UPDATE: A new client for linux (4.8.02.0030) is out. You no longer need the patch for 2.6.24+ kernel on 32 bit systems. However a patch for 64 bit systems is still required. Please click on the link right below to see the howto for 64bit.
UPDATE: 64 bit systems are a bit more complicated, please see how to install Cisco VPN on Hardy Heron 8.04 64 bit
UPDATE: with 2.6.25 kernel this patch is still required (luckily)
OK it’s not breaking news anymore, but in case you confront these errrors:
make -C /lib/modules/2.6.24-ARCH/build SUBDIRS=/usr/src/vpnclient modules
make[1]: Entering directory `/usr/src/linux-2.6.24-ARCH’
CC [M] /usr/src/vpnclient/linuxcniapi.o
In file included from /usr/src/vpnclient/Cniapi.h:15,
from /usr/src/vpnclient/linuxcniapi.c:31:
/usr/src/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
make[2]: *** [/usr/src/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/usr/src/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-2.6.24-ARCH’
make: *** [default] Error 2
Then you probably need a patch:
cd /path/to/the/vpnclient/folder
wget http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff
patch < ./vpnclient-linux-2.6.24-final.diff
This is due to a change in 2.6.4 kernel that the “init_net” symbol is now again exported using EXPORT_SYMBOL() instead of EXPORT_SYMBOL_GPL()
Comments 27
Good stuff!. It worked fine. Thanks guys.
Posted 09 Mar 2008 at 12:30 pm ¶Wonderful, Thank you very much. I love people like this.
Posted 09 Mar 2008 at 4:43 pm ¶thanks a lot. Have to use this to connect to the university network, but the IT guys never respond to emails when I was trying to get this to compile after updating kernels.
So thanks again.
Posted 17 Mar 2008 at 3:37 am ¶This page was a life saver - thanks for the patch. Seems like the Cisco VPN client never breaks in a way that us normal people can fix.
Posted 21 Mar 2008 at 1:36 pm ¶Hello!
I was not expecting this problem when I changed kernels. I will know better next time.
In the meatime, I find myself with a VPN client and I get the following errors when I try to patch. Does anyone know how to fix the diff file? I would like to learn how…
Thanks!
YYY@XXXXXX:~/VPN/vpnclient$ patch < vpnclient-linux-2.6.24-final.diff
Posted 27 Mar 2008 at 3:23 am ¶patching file GenDefs.h
patching file interceptor.c
Hunk #1 succeeded at 24 (offset -4 lines).
Hunk #2 succeeded at 48 (offset -4 lines).
Hunk #3 FAILED at 107.
Hunk #4 succeeded at 123 (offset -23 lines).
Hunk #5 FAILED at 350.
Hunk #6 succeeded at 849 (offset -86 lines).
Hunk #7 succeeded at 891 (offset -86 lines).
2 out of 7 hunks FAILED — saving rejects to file interceptor.c.rej
Thanks a lot dude..
I got same error “2 out of 7 hunks FAILED — saving rejects to file interceptor.c.rej” as above, then I opened vpnclient-linux-2.6.24-final.diff and manually patched interceptor.c by copy and pasting to places where It had failed.. took sometime but finally vpn client started fine..
Posted 06 Apr 2008 at 6:35 pm ¶Worked fine for me:
Posted 09 Apr 2008 at 9:16 am ¶ubuntu hardy heron 8.04
I had also troubles with “2 out of 7 hunks FAILED” but did the similar thing as Raj. Opened interceptor.c.rej and manually patched interceptor.c at places where original patch failed. Took some time as well but now it seems to be starting ok. Thanks for the patch! :]
Posted 10 Apr 2008 at 1:56 pm ¶EXACTLY what I was looking for, worked flawless, many thanks. On Hardy Heron.
Posted 11 Apr 2008 at 9:11 am ¶I am encountering the same problem as JP.. where I get errors when I apply the patch. Does somebody have the manual steps to resolve the diff file or apply the changes of the .diff to the interceptor.c? Thanks.
