One of my customers has a VPN which I'd like to access. They provided me with a copy of the Cisco VPN client for Linux, and a "pcf" configuration file for the client. Here's what i had to do to get the Cisco VPN client working in Linux - and it does work just fine.
First we make a directory to put the bits and bobs in
alan@hactar:~$ mkdir cisco alan@hactar:~$ cd cisco/
I then downloaded the Cisco VPN client from my customers intranet and saved it in the cisco directory I just created. I then unpacked it which makes a directory called vpnclient and unpacks the files into it.
alan@hactar:~/cisco$ tar zxvf vpnclient-linux-4.6.02.0030-k9.tar.gz vpnclient/ vpnclient/libvpnapi.so vpnclient/vpnapi.h vpnclient/cisco_cert_mgr vpnclient/vpnclient vpnclient/ipseclog vpnclient/cvpnd vpnclient/vpn_install vpnclient/vpnclient_init vpnclient/vpn_uninstall vpnclient/driver_build.sh vpnclient/sample.pcf vpnclient/vpnclient.ini vpnclient/license.txt vpnclient/license.rtf vpnclient/interceptor.c vpnclient/linuxcniapi.c vpnclient/linuxcniapi.h vpnclient/vpn_ioctl_linux.h vpnclient/IPSecDrvOS_linux.c vpnclient/linux_os.h vpnclient/frag.h vpnclient/frag.c vpnclient/GenDefs.h vpnclient/mtu.h vpnclient/IPSecDrvOSFunctions.h vpnclient/IPSecDrvOS_linux.h vpnclient/Cniapi.h vpnclient/unixcniapi.h vpnclient/config.h vpnclient/libdriver.so vpnclient/Makefile
Dive into the directory and check all the files are there
alan@hactar:~/cisco/vpnclient$ ls -l total 4580 -rwxr-xr-x 1 alan alan 1149812 2005-03-11 22:43 cisco_cert_mgr -rw-r--r-- 1 alan alan 15974 2005-03-11 22:43 Cniapi.h -rw-r--r-- 1 alan alan 4474 2005-03-11 22:43 config.h -rwxr-xr-x 1 alan alan 1943604 2005-03-11 22:43 cvpnd -rwxr-xr-x 1 alan alan 1430 2005-03-11 22:43 driver_build.sh -rw-r--r-- 1 alan alan 6301 2005-03-11 22:43 frag.c -rw-r--r-- 1 alan alan 227 2005-03-11 22:43 frag.h -rw-r--r-- 1 alan alan 4500 2005-03-11 22:43 GenDefs.h -rw-r--r-- 1 alan alan 21952 2005-03-11 22:43 interceptor.c -rw-r--r-- 1 alan alan 2524 2005-03-11 22:43 IPSecDrvOSFunctions.h -rw-r--r-- 1 alan alan 5138 2005-03-11 22:43 IPSecDrvOS_linux.c -rw-r--r-- 1 alan alan 1249 2005-03-11 22:43 IPSecDrvOS_linux.h -rwxr-xr-x 1 alan alan 205464 2005-03-11 22:43 ipseclog -rwxr-xr-x 1 alan alan 516924 2005-03-11 22:43 libdriver.so -rwxr-xr-x 1 alan alan 356756 2005-03-11 22:43 libvpnapi.so -rw-r--r-- 1 alan alan 4449 2005-03-11 22:43 license.rtf -rw-r--r-- 1 alan alan 4130 2005-03-11 22:43 license.txt -rw-r--r-- 1 alan alan 16856 2005-03-11 22:43 linuxcniapi.c -rw-r--r-- 1 alan alan 1291 2005-03-11 22:43 linuxcniapi.h -rw-r--r-- 1 alan alan 1852 2005-03-11 22:43 linux_os.h -rw-r--r-- 1 alan alan 908 2005-03-11 22:43 Makefile -rw-r--r-- 1 alan alan 1926 2005-03-11 22:43 mtu.h -rw-r--r-- 1 alan alan 349 2005-03-11 22:43 sample.pcf -rw-r--r-- 1 alan alan 946 2005-03-11 22:43 unixcniapi.h -rw-r--r-- 1 alan alan 24385 2005-03-11 22:43 vpnapi.h -rwxr-xr-x 1 alan alan 263264 2005-03-11 22:43 vpnclient -rw-r--r-- 1 alan alan 172 2005-03-11 22:43 vpnclient.ini -rwxr-xr-x 1 alan alan 2961 2005-03-11 22:43 vpnclient_init -rwxr-xr-x 1 alan alan 13826 2005-03-11 22:43 vpn_install -rw-r--r-- 1 alan alan 1008 2005-03-11 22:43 vpn_ioctl_linux.h -rwxr-xr-x 1 alan alan 5992 2005-03-11 22:43 vpn_uninstall
