in Internet

How To: Cisco VPN Client On Ubuntu

IMPORTANT UPDATE, SEE BELOW

So, I installed Ubuntu 7.04 Feisty Fawn beta about 2 months ago. I installed it on my notebook and one of my workstations, both of which had Windows installed previously. I’m not dual booting on those machine, they’re 100% Ubuntu now.

After getting everything setup and running nicely, I realized I had no way of connecting to the Cisco PIX VPN we have at work. This is really important for me to be able to do, my job depends on it. I immediately went to Google and started searching. Turns out a nice fellow named Alexander Griesser has created a patch for the Cisco VPN client. The most recent CIsco VPN client for linux won’t compile with kernels 2.6.19 or newer. There’s really not much of a difference between his instructions and this how-to. However, I’m including more detailed instructions for those who may not be familiar with compiling software on Linux.

Here’s the steps I took to get the Cisco VPN Client to work under Unbutu 7.04 (Feisty Fawn). In all reality, this should work with any version of Ubuntu, not just 7.04. I used this same method to get the Cisco VPN Client working on Ubuntu 8.04. Note: A $ at the beginning of a line signifies a command to be run from the terminal.

  1. Download vpnclient-linux-4.8.00.0490-k9.tar.gz (mirror) to your home directory.
  2. Open a terminal window and untar the vpnclient with the following command:
    $ tar xzf vpnclient-linux-4.8.00.0490-k9.tar.gz
    This will create a new folder called vpnclient in your home directory. Leave the terminal window open, you’ll need it later.
  3. Download the patch (mirror) and save it to the vpnclient folder that was created in step 2.
  4. Go back to your terminal window and move into the vpnclient folder:
    $ cd vpnclient/
  5. Now patch the Cisco VPN source with this command:
    $ patch < vpnclient-linux-2.6.22.diff
  6. Next we actually build the Cisco VPN client, issue this command:
    $ sudo ./vpn_install
    Just hit enter for everything it asks you, the defaults are all OK. You may see lots of warnings, but those are OK.
  7. The VPN client is installed, now we need to start it:
    $ sudo /etc/init.d/vpnclient_init start
  8. Place your .pcf configuration files in /etc/opt/cisco-vpnclient/Profiles/
  9. If your .pcf file is called myVPN.pcf, you’ll connect to the VPN with the following command:
    $ sudo vpnclient connect myVPN


That’s it! You should now be able to connect to your Cisco VPN with the official Cisco VPN client on Linux. This will probably work on pretty much any linux setup, not just Ubuntu.

UPDATE (8/18/2007):
Alexander Griesser released a new patch that works with kernel versions 2.6.22 and greater. The new patch is backwards compatible, so it also works with older kernels as well, such as 2.6.10 and 2.6.21. All the download links above point to the newest release of the patch. I’ll continue to update this how-to as he releases new patches.

UPDATE (10/04/2007):
Cisco has finally released a new version of their vpn client for Linux. This new version compiles on all the new 2.6.xx kernels without the need for patching! You can download it from Alexander’s site or you can get it right here.

UPDATE (12/29/2007): Alexander Griesser has a new project page for his Cisco VPN client patches. It contains basic usage information and will most likely always have the latest and greatest patch available for download. In addition to that, Alexander has a new patch to make version 4.8.01.0640-k9 of the Cisco VPN Client compile on 64bit systems. Again, you can download the latest Cisco VPN Client for linux from the following link:
http://www.longren.org/downloads/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
UPDATE (8/11/2011): Marius B commented and mentioned he has a post up on this same subject. It’s worth checking his post out. He basically suggests enabling the option to only use the VPN connection for resources on the network you’re connected to. See his post for more.

Where to now?

Work with Me

I'm available for hire and always taking new clients, big and small. Got a project or an idea you'd like to discuss? Startup plan but no developer to make it happen? Just get in touch, I'd love to see if I can help you out!

Leave some Feedback

Got a question or some updated information releavant to this post? Please, leave a comment! The comments are a great way to get help, I read them all and reply to nearly every comment. Let's talk. :)

Enter your email address to subscribe and receive notifications of new posts by email.

