How to install Cisco VPN client on Ubuntu Jaunty Jackalope and Karmic Koala 64 bit

Cisco module again doesn’t let us compile against the new kernel in Ubuntu 9.04 and 9.10 beta:

/home/lamnk/vpnclient/interceptor.c: In function ‘interceptor_init’: /home/lamnk/vpnclient/interceptor.c:132: error: ‘struct net_device’ has no member named ‘hard_start_xmit’ /home/lamnk/vpnclient/interceptor.c:133: error: ‘struct net_device’ has no member named ‘get_stats’ /home/lamnk/vpnclient/interceptor.c:134: error: ‘struct net_device’ has no member named ‘do_ioctl’ /home/lamnk/vpnclient/interceptor.c: In function ‘add_netdev’: /home/lamnk/vpnclient/interceptor.c:271: error: ‘struct net_device’ has no member named ‘hard_start_xmit’ /home/lamnk/vpnclient/interceptor.c:272: error: ‘struct net_device’ has no member named ‘hard_start_xmit’ /home/lamnk/vpnclient/interceptor.c: In function ‘remove_netdev’: /home/lamnk/vpnclient/interceptor.c:294: error: ‘struct net_device’ has no member named ‘hard_start_xmit’ make[2]: *** [/home/lamnk/vpnclient/interceptor.o] Error 1 make[1]: *** [_module_/home/lamnk/vpnclient] Error 2 make[1]: Leaving directory `/usr/src/linux-headers-2.6.31-1-generic' make: *** [default] Error 2 Failed to make module "cisco_ipsec.ko".

Before installtion I assume that you have the latest version 4.8.02.0030 and the required packages for compiling ie gcc, libstdc++6 … The kernel version should be from 2.6.30 to 2.6.32

Download the client and extract it
Go to vpnclient folder:

cd vpnclient
Download patch file for 64 bit and apply it (users on 32bit systems can skip this step):

wget http://lamnk.com/download/vpnclient-linux-4.8.02-64bit.patch

patch < ./vpnclient-linux-4.8.02-64bit.patch

sed -i 's/^CFLAGS/EXTRA_CFLAGS' Makefile
Download patch file for newer kernel (2.6.30+) and apply it:

wget http://lamnk.com/download/vpnclient-linux-2.6.31-final.diff

patch < ./vpnclient-linux-2.6.31-final.diff
Next we must edit a kernel source file

sudo sed -i 's/const\ struct\ net_device_ops\ \*netdev_ops;/struct\ net_device_ops\ \*netdev_ops;/' `find /usr/src -name netdevice.h`

Yes, it is a one liner, you should copy & paste that command instead of typing The command's translation into English: find the string const struct net_device_ops *netdev_ops; and change it to struct net_device_ops *netdev_ops; in the file locates at

find /usr/src -name netdevice.h
And finally, install Cisco VPN Client:

sudo ./vpn_install

The patch files are not from me. All credit goes to the people at tuxx-home.at forum

If you can't install or have a problem please leave a comment

blackninjavirus

It Works ! ! !

lesser

Great! Works like a charm in Karmic. Thanks.

Duncan

Hi Managed to finally get it installed using the above method but as soon as I try and do some work RDP, SSh etc either my screen freezies with scroll and caps lock flashing, or my whole PC just reboots.

Im using Karmic Koala.

boynas

Compiles and the kernel module starts no problem, but when trying to connect:

vpnclient connect xxxx

it gives me a:
"bash: /usr/local/bin/vpnclient: No such file or directory"

error message.

Any ideas?

Lamnk

@Duncan: does your cpu have 2 cores ? Try to turn one core off.

@boynas: did you "make install" ? Try "which vpnclient", or "sudo updatedb" then "locate vpnclient", it will show you location of the file.

boynas

installing lsb-core solved my issue... I also have the problem where kernel panics if I use the Wifi, but that is not new to karmic or 2.6.31 Is been like that for ever..

How do you turn a core off?? loading a different kernel?