To make this you need the kernel headers for your current running kernel version. uname -r tells us the kernel version number:
alan@hactar:~$ uname -r 2.6.15-23-686
Using that information we can (in Ubuntu and other Debian based distributions) easily download the kernel headers with a command like this:
alan@hactar:~$ sudo apt-get install linux-headers-`uname -r` Reading package lists... Done Building dependency tree... Done linux-headers-2.6.15-23-686 is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 66 not upgraded.
Looks like I already have it. Lets double check:
alan@hactar:~/cisco/vpnclient$ ls /usr/src/linux-headers-2.6.15-23-686/ arch crypto include kernel mm scripts usr block drivers init lib Module.symvers security cluster fs ipc Makefile net sound
That all looks sane. Now we need to patch the client because it won't compile otherwise.
Get the patch from here:
Here is a direct link:
Save it in the vpnclient directory then apply it:
alan@hactar:~/cisco/vpnclient$ patch -p0 < vpnclient-linux-4.7.patch.txt patching file linuxcniapi.c Hunk #1 succeeded at 296 (offset 20 lines). Hunk #2 succeeded at 311 (offset 20 lines). Hunk #3 succeeded at 414 (offset 20 lines). Hunk #4 succeeded at 456 (offset 20 lines).
Do a quick make to see if it compiles sanely.
alan@hactar:~/cisco/vpnclient$ make make -C /lib/modules/2.6.15-23-686/build SUBDIRS=/home/alan/cisco/vpnclient modules make[1]: Entering directory `/usr/src/linux-headers-2.6.15-23-686' CC [M] /home/alan/cisco/vpnclient/linuxcniapi.o CC [M] /home/alan/cisco/vpnclient/frag.o CC [M] /home/alan/cisco/vpnclient/IPSecDrvOS_linux.o CC [M] /home/alan/cisco/vpnclient/interceptor.o /home/alan/cisco/vpnclient/interceptor.c: In function ‘handle_vpnup’: /home/alan/cisco/vpnclient/interceptor.c:312: warning: assignment from incompatible pointer type /home/alan/cisco/vpnclient/interceptor.c:336: warning: assignment from incompatible pointer type /home/alan/cisco/vpnclient/interceptor.c:337: warning: assignment from incompatible pointer type /home/alan/cisco/vpnclient/interceptor.c: In function ‘do_cleanup’: /home/alan/cisco/vpnclient/interceptor.c:380: warning: assignment from incompatible pointer type LD [M] /home/alan/cisco/vpnclient/cisco_ipsec.o Building modules, stage 2. MODPOST Warning: could not find /home/alan/cisco/vpnclient/.libdriver.so.cmd for /home/alan/cisco/vpnclient/li bdriver.so CC /home/alan/cisco/vpnclient/cisco_ipsec.mod.o LD [M] /home/alan/cisco/vpnclient/cisco_ipsec.ko make[1]: Leaving directory `/usr/src/linux-headers-2.6.15-23-686'
That looks good. Now lets do it for real with the vpn_install script supplied by Cisco.
alan@hactar:~/cisco/vpnclient$ sudo ./vpn_install
Cisco Systems VPN Client Version 4.6.02 (0030) Linux Installer
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.15-23-686/build]
* Binaries will be installed in "/usr/local/bin".