Leave a Comment

Comment

243 Comments

  1. Nice tutorial.

    Unfortunately, I am getting the following error:


    Entering directory `/usr/src/linux-source-2.6.20'

    ERROR: Kernel configuration is invalid.
    include/linux/autoconf.h or include/config/auto.conf are missing.
    Run 'make oldconfig && make prepare' on kernel src to fix it.

    WARNING: Symbol version dump /usr/src/linux-source-2.6.20/Module.symvers
    is missing; modules will have no dependencies and modversions.

    can you help?

    thanks!

  2. Just want to add that I received the above error after sudo ./vpn_install and specifying /usr/src/linux-source-2.6.20 for location of kernel source.

    I upgraded from Dapper today. It was long and scary but all seems to be working fine except VPN.

    I would appreciate the help.

    thanks.

  3. mustali: When you run “sudo ./vpn_install”, try leaving the kernel source option at it’s default location (I believe it’s /lib/modules/2.6.20-15-generic/build).

    That should do the trick. Let me know if that works or not.

  4. Thanks for replying Tyler.

    I am now able to compile with warnings. No more compiler errors! The problem was that on the first try, the default for the location of kernel header was blank ‘[]’. So I entered /lib/modules/2.6.20-15-386 and created a ‘build’ link within it similar to 2.6.20-15-generic/build.

    Now when I used ‘/lib/modules/2.6.20-15-generic/build’ the compilation worked fine.

    Great. But now when I start the vpn service I get this

    sudo /etc/init.d/vpnclient_init start
    Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting '/lib/modules/2.6.20-15-386/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
    Failed (insmod)

    FYI, here is the output from the installation:

    Automatically start the VPN service at boot time [yes]

    In order to build the VPN kernel module, you must have the
    kernel headers for the version of the kernel you are running.

    Directory containing linux kernel source code [/lib/modules/2.6.20-15-386/build]/lib/modules/2.6.20-15-generic/build

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.20-15-386/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “/lib/modules/2.6.20-15-generic/build” will be used to build the module.

    Is the above correct [y]

    Making module
    make -C /lib/modules/2.6.20-15-generic/build SUBDIRS=/home/mustali/Desktop/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.20-15-generic'
    Building modules, stage 2.
    MODPOST 1 modules
    WARNING: /home/mustali/Desktop/vpnclient/cisco_ipsec.o - Section mismatch: reference to .init.text: from .data between 'interceptor_dev' (at offset 0xb4) and 'interceptor_notifier'
    WARNING: could not find /home/mustali/Desktop/vpnclient/.libdriver.so.cmd for /home/mustali/Desktop/vpnclient/libdriver.so
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.20-15-generic’
    Copying module to directory “/lib/modules/2.6.20-15-386/CiscoVPN”.
    Already have group ‘bin’

    Creating start/stop script “/etc/init.d/vpnclient_init”.
    /etc/init.d/vpnclient_init
    Enabling start/stop script for run level 3,4 and 5.

    Installing license.txt (VPN Client license) in “/opt/cisco-vpnclient/”:

    Installing bundled user profiles in “/etc/opt/cisco-vpnclient/Profiles/”:
    * Replaced Profiles: Copying binaries to directory “/opt/cisco-vpnclient/bin”.
    Adding symlinks to “/usr/local/bin”.
    /opt/cisco-vpnclient/bin/vpnclient
    /opt/cisco-vpnclient/bin/cisco_cert_mgr
    /opt/cisco-vpnclient/bin/ipseclog
    Copying setuid binaries to directory “/opt/cisco-vpnclient/bin”.
    /opt/cisco-vpnclient/bin/cvpnd
    Copying libraries to directory “/opt/cisco-vpnclient/lib”.
    /opt/cisco-vpnclient/lib/libvpnapi.so
    Copying header files to directory “/opt/cisco-vpnclient/include”.
    /opt/cisco-vpnclient/include/vpnapi.h

    Setting permissions.
    /opt/cisco-vpnclient/bin/cvpnd (setuid root)
    /opt/cisco-vpnclient (group bin readable)
    /etc/opt/cisco-vpnclient (permissions not changed)
    * You may wish to change these permissions to restrict access to root.
    * You must run “/etc/init.d/vpnclient_init start” before using the client.
    * This script will be run AUTOMATICALLY every time you reboot your computer.

