2.6.28-11-generic/build
arch drivers init lib Module.symvers security
block firmware ipc Makefile net sound
crypto fs Kbuild mm samples ubuntu
Documentation include kernel modules.order scripts usr
lori@lori-laptop:~/vpnclient$
Luckily my vmware is working and have it installed there.
Many thanks.
Hello,
I followed the instructions provided for 64bit Hardy Cisco VPN
by
http://forum.tuxx-home.at/viewtopic.php?f=15&t=543
and the installation gave no errors but when I tryed to start the program I got the following:
elina@FEMale:~/vpnclient$ sudo /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting ‘/lib/modules/2.6.22-16-generic/CiscoVPN/cisco_ipsec.ko’: -1999975736 Function not implemented
Failed (insmod)
And if I try to connect to VPN I have:
elina@FEMale:~/vpnclient$ sudo vpnclient connect sample
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.22-16-generic #1 SMP Sun Jan 25 23:29:15 GMT 2009 x86_64
Config file directory: /etc/opt/cisco-vpnclient
Could not attach to driver. Is kernel module loaded?
The application was unable to communicate with the VPN sub-system.
Do you know how I can solve the problem??
thanks a lot
Nice Article, I used VPN and it’s really user friendly!!
thanks for the tips.
I’ve still got a problem, though: when I’m connected to the VPN I loose my internet connection
You may delete the default route and restore your previous default ISP route out. Then you can add your static routes:
#after connecting
ip route del default
ip route add 192.168.11.0/24 dev tun0 # for each subnet you need to access in the vpn ¿can I do this with network manager?
ip route add default via 192.168.1.1 # your gateway
Hi, got the cisco vpn installed on my Ubuntu Karmic machine with the help of http://ilapstech.blogspot.com/2009/09/cisco-vpn-client-on-karmic-koala.html#comment-form but now when I try to connect my computer freezes and the caps lock key blinks. Have to hard shutdown. This is all over wireless, when connected through ethernet, it seems to work find. Using kernel 2.6.31-12 and cisco vpn 4.8.01.0640. Anyone else have this problem or know of a solution?
Have the same problem, have a lenovo T400 laptop… anyone knows why this is happening?
The issue seems to be related to a kernel/cisco vpn issue. I get this as well on fedora 11. The vpn client worked well on ubuntu 9.04 but that has an older kernel. In my searching various forums, its definitely a kernel issue
This solution solved my issue: http://www.lamnk.com/blog/computer/cisco-vpn-client-freezes-system-with-dual-core-cpu/
Hi,
I get following error when I try to install vpn
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic’
CC [M] /home/rahuld/vpnclient/linuxcniapi.o
In file included from /home/rahuld/vpnclient/Cniapi.h:15,
from /home/rahuld/vpnclient/linuxcniapi.c:30:
/home/rahuld/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
make[2]: *** [/home/rahuld/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/rahuld/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
I got exactly the same problem, how did you solve it?
Worked like a charm …first time …Ubuntu 7.10!
The last I tried I got bogged down and gave up… Thanks!
[...] How To: Cisco VPN Client On Ubuntu 7.04 (Feisty Fawn) at T. Longren (tags: linux vpn) [...]
[...] < vpnclient-linux-2.6.22.diff./vpn_installI got this information from the following blog. I ran into an error whereby the kernel sources were not found for the VPN client to install. I [...]
Thanks much!
Worked like a charm …first time …Ubuntu 7.10!
I installed succesfully without any sort of troubles. Bad-luck, during vpnclient connect *.pcf command it is showing “the profile specified could not be read”. I tried various possible way like changing the permission and providing the absolute path, but no hope same error repeated.
I show there are few post with same issue. Did any one solved it out ? Any help is great help for me. Thanks
Jaynarayan
Sometimes you need to go a step further in setting up vpnc on a linux box – and decrypt a group secret from within a cisco pcf file.
HI, i followed directions for 8.04 and installed successfully, now im having an issue with computer crashing after about 10-15 min of use of vpn connect + rdesktop.
anyone else experiencing this issue?
