UPDATE: A new client for linux (4.8.02.0030) is out. You no longer need the patch for 2.6.24+ kernel (vpnclient-linux-2.6.24-final.diff). However a patch for 64 bit systems is still required and the CFLAGS variable in Makefile must be changed to EXTRA_CFLAGS.
I assume that you have the latest version 4.8.01.0640 and the required packages for compiling.
If you install the original Cisco VPN client on Hardy you will receive the following error:
make -C /lib/modules/2.6.24-16-generic/build SUBDIRS=/home/lamnk/src/vpn/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic’
scripts/Makefile.build:46: *** CFLAGS was changed in “/home/lamnk/src/vpn/vpnclient/Makefile”. Fix it to use EXTRA_CFLAGS. Stop.
make[1]: *** [_module_/home/lamnk/src/vpn/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic’
make: *** [default] Error 2
As those lines point out, you need to edit the Makefile file in the vpnclient folder and change CFLAGS to EXTRA_CFLAGS: Change the following line in Makefile
CFLAGS += -mcmodel=kernel -mno-red-zone
to
EXTRA_CFLAGS += -mcmodel=kernel -mno-red-zone
then apply the 2 patches for kernel 2.6.24 and for 64 bit:
vpnclient_folder$ wget lamnk.com/vpnclient-linux-2.6.24-final.diff
vpnclient_folder$ wget lamnk.com/cisco_skbuff_offset.patch
vpnclient_folder$ patch < ./vpnclient-linux-2.6.24-final.diff
vpnclient_folder$ patch < ./cisco_skbuff_offset.patch
vpnclient_folder$ ./vpn_install
If your system is 32 bit then you only need to patch the vpnclient-linux-2.6.24-final.diff file.
The patch for 64 bit system is from Stephen Frost and the patch for kernel 2.6.24 is from Alexander Griesser. Seriously Cisco should pay those guys some money … If these patches help you then please consider donate them.
Comments 6
Thank you for this. The installation for me worked fine with your patches. However, when I try to run the vpnclient, I get this message:
sudo vpnclient connect LinuxUsers
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.24-16-generic #1 SMP Thu Apr 10 12:47:45 UTC 2008 x86_64
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
Do you have any idea of what I am doing wrong?
Posted 21 May 2008 at 12:06 am ¶Thank you!
It worked now. My problem was the wireless connection. Vpn worked fine with your patches, after I fixed the wireless.
Posted 21 May 2008 at 9:49 pm ¶Thank you!
Thanks for these instructions, worked perfectly for me!
Posted 03 Sep 2008 at 6:39 pm ¶Script for VPN client installation in Ubuntu 8. Hope it helps.
http://ubuntuforums.org/showthread.php?p=5725544&posted=1#post5725544
Posted 04 Sep 2008 at 5:10 pm ¶thanks a lot… it is working for me now…
[root@lin1 vpnclient]# cp -p Makefile Makefile.back
*******************************************
[root@lin1 vpnclient]# vi Makefile
########
replace
CFLAGS += -mcmodel=kernel -mno-red-zone
with
EXTRA_CFLAGS += -mcmodel=kernel -mno-red-zone
#######
********************************************
[root@lin1 vpnclient]# wget lamnk.com/vpnclient-linux-2.6.24-final.diff
–2008-09-11 22:28:52– http://lamnk.com/vpnclient-linux-2.6.24-final.diff
Resolving lamnk.com… 69.73.155.56
Connecting to lamnk.com|69.73.155.56|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 3989 (3.9K) [text/plain]
Saving to: `vpnclient-linux-2.6.24-final.diff’
100%[======================================>] 3,989 –.-K/s in 0.04s
2008-09-11 22:28:52 (95.4 KB/s) - `vpnclient-linux-2.6.24-final.diff’ saved [3989/3989]
[root@lin1 vpnclient]# wget lamnk.com/cisco_skbuff_offset.patch
–2008-09-11 22:28:58– http://lamnk.com/cisco_skbuff_offset.patch
Resolving lamnk.com… 69.73.155.56
Connecting to lamnk.com|69.73.155.56|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 4586 (4.5K) [text/plain]
Saving to: `cisco_skbuff_offset.patch’
100%[======================================>] 4,586 –.-K/s in 0.04s
2008-09-11 22:28:58 (107 KB/s) - `cisco_skbuff_offset.patch’ saved [4586/4586]
[root@lin1 vpnclient]# patch < ./vpnclient-linux-2.6.24-final.diff
patching file GenDefs.h
patching file interceptor.c
[root@lin1 vpnclient]# patch < ./cisco_skbuff_offset.patch
(Stripping trailing CRs from patch.)
patching file frag.c
(Stripping trailing CRs from patch.)
patching file interceptor.c
Hunk #1 succeeded at 646 (offset 16 lines).