    Help!

  5. Rebooted and saw the same response.

    Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting ‘/lib/modules/2.6.20-15-386/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
    Failed (insmod)

    Man, what could it be? The installer compiled a module that has a bad format!

    any ideas?

  6. mustali: Try starting over from the beginning. Remove the vpnclient folder created in step 2 and start over, starting with step #2. Let me know how that works.

  7. figured it out.

    It was the flipping headers. I had headers for 2.6.20-15-generic and 2.6.20-15. Synaptic caused the confusion.

    After I installed the 2.6.20-16-386 linux headers, it was clockwork.

    Thanks for the help Tyler.

    Now if only I can get my dual monitor to run correctly…

    you see, Fiesty is on my Dell Inspiron 630m. Dual booting XP. At work I have an external Dell CRT. I must have tried at least 500 different configurations of xorg.conf but none are working. Thats an ongoing battle.

    Thanks again T!

  8. Glad you got it working mustali. Xorg can be difficult to get working exactly the way you want it. Took me about 10 tries to get my Nvidia card to work properly, way more times than it should have taken :)

  9. I take my words back. Earlier I was just trying to get the VPN service start successfully but now when I actually tried to vpn into my office, I couldn’t get around this:

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.

    In frustration I turned to google and found that vpnc was being as an alternative to Cisco. With a little perl script, VPN worked instantly. This is what I did:

    1) Install vpnc

    sudo apt-get install vpnc

    2) Download and execute a perl script that will convert Cisco pcf files to the vpnc format

    wget http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc
    pcf2vpnc ciscoprofile.pcf > ciscoprofile.conf

    3) Connect to your vpn

    sudo vpnc-connect ciscoprofile.conf

  10. mustali: That’s pretty funny. I initially started out trying to use vpnc, after hours of tinkering I couldn’t get it to connect. I even used that pcf2vpnc tool. I finally got fed up, dug around and found the official Cisco VPN client for Linux, and was able to get it working without much problem.

    I am gonna see if I can’t get vpnc to work now too, I’d like to use the vpnc plugin for Network Manager, seems pretty slick.

    Glad you’re able to connect to your office now, even though you weren’t able to use the official Cisco VPN Client. :) Thanks for following up with that info, I’m sure people will find your comments to be quite helpful.

  11. Hey Tyler!

    This is a little offtopic of the post (so I do apologize for that) but I’ve also recently moved away from Windows and have been Linux only on my desktop.

    I’m totally a Linux-newb, so I was just curious for your thoughts/opinions on Ubuntu. I’ve been using a different distro thus far, but Ubuntu/Kubuntu look pretty appealing.

    Thanks, and sorry again for being somewhat offtopic! ;)

  12. Not a problem JJ. Ubuntu, for me, is the ultimate OS. It’s radically easier to use and learn than most linux distributions. Previous to Ubuntu, Slackware was my distribution of choice, which is a lot less n00b-friendly. Ubuntu is the perfect distro for linux newcomers. It’s easy to use (a GUI for almost everything) but still gives you the opportunity to do everything from the command line.

    Ubuntu is very polished and 99% of my hardware has “just worked”, with the exception of my Linksys wireless cards and my Nvidia video card. I was so struck by how well put together Ubuntu was, I installed it on all my PC’s, except the router, which still runs Slackware.

    Give Ubuntu a try, you’ll love it. I’d never touch Kubuntu, Gnome rocks my socks. KDE makes me want to puke, it’s ugly. I’m sure others would disagree. :)

  13. Following your directions I was able to get the vpn client patched and installed, but when I try to connect to my VPN, it terminates the connection. The exact message is as follows:

    Initializing the VPN Client
    Secure VPN Connection terminated locally by the Client
    Reason: The Connection Manager was unable to read the connection entry, or the connection entry has missing or incorrect information.