Lamnk

See my link in reply to Duncan. Generally:

sudo echo 0 > /sys/devices/system/cpu/cpu1/online

pgngp

I was having the same issue. The VPN connection caused abrupt shut down of my dual core laptop. So I followed your suggestion and disabled one core. Now the VPN connection is working fine.

Thank you so much for this post! It saved me so much time and effort!

boynas

With my computer, it doesn't matter if I turn the core off or not.

Pops

Turn off the core, that is what I need to do. No other way around it? What is the sense of having dual core if I can only use one. Just making a comment, sux we have to do this to get this to work....

Lamnk

Yep, if you want/have to stick with Cisco's client. I know this sucks. Use vpnc instead.

Daniel

Great post!!! You save a life today! XD

Mikkel

Thanks for this great tip. It also works on Karmic 32-bit (only I didn't apply the 64-bit patch). You saved my day :-)

John Barker

You are a godsend. Thank you so much!

jpcjpc69

Unfortunately I'm getting an error. I'm running 64bit ubuntu and when I run the installer I get the following errors:
make -C /lib/modules/2.6.31-14-generic/build SUBDIRS=/home/jpc/Downloads/Callahan/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.31-14-generic'
CC [M] /home/jpc/Downloads/Callahan/vpnclient/linuxcniapi.o
CC [M] /home/jpc/Downloads/Callahan/vpnclient/frag.o
CC [M] /home/jpc/Downloads/Callahan/vpnclient/IPSecDrvOS_linux.o
CC [M] /home/jpc/Downloads/Callahan/vpnclient/interceptor.o
/home/jpc/Downloads/Callahan/vpnclient/interceptor.c: In function ‘interceptor_init’:
/home/jpc/Downloads/Callahan/vpnclient/interceptor.c:132: error: ‘struct net_device’ has no member named ‘hard_start_xmit’
/home/jpc/Downloads/Callahan/vpnclient/interceptor.c:133: error: ‘struct net_device’ has no member named ‘get_stats’
/home/jpc/Downloads/Callahan/vpnclient/interceptor.c:134: error: ‘struct net_device’ has no member named ‘do_ioctl’
/home/jpc/Downloads/Callahan/vpnclient/interceptor.c: In function ‘add_netdev’:
/home/jpc/Downloads/Callahan/vpnclient/interceptor.c:271: error: ‘struct net_device’ has no member named ‘hard_start_xmit’
/home/jpc/Downloads/Callahan/vpnclient/interceptor.c:272: error: ‘struct net_device’ has no member named ‘hard_start_xmit’
/home/jpc/Downloads/Callahan/vpnclient/interceptor.c: In function ‘remove_netdev’:
/home/jpc/Downloads/Callahan/vpnclient/interceptor.c:294: error: ‘struct net_device’ has no member named ‘hard_start_xmit’
make[2]: *** [/home/jpc/Downloads/Callahan/vpnclient/interceptor.o] Error 1
make[1]: *** [_module_/home/jpc/Downloads/Callahan/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.31-14-generic'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko".

levy

I have applied your method with vpnclient-linux-x86_64-4.8.02.0030-k9
on ubuntu 9.10 (kernel 2.6.31).
The vpnclient is compiled, I can connect BUT after a few seconds it stops.
Note that vpnclient works perfectly on windows vista in the same context.

levy

I have a log, whose I give only the end, of the exchange between my vpnclient
and the vpn server :
155 09:52:27.111 11/25/2009 Sev=Info/4 IPSEC/0x43700013
Delete internal key with SPI=0x0e67e746

156 09:52:27.111 11/25/2009 Sev=Info/4 IPSEC/0x4370000C
Key deleted by SPI 0x0e67e746

157 09:52:27.111 11/25/2009 Sev=Info/4 IPSEC/0x43700013
Delete internal key with SPI=0x2fd7d005

158 09:52:27.111 11/25/2009 Sev=Info/4 IPSEC/0x4370000C
Key deleted by SPI 0x2fd7d005

