I was trying to install Cisco VPN in my Ubuntu 8.04 desktop yesterday. I was following my own guide and I got an error when I tried to install the VPN. Here is the command I issued and the error I got. (Everything that follows now were done in a terminal, which you can access from Application – Accessories – Terminal).
Quaddesktop:~/vpnclient$ sudo ./vpn_install
Cisco Systems VPN Client Version 4.8.01 (0640) Linux Installer
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with its terms.Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.Directory containing linux kernel source code [/lib/modules/2.6.24-16-generic/build]
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.24-16-generic/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.24-16-generic/build” will be used to build the module.Is the above correct [y]
Making module
make -C /lib/modules/2.6.24-16-generic/build
SUBDIRS=/home/prabha/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic’
CC [M] /home/prabha/vpnclient/linuxcniapi.o
In file included from /home/prabha/vpnclient/Cniapi.h:15,
from /home/prabha/vpnclient/linuxcniapi.c:31:
/home/prabha/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
make[2]: *** [/home/prabha/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/prabha/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
Update July 21st 2008: Read Oleg comments (#42) below. Try that before proceeding to the steps below.
Note: For some users it worked only when they followed the steps listed by skramstad in the comments below (Comment #23) before they followed the steps below.
I googled and found out from Lamnk that I need to install a patch if I’m using Kernel version 2.6.24-xx. As you can see above, my Ubuntu installation was using 2.6.24-16-generic kernel. I then downloaded the patch by issuing
wget
http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff
I downloaded the patch into my vpnclient directory. I then tried to install the patch.
Quaddesktop:~/vpnclient$ patch < ./vpnclient-linux-2.6.24-final.diff
The program ‘patch’ is currently not installed. You can install it by typing:
sudo apt-get install patch
bash: patch: command not found
Obviously, I was missing the patch program. I then installed the patch program.
Quaddesktop:~/vpnclient$ sudo apt-get install patch
Reading package lists… Done
Building dependency tree
Reading state information… Done
Suggested packages:
diff-doc
The following NEW packages will be installed: patch
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 95.6kB of archives.
After this operation, 193kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com hardy/main patch 2.5.9-4 [95.6kB]
Fetched 95.6kB in 12s (7422B/s)
Selecting previously deselected package patch.
(Reading database … 111891 files and directories currently installed.)
Unpacking patch (from …/patch_2.5.9-4_i386.deb) …
Setting up patch (2.5.9-4) …
Once the patch program was installed, I installed the VPN patch.
Quaddesktop:~/vpnclient$ patch < ./vpnclient-linux-2.6.24-final.diff
patching file GenDefs.h
patching file interceptor.c
The patch was done and I installed the VPN without any issue after that.
Quaddesktop:~/vpnclient$ sudo ./vpn_install
It worked flawlessly after that. For steps to follow after the installation, check my post about VPN installation.
Update: Whenever there is an update to the kernel, I had to reinstall VPN. I didn’t have to do the patching part, but I still have to go to vpnclient directory under my home directory and issue the command sudo ./vpn_install. I’m not sure if others have this problem.
It seems that worked for me accept when I run
“sudo /etc/init.d/vpnclient_init start”
this is what happens…
sideburns@Sideburns2:~/vpnclient$ sudo /etc/init.d/vpnclient_init start
sudo: /etc/init.d/vpnclient_init: command not found
I’m pretty new to Ubuntu and I have a lower level of understanding, but I am running Hardy Heron and trying to install VPN client 4.8.02 for my university. My schools download pages provides a profile but I can’t get to the point where im suppose to put it in :/
any help would be very much appriciated,
sideburns
If the installation went fine, then sudo /etc/init.d/vpnclient_init start should work. Did you get any error message when you typed ./vpn_install?
Thanks for the information, saved me some frustration! he he
Thanks for the information Cesar.
I wrote a script for Cisco Client installation in Ubuntu 8.
http://ubuntuforums.org/showthread.php?p=5725544&posted=1#post5725544
For using it, probably best way is using KVPNC GUI.
It should be easy to adapt it to other platforms and even applications.
Cesar
I did register with CISCO but you have to be a partner to be able to download the VPN client. Is there other source for this client?
Michael,
To fix that error, you have to edit the Makefile file in the vpnclient folder and change CFLAGS to EXTRA_CFLAGS.
Change CFLAGS += -mcmodel=kernel -mno-red-zone
to EXTRA_CFLAGS += -mcmodel=kernel -mno-red-zone
If you are using 64 bit Linux, then you have to apply 64 bit patch. Refer to
http://www.lamnk.com/blog/domain/how-to-install-cisco-vpn-client-on-ubuntu-hardy-heron-804/
The new version that Oleg recommends still gives me the same error:
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-19-generic’
scripts/Makefile.build:46: *** CFLAGS was changed in “/home/miguel/vpnclient/Makefile”. Fix it to use EXTRA_CFLAGS.