* Modules will be installed in "/lib/modules/2.6.15-23-686/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from "/lib/modules/2.6.15-23-686/build" will be used to build the module.
Is the above correct [y]
Making module
make -C /lib/modules/2.6.15-23-686/build SUBDIRS=/home/alan/cisco/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.15-23-686'
Building modules, stage 2.
MODPOST
Warning: could not find /home/alan/cisco/vpnclient/.libdriver.so.cmd for /home/alan/cisco/vpnclient/li bdriver.so
make[1]: Leaving directory `/usr/src/linux-headers-2.6.15-23-686'
Create module directory "/lib/modules/2.6.15-23-686/CiscoVPN".
Copying module to directory "/lib/modules/2.6.15-23-686/CiscoVPN".
Already have group 'bin'
Creating start/stop script "/etc/init.d/vpnclient_init".
/etc/init.d/vpnclient_init
Enabling start/stop script for run level 3,4 and 5.
Creating global config /etc/opt/cisco-vpnclient
Installing license.txt (VPN Client license) in "/opt/cisco-vpnclient/":
Installing bundled user profiles in "/etc/opt/cisco-vpnclient/Profiles/":
* New Profiles : sample
Copying binaries to directory "/opt/cisco-vpnclient/bin".
Adding symlinks to "/usr/local/bin".
/opt/cisco-vpnclient/bin/vpnclient
/opt/cisco-vpnclient/bin/cisco_cert_mgr
/opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory "/opt/cisco-vpnclient/bin".
/opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory "/opt/cisco-vpnclient/lib".
/opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory "/opt/cisco-vpnclient/include".
/opt/cisco-vpnclient/include/vpnapi.h
Setting permissions.
/opt/cisco-vpnclient/bin/cvpnd (setuid root)
/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient/Profiles (group bin readable)
/etc/opt/cisco-vpnclient/Certificates (group bin readable)
* You may wish to change these permissions to restrict access to root.
* You must run "/etc/init.d/vpnclient_init start" before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.Yay! That all looks pretty good. There is a sample profile supplied with the client which lives by default in /etc/opt/cisco-vpnclient/Profiles/, lets see:
alan@hactar:~/cisco/vpnclient$ ls /etc/opt/cisco-vpnclient/Profiles/ sample.pcf
Now I will copy the configuration file supplied by my customer to that location so the software can find it:
alan@hactar:~/cisco/vpnclient$ sudo cp *.pcf /etc/opt/cisco-vpnclient/Profiles/
Lets check they're there.
alan@hactar:~/cisco/vpnclient$ ls /etc/opt/cisco-vpnclient/Profiles/ XXX-XXX_XXX-VPN.pcf YYY-YYY_YYY-VPN.pcf ZZZ-ZZZ-ZZZ-1.pcf sample.pcf
(Note I've changed the names of the files to hide some info.)
The next bit will be started when I reboot, but as I don't want to reboot right now I'll start it myself:
alan@hactar:~/cisco/vpnclient$ sudo /etc/init.d/vpnclient_init start Starting /opt/cisco-vpnclient/bin/vpnclient: Done
I'll now start the client to see if it starts.
alan@hactar:~/cisco/vpnclient$ ./vpnclient Cisco Systems VPN Client Version 4.6.02 (0030) Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Linux Running on: Linux 2.6.15-23-686 #1 SMP PREEMPT Tue May 23 14:03:07 UTC 2006 i686 Config file directory: /etc/opt/cisco-vpnclient Usage: vpnclient connect[user ] [eraseuserpwd | pwd ] [nocertpwd] vpnclient disconnect vpnclient stat [reset] [traffic] [tunnel] [route] [repeat] vpnclient notify vpnclient verify [autoinitconfig] vpnclient autoinit
Now we actually start the client and connect. Note that I start the client with the word "connect" and the name of the pcf file (without the pcf extension) as a parameter.
alan@hactar:~/cisco/vpnclient$ sudo vpnclient XXX-XXX_XXX-VPN Cisco Systems VPN Client Version 4.6.02 (0030) Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Linux Running on: Linux 2.6.15-23-686 #1 SMP PREEMPT Tue May 23 14:03:07 UTC 2006 i686 Config file directory: /etc/opt/cisco-vpnclient Initializing the VPN connection. Contacting the gateway at XXX.X.XX.XXX User Authentication for XXX-XXX-XXXX-1... Enter Username and Password. Username [DOMAIN\username]: Password []: Authenticating user. Negotiating security policies.