    My VPN.pcf contains the following:

    [main]
    Description=AU Wireless VPN
    Host=10.6.8.1
    AuthType=1
    GroupName=Wireless-Users
    GroupPwd=
    enc_GroupPwd=removed by Tyler
    EnableISPConnect=0
    ISPConnectType=0
    ISPConnect=
    ISPCommand=
    Username=
    SaveUserPassword=0
    UserPassword=
    enc_UserPassword=
    NTDomain=
    EnableBackup=0
    BackupServer=
    EnableMSLogon=1
    MSLogonType=0
    EnableNat=1
    TunnelingMode=0
    TcpTunnelingPort=10000
    CertStore=0
    CertName=
    CertPath=
    CertSubjectName=
    CertSerialHash=00000000000000000000000000000000
    SendCertChain=0
    VerifyCertDN=
    DHGroup=2
    ForceKeepAlives=0
    PeerTimeout=90
    EnableLocalLAN=0
    ISPPhonebook=

    Any help is greatly appreciated.

  14. Hey guys, this page has helped me a lot. I was using FC6-64 and got tired of not being able to see a lot of the multimedia content available on the web (like youtube). Periodic lock-ups with the vpn client helped me decide to try something new…

    So I went to Feisty… vpn is the most important thing for me, working at home is the only reason I really even need Linux at home (although dumping windows is nice). After all the hoops of trying to get the cisco vpn client to work (after finally getting it compiled, it would lock up some minutes into any session – lock up hard, requiring a reset).

    I tried that vpnc before and could never get it to work, but I tried it again after reading this page and all I can say is THANK YOU VERY MUCH. It’s one of those Linux things that if it doesn’t work this week, it’ll likely work next week, so you have to keep trying. In fact, I’ve tried Ubuntu before (Edgy, just a few months ago), and it wouldn’t recognize my ethernet card. Feisty’s got no problem with any of my hardware.

    Tim… just go ahead and give vpnc a try.

  15. What is it lately- I also installed linux. weird. seems like everyone is in sink. But the problem is my suound card has no drivers – firewire 410 – sucks cuase I would honestly use this OS over zindows any day.

  16. I got a wired problem.
    When the first time I want to connect VPN, it always failed, without any exception. Just like this
    “Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection. ”

    However, I reboot my computer, and then it worked.

    It seemed that I didn’t add it to kernel, cause every time I need to run”sudo /etc/init.d/vpnclient_init start”

    Any suggestions?

  17. Thank you for this informative discussion. I have followed both alternatives (the cisco-client version as well as the vpnc version) and found the former to work but not the latter. I am not sure why vpnc doesn’t work, though (I must admit that I am a novice when it comes to networking technologies and terminology).
    Thanks again!.
    Srikanth.

  18. Like Tim, I too was having a problem getting Cisco VPN client working on Ubuntu 7.04, The patch and install worked fine, but when trying to connect, would get the following:

    Initializing the VPN Client
    Secure VPN Connection terminated locally by the Client
    Reason: The Connection Manager was unable to read the connection entry, or the connection entry has missing or incorrect information.

    While investigating, I tried the sample.pcf, substituting my login specs, and it worked. Returning to my original pcf file, matched it up exactly the same, but still it would not work. After running od and diff and never finding any anomalies, I happened to do an ls of the directory. The file colors were different. Running ls -lda *.pcf revealed that the file modes for mine compared to sample were different.

    If you get the above message, please make sure to run:

    sudo chmod 644 /etc/opt/cisco-vpnclient/Profiles/*.pcf

    Cheers to all!

  19. A couple of problems I found:

    ################################
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Wed May 23 01:46:23 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    The profile specified could not be read.
    ################################

    was caused by having my profile stored in the wrong folder. This seems obvious, but on my installation the profiles are kept in /etc/
    CiscoSystemsVPNClient/Profiles/
    This is different from the discription above. Moving my .pcf file to this folder solved the problem.

    The following message:
    ################################
    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.
    ################################

    was caused by having my wireless card and ethernet card enabled, while the outside world is only accessible via the ethernet. I think this is probably a routing problem, but temporarily disabling the wireless card solved the problem.

    Hope this helps someone.
    Good luck

  20. Excellent posts.

    Tyler’s Cisco VPN client instructions worked to the T, Jceliason’s chmod fixed one issue and Matt experiencing of disabling the unused network connection completed the hat trick.

    Truly great information. Thanks a million.