Thank you for the information Oleg.
Cisco recently released the new VPN Client that does not require patch and works under latest kernel. I have Ubuntu Hardy 8.04 and after installing the new client it works well.
1. Download the new client from Cisco’s website. You need an account to download that file.
http://www.cisco.com/pcgi-bin/tablebuild.pl?topic=270636499
There is an option to register on the page.
2. Untar the new file:
tar xvfz vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
3. Open the new folder:
cd vpnclient/
4. Run the installer:
sudo ./vpn_install
5. Choose all of the default options.
6. Installation creates a service that will start upon reboot. The first time it needs to be started manually :
/etc/init.d/vpnclient_init start
7. Copy the .pcf profile file to:
/etc/opt/cisco-vpnclient/profiles
8. Connect to VPN from terminal window:
vpnclient connect “your profile name”
Following the instructions above worked for me perfectly and only took a couple of minutes. Good luck !
I’m getting complete lockups as well when using my patched vpnclient. It’ll work for a while, but I’ll always end up with a kernel panic or whatever at some point. (When not using vpnclient things are always stable.) I’m on an hp compaq 6910p kernel: 2.6.24-18-generic
Is there something else I can try to get this to work? I can’t have the computer locking up like this when trying to vpn.
I can connect with it using the 19 kernel. I am having a problem with Evolution, but I don’t know if it has to do with the VPN.
ok, anyone tried 19 kernel ?/ i’ll do it again at some point. *crosses fingers*
I have found the need to recompile the modules for VMware after kernel updates as well. At this point, I’m seeing something like this as quite normal given the interaction required with the kernel.
Just had another crash – skramstad’s patch didn’t fix the issue.
yeah, 2.6.24-18-generic i686 is giving me the same result, tried it under 16, and 17 also
I’m also seeing kernel crashes while using the cisco_ipsec module under 2.6.24-18-generic i686. It seems to happen most reliably when I’m doing simultaneous traffic both over the VPN connection and externally.
I’ll give skramstad’s suggestions a try and see if that fixes it.
Happy to know it worked
Hey Arun,
Just wanted to say thanks a bunch for the instruction. Upgraged to 8.04 over the weekend and just checked that it would boot and open a browser. Got up this morning and couldn’t connect VPN. Uninstalled and re-installed a couple of times this afternoon to no avail and right before I thought about blowing the whole thing away, I came across your instructions. Saved me a couple of hours (and some additional gray hairs). Works like a charn.
Thanks Vijay. I’m just passing what I learned from others.
Hi Arun, Just wanted to say ‘thank you’ for the information your provided here. You put in effort to document your work and it has really helped me and I am sure others. Thanks very much for the selflessness of your work. Rgds, Vijay
I just typed them in as plain text in the conf file, well for the group Password, and the user password i typed manually at the prompt, and after that it failed to authenticate,
no i havent tried pcf2vpnc either, is that a seperate package needed to be installed?? i didnt see it anywhere
Hi Omar,
How do you generate passwords for vpnc. Did you run pcf2vpnc script to generate the required conf files.
Thanks
Sandeep
VPNC doesnt seem to authenticate for me =/
i didn’t get what this command will do.
“wget -q http://projects.tuxx-home.at/ciscovpn/patches/cisco_skbuff_offset.patch < ../cisco_skbuff_offset”
I have got vpnc working and will figure out this issue in free time.
ill try that out also, and see if it still causes the crashing. skramstad is that command in number 2) what chances CFLAGS to EXTRA_CFLAGS ?? or that is still an aditional step
Sandeep and Prabhat, could you try what skramstad has suggested?
I’m not sure why. It didn’t crash for me.
There are a couple extra steps that have to be done prior to the steps in this article:
1) Change CFLAGS to EXTRA_CFLAGS in Makefile
2) wget -q http://projects.tuxx-home.at/ciscovpn/patches/cisco_skbuff_offset
patch < ../cisco_skbuff_offset
Then
patch <../vpnclient-linux-2.6.24-final.diff
./vpn_install
HI, i followed directions for 8.04 and installed successfully, now im having an issue with computer crashing after about 10-15 min of use of vpn connect + rdesktop.
anyone else experiencing this issue?
Did you have linux header and build essentials installed?
I’m also facing the same issue. If you guys figured out how to get vpn installed please mail me at sandeep048@gmail.com
Prabhat, I’m sorry, I’m not sure why it’s not working for you.