I then get my customers standard welcome message and am connected.
Ciscco VPN 4.6
Where can I download the Cisco VPN client 4.6 from for Ubuntu?
I'd like to our company's *.pcf so I can remote in without using MS Windows XP OS....
Thanks
cisco vpn startup issue
I had the problem to startup the vpnclient - see error:
root@localhost:/work# vpnclient connect cisco
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.22-14-generic #1 SMP Tue Dec 18 08:02:57 UTC 2007 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
The solution was: DISABLE FIREWALL, or you can open specific ports if you know which one :-)
Good luck!
Ubuntu 7.10: I have done
Ubuntu 7.10: I have done the install just fine. But now that I try and start the client I get the following error:
Initializing the VPN connection.
Contacting the gateway at 12.181.164.14
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
I have no idea where to look for errors on this? Where is the log file to check?
Not able to connect
Hi, I "successfully" got everything to compile/install, but now I can't get connected. After entering my username and password, I get the below response, but then I can't connect to anything in terminal using ssh, etc nor can I connect to the company intranet via browser. The Cisco client works just fine for me with Windows and Mac OS X. By the way, I'm running Ubuntu 7.04. I've enabled/disabled both NAT passthrough and LAN Access with no results. Any ideas?
Your VPN connection is secure.
VPN tunnel information.
Client address: xxx.xxx.xxx.xxx
Server address: xxx.xxx.xxxx.xxx
Encryption: 168-bit 3-DES
Authentication: HMAC-SHA
IP Compression: None
NAT passthrough is inactive
Local LAN Access is enabled
VPN Client connects
If the client says:
Your VPN connection is secure.
VPN tunnel information.
Client address: xxx.xxx.xxx.xxx
Server address: xxx.xxx.xxxx.xxx
Encryption: 168-bit 3-DES
Authentication: HMAC-SHA
IP Compression: None
NAT passthrough is inactive
Local LAN Access is enabled
Then all you need to do is leave that terminal up and open another one.
type ifconfig and see if there is a cisco entry in there.
Or ping a box in the network you just VPN'ed into.
As a suggestion, I use a 'screen' session to open the VPN tunnel and then I detach so it runs in the background
:)
enjoy
Thanks for the great tutorial. You have removed many months of suffering
You need to enable VPN
You need to enable VPN split-tunnel on the Cisco VPN Server.
how do you do this?
how do you do this?
Solution running without patches (Ubuntu,Debian)
After the problem which I had with cisco vpnclient (and patch) when upgrading from Efty to Feisty I used this solution:
http://packages.debian.org/testing/net/vpnc
It Works ok.
Excellent write up
One fo the best...
Small problem however.
Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: The Connection Manager was unable to read the connection entry, or the connection entry has missing or incorrect information.
There are no new notification messages at this time.
root@skeeterflea:/usr/local/bin# sudo vpnclient connect Supercool-VPN-2009
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.15-28-686 #1 SMP PREEMPT Tue Mar 13 20:55:53 UTC 2007 i686Config file directory: /etc/opt/cisco-vpnclient
Any ideas?
Nice tips, I use wingate
Nice tips, I use wingate vpn, It seem can't build secure VPN Connection, any ideas? Thanks.
I believe I solved that on
I believe I solved that on Feisty 7.04 by going to the Profiles directory and do a
sudo chmod 644 xxxxxx.pcf (your pcf file of course)
try that
Cant get started cisco 4.8
Cant get past make someting missing and have no idea of where to go (libdriver.so.cmd) error missing, can some one direct me on what to do for the missing file. Cant find it in the repository.