Hunk #3 succeeded at 807 (offset 16 lines).
(Stripping trailing CRs from patch.)
patching file linuxcniapi.c
(Stripping trailing CRs from patch.)
patching file linuxkernelapi.c
[root@lin1 vpnclient]# ./vpn_install
Cisco Systems VPN Client Version 4.8.01 (0640) Linux Installer
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.25.4-30.fc9.x86_64/build]
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.25.4-30.fc9.x86_64/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.25.4-30.fc9.x86_64/build” will be used to build the module.
Is the above correct [y]
Making module
make -C /lib/modules/2.6.25.4-30.fc9.x86_64/build SUBDIRS=/root/Desktop/vpnclient/vpnclient/vpnclient modules
make[1]: Entering directory `/usr/src/kernels/2.6.25.4-30.fc9.x86_64′
CC [M] /root/Desktop/vpnclient/vpnclient/vpnclient/linuxcniapi.o
CC [M] /root/Desktop/vpnclient/vpnclient/vpnclient/frag.o
CC [M] /root/Desktop/vpnclient/vpnclient/vpnclient/IPSecDrvOS_linux.o
CC [M] /root/Desktop/vpnclient/vpnclient/vpnclient/interceptor.o
CC [M] /root/Desktop/vpnclient/vpnclient/vpnclient/linuxkernelapi.o
LD [M] /root/Desktop/vpnclient/vpnclient/vpnclient/cisco_ipsec.o
Building modules, stage 2.
MODPOST 1 modules
WARNING: could not find /root/Desktop/vpnclient/vpnclient/vpnclient/.libdriver64.so.cmd for /root/Desktop/vpnclient/vpnclient/vpnclient/libdriver64.so
CC /root/Desktop/vpnclient/vpnclient/vpnclient/cisco_ipsec.mod.o
LD [M] /root/Desktop/vpnclient/vpnclient/vpnclient/cisco_ipsec.ko
make[1]: Leaving directory `/usr/src/kernels/2.6.25.4-30.fc9.x86_64′
Copying module to directory “/lib/modules/2.6.25.4-30.fc9.x86_64/CiscoVPN”.
Already have group ‘bin’
Creating start/stop script “/etc/init.d/vpnclient_init”.
/etc/init.d/vpnclient_init
Enabling start/stop script for run level 3,4 and 5.
Installing license.txt (VPN Client license) in “/opt/cisco-vpnclient/”:
/opt/cisco-vpnclient/license.txt
Installing bundled user profiles in “/etc/opt/cisco-vpnclient/Profiles/”:
* Replaced Profiles: sample
Copying binaries to directory “/opt/cisco-vpnclient/bin”.
Adding symlinks to “/usr/local/bin”.
/opt/cisco-vpnclient/bin/vpnclient
/opt/cisco-vpnclient/bin/cisco_cert_mgr
/opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory “/opt/cisco-vpnclient/bin”.
/opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory “/opt/cisco-vpnclient/lib”.
/opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory “/opt/cisco-vpnclient/include”.
/opt/cisco-vpnclient/include/vpnapi.h
Setting permissions.
Posted 12 Sep 2008 at 3:37 am ¶/opt/cisco-vpnclient/bin/cvpnd (setuid root)
/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient (permissions not changed)
* You may wish to change these permissions to restrict access to root.
* You must run “/etc/init.d/vpnclient_init start” before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.
[root@lin1 vpnclient]# /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: Done
Thanks man, the flag and the 64bit patch made it work on my fedora 9 installation
Posted 05 Nov 2008 at 11:12 am ¶Trackbacks & Pingbacks 2
[...] UPDATE: 64 bit systems are a bit more complicated, please see how to install Cisco VPN on Hardy Heron 8.04 64 bit [...]
[...] like Stephen Frost and Alexander Griesser, the job was fairly simple. I followed the brief howto at lamnk.com to accomplish the task, and was up and running in no time. Fixing the eject button Unlike the rest [...]
Post a Comment