Arun's Blog

Thanks for this! I did exactly what you said for vpnc, including decoding the group password and it connected and I can ping a server on my company network.
Now I can use my Kubuntu laptop for work and home. Very cool!

I wrote a script that tests if the vpncd is running. If it is not, then the script starts it. If it is then the script starts it.

1. i think you need to be root
sudo su
password
2. use vim to create a new file. I put it in usr/local/bin so it would be in my path:
vim /usr/local/bin/vpn
3. Add the following lines then save and close the file:

if ps -e | grep vpn
then echo «Stopping VPN»
vpnc-disconnect
else echo «Starting VPN»
vpnc
fi
4. Make it executable for superuser:
chmod 700 /usr/local/bin/vpn
5. Now as superuser, whenever you run vpn if vpnc is not running it will connect your vpn. If vpnc is running it will disconnect it.

Works very nice.

I even added a button on my tool bar for it

Wow, thanks! I was up and connected in no-time.

Has anyone had problems with disconnects? I start vpnc (using Steve's script) and I get a vpn connection. However, after 5-10min I loose my vpn connection (regardless if I'm working or leaving it idle) and I now cannot connect to anything. If I run vpnc-disconnect, vpnc is shut down and I get my network connection back. I can then start vpnc again. This is VERY annoying.

Hi Arun,

Very good work. I am trying to move from windows to linux on my home machine but need to connect to office
via Cisco VPN. I am trying to install Cisco VPN client and am running into following problem:

dpsharma@dpsharma-laptop:~/Desktop/vpnclient$ make
make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/dpsharma/Desktop/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-generic'
CC [M] /home/dpsharma/Desktop/vpnclient/linuxcniapi.o
/home/dpsharma/Desktop/vpnclient/linuxcniapi.c:12:26: error: linux/config.h: No such file or directory
make[2]: *** [/home/dpsharma/Desktop/vpnclient/linuxcniapi.o] Error 1

Appreciate any guidance to fix this?

Thanks
make[1]: *** [_module_/home/dpsharma/Desktop/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-generic'
make: *** [default] Error 2

OK. Problem fixed. I was using version 4.8 but still had to apply the patch and then client was installed successfully.

My laptop has a wireless and wired interface as is usual and I can not VPN unless I disable wired interface when I am home, using wireless. Further I always need to start the VPN client manually while this is supposed to start up itself as per installation script. Arun, could you advise as to what can be done to resolve these issues?

Thanks

Hi Arun,

This is what I have done by learning a little bit more of linux today. I have created a script with following lines:

#!/bin/bash
sudo ifconfig eth0 down
sudo /etc/init.d/vpnclient_init start
sudo vpnclient connect OfficeVPN

I did this in gedit and then saved this file as OfficeVPN.sh

Opened up terminal while in my home directory and changed file permissions, sudo chmod 755 OfficeVPN.

Now I created a launcher on the desktop (right click, create launcher, selected application in terminal, specified the command to be sudo sh /home/dpsharma/OfficeVPN.sh. Selected suitable icon. Saved it and it creates an icon on the desktop. Dragged icon to the Gnome panel at the top (and then deleted icon from desktop to remove clutter). So now, when I start my computer, after making sure that I can surf via wireless, I press this VPN button at top panel and it does the trick. Just wanted to share just in case someone else wants an easy one click button to launch Cisco VPN.

Thanks and keep us good work.

Thanks for the decode link !

Hi everybody,

I tried to use vpnc and firestarter as well, but encountered the following problem. After setting up /etc/firestarter/user-pre as described above I get the following error message (when the firestarter GUI is launched):

iptables v1.3.6: multiple -s flags not allowed
Try `iptables -h' or 'iptables --help' for more information.

Does anybody have an idea. Thank you very much in advance for your assistance.

Kind regards

Alexander

To start Cisco VPN module when booting Ubuntu do the following:

ln -s /etc/inid.d/vpnclient_init /etc/rc2.d/S85vpnclient_init

The Cisco install script creates startup script in rc5.d and rc3.d, but Ubuntu's run level is in another level rc2.d

BTW, chmod the cvpnd so you don't need to run vpnclient as root:

chmod 4111 /opt/cisco-vpnclient/bin/cvpnd

Thanks for the info!

I was getting compile errors when trying to install the cisco vpn client on Suse 10.3 with kernel 2.6.22.5-31. I followed your instructions on installing vpnc and got it working on the first try! I do get this strange error upon startup but it seems to work regardless:

Enter password for brian@123.456.123.456:
Error: either «to» is duplicate, or «hoplimit» is a garbage.
VPNC started in background (pid: 23185)...

You sure saved me a lot of time!

Excellent!! I was trying to use the cisco vpn client but it kept crashing my box, completely freezed! After following your steps I can now connect my office!!
Thanks!!