Thank..here are the results of make.
make -C /lib/modules/2.6.15-28-386/build SUBDIRS=/home/lee/cisco/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.15-28-386'
LD [M] /home/lee/cisco/vpnclient/cisco_ipsec.o
Building modules, stage 2.
MODPOST
Warning: could not find /home/lee/cisco/vpnclient/.libdriver.so.cmd for /home/lee/cisco/vpnclient/libdriver.so
CC /home/lee/cisco/vpnclient/cisco_ipsec.mod.o
LD [M] /home/lee/cisco/vpnclient/cisco_ipsec.ko
make[1]: Leaving directory `/usr/src/linux-headers-2.6.15-28-386'
lee@mserver:~/cisco/vpnclient$
GREAT
Alan , thanks for the help .
i think this is a great documentation about setting up vpn client , i really appreciate the effort .
working perfect !
Thx alot Alain,you've done a
Thx alot Alain,you've done a hard work.I had tried many times but i failed but now it works perfectly
from Efty to Feisty I used
from Efty to Feisty I used this solution:
http://packages.debian.org/testing/net/vpnc
It Works ok.
Works like a charm!
Thanks so much for this thorough howto. I managed to finally install and configure the VPN client, a long time thorn on my side.
Ubuntu rox! :D
Works perfect on dapper
Works perfect on dapper 6.06
thanks for the effort !
Patch fails (Ubuntu 6.10, 2.6.17-11-generic)
Hi Alan,
thanks for writing an excellent tutorial. Unfortunately it seems not all cases were covered :).
I am running an (up-to-date) Ubuntu 6.10 and the error I get is during the patch application. Of course all things ran as su
patch -p0 < vpnclient-linux-4.7.patch.txt
patching file linuxcniapi.c
Hunk #2 FAILED at 291.
Hunk #3 succeeded at 403 (offset 9 lines).
Hunk #4 FAILED at 445.
2 out of 4 hunks FAILED -- saving rejects to file linuxcniapi.c.rej
The content of the .rej file is:
//START OF FILE
***************
*** 289,295 ****
goto exit_gracefully;
}
/* move the data into the packet */
- do_gettimeofday(&skb->stamp);
pIP = skb_put(skb, lpPacketDescriptor->uiPacketSize);
--- 291,300 ----
goto exit_gracefully;
}
/* move the data into the packet */
+ do_gettimeofday(&timecount);
+
+ skb->tstamp.off_sec = (u32) timecount.tv_sec;
+ skb->tstamp.off_usec = (u32) timecount.tv_usec;
pIP = skb_put(skb, lpPacketDescriptor->uiPacketSize);
***************
*** 438,444 ****
CniGetPacketData(Packet, 0, lpPacketDescriptor->uiPacketSize, pIP);
/* put the mac header on */
- do_gettimeofday(&skb->stamp);
skb->dev = pBinding->pDevice;
--- 445,454 ----
CniGetPacketData(Packet, 0, lpPacketDescriptor->uiPacketSize, pIP);
/* put the mac header on */
+ do_gettimeofday(&timecount);
+
+ skb->tstamp.off_sec = (u32) timecount.tv_sec;
+ skb->tstamp.off_usec = (u32) timecount.tv_usec;
skb->dev = pBinding->pDevice;
//END OF FILE
My 'uname -r' is
2.6.17-11-generic
I used:
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_chapter09186a0080234617.html
and my campus guidelines for windows to create a connection
I am still able to do all the next steps and try to log in to the campus network
but in the end get a:
Initiating TCP to X.X.X.X port YYYY IPSec over TCP
Contacting the gateway at X.X.X.X
Secure VPN Connection terminated locally by the Client
Reason: Remote peer is no longer responding.
There are no new notification messages at this time.
Do you think it's my profile that's incorrect or really something about this patching that makes a difference?
With kind regards,
Marek Barwinski
A simple solution
My profile had:
AuthType=5
with
AuthType=1
it works :)
Worked brilliantly
Thank you for these detailed steps AND answering the problems that people have had. I got it to work and can now work from home. Wooo Hooo. You are a gem for writing such easy to follow steps.
