UPDATE: A new client for linux (4.8.02.0030) is out. You no longer need the patch for 2.6.24+ kernel (vpnclient-linux-2.6.24-final.diff). However the patch for 64 bit systems is still required and the CFLAGS variable in Makefile still need to be changed to EXTRA_CFLAGS.
June 26 2009: This post also applies to Ubuntu Jaunty Jackalope 9.04 (more than one year later and it’s still not fixed)
I assume that you have the latest version 4.8.01.0640 and the required packages for compiling.
If you install the original Cisco VPN client on Hardy you will receive the following error:
make -C /lib/modules/2.6.24-16-generic/build SUBDIRS=/home/lamnk/src/vpn/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic’
scripts/Makefile.build:46: *** CFLAGS was changed in “/home/lamnk/src/vpn/vpnclient/Makefile”. Fix it to use EXTRA_CFLAGS. Stop.
make[1]: *** [_module_/home/lamnk/src/vpn/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic’
make: *** [default] Error 2
As those lines point out, you need to edit the Makefile file in the vpnclient folder and change CFLAGS to EXTRA_CFLAGS: Change the following line in Makefile
CFLAGS += -mcmodel=kernel -mno-red-zone
to
EXTRA_CFLAGS += -mcmodel=kernel -mno-red-zone
then apply the 2 patches for kernel 2.6.24 and for 64 bit:
vpnclient_folder$ wget lamnk.com/download/vpnclient-linux-2.6.24-final.diff
vpnclient_folder$ wget lamnk.com/download/cisco_skbuff_offset.patch
vpnclient_folder$ patch < ./vpnclient-linux-2.6.24-final.diff
vpnclient_folder$ patch < ./cisco_skbuff_offset.patch
vpnclient_folder$ ./vpn_install
If your system is 32 bit then you only need to patch the vpnclient-linux-2.6.24-final.diff file.
The patch for 64 bit system is from Stephen Frost and the patch for kernel 2.6.24 is from Alexander Griesser. Seriously Cisco should pay those guys some money … If these patches help you then please consider donate them.
Related posts:
- How to install Cisco VPN client on Ubuntu Jaunty Jackalope and Karmic Koala 64 bit
- With kernel 2.6.24 you will need a patch to install Cisco VPN Client
- Can not compile Cisco VPN client on openSUSE 10.3 64bit
- Cisco VPN now runs on linux 64 bit systems
- Cisco VPN Client freezes system with dual core CPU
Comments 14
Thank you for this. The installation for me worked fine with your patches. However, when I try to run the vpnclient, I get this message:
sudo vpnclient connect LinuxUsers
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.24-16-generic #1 SMP Thu Apr 10 12:47:45 UTC 2008 x86_64
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
Do you have any idea of what I am doing wrong?
Posted 21 May 2008 at 12:06 am ¶Thank you!
It worked now. My problem was the wireless connection. Vpn worked fine with your patches, after I fixed the wireless.
Posted 21 May 2008 at 9:49 pm ¶Thank you!
Thanks for these instructions, worked perfectly for me!
Posted 03 Sep 2008 at 6:39 pm ¶Script for VPN client installation in Ubuntu 8. Hope it helps.
http://ubuntuforums.org/showthread.php?p=5725544&posted=1#post5725544
Posted 04 Sep 2008 at 5:10 pm ¶thanks a lot… it is working for me now…
[root@lin1 vpnclient]# cp -p Makefile Makefile.back
*******************************************
[root@lin1 vpnclient]# vi Makefile
########
replace
CFLAGS += -mcmodel=kernel -mno-red-zone
with
EXTRA_CFLAGS += -mcmodel=kernel -mno-red-zone
#######
********************************************
[root@lin1 vpnclient]# wget lamnk.com/vpnclient-linux-2.6.24-final.diff
–2008-09-11 22:28:52– http://lamnk.com/vpnclient-linux-2.6.24-final.diff
Resolving lamnk.com… 69.73.155.56
Connecting to lamnk.com|69.73.155.56|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 3989 (3.9K) [text/plain]
Saving to: `vpnclient-linux-2.6.24-final.diff’
100%[======================================>] 3,989 –.-K/s in 0.04s
2008-09-11 22:28:52 (95.4 KB/s) – `vpnclient-linux-2.6.24-final.diff’ saved [3989/3989]
[root@lin1 vpnclient]# wget lamnk.com/cisco_skbuff_offset.patch
–2008-09-11 22:28:58– http://lamnk.com/cisco_skbuff_offset.patch
Resolving lamnk.com… 69.73.155.56
Connecting to lamnk.com|69.73.155.56|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 4586 (4.5K) [text/plain]
Saving to: `cisco_skbuff_offset.patch’
100%[======================================>] 4,586 –.-K/s in 0.04s
2008-09-11 22:28:58 (107 KB/s) – `cisco_skbuff_offset.patch’ saved [4586/4586]
[root@lin1 vpnclient]# patch < ./vpnclient-linux-2.6.24-final.diff
patching file GenDefs.h
patching file interceptor.c
[root@lin1 vpnclient]# patch < ./cisco_skbuff_offset.patch
(Stripping trailing CRs from patch.)
