How To: Cisco VPN Client On Ubuntu
So, I installed Ubuntu 7.04 Feisty Fawn beta about 2 months ago. I installed it on my notebook and one of my workstations, both of which had Windows installed previously. I’m not dual booting on those machine, they’re 100% Ubuntu now.
After getting everything setup and running nicely, I realized I had no way of connecting to the Cisco PIX VPN we have at work. This is really important for me to be able to do, my job depends on it. I immediately went to Google and started searching. Turns out a nice fellow named Alexander Griesser has created a patch for the Cisco VPN client. The most recent CIsco VPN client for linux won’t compile with kernels 2.6.19 or newer. There’s really not much of a difference between his instructions and this how-to. However, I’m including more detailed instructions for those who may not be familiar with compiling software on Linux.
Here’s the steps I took to get the Cisco VPN Client to work under Unbutu 7.04 (Feisty Fawn). In all reality, this should work with any version of Ubuntu, not just 7.04. I used this same method to get the Cisco VPN Client working on Ubuntu 8.04. Note: A $ at the beginning of a line signifies a command to be run from the terminal.
- Download vpnclient-linux-4.8.00.0490-k9.tar.gz (mirror) to your home directory.
- Open a terminal window and untar the vpnclient with the following command:
$ tar xzf vpnclient-linux-4.8.00.0490-k9.tar.gz
This will create a new folder called vpnclient in your home directory. Leave the terminal window open, you’ll need it later. - Download the patch (mirror) and save it to the vpnclient folder that was created in step 2.
- Go back to your terminal window and move into the vpnclient folder:
$ cd vpnclient/ - Now patch the Cisco VPN source with this command:
$ patch < vpnclient-linux-2.6.22.diff - Next we actually build the Cisco VPN client, issue this command:
$ sudo ./vpn_install
Just hit enter for everything it asks you, the defaults are all OK. You may see lots of warnings, but those are OK. - The VPN client is installed, now we need to start it:
$ sudo /etc/init.d/vpnclient_init start - Place your .pcf configuration files in /etc/opt/cisco-vpnclient/Profiles/
- If your .pcf file is called myVPN.pcf, you’ll connect to the VPN with the following command:
$ sudo vpnclient connect myVPN
That’s it! You should now be able to connect to your Cisco VPN with the official Cisco VPN client on Linux. This will probably work on pretty much any linux setup, not just Ubuntu.
UPDATE (8/18/2007): Alexander Griesser released a new patch that works with kernel versions 2.6.22 and greater. The new patch is backwards compatible, so it also works with older kernels as well, such as 2.6.10 and 2.6.21. All the download links above point to the newest release of the patch. I’ll continue to update this how-to as he releases new patches.
UPDATE (10/04/2007): Cisco has finally released a new version of their vpn client for Linux. This new version compiles on all the new 2.6.xx kernels without the need for patching! You can download it from Alexander’s site or you can get it right here.
UPDATE (12/29/2007): Alexander Griesser has a new project page for his Cisco VPN client patches. It contains basic usage information and will most likely always have the latest and greatest patch available for download. In addition to that, Alexander has a new patch to make version 4.8.01.0640-k9 of the Cisco VPN Client compile on 64bit systems. Again, you can download the latest Cisco VPN Client for linux from the following link:
http://www.longren.org/downloads/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
UPDATE (8/11/2011): Marius B commented and mentioned he has a post up on this same subject. It’s worth checking his post out. He basically suggests enabling the option to only use the VPN connection for resources on the network you’re connected to. See his post for more.
You might like these posts too::
I’ve been trying to get a GUI app to work with this client, tried a few of them, does anyone use one, if please explain how to configure it. I’d like to use network manager if possible (running Hardy). Thanks in advance.
I’ve successfully installed Cisco VPN on my 64-bit machine running Ubuntu. I have the latest version of VPN (4.8.02). The patch was obtained from http://birdman.dynalias.org/CiscoVPN.
When I try to run it (e.g. sudo vpnclient connect myVPN, or just sudo vpnclient) I get a /usr/local/bin/vpnclient: No such file or directory. However, /usr/local/bin/vpnclient contains a link to /opt/cisco-vpnclient/bin/vpnclient. And this also exists. It seems as if something simple is not correct. ANy suggestions?
of course, I’m using intrepid. upgrade already, noobs :)
# apt-get install network-manager-vpnc
Network Manager -> VPN Connections -> Configure VPN
Point and click your way to productivity.