Posted 29 Apr 2008 at 3:32 pm ¶To those who have problem with patching:
Please provide you VPN version (for example 4.8.01.0640) and your kernel version (from command “uname -r”). Maybe i can help you further.
Posted 29 Apr 2008 at 3:55 pm ¶Thanks for looking into it:
Posted 30 Apr 2008 at 12:54 am ¶kernel: 2.6.24-16-generic
VPN Client: 4.8.00 (0490)
no way man, you can not compile the code in linuxcniapi.c, cuz it has the code like
skb->nh.iph = (struct iphdr *) skb->data;
skb->mac.raw = pMac;
where the nh and h are not a member of skb strut. I wondered how do you people finish the ./vpn_install or do you just manually made the o file and put it to modules manually?
I worked a while to finish the diff part of these h and c files, but stuck in the installation part.
error msg:
Is the above correct [y]
Making module
Posted 30 Apr 2008 at 8:36 am ¶make -C /lib/modules/2.6.24-16-generic/build SUBDIRS=/home/xxx/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic’
CC [M] /home/xxx/vpnclient/linuxcniapi.o
/home/xxx/vpnclient/linuxcniapi.c: In function ‘CniInjectReceive’:
/home/xxx/vpnclient/linuxcniapi.c:297: error: implicit declaration of function ‘skb_set_timestamp’
/home/xxx/vpnclient/linuxcniapi.c:331: error: ‘struct sk_buff’ has no member named ‘nh’
/home/xxx/vpnclient/linuxcniapi.c:332: error: ‘struct sk_buff’ has no member named ‘mac’
/home/xxx/vpnclient/linuxcniapi.c: In function ‘CniInjectSend’:
/home/xxx/vpnclient/linuxcniapi.c:454: error: ‘struct sk_buff’ has no member named ‘mac’
/home/xxx/vpnclient/linuxcniapi.c:455: error: ‘struct sk_buff’ has no member named ‘nh’
/home/xxx/vpnclient/linuxcniapi.c:458: error: ‘struct sk_buff’ has no member named ‘h’
/home/xxx/vpnclient/linuxcniapi.c:458: error: ‘struct sk_buff’ has no member named ‘nh’
make[2]: *** [/home/xxx/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/xxx/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
I have found the reason of saving rejects to file interceptor.c.rej:
It’s because you are using an older version (4.8.00.0490 probably). Please download the latest one - 4.8.01.0640 then patch it. If you don’t have it then contact you IT department to get the newest version from Cisco.
Posted 30 Apr 2008 at 3:17 pm ¶Patching works NOW with vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz instead of the old vpnclient-linux-4.8.00.0490-k9.tar.gz,
Great help people !!!
Posted 03 May 2008 at 9:18 pm ¶the patch work fine for me, but when I try to install I keep getting the following error.
Cisco Systems VPN Client Version 4.8.01 (0640) Linux Installer
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.24-16-generic/build]
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.24-16-generic/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.24-16-generic/build” will be used to build the module.
Is the above correct [y]
Making module
make -C /lib/modules/2.6.24-16-generic/build SUBDIRS=/home/robert/Desktop/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic’
scripts/Makefile.build:46: *** CFLAGS was changed in “/home/robert/Desktop/vpnclient/Makefile”. Fix it to use EXTRA_CFLAGS. Stop.
make[1]: *** [_module_/home/robert/Desktop/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
I’m a noob and have no idea how to fix this. Step by step instructions if you please. Any help would be appreciated. I’m using Ubuntu 8.84 (64-bit ver.) (2.6.24-16-generic)
Cheers!
Posted 16 May 2008 at 8:33 pm ¶Hello maleante, i’ve successfully compiled the cisco vpn module, using both patches for 64 bit and 2.6.24 kernel ! A post will follow shortly ( it’s 3:30 am now … )
UPDATE: New entry posted.