159 09:52:27.111 11/25/2009 Sev=Info/4 IKE/0x4300004B
Discarding IKE SA negotiation (I_Cookie=2FD0FE0BC5567AC3 R_Cookie=4301C5DEF1C976
A2) reason = DEL_REASON_PEER_NOT_RESPONDING

160 09:52:27.111 11/25/2009 Sev=Info/4 CM/0x43100013
Phase 1 SA deleted cause by DEL_REASON_PEER_NOT_RESPONDING. 0 Crypto Active IKE
SA, 0 User Authenticated IKE SA in the system

161 09:52:27.111 11/25/2009 Sev=Info/4 CVPND/0x4340001C
Privilege Separation: restoring resolv.conf file.

162 09:52:27.113 11/25/2009 Sev=Info/4 CVPND/0x4340001D
Privilege Separation: chown( /etc/resolv.conf, uid=0, gid=0 ).

163 09:52:27.113 11/25/2009 Sev=Info/5 CM/0x43100025
Initializing CVPNDrv

164 09:52:27.113 11/25/2009 Sev=Info/6 CM/0x43100031
Tunnel to headend device c-vpn-pub.imag.fr disconnected: duration: 0 days 0:3:41

165 09:52:27.113 11/25/2009 Sev=Info/4 CVPND/0x4340001F
Privilege Separation: restoring MTU on primary interface.

166 09:52:27.115 11/25/2009 Sev=Info/4 IKE/0x43000001
IKE received signal to terminate VPN connection

167 09:52:27.116 11/25/2009 Sev=Info/6 CM/0x43100037
The routing table was returned to original state prior to Virtual Adapter

168 09:52:27.137 11/25/2009 Sev=Info/4 CM/0x43100035
The Virtual Adapter was disabled

169 09:52:27.138 11/25/2009 Sev=Warning/3 CM/0x8310000C
State violation caused by ABORT EVENT at IDLE STATE

170 09:52:27.138 11/25/2009 Sev=Info/4 CVPND/0x4340000C
Stopped service:

171 09:52:27.138 11/25/2009 Sev=Info/4 CVPND/0x4340001F
Privilege Separation: restoring MTU on primary interface.

pgngp

I had a similar problem on my Ubuntu 9.10 on my 32-bit laptop. Then I tried vpnc and it worked great. So I suggest you try the vpnc client. It works without issues on dual cores as well.

levy

vpnc is convenient for people which don't use a certificate but a login password authentication.
But I need vpnclient cisco to connect to my office.
Now I use Windows fo that.
What is strange on this patched version is that I can connect from an
internal address 10.6.6.6 and not from an external address
129.88....
So I can connect via the vpn when it's not necessary for me : strange situation.

Lamnk

It's not true. Vpnc do support hybrid authentication (certificate + xauth). Due to license problem vpnc can not be distributed with SSL support out of the box but as an end user you can compile and use it yourself.

pavel

Thank God, it finally worked. Thanks so much for this guide.

JaC

GREAAATT!!!!! Thank You Very MUCH!!!!!! You save my life!!! ...

henzq

same here for me. tnx so much

David Evenson

Awesome. Thank you!

gfb

hello,

I've followed this procedure and unfortunately I cannot get the cisco vpn client (vpnclient-linux-x86_64-4.8.02.0030-k9) to work with my ubuntu (2.6.31-17)

$ sudo /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting '/lib/modules/2.6.31-17-generic/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
Failed (insmod)

please help!
many thanks

Lamnk

Look like you have problem with the module. In your vpnclient folder type sudo make clean && make. What does the program complain ?

nixcc

Thanks man. A previous allowed me to install the VPN client, but since I've upgraded to Karmic and didn't expect the errors outlined above.

agolikov

Thanks! It works!
2.6.31-16-generic #53-Ubuntu SMP Tue Dec 8 04:01:29 UTC 2009 i686 GNU/Linux

robswarbrick

Many thanks for your streamlined and really-easy-to-follow steps; that adds the sugar on top of the work from tuxx (and thanks to them as well for the investigation).