Thank you for this post, it works fine for me, but I get the following error when I try to connect. “The profile specified could not be read.”
I am using Ubuntu 10.04 and I can’t get any of the above to work. I am at my wits end with VPN and blackberry Internet modem based access. I was going to try VNC RDP next but with all the crappy luck I’ve been having forget that; i can’t get there; i can’t secure; and I probably wont be able to RDP either. this sucks! I have tried every available blog with direction! I have resigned myself to going back to windows or pay some stranger what ever he wants an hour to just get this working.
Search craigslist for my support add. I can’t believe I have given up.
“The profile specified could not be read.” – Solution.
Don’t use an absolute path and drop the .pcf from the profile name. Simples!
i tried cisco vpn client on my T510+Ubuntu 10.10, but failed during the install step with error ‘cannot find file: links/autoconf.h’. did anyone have the same problem?
I have the same problem with 10.10. Any fix yet?
Ubuntu 10.10 amd_64
I get the following error output using the 64 bit client/patch:
Making module
make -C /lib/modules/2.6.32-30-generic/build SUBDIRS=/home/user/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.32-30-generic’
scripts/Makefile.build:49: *** CFLAGS was changed in “/home/user/vpnclient/Makefile”. Fix it to use EXTRA_CFLAGS. Stop.
make[1]: *** [_module_/home/user/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.32-30-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
Thanks in advance…
I am using Ubuntu 11.04. I could install VPN client but when I went to the next step that is $ sudo /etc/init.d/vpnclient_init start, it says the command not found.
Is there any one who had the same problem and got it solved please? If so how to solve it?
I got to know that my VPN Clent installation was not complete. I got the following portion of information:
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.38-8-generic/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.38-8-generic/build” will be used to build the module.
Is the above correct [y]y
Making module
make -C /lib/modules/2.6.38-8-generic/build SUBDIRS=/home/nagendra/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.38-8-generic’
CC [M] /home/nagendra/vpnclient/linuxcniapi.o
/home/nagendra/vpnclient/linuxcniapi.c:15:28: fatal error: linux/autoconf.h: No such file or directory
compilation terminated.
make[2]: *** [/home/nagendra/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/nagendra/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.38-8-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
May you tell me how to solve it please?
Thanks man nice guide.
Btw, as a performance tip after the installation, you might also want to enable the option to only use the VPN connection for resources on its network: http://www.unfoldingcode.com/2011/08/how-to-install-cisco-vpn-client-on.html
Thanks for the tip Marius! I’ll update this post with a link to your article so more people see it.
Thanks for the link Tyler!
And btw, extra thumbs up for the aspect of your blog!
I’ve still got a problem, though: when I’m connected to the VPN I loose my internet Realty..!’
I’ve still got a problem, though: when I’m connected to the VPN I loose my internet
I need to read the VPN.pcf from my university to find the encrypted password, which I can then decode with a programme online (I hope). What is the command in Ubuntu to read the .pcf line by line, please?
Rob, I think I found exactly what you’re looking for:
http://coreygilmore.com/projects/decrypt-cisco-vpn-password/
It has details on how to find the encrypted password in the pcf and the site even has a tool to decrypt it.
Hope it helps!
Many thanks, Tyler–that was very helpful.
I’ve now got a clear group password, but it doesn’t work!
I wonder why.
Rob
Getting any errors at all?
Thanks, Tyler.
The message says failure to authenticate (group password).
The IT people told me the decrypted password was correct, but they only support Cisco.
Could it be relevant that the passwords are being sourced from config and not the Kwallet (which I think I deleted some while ago!)? If so I could download KPvnc all over again.
Many thanks.
Thanks.
The kvpnc client that you install from software center is a very simple to use tool. Try it.
Have you tried asking your network admins for the group password? I had the same problem, and just ended up asking them. They told me without hesitation.
Have you tried asking your network admins for the group password? I had the same problem, and just ended up asking them. They told me without hesitation. Of course, we use unique RSA logins for each connection, so it may be different where you’re at.