Yes Arun. I am getting the same errors even after the patch. Here let me paste the steps once more:
prabhat@pubs:~/cisco applications/abc/vpnclient$ patch < vpnclient-linux-2.6.24-final.diff
patching file GenDefs.h
patching file interceptor.c
prabhat@pubs:~/cisco applications/abc/vpnclient$
prabhat@pubs:~/cisco applications/abc/vpnclient$ sudo ./vpn_install
[sudo] password for prabhat:
Cisco Systems VPN Client Version 4.8.01 (0640) Linux Installer
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.24-16-generic/build]
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.24-16-generic/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.24-16-generic/build” will be used to build the module.
Is the above correct [y]
Making module
make -C /lib/modules/2.6.24-16-generic/build SUBDIRS=/home/prabhat/cisco applications/abc/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic’
make[1]: *** No rule to make target `applications/abc/vpnclient’. Stop.
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
Face it….it’s busted.
Are you getting this error even after you installed the patch? This is the error you get if you don’t install the patch. You have to install the patch and then install the client.
Hi,
I have also installed Ubuntu 8.0 (LTS Desktop on by IBM T43 laptop). I alaso faced he exact same errors as what you have stated & went through the steps that you have posted,. But even after that I am facing the below errors:
prabhat@pubs:~/cisco applications/vpnclient$ su
Password:
root@pubs:/home/prabhat/cisco applications/vpnclient# ./vpn_install
Cisco Systems VPN Client Version 4.8.01 (0640) Linux Installer
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.24-16-generic/build]
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.24-16-generic/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.24-16-generic/build” will be used to build the module.
Is the above correct [y]
Making module
make -C /lib/modules/2.6.24-16-generic/build SUBDIRS=/home/prabhat/cisco applications/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic’
make[1]: *** No rule to make target `applications/vpnclient’. Stop.
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
That was it. I was using an older version from my company’s internal download site. I’m up and running again. thx.
The problem could be with the version of the client you are using. If you are using vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz, it will work. If you are using the older version, say vpnclient-linux-4.8.00.0490-k9.tar.gz, then it may not work. You have to download the new version.
This did not work for me.
vpnclient$ patch < ./vpnclient-linux-2.6.24-final.diff
patching file GenDefs.h
patching file interceptor.c
Hunk #1 succeeded at 24 (offset -4 lines).
Hunk #2 succeeded at 48 (offset -4 lines).
Hunk #3 FAILED at 107.
Hunk #4 succeeded at 123 (offset -23 lines).
Hunk #5 FAILED at 350.
Hunk #6 succeeded at 849 (offset -86 lines).
Hunk #7 succeeded at 891 (offset -86 lines).
2 out of 7 hunks FAILED — saving rejects to file interceptor.c.rej
Any ideas?
Good to hear that.
Hey, this was a life saver. Thanks a million.
I use 32 bit. The problem could be 64 bit, but I’m not sure. From what I could check in Ubuntu forums, it’s the 64-bit kernel problem.
I tried the same thing you did but to no avail. I’m running the 64-bit version of 8.04. Could that be the reason? Which version are you running?
Thank you Russ for the tips. I will give it a try.
Thanks! this was just what I needed. I was in the right area (interceptor.c) but was not a skilled enough kernel hacker to fix it myself. thanks.
BTW – I did get the Cisco VPN to work with firestarter by opening up the input and output chains to the company class b subnet, e.g.:
iptables -A INPUT -j ACCEPT -s xxx.xxx.0.0/16 -p all
iptables -A OUTPUT -j ACCEPT -s xxx.xxx.0.0/16 -p all
where xxx.xxx is the company internal subnet.
not pretty, and probably not the most secure arrangement, but with the cisco VPN client running the machine presents no open ports or ping response to the local net, so it probably is ok, i would guess.
r.
thanks a lot!!!!
Thanks for the information, saved me some frustration!
Glad to know you found it. I don’t get time to check my blog during weekends generally.
I should have posted my message earlier!!! I’VE GOT IT…. So stupid!!! I was missing linux-headers-2.6.24-16-generic… Only when I posted the previous message that I checked with dpkg If that package was installed… You can guess the answer!!!
Works like a charm…
Thanks,
Pedro
Hi,
I’ve had Ubuntu 7.10 with Cisco VPN Client up and running. It was somewhat difficult to set up but I managed with this tutorial (http://www.longren.org/2007/05/17/how-to-cisco-vpn-client-on-ubuntu-704-feisty-fawn/). Yesterday I’ve upgraded my distro from 7.10 to 8.0.4 and VPN Client stopped working. I knew this might happen because this is not my first upgrade… Tried several ways to make it work again but with no success.
Today I stumbled with your tutorial but, like others, you use this option:
Directory containing linux kernel source code [/lib/modules/2.6.24-16-generic/build]
I don’t have a build folder!!! Tried to simlink it to /usr/src/ but with no success either…
Any ideias?!?!? A clean Ubuntu 8.0.4 install is not an option for me, to much work…
Thanks,
Pedro