patching file frag.c
(Stripping trailing CRs from patch.)
patching file interceptor.c
Hunk #1 succeeded at 646 (offset 16 lines).
Hunk #3 succeeded at 807 (offset 16 lines).
(Stripping trailing CRs from patch.)
patching file linuxcniapi.c
(Stripping trailing CRs from patch.)
patching file linuxkernelapi.c
[root@lin1 vpnclient]# ./vpn_install
Cisco Systems VPN Client Version 4.8.01 (0640) Linux Installer
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.25.4-30.fc9.x86_64/build]
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.25.4-30.fc9.x86_64/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.25.4-30.fc9.x86_64/build” will be used to build the module.
Is the above correct [y]
Making module
make -C /lib/modules/2.6.25.4-30.fc9.x86_64/build SUBDIRS=/root/Desktop/vpnclient/vpnclient/vpnclient modules
make[1]: Entering directory `/usr/src/kernels/2.6.25.4-30.fc9.x86_64′
CC [M] /root/Desktop/vpnclient/vpnclient/vpnclient/linuxcniapi.o
CC [M] /root/Desktop/vpnclient/vpnclient/vpnclient/frag.o
CC [M] /root/Desktop/vpnclient/vpnclient/vpnclient/IPSecDrvOS_linux.o
CC [M] /root/Desktop/vpnclient/vpnclient/vpnclient/interceptor.o
CC [M] /root/Desktop/vpnclient/vpnclient/vpnclient/linuxkernelapi.o
LD [M] /root/Desktop/vpnclient/vpnclient/vpnclient/cisco_ipsec.o
Building modules, stage 2.
MODPOST 1 modules
WARNING: could not find /root/Desktop/vpnclient/vpnclient/vpnclient/.libdriver64.so.cmd for /root/Desktop/vpnclient/vpnclient/vpnclient/libdriver64.so
CC /root/Desktop/vpnclient/vpnclient/vpnclient/cisco_ipsec.mod.o
LD [M] /root/Desktop/vpnclient/vpnclient/vpnclient/cisco_ipsec.ko
make[1]: Leaving directory `/usr/src/kernels/2.6.25.4-30.fc9.x86_64′
Copying module to directory “/lib/modules/2.6.25.4-30.fc9.x86_64/CiscoVPN”.
Already have group ‘bin’
Creating start/stop script “/etc/init.d/vpnclient_init”.
/etc/init.d/vpnclient_init
Enabling start/stop script for run level 3,4 and 5.
Installing license.txt (VPN Client license) in “/opt/cisco-vpnclient/”:
/opt/cisco-vpnclient/license.txt
Installing bundled user profiles in “/etc/opt/cisco-vpnclient/Profiles/”:
* Replaced Profiles: sample
Copying binaries to directory “/opt/cisco-vpnclient/bin”.
Adding symlinks to “/usr/local/bin”.
/opt/cisco-vpnclient/bin/vpnclient
/opt/cisco-vpnclient/bin/cisco_cert_mgr
/opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory “/opt/cisco-vpnclient/bin”.
/opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory “/opt/cisco-vpnclient/lib”.
/opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory “/opt/cisco-vpnclient/include”.
/opt/cisco-vpnclient/include/vpnapi.h
Setting permissions.
Posted 12 Sep 2008 at 3:37 am ¶/opt/cisco-vpnclient/bin/cvpnd (setuid root)
/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient (permissions not changed)
* You may wish to change these permissions to restrict access to root.
* You must run “/etc/init.d/vpnclient_init start” before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.