To disconnect, just hit +c in the terminal window where you ran the “sudo vpnclient” command.
I have just written a VPN installation script. It worked fine for me.
http://ubuntuforums.org/showthread.php?p=5725544&posted=1#post5725544
Chat
[...] http://www.longren.org/2007/05/17/how-to-cisco-vpn-client-on-ubuntu-704-feisty-fawn/ [...]
I followed all the instructions for the patch here and the installations seems to have been done without problems. But I get the following message when trying to connect:
faraz@hussain-machine:/etc/opt/cisco-vpnclient/Profiles$ sudo vpnclient connect ucf
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.24-19-generic #1 SMP Fri Jul 11 23:41:49 UTC 2008 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
Any ideas?
Thanks.
Cisco recently released the new VPN Client that does not require patch and works under latest kernel. I have Ubuntu Hardy 8.04 and after installing the new client it works well.
1. Download the new client from Cisco’s website. You need an account to download that file.
http://www.cisco.com/pcgi-bin/tablebuild.pl?topic=270636499
There is an option to register on the page.
2. Untar the new file:
tar xvfz vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
3. Open the new folder:
cd vpnclient/
4. Run the installer:
sudo ./vpn_install
5. Choose all of the default options.
6. Installation creates a service that will start upon reboot. The first time it needs to be started manually :
/etc/init.d/vpnclient_init start
7. Copy the .pcf profile file to:
/etc/opt/cisco-vpnclient/profiles
8. Connect to VPN from terminal window:
vpnclient connect “your profile name”
Following the instructions above worked for me perfectly and only took a couple of minutes. Good luck !
thanks for info… GOOOD.
[...] URLs: http://www.longren.org/2007/05/17/how-to-cisco-vpn-client-on-ubuntu-704-feisty-fawn/ [...]
Nope.
I have 2.6.24.19
downloaded and untared vpnclient-linux-4.8.00.0490-k9.tar.gz
ran patch <../vpnclient-linux-2.6.24.diff
and I get:
patching file GenDefs.h
patching file interceptor.c
Hunk #1 succeeded at 24 (offset -4 lines).
Hunk #2 succeeded at 75 (offset -4 lines).
Hunk #3 FAILED at 134.
Hunk #4 succeeded at 150 (offset -23 lines).
Hunk #5 succeeded at 321 (offset -23 lines).
Hunk #6 FAILED at 388.
Hunk #7 succeeded at 887 (offset -86 lines).
Hunk #8 succeeded at 929 (offset -86 lines).
2 out of 8 hunks FAILED — saving rejects to file interceptor.c.rej
tried running vpn_install anyway, and I get:
make -C /usr/src/linux-headers-2.6.24-19-generic/ SUBDIRS=/home/thomas/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-19-generic’
CC [M] /home/thomas/vpnclient/linuxcniapi.o
/home/thomas/vpnclient/linuxcniapi.c:12:26: error: linux/config.h: No such file or directory
/home/thomas/vpnclient/linuxcniapi.c: In function ‘CniInjectReceive’:
/home/thomas/vpnclient/linuxcniapi.c:297: error: implicit declaration of function ‘skb_set_timestamp’
/home/thomas/vpnclient/linuxcniapi.c:331: error: ‘struct sk_buff’ has no member named ‘nh’
/home/thomas/vpnclient/linuxcniapi.c:332: error: ‘struct sk_buff’ has no member named ‘mac’
/home/thomas/vpnclient/linuxcniapi.c: In function ‘CniInjectSend’:
/home/thomas/vpnclient/linuxcniapi.c:454: error: ‘struct sk_buff’ has no member named ‘mac’
/home/thomas/vpnclient/linuxcniapi.c:455: error: ‘struct sk_buff’ has no member named ‘nh’
/home/thomas/vpnclient/linuxcniapi.c:458: error: ‘struct sk_buff’ has no member named ‘h’
/home/thomas/vpnclient/linuxcniapi.c:458: error: ‘struct sk_buff’ has no member named ‘nh’
make[2]: *** [/home/thomas/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/thomas/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-19-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
The 4.8.01 release is for 64 usage only, isn’t it?
If you have build problems like Tom above – he gets stuff like this
Making module
make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/tmloos/programs/cisco vpn client/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-generic’
make[1]: *** No rule to make target `vpn’. Stop.
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
tmloos@frogger:~/programs/cisco vpn client/vpnclient$
tmloos@frogger:~/programs/cisco vpn client/vpnclient$ *** No rule to make target `vpn’. Stop.