Posted 17 May 2008 at 2:27 am ¶Hi Lamnk,
I have also installed Ubuntu 8.0 (LTS Desktop on by IBM T43 laptop). I went through the steps that you have posted,. But even after a successful patch, I am facing the below errors:
prabhat@pubs:~/cisco applications/vpnclient$ su
Password:
root@pubs:/home/prabhat/cisco applications/vpnclient# ./vpn_install
Cisco Systems VPN Client Version 4.8.01 (0640) Linux Installer
Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.24-16-generic/build]
* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.24-16-generic/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.24-16-generic/build” will be used to build the module.
Is the above correct [y]
Making module
Posted 21 May 2008 at 6:49 am ¶make -C /lib/modules/2.6.24-16-generic/build SUBDIRS=/home/prabhat/cisco applications/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic’
make[1]: *** No rule to make target `applications/vpnclient’. Stop.
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.
On Kubuntu 8.04 LTS 64bit however it worked with a combo of 2 patch files (the one posted here), where it returns an error complaining about CFLAGS variable, open Makefile with an editor and replace it with EXTRA_CFLAGS. The installation fails however and i tried to start differently. Erase everything and install the vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz, get the patch from: wget http://projects.tuxx-home.at/ciscovpn/patches/cisco_skbuff_offset.patch and apply, then patch once again with: vpnclient-linux-2.6.24-final.diff
Install VPN client then:
Linux iordHp 2.6.24-17-generic #1 SMP Thu May 1 13:57:17 UTC 2008 x86_64 GNU/Linux
Initializing the VPN connection.
Contacting the gateway at x.x.x.x
User Authentication for xxxx VPN
Connection 1…
Enter Username and Password.
Username []:
Password []:
Authenticating user.
Negotiating security policies.
Securing communication channel.
Welcome to xxx VPN service.
Unauthorized access prohibited.
Do you wish to continue? (y/n): y
Your VPN connection is secure.
VPN tunnel information.
Posted 25 May 2008 at 8:34 pm ¶Client address: xxxx
Server address: xxxx
Encryption: 256-bit AES
Authentication: HMAC-SHA
IP Compression: LZS
NAT passthrough is inactive
Local LAN Access is disabled
Thank you so much ios46 for this comment,
Posted 26 May 2008 at 3:57 pm ¶without I doubt I would have been able to get my vpn working again after the update to 2.6.25
I posted about the 64 bit problem some days ago
Posted 26 May 2008 at 5:23 pm ¶ios46 has it right.
Posted 27 May 2008 at 7:01 am ¶Thankyou for the info about the patch for 2.6.24!!
Posted 26 Jun 2008 at 10:45 am ¶This looked promising. The patch enable my vpnclient-linux-x86_64-4.8.01.0640-k9 client to install on my 32 bit Hardy Heron laptop, and it successfully makes connections and allows me to temporarily connect to the VPN.
However within a few moments my entire system freezes. This is very consistent, following connections to the VPN. Has anyone experienced this? I can post some log output if someone could direct me to the right location.
Thoughts?
Posted 15 Jul 2008 at 12:22 pm ¶The vpnclient-linux-2.6.24-final.diff patch didn’t work for me either and I had to manual patch it in order to get it to install.
My setup:
* Linux xxx 2.6.24-19-generic #1 SMP Fri Jul 11 2008 x86_64 GNU/Linux - Ubuntu 8.04
* vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
Cheers!
Posted 12 Aug 2008 at 6:34 pm ¶Cool! Thank you for a patch. My problem resolved.
Posted 02 Oct 2008 at 3:04 pm ¶Did anyone get it to work with Ubuntu 8.10? I’m getting the same error as 8.04, but I’m not sure if there’s any patch for Kernel 2.6.27 or whatever that came with Ubuntu 8.10.
Posted 07 Nov 2008 at 3:27 pm ¶Trackbacks & Pingbacks 2
[...] a 2.6.24 kernel you’ll need to patch the source code prior to compiling. You can follow this guide. It worked for [...]
[...] http://www.longren.org/2007/05/17/how-to-cisco-vpn-client-on-ubuntu-704-feisty-fawn/ [...]
Post a Comment