  21. Thanks so much for all the help. I had given up on this for a while, but recently came back and the help about chmod by Jceliason fixed the profile configuration file, as well as Matt’s idea of disabling the unused network connection (in my case, I disabled the wired connection and just used wireless).

    Thanks again!

  22. The vpnc method worked like a charm for me. I am running Ubuntu 7.04 with the latest kernel (2.6.20-16-generic). Cisco’s client stopped working a kernel or so ago. The vpnc works!!!

    Mike

  23. @Frank

    Check your /etc/rc5.d/ directory. It should have a symbolic link to /etc/init.d/vpnclient_init (or something similar, I haven’t yet installed it on mine). If it doesn’t you will have to create a symbolic link to the startup script:

    # ln -s /etc/init.d/vpnclient_init /etc/rc5.d/vpnclient_init

  24. Hi,

    I am fairly new to Ubuntu. I’ve followed the instructions above and I have both vpnc and Cisco VPN with the patch installed and they seem to work. However they both fail to establish a VPN connection. I am able to establish a VPN connection from the same laptop under Windows.

    Is there anything else I need to know about Ubuntu that might be blocking the connection? Or anything else I can try with the VPN configuration?

    Thanks,
    Andy

  25. I got the cisco vpnclient installed, but I cannot connect using my windows pcf file. I get:

    $ sudo vpnclient connect corporatevpn
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Wed May 23 01:46:23 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Initializing the VPN connection.
    Initiating TCP to 199.223.16.5, port 10000
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    Therre is not much debugging information. Any ideas?

  26. mustali

    I needed to thank you for the pcf2conf and vpnc advice! You were a life saver!!

    I was fiddling around with Cisco’s vpnclient for a while, but vpnc worked on the first attempt!

  27. Hypatia,
    have you started the vpn client service, ie:

    sudo /etc/init.d/vpn-somethingICantRemember start

    I can never remember the name, but auto complete always knows.

  28. I am glad vpnc worked out for so many when Cisco failed. I wonder what is the unknown piece that causes either one to fail or work.

    @Hypatia
    Have you tried the ‘network disable’ and ‘profile permission change’ workarounds suggested earlier?

    Turns out that Cisco client has started working for me. Probably becuase of the recent automatic upgrades. I am now on 2.6.20-16.

    @Fred
    Give VPN client another shot ;)

    Peace.

  29. Fabulous! I’ve been trying all year to get connected to the internet at University College London, and these instructions made it really simple: download the client, patch it, install it, and turn off my wired connection. Just a shame I went all school year without it!

    Thanks so much, everyone.

  30. I am trying to follow the instructions – downloaded, untarred, applied the patch, ran install with defaults. I get this error:

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.20-16-generic/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “/lib/modules/2.6.20-16-generic/build” will be used to build the module.

    Is the above correct [y]

    Making module
    make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/tmloos/programs/cisco vpn client/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.20-16-generic'
    make[1]: *** No rule to make target
    vpn’. Stop.
    make[1]: Leaving directory /usr/src/linux-headers-2.6.20-16-generic'
    make: *** [default] Error 2
    Failed to make module "cisco_ipsec.ko".
    tmloos@frogger:~/programs/cisco vpn client/vpnclient$
    tmloos@frogger:~/programs/cisco vpn client/vpnclient$ *** No rule to make target
    vpn’. Stop.

    Please help! I too hook in to the home office vpn for access to everything…

    Thanks!

  31. @Tom

    Remove the 2.6.20-16-generic linux-headers/source packages and install the 2.6.20-16-i386 header/source packages instead. Try vpn_install once again and see what happens.

    Mustali

  32. Hi

    thanks for the instructions. However it seems not to work for me
    (Kubuntu 7.04 with kernel 2.6.20-16)
    Config file directory: /etc/opt/cisco-vpnclient

    privsep: unable to drop privileges: group set failed.
    The application was unable to communicate with the VPN sub-system.