Then you need a patch.
Go to this link
http://www.lamnk.com/blog/vpn/with-kernel-2624-you-will-need-a-patch-to-install-cisco-vpn-client/
for those of you having build problems like
/usr/src/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
See this link. You need a patch.
http://www.lamnk.com/blog/vpn/with-kernel-2624-you-will-need-a-patch-to-install-cisco-vpn-client/
Vedanta.
If you’re using ubuntu 8.04 64bit version.
you need to patch vpnclient-linux-2.6.24-final.diff in addition to this, cisco_skbuff_offset.patch.
this is an implied procedure for 64 bit system, though not clearly mentioned in the official blog. Anyway, this solves my problem.
regards
Hi,
I get following error when I try to install vpn
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic’
CC [M] /home/rahuld/vpnclient/linuxcniapi.o
In file included from /home/rahuld/vpnclient/Cniapi.h:15,
from /home/rahuld/vpnclient/linuxcniapi.c:30:
/home/rahuld/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
make[2]: *** [/home/rahuld/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/rahuld/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic’
CC [M] /home/rahuld/vpnclient/linuxcniapi.o
In file included from /home/rahuld/vpnclient/Cniapi.h:15,
from /home/rahuld/vpnclient/linuxcniapi.c:30:
/home/rahuld/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
make[2]: *** [/home/rahuld/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/rahuld/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
UbuntuHappy -
thanks for asking. as a matter of fact, i was working on this problem when i saw your comment.
i am able to compile after following the instructions on this page: http://forum.tuxx-home.at/viewtopic.php?f=15&t=543. i’m up to lib modules 2.6.24-19-generic.
now i can not establish a connection and receive this error on start up:
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.24-19-generic #1 SMP Wed Jun 4 15:10:52 UTC 2008 x86_64
Config file directory: /etc/opt/cisco-vpnclient
WARNING:
Using the “pwd” option may allow other users
on this computer to see your password.
Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
lsmod does show the ‘cisco_ipsec’ module has loaded.
i’m pretty much at a dead end. i’m not sure if there are any logs to review and the web has been clueless.
any help from anyone would be useful.
regards to all!
Yusuf,
Did you ever get Hardy working? I am running 64-bit Hardy and can not get the client loaded. Same error as you show above..
Nice shoot guys .. it fix the problem.
i’ll try the vpnc for now.
cheers
Oh thnak man..
Thanks good. I like it.
Thanks much!
I Updated my Ubuntu 6.10 to 7.04 and the VPN is Not connecting ,
How can i solve this
Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting ‘/lib/modules/2.6.20-15-generic/CiscoVPN/cisco_ipsec.ko’: -1 Invalid module format
Failed (insmod)
john@john-desktop:/etc/opt/cisco-vpnclient/Profiles$
Regards
Varghese John
Chennai
tenkssss
HI, i followed directions for 8.04 and installed successfully, now im having an issue with computer crashing after about 10-15 min of use of vpn connect + rdesktop.
anyone else experiencing this issue?
I have tried all the above steps, But similar to others i am getting the error
Initializing the VPN connection.
Contacting the gateway at x.x.x.x
Contacting the gateway at x.x.x.x
Contacting the gateway at x.x.x.x
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
Its trying for 3 servers. I have even enable the outgoing port for iptables. Still doesn’t work
Then i tried the vpnc client it did import the .pcf file successfully but when i connect it asks me first the user name/password which i enter and then it asks me for the password to open the certificate. My vpn profiles come with another folder “Certificates” with a couple of files.
I was not given any certificate password by the IT dept. Using the same password for the user name/password doesn’t help either.
Any help would be nice :)
i had this client working flawlessly on ubuntu 7.10. i think i made a bad mistake upgrading to ubuntu 8.04 because i can not recompile the source under the new libs.
please take a look at this snippet & let me know what you think:
Directory containing linux kernel source code [/lib/modules/2.6.24-16-generic/build]
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.24-16-generic/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.24-16-generic/build” will be used to build the module.
Is the above correct [y]
Shutting down /opt/cisco-vpnclient/bin/vpnclient: module cisco_ipsec is not running.