Name

Even though the tutorial says "Download patch file for 64 bit and apply it (**users on 32bit systems can skip this step**):" you should do it. I tried several times, finally with 64 bit patch and ONLY then it worked as a charm. (Linux user-desktop 2.6.31-16-generic #53-Ubuntu SMP Tue Dec 8 04:01:29 UTC 2009 i686 GNU/Linux------------Ubuntu 9.10 Karmic Koala)

levy

It's a strange recipe and it does not work for me.
I have always the same problem : the connection is established and then cut in less than 10 seconds.
I see the message
Bienvenue a IMAG(cert group)
Do you wish to continue ?(y/n)
And after I receive sometime packets during at most 10 seconds.

Lamnk

There may be two reasons for that.

1. Your firewall. Turn it off and see whether the problem still occurs.
2. Flaky net connection.

levy

Thes two reasons are not valid in my case
1 Firewall : I have no firewall on my computer, I can connect with the vpn client Cisco on this computer with XP vista and with the vpn client linux (fedora core 7) on an old PC.
2 Flaky net connection ; I don't think so. I am connected by CPL to my
modem-router and the connection seems good.

Kevin

Currently experiencing issues getting the vpnclient up and running on Sabayon5 64-bit.

Linux sabayon64 2.6.31-sabayon #1 SMP Fri Sep 25 19:28:33 UTC 2009 x86_64 Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz GenuineIntel GNU/Linux

I have applied both patches and try to run the ./vpn_install and get:

Making module
make -C /lib/modules/2.6.31-sabayon/build SUBDIRS=/home/whitey/Downloads/vpnclient modules
make[1]: Entering directory `/usr/src/linux-2.6.31-sabayon'
make[1]: *** No rule to make target `modules'. Stop.
make[1]: Leaving directory `/usr/src/linux-2.6.31-sabayon'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko".

Now one thing I should mention is your sed line did not take and produced the error:

sabayon64 vpnclient # sed -i 's/const\ struct\ net_device_ops\ \*netdev_ops;/struct\ net_device_ops\ \*netdev_ops;/' `find /usr/src -name netdevice.h`
sed: no input files

Any ideas? I have gotten this installed plenty of times before but there always seems to be a fair amount of massaging that needs to take place before teh beast comes alive. P.S. I do know abt the turning off one core trick to bring stability to the client once I do get it installed.

TIA

Kevin

Ok so I got this installed on my Sabayon VM running under VMware workstation by installing the sabayon-sources adn linux-sabayon packages but when I go back to the host (same OS release) I get the following error:

Is the above correct [y]

Making module
make -C /lib/modules/2.6.31-sabayon/build SUBDIRS=/root/vpnclient modules
make[1]: Entering directory `/usr/src/linux-2.6.31-sabayon'
CC [M] /root/vpnclient/linuxcniapi.o
gcc: error trying to exec 'as': execvp: No such file or directory
/root/vpnclient/linuxcniapi.c: In function ‘CniGetMacAddress’:
/root/vpnclient/linuxcniapi.c:134: warning: pointer targets in assignment differ in signedness
/root/vpnclient/linuxcniapi.c: In function ‘CniInjectReceive’:
/root/vpnclient/linuxcniapi.c:314: warning: pointer targets in passing argument 4 of ‘CniGetPacketData’ differ in signedness
/root/vpnclient/Cniapi.h:354: note: expected ‘PCHAR’ but argument is of type ‘unsigned char *’
/root/vpnclient/linuxcniapi.c: In function ‘CniInjectSend’:
/root/vpnclient/linuxcniapi.c:463: warning: pointer targets in passing argument 4 of ‘CniGetPacketData’ differ in signedness
/root/vpnclient/Cniapi.h:354: note: expected ‘PCHAR’ but argument is of type ‘unsigned char *’
make[2]: *** [/root/vpnclient/linuxcniapi.o] Error 2
make[1]: *** [_module_/root/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-2.6.31-sabayon'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko".