    According to the instructions of my university server I have just
    to set the host and the user but no group or anything

    is there anything wrong in the configuration?

    thanks

    Uwe Brauer

  33. Tyler:
    Yes of course. I now tried the kde backend kvpc, when I import my
    pcf conf file I am asked for a group passwd. According to the instructions I have this passwd should not be necessary. I best
    talk to our IP guys and report back

    Uwe

  34. @Uwe Brauer

    Try this

    sudo chmod 4111 /opt/cisco-vpnclient/bin/cvpnd

    Restart the client

    sudo /etc/init.d/vpnclient_init restart

    HTH

  35. Used the Cisco client until I upgraded to feisty this week. Compiling the client didn’t work. Thanks to this howto it does now. VPNC did NOT connect (I tried moving to it because it is supported in Ubuntu, so I would not need to recompile each time I upgrade). If anybody finds out why VPNC does not work I like to know. http://ubuntuforums.org/showthread.php?t=410172&highlight=vpnc mention it might be a bug related to wireless, but I find it hard to believe that…

    Anyway thanks for the patch/howto.

  36. Just wanted to say THANKS!! I’ve been trying to get this to work for 3 days now, and the directions you published worked perfectly!

  37. Hello!

    @Paul Gevers:
    Is it possible that vpnc doesn’t work for you (or some of the others above) because it doesn’t support e.g. certificates or hybrid auth (yet) (see http://www.unix-ag.uni-kl.de/~massar/vpnc/). I don’t even completely understand what these are about, but the IT staff at my college told me that this is the reason vpnc can’t connect to their vpn concentrator…

    Jörg

  38. This did the trick. Very clearly written and easy to follow. I am a unix sysadmin, but I don’t think that had too much to do with how easy I found the instructions to follow
    Jim

  39. I’m having a really weird issue with both this and vpnc. I can connect, but I can’t resolve anything… vpnc changes my resolv.conf, but I can’t ping anything, and the cisco client doesn’t do anything. I have no idea why this is happening, anyone have any thoughs?

  40. Just Installed KUBUNTU 7.04, Could’nt get KVPNC working, found this description, worked 1 time. Now I can connect, and open a tunnel. Now I only have some problems with my mouse, which don’t work in the RDP connected window, which bye the way seems a little slow. Thanks for the good yasy followed description.

  41. Hey Tyler. when i try to initialize the vpn client from terminal, i get the following error:-

    You have entered an unrecognized command.
    Usage:
    vpnclient connect [user ] [eraseuserpwd | pwd ]
    [nocertpwd]
    vpnclient disconnect
    vpnclient stat [reset] [traffic] [tunnel] [route] [repeat]
    vpnclient notify
    vpnclient verify [autoinitconfig]
    vpnclient autoinit

    I have typed out the command just fine, and excluded the .pcf extension. Not sure what i’m doing wrong? thanks much.

  42. Figured it out. my pcf file name is pretty long with spaces. quoted it with single quotes and connected successfully. only problem left now is that local lan access is forbidden. some posts online say to enable it on the pcf file itself. will see. thanks for the walkthrough.

  43. Just wanted to say that this works with Ubuntu Gutsy as well. Just use the newer patch (2.6.22) available at the same location.

    Thanks for the tutorial.

  44. Dear all,

    I need to establish a VPN-connection to the Tilburg University (Netherlands) and followed the instruction of Tyler. However, after executing step 9 (“sudo vpnclient connect myVPN”) I got the following error message:

    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Could not attach to driver. Is kernel module loaded?
    The application was unable to communicate with the VPN sub-system.

    What did I wrong? I’m fairly new to Ubuntu, so please keep it simple (as Tyler did).

    Regards,
    canti

  45. Hi Tyler,

    With your instructions I got no old error message, but a new one arose:

    Enter a group password:
    Initializing the VPN connection.
    Contacting the gateway at 137.56.127.10
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    I found out that I used the wrong password (I accidently used the name of the Group Access Information instead of the password). Now I fixed the connection!

    However, I cannot use the normal internet, it seems there could be only one connection at one time, not two connections: VPN and wired (for internet). I need to establish the VPN-connection with the online contents for journal articles, accessible via common internet connection. Do you understand my problem? I’m sorry for my bad English…

    I hope you can help me.

    Regards,
    canti

  46. Dear Tyler,

    Now it unexpectedly works! I didn’t change anything, just tried it for the second time, and everything works! I don’t understand it, but in any case I’m very happy!