Cisco Please fix your half-working buggy Client to work with the PIX and Vista, I was told to use ANYCONNECT, when I only have a Pix 506e. How dare they say that to me, and give me a suttle hint to buy an ASA, that is VERY RUDE. I do want SBL, because I need to log onto the domain before I log into my PC, which required SBL. There is a bug number bug ID CSCse47544, which I told to contact the manager LAKHDEEP who just blew me off. The TAC engineer first told me it should be fixed, then later they say it wouldn't be fixed. As you can see, calling TAC did not do me any good.

I can not believe a company with this many PIX firewalls would be blowing us all off like this. To make matters worse they blamed Microsoft for the issue, see this post which I found on Cisco's website...

Start Before Logon and Microsoft Certificate with Private Key Protect Fails
Trying to connect the VPN client using Start Before Logon (SBL) and
Microsoft Machine-based certificates fails. This is a Microsoft issue, not a
VPN Client problem

Cisco, instead of taking all the energy to point the fingers at other Software vendors, why not get your programmers off their chairs and write a few lines of code? You can't just drop everyone who bought a pix just because you came out with a new product line at the same time. If you made friends with Microsoft, instead of making an enemy perhaps they would help you out with your code writing.

Thank all of you who posted about this, I hope Cisco managment sees that we are not going to let them off the hook with this buggy production software they made. Shame on them!

They keep saying they are going to forward my concerns to the design team, yet I hear nothing back. Only lip service from them. In fact, they tried to close my case without giving me any kind of help whatsoever. I am SO happy I bought the most expensive smartnet contract.. NOT...

Myself and my vendor (CDW) have sent many email to this manager about the subject of the bugfix. MR. LAKHDEEP, with no email back from him. HELLO LAKHDEEP AT CISCO PLEASE RESPOND TO MY EMAILS ABOUT THE BUGS IN YOUR SOFTWARE!!!

Wasn't there something in the support contract for Cisco that if something isnt fixed in 7 days it goes to the CEO? Yea, I am sure that is the case.. Read the small print. I was giving a fix, and that fix was to go buy another firewall, and ASA.

I was planning on buying more ASAs for my other sites, but I am not starting to seriously consider other vendors. I am sick of Cisco and their service which has gone WAY downhill since 1999.

If vpnc is not working with your vpn server, try this (there are double dashes (--) before :
vpnc --natt-mode cisco-udp your_config.conf

can someone help me with the package files.. i only have the windows installer with me not the linux one.. you can mail it to me at kushang.moorthy at gmail dot com or provide me with a link to download it.

Arun, thanks for the help. Firestarter was keeping vpnc from working, and your sections on user-pre did the trick.

Hi Tamas,

thanks for the help with

vpnc --natt-mode cisco-udp your_config.conf

That worked for me.

Works like a charm. Thanks so much. I was struggling hard to find a solution for this problem in ubuntu

Wow!!
It worked!!

Thanks a lot.

thanks for the tips!
I've still got one problem though: I loose my internet connection when connected to my vpn server. I tried both cisco client and vpnc, but same pb...

Any suggestion?

thx again

jul

When I tried to run the process, I get this message. Any help on this would be appreciated.

make[1]: Entering directory `/usr/src/linux-headers-2.6.24-19-generic'
CC [M] /home/john/Desktop/vpnclient/linuxcniapi.o
In file included from /home/john/Desktop/vpnclient/Cniapi.h:15,
from /home/john/Desktop/vpnclient/linuxcniapi.c:31:
/home/john/Desktop/vpnclient/GenDefs.h:113: error: conflicting types for 'uintptr_t'
include/linux/types.h:40: error: previous declaration of 'uintptr_t' was here
make[2]: *** [/home/john/Desktop/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/john/Desktop/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-19-generic'
make: *** [default] Error 2
Failed to make module «cisco_ipsec.ko».

I get this error message when using vpnc -
vpnc: no response from target

I don't have firestarter installed and all my configuration is correct. I'm using ubuntu 8.04 and kernel is 2.6.24-19-generic. Please help.

Sorry, actually my gateway IP was wrong. After correcting it everything worked fine. The person who verified my IP was wrong.

Anyhow, thanks for your reply.

Try this:

http://ubuntuforums.org/showthread.php?p=5725544&posted=1#post5725544

Arun wrote in his article you have to edit the user-pre file the following way:

iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p esp
iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p udp -m multiport -sports isakmp,10000
iptables -A INPUT -j ACCEPT -i tun+
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p esp
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p udp -m multiport -dports isakmp,10000
iptables -A OUTPUT -j ACCEPT -o tun+

The parameters '-sports' and '-dports' are not supported by the iptables version Ubuntu version 8.04.1 LTS is using.

Instead of '-sports' and '-dports' you have to use '--sport' aka '--source-port' and '--dport' aka '--destination-port'

=> http://manpages.ubuntu.com/manpages/hardy/man8/iptables.html

I have the Cisco client for my Ubutnu provided by Oracle. I am following the steps provided by Orcl to connect to their network. Using KVPNC I am being prompted to enter a certificate password. I am not sure what I need to provide here nor how to bypass this. Please help, I have spent hours going through many suggestions to connect to vpn but none working.