I am at a loss. I installed it identical to the way I did it in my VM. All signs seem to point at the 'as' assembler not being found. A which as reports nothing. I see a as86 binary in the /usr/bin directory and have tried symbolic link trickery to no avail. :-(

Hints?

pavel

Just recompile without any flas on the newest Ubuntu:
Linux ivanmladek-laptop 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 17:01:44 UTC 2009 x86_64 GNU/Linux

Kevin

OK, sorry to flood your blog. Got this resolved with a bit of mangling binutils back into shape. One question, the vpnclient is about as stable as Helen Keller and I was wondering why that may be. I can guarantee I have a solid network (end-to-end cisco/procurve gigabit switching/Linux routers) but no matter what i do I cannot seem to bring any sort of stability to my VPN session with simple utilities like ping (icmp echo replies die out 5-15 packets in usually). I have tried turing the mtu down to no avail. Any suggestions?

jessewatson

Worked like a charm! THANKS!

didymusrex

Running ubuntu karmic, 2.6.31-16-generic #53-Ubuntu SMP Tue Dec 8 04:02:15 UTC 2009 x86_64 GNU/Linux

The following bash script grabs the files you need and builds the vpnclient. Compiled clean for me

#!/bin/bash
# ------------------------------------------------------------------------------
# File: ubuntu-vpnclient-install.sh
# Desc: Script to obtain, patch and install Cisco VPN Client on Ubuntu Karmic Koala
#
# Reference / Credit:
# http://www.lamnk.com/blog/vpn/how-to-install-ci...
# http://forum.tuxx-home.at/viewtopic.php?f=15&t=...
# ------------------------------------------------------------------------------
if [ ! -d "~/tmp" ]
then
mkdir "~/tmp"
fi

cd ~/tmp

if [ -d vpnclient ]
then
echo "#### Cleaning up source directory ####"
yes | rm -r vpnclient
fi

if [ -f vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz ]
then
echo "#### Cleaning up tarball ####"
rm vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
fi

#
# Grab the client source and untar
# --------------------------------------
echo "#### Downloading/expanding client tarball ####"
wget http://projects.tuxx-home.at/ciscovpn/clients/l...
tar xzvf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz

#
# Grab and apply patches
# --------------------------------------
cd vpnclient

echo "#### Apply downloaded 64-bit patch ####"
wget http://lamnk.com/download/vpnclient-linux-4.8.0...
patch < ./vpnclient-linux-4.8.02-64bit.patch

echo "#### Apply 2.6.31 patch ####"
wget http://lamnk.com/download/vpnclient-linux-2.6.3...
patch < ./vpnclient-linux-2.6.31-final.diff

echo "#### Kernel header hack ####"
sudo sed -i 's/const\ struct\ net_device_ops\ \*netdev_ops;/struct\ net_device_ops\ \*netdev_ops;/' `find /usr/src -name netdevice.h`

#
# Run install script
# --------------------------------------
echo "#### Install !!! ####"
sudo ./vpn_install

marcelio

A million kudo's to you didymusrex! Being the total-linux-no-no that I am, your bash script went straight through and saved me from shooting myself.

jadahl

When I follow your instructions, I end up not being able to load the module. It gives me the error 'cisco_ipsec: disagrees about version of symbol module_layout'. Any idea?

olliver

Thanks! It real helped me.

Payman

Now if you can also come up with a way to install it on Lucid Lynx (2.6.32-10), all lucid users (including me) will be sooooooo happy! :D

mrhassell

That was so totally what I needed! Awesome thanks man!

Matt

Simply brilliant, works like a charm

L.A.M.N.K

How to install Cisco VPN client on Ubuntu Jaunty Jackalope and Karmic Koala 64 bit

Pages

Flickr Photos

Latest tweet

Recent Comments

Search