[root@lin1 vpnclient]# /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: Done
Thanks man, the flag and the 64bit patch made it work on my fedora 9 installation
Posted 05 Nov 2008 at 11:12 am ¶Thanks Ngo, after so many attempts & failure your recipe worked like a charm.
I will definitely recommend your site to others!
pfonseca
Posted 03 Apr 2009 at 12:33 am ¶I installed on Ubuntu 9.04 (64) and cannot start Cisco VPN.
Linux mike-laptop 2.6.28-13-generic #45-Ubuntu SMP Tue Jun 30 22:12:12 UTC 2009 x86_64 GNU/Linux
Error:
root@mike-laptop:/home/mike# /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting ‘/lib/modules/2.6.28-13-generic/CiscoVPN/cisco_ipsec.ko’: -1 Unknown symbol in module
Failed (insmod)
Any ideas why?
Posted 22 Jul 2009 at 12:14 pm ¶Hi Mike,
I haven’t ever seen that error. My guess is that the client’s module is not compiled correctly. Try the following: go into the install directory of Cisco vpn and run “sudo ./vpn_uninstall && make clean && make”. See if make throws any error then fix it.
Posted 27 Jul 2009 at 4:37 pm ¶For some reason, vpnclient 4.8.02.0030 insists on opening the (personal) certificates files read/write after it has lessened its privileges from ‘root’ to ‘nobody’. Of course, this fails and prevents connection.
This is most probably an oversight, since vpnclient does not seem to write to the files – they should be opened read-only.
Workaround:
Posted 13 Aug 2009 at 12:35 am ¶chown nobody /etc/CiscoSystemsVPNClient/Certificates/*
Thanks,
Worked great, I just needed to run
sudo apt-get install lib32gcc1
Best regards,
Posted 13 Aug 2009 at 12:58 pm ¶Pekka Lehtikoski
I have ubuntu 8.042 LTS installed. No fire starter installed
Use BSNL always on broadband. In the gernal tab of network, Automatic dhcp selected.
Enable roaming mode not selected.
Installed cisco vpn client successively and able to log onto the server.
However
1. I am unable to connect to any website in the browser (Firefox / opers)
2.When i try to ftp
ftp aa.aa.com
the response is name or service unknown
Perhaps dns is not available
Posted 24 Aug 2009 at 7:45 am ¶can anybody help?
Hello,
Posted 31 May 2010 at 7:30 pm ¶Any idea on how to install the client on 2.6.32-22-generic? I get the following error messages:
/home/xx/vpnclient/interceptor.c:132: error: ‘struct net_device’ has no member named ‘hard_start_xmit’
/home/xx/vpnclient/interceptor.c:133: error: ‘struct net_device’ has no member named ‘get_stats’
/home/xx/vpnclient/interceptor.c:134: error: ‘struct net_device’ has no member named ‘do_ioctl’
/home/xx/vpnclient/interceptor.c: In function ‘add_netdev’:
/home/xx/vpnclient/interceptor.c:271: error: ‘struct net_device’ has no member named ‘hard_start_xmit’
/home/xx/vpnclient/interceptor.c:272: error: ‘struct net_device’ has no member named ‘hard_start_xmit’
/home/xx/vpnclient/interceptor.c: In function ‘remove_netdev’:
/home/xx/interceptor.c:294: error: ‘struct net_device’ has no member named ‘hard_start_xmit’
make[2]: *** [/home/xx/vpnclient/interceptor.o] Error 1
make[1]: *** [_module_/home/xx/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.32-22-generic'
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
check this out too.
Posted 03 Jun 2010 at 6:51 pm ¶http://ubuntuforums.org/showthread.php?t=769273
Trackbacks & Pingbacks 5
[...] UPDATE: 64 bit systems are a bit more complicated, please see how to install Cisco VPN on Hardy Heron 8.04 64 bit [...]
[...] like Stephen Frost and Alexander Griesser, the job was fairly simple. I followed the brief howto at lamnk.com to accomplish the task, and was up and running in no time. Fixing the eject button Unlike the rest [...]
[...] googling around, I found a blog created by Lamnk that corrected the errors. Basically, you need to download 2 patches and edit the Makefile. [...]
[...] Netz habe ich eine Lösung für Ubuntu 8.04 64Bit gefunden, die angeblich auch auf 9.04 laufen sollte. Bei mir hat es nicht funktioniert, weil ein [...]
[...] http://www.lamnk.com/blog/domain/how-to-install-cisco-vpn-client-on-ubuntu-hardy-heron-804 [...]
Post a Comment