Stopped: /etc/init.d/vpnclient_init (VPN init script)
Making module
make -C /lib/modules/2.6.24-16-generic/build SUBDIRS=/home/yusufg/vpn/distro/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic’
scripts/Makefile.build:46: *** CFLAGS was changed in “/home/yusufg/vpn/distro/vpnclient/Makefile”. Fix it to use EXTRA_CFLAGS. Stop.
make[1]: *** [_module_/home/yusufg/vpn/distro/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
tia,
-y
thankyou
Sorry, it was a problem with the certificate. The tutorial rocks!!!
Thanks for the nice article and very helpful posts. I was able to get the cisco vpn client installed. (after applying the patch). However I am not able to connect. I get the following messages that several others reported:
Initializing the VPN connection.
Contacting the gateway at ******
Contacting the gateway at ******
Contacting the gateway at ******
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
After looking at the other posts, I tried to disable the ethernet interface.
>> sudo ifdown eth0
I get the following output:
ifdown: interface eth0 not configured
I am not able to get past this. Please help.
PS: I am linux newbe. I am establish a wireless connection. I have bluetooth adapter installed too. Could that be the cause of this problem? If yes, how can I disable it?
“Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
I am only connected via wifi, so I ran “sudo ifdown eth0″ and now I can connect.” – have a same thing :(
oh its just waht I need guys!
thanks for the tips.
I’ve still got a problem, though: when I’m connected to the VPN I loose my internet connection. “EnableLocalLAN=1″ in my *.pcf file does not work
Same problem using vpnc :(
thanks for the good post!
well good post dude! I liked it quite much. it helped me save hard work and time. therefore thanks quite a lot.
nice thank you
wery nice thanks
THANK YOU !! I have been trying to do this for quite some time, and today you just helped me make a gigantic leap away from M$ for good! Now if I can only convince the wife ;)
Worked like a charm …first time …Ubuntu 7.10!
The last I tried I got bogged down and gave up… Thanks!
If your VPN Client is behind a NATing firewall then try adding the following two options to your /etc/vpnc/default.conf (or other) config file:
NAT Traversal Mode cisco-udp
Cisco UDP Encapsulation Port 0
It worked for me when previously I got a VPN connection which passed no traffic. Now I’m using UDP NAT-T it works a treat!
Sometimes you need to go a step further in setting up vpnc on a linux box – and decrypt a group secret from within a cisco pcf file. There is an example under http://www.spiration.co.uk/post/1293/ which shows how to compile and use the cisco-decrypt.c utility. I have used this approach in the past when taking corporate vpn profiles, where you don’t necessarily know the plaintext group secret.
Thanks for letting us know how you got it working Greg!
All,
for those of you who might be interested : I solved my problem by modifying my .pcf file :
I simply changed
EnableNat=0
by
EnableNat=1
and it solved the problem.
HIH,
Greg
Thanks Tyler,
but this is not the case. I have no firewall running on my laptop. And my colleagues (under MS Windows) are using the same ADSL line and succeed in connecting to our VPN (therefore it is not a proxy issue).
I am stucked :-(
Thanks,
Greg
Hi Greg, make sure you have the firewall on your local machine turned off when connecting to the VPN. Having mine on causes problems like this sometimes.
Thanks a lot for all the support given by this blog. It is very helpful.
I have the following problem with my Cisco vpnclient : I can succeed in connecting to my VPN :
root@laptop:~# vpnclient connect myVPN
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-16-generic #2 SMP Tue Feb 12 05:41:34 UTC 2008 i686
Config file directory: /etc/opt/cisco-vpnclient
Enter Certificate password:
Initializing the VPN connection.
Contacting the gateway at XXX.XXX.XXX.XXX
User Authentication for myVPN…
Enter Username and Password.
Username [greg]:
Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.
Welcome Software Client Users!
Do you wish to continue? (y/n): y
Your VPN connection is secure.
VPN tunnel information.
Client address: XXX.XXX.XXX.XXX
Server address: YYY.YYY.YYY.YYY
Encryption: 168-bit 3-DES
Authentication: HMAC-SHA
IP Compression: None
NAT passthrough is inactive
Local LAN Access is disabled
But once connected, I have NO traffic at all across my tunnel : I cannot browse any website, I cannot ping any of the systems I should have access to, nor connect to my mail server.
I have played around with the MTU but I had no success.
Does anyone have had the same problem ? Is there a fix ?
Thanks,
Greg
The moment I disconnected everything was OK again. Any ideas?
I have 2 feisty systems. On one I was able to succesfully connect to my work server. On the other I was able to install the vpn client without a problem but when I connected using the same profile I lost dns connection on my system.
The moment I disconnected everything was OK again. Any ideas?
JB
Thanks a lot.