Error with vpnclient_init
Hi Alan,
I see the following error when starting up the vpn system:
$ sudo /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting '/lib/modules/2.6.15-27-386/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
Failed (insmod)
I am running Dapper and have the 4.6 version of the Cisco client. I also have gcc and appropriate linux-headers and linux-source installed. The display of your vpn_install process looks nearly identical to what I saw.
Any thoughts?
Hi, don't know if this is
Hi,
don't know if this is still relevant to you but perhaps could help someone else running into the same problem (just like me an hour ago ;-))... I got the same mistake compiling cisco vpnclient 4.8.00 (0490) on 6.06 LTS. The reason was: in another instruction on the web i read about using gcc 3.4 instead of gcc 4.0, because allegedly the default kernel of ubuntu 6.06 (in my case 2.6.15-28) had been compiled using that version gcc-3.4. So i installed both gcc's and changed the link /usr/bin/gcc to point to 3.4. This exactly was the mistake. After just using gcc-4 everything worked fine.
hth ;-)
vpnclient_init won't start after reboot
Does anyone know how to get vpnclient_init to start after a reboot. I've checked the /etc/rc?.d directories, and the links are there for it to start, but I always have to do it manually to get the vpnclient to work.
You rock! I finally made it
You rock! I finally made it work after reading ur blog!!! Thanks a million!
4.8 vpn on 6.10
I get it installed (no patch needed) but when I disconnect the client I loose all ability to connect to the internet until I restart my computer.
You can always restart your network instead of the whole PC
If you have no name resolution check the content of /etc/resolv.conf
Otherwise your problems might be in the routing table.
I am using version 4.8 and never had problems after disconnecting (press Ctrl-C in console).
Also you can always restart your networking subsystem (instead of restarting the whole computer). In most distros this is achieved with
/etc/init.d/network restart
or
sudo /etc/init.d/network restart (in Debian, Ubuntu, etc)
Ubuntu 6.10 Cisco 4.8
tried in ubuntu 6.10 and Cisco VPN client 4.8 and worked fine :)
thanks so much
everything works but I can't connect ... ?
Hello,
first of all ... it's a great wiki !! ;-)
but when i try to connect ... then I recieve this error:
jonay@thunderdragon:~$ sudo vpnclient connect Base_support
Cisco Systems VPN Client Version 4.6.02 (0030)
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.15-27-686 #1 SMP PREEMPT Sat Sep 16 02:13:27 UTC 2006 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Initiating TCP to 195.95.20.200, port 13013
Contacting the gateway at 195.95.20.200
User Authentication for Base_support...
Enter Username and Password.
Username [jhsoft]:
Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.
Initiating TCP to 217.72.231.23, port 13013
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a TCP connection.
There are no new notification messages at this time.
jonay@thunderdragon:~$
what can I do against this ?
thanks in advance !
jonay
Jonay, I was getting this
Jonay,
I was getting this message too:
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a TCP connection.
There are no new notification messages at this time.
I then realized I had two links (eth0 for hard link and eth1 for wireless). I disabled eth0 by issuing ifdown eth0 and retried the vpnclient. Everything worked fine.
Matt
two interfaces is the problem - "ifdown eth0" ist the solution
I had the problem under Kubuntu 7,04 and Cisco vpnclient-linux-4.8.00.0490rev1 and am enough to analyzed - that was the solution. I had the problem not with Kubuntu 6.10.
Thanks, I would not have solved it probably!
VPN Connection terminated locally by the Client
Matt,
That same error had been bugging me for months. Thanks for the tip -- it works great!
James
patch will not apply?
when I try to run the patch p0 < ......
I get the following errors?
missing header for unified diff at line 3 of patch
patch: **** Can't find file p0 : No such file or directory
Erm.....help anyone???
Thank you VERY much
Thank you very much for this highly descriptive info on install the Cisco's vpn client. I finally got it working and now I will never have to reboot my laptop in Windows to connect to my work's computer.