    Now I have one another question, if you may allow me to do that (I hope I’m not boring…). Is there an easier way than to write in the terminal every time I want to establish the vpn-connect? For example selecting the monitor symbol for network in a toolbar? Just a question to make my life with the computer easier, not important.

    Thank you anyway for the clear instructions!

    canti

  47. works! so far anyway. running 7.04. snags:

    1. incorrect kernel headers – installed mine as per ‘uname -a':

    .Linux ubuntu-desktop 2.6.20-16-386 #2 Thu Jun 7 20:16:13 UTC 2007 i686 GNU/Linux

    2. symlinked kernel header dir to /usr/src/linux so vpn_install would find them easily. optional.

    thanks for sharing the information, this saved me sooo much time :D

  48. Trying to install. I followed all the instructions and got the following error:

    Making module
    make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/oracle/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.20-16-generic'
    make[2]: *** No rule to make target
    /home/oracle/vpnclient/libdriver64.so’, needed by /home/oracle/vpnclient/cisco_ipsec.o'. Stop.
    make[1]: *** [_module_/home/oracle/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.20-16-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    I am using Feisty EMT64 bit release. Is there an additional library set I need? It appears this is a needed file for the install.

    I have installed gcc,build-essentials,libc6,libstdC++5

  49. This is Alan again, sorry for the issues. I found the lib in another copy I had of the download. It has compiled now…

  50. Nice Tip,
    I was searching for it for a long time.
    It works great with my Kubuntu 7.04

    Thanks for sharing this information.

    AT

  51. Thanks all. This tutorial really save my life :D. It works in my KUBUNTU 7.04. Just to remind other people, if you get this message after installing and trying to run the cisco vpn client:

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    Just Disable your unused network device. For example, if you connect using LAN then disable your wireless.

    Cheers.

  52. I try and execute the command:
    sudo vpnclient connect EMSInc

    And Got:
    sudo: unable to execute /usr/local/bin/vpnclient: No such file or directory

  53. Here is an actual strace with the issue:

    It appears the issue is with /etc/ld.so.preload and so forth…

    oracle@oracledev:~$ strace sudo vpnclient connect EMSInc
    execve(“/usr/bin/sudo”, ["sudo", "vpnclient", "connect", "EMSInc"], [/* 31 vars */]) = 0
    brk(0) = 0x51c000
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab7704bf000
    uname({sys=”Linux”, node=”oracledev”, …}) = 0
    access(“/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
    mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab7704c0000
    access(“/etc/ld.so.preload”, R_OK) = -1 ENOENT (No such file or directory)
    open(“/etc/ld.so.cache”, O_RDONLY) = 3
    fstat(3, {st_mode=S_IFREG|0644, st_size=53091, …}) = 0
    mmap(NULL, 53091, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ab7704c2000
    close(3) = 0
    access(“/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
    open(“/lib/libpam.so.0″, O_RDONLY) = 3
    read(3, “177ELF2113>124035″…, 832) = 832
    fstat(3, {st_mode=S_IFREG|0644, st_size=34256, …}) = 0
    mmap(NULL, 2129448, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ab7706c0000
    mprotect(0x2ab7706c8000, 2093056, PROT_NONE) = 0
    mmap(0x2ab7708c7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7000) = 0x2ab7708c7000
    close(3) = 0
    access(“/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
    open(“/lib/libdl.so.2″, O_RDONLY) = 3
    read(3, “177ELF2113>1 16″…, 832) = 832
    fstat(3, {st_mode=S_IFREG|0644, st_size=14624, …}) = 0
    mmap(NULL, 2109728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ab7708c8000
    mprotect(0x2ab7708ca000, 2097152, PROT_NONE) = 0
    mmap(0x2ab770aca000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x2ab770aca000
    close(3) = 0
    access(“/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
    open(“/lib/libc.so.6″, O_RDONLY) = 3
    read(3, “177ELF2113>1340331″…, 832) = 832
    fstat(3, {st_mode=S_IFREG|0755, st_size=1367432, …}) = 0
    mmap(NULL, 3473592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ab770acc000
    mprotect(0x2ab770c13000, 2097