Keep up the good work!
Grétar
Ditto
Thanks in a big way for taking the time to write out this thorough wiki/article; it just saved me a few hours of headache :)
It's people like you who make the world keep going.
Thanks ... and perhaps a silly question
I followed this and successfully installed version 4.8 without the patches you describe above.
I can successfully negotiate a connection to the network. My rather silly question, is how do I open a terminal or viewer to the network? I have tried unsucessfully to use nautilius and set up a network server, I have tried to open a terminal server client, etc.
Any help would be greatly appreciated!
Thanks for this how-to. I doubt I would have been able to get this done without it.
Terminal Server Client
Once your VPN is up and running, are you trying to connect to a Windows machine by its name with Terminal Server Client? I found this little jem that resolvses the file names on my network. I havent tried it with the VPN yet (dont have that running yet, thats why I'm browsing this forum, but I can now connect to other machines on my internal network using the Terminal Server Client)
HOWTO: Resolve Netbios hostname system-wide [Archive] - Ubuntu Forums
( http://www.ubuntuforums.org/archive/index.php/t-88206.html )
javiwwweb states "
Let me start with a little background info. I manage a computer lab with 85 workstations. I ocassionally use either RDP or VNC to do some maintenance. I have no problem doing this from windows, but I wanted my lonely Ubuntu workstation to be able to do the same thing. After about a week of research I am finally able to ping my windows workstations via their Netbios names. Woohoo!!
All you have to do is:
edit /etc/nsswitch.conf
change the line that says
hosts: files dns
to this:
hosts: files dns wins
finally, you need to install winbind
sudo apt-get install winbind
that's all that it took for me.
now ping works great. And I can finally use the built-in terminal server client with hostnames instead of IP addresses.
I hope this brief guide can be of help! Thank you all for always providing such great support in these forums!" "
Ahoy
I'm in the same boat as Anderw...it seems to connect, but I can't do a thing with it. How do I make use of my new VPN connection? It doesn't return a command prompt after connection...does this mean anything I open will connect through the vpn?
You using Firestarter
You using Firestarter firewall? I've had to disable the firewall when I connect via VPN to be able to "see" anything inside the VPN.
The instructions on ubuntu forums to resolve the Firestarter/VPN connection issues just doesn't seem to work for me, unfortunately.
http://ubuntuforums.org/showthread.php?p=2042469
You need a terminal server client
All the stuff in this article just gets the network/connection established for the vpn. You now need a UI. For that you need a terminal server client. Find one (Ubuntu - on the menu) at Applications/Internet/Terminal Server Client.
Type in your destination IP in the Computer: field. Fill in the Domain: field too. Then click the Connect button. You should connect.
I have tried this too, but
I have tried this too, but with no luck. How do I use the connection now established through VPN? I am using 4.8. Pinging doesnt do anything.
Could somebody help out?
make errors
Any ideas on this make error:
p@p-desktop:~/vpnclient$ make
make -C /lib/modules/2.6.15-23-386/build SUBDIRS=/home/p/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.15-23-386'
CC [M] /home/p/vpnclient/interceptor.o
/home/p/vpnclient/interceptor.c: In function ‘add_netdev’:
/home/p/vpnclient/interceptor.c:59: sorry, unimplemented: inlining failed in call to ‘supported_device’: function body not available
/home/p/vpnclient/interceptor.c:245: sorry, unimplemented: called from here
/home/p/vpnclient/interceptor.c: In function ‘handle_vpnup’:
/home/p/vpnclient/interceptor.c:338: warning: assignment from incompatible pointer type
/home/p/vpnclient/interceptor.c:362: warning: assignment from incompatible pointer type
/home/p/vpnclient/interceptor.c:363: warning: assignment from incompatible pointer type
/home/p/vpnclient/interceptor.c: In function ‘do_cleanup’:
/home/p/vpnclient/interceptor.c:406: warning: assignment from incompatible pointer type
/home/p/vpnclient/interceptor.c: In function ‘recv_ip_packet_handler’:
/home/p/vpnclient/interceptor.c:607: warning: passing argument 1 of ‘skb_checksum_help’ from incompatible pointer type
/home/p/vpnclient/interceptor.c: In function ‘do_cni_send’:
/home/p/vpnclient/interceptor.c:732: warning: passing argument 1 of ‘skb_checksum_help’ from incompatible pointer type
make[2]: *** [/home/p/vpnclient/interceptor.o] Error 1
make[1]: *** [_module_/home/p/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.15-23-386'
make: *** [default] Error 2
p@p-desktop:~/vpnclient$
I checked my gcc & kernel versions and they match:
p@p-desktop:~$ gcc -v
Using built-in specs.
Target: i486-linux-gnu
Configured with: ...
gcc version 4.0.3 (Ubuntu 4.0.3-1ubuntu5)
p@p-desktop:~$ cat /proc/version
Linux version 2.6.15-23-386 (buildd@rothera) (gcc version 4.0.3 (Ubuntu 4.0.3-1u buntu5)) #1 PREEMPT Tue May 23 13:49:40 UTC 2006
an idea
You probably resolved the problem already, but I thought it might be helpful for others reading the post. I found the idea at http://ubuntuforums.org/showthread.php?t=80798
The lines
home/p/vpnclient/interceptor.c: In function ‘add_netdev’:
/home/p/vpnclient/interceptor.c:59: sorry, unimplemented: inlining failed in call to ‘supported_device’: function body not available
most probaly indicate that the function 'supported_device' is defined after ‘add_netdev’. You could try to apply the patch posted on the site mentioned above. Or, if the patch is not applicable to your version of interceptor.c, you could just manually cut & paste the function declaration of 'supported_device' before the one of 'add_netdev'.
Hope this helps
anyone can help me ?
anyone can help me ?
i have a problem with vpn cisco, after i installed it and connected to the internet
only browsing works but when i try to update or download smth.
my computer hangs and i have to restart again.
did i do smth wrong ?
thanks
Thanks
Was struggling to compile the client to connect to my company's network. Used your workaround and it worked like a charm..
Bhaskar
Alan, thanks for those
Alan, thanks for those instructions. Although our corporate site has the client itself for download there are no instructions for linux.
I have run into one problem though.. Upon launch of the client I am getting this error:
Could not attach to driver. Is kernel module loaded?
Any thoughts as to what to do?
THanks, Aaron
Try
Try this:
/etc/init.d/vpnclient_init start
Found the option. Its in
Found the option. Its in the .pcf file :
EnableLocalLAN=0
However, toggeling the 0 and 1 doesn't have any effect.
Local LAN access
Apparently this is a function of the server. I also found that toggling the value made no difference, but then my admin made some change on the server side and my local LAN access started working without me doing anything else. I think it was more a technical limitation (maybe to do with DNS or something) than an intentional restriction; can't remember details now.
Local LAN Access is disabled
Hi,
I see that "Local LAN Access is disabled". Is there any of using the local LAN while the client is running? It works on WXP, so I wondered if there was an option somewhere?
Rdgs, z
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.17-1.2157_FC5smp #1 SMP Tue Jul 11 23:24:16 EDT 2006 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Contacting the gateway at n.n.n.n
Negotiating security policies.
Securing communication channel.
Your VPN connection is secure.
VPN tunnel information.
Client address: n.n.n.n
Server address: n.n.n.n
Encryption: xxxxxx
Authentication: xxxxxx
IP Compression: None
NAT passthrough is active on port UDP 4500
Local LAN Access is disabled
great job! As you said, i
great job!
As you said, i just let my cisco vpn client version "vpnclient-linux-4.8.00.0490-k9.tar.gz" work well in Ubuntu6. But for Version 4.8, there is no need to use patch txt file.
Only a littel question, how can i use "vpnclient connect profilename" without sudo? When without sudo, i get the messege:
privsep: unable to drop privileges: group set failed.
The application was unable to communicate with the VPN sub-system.
How can i let a normal user use the vpn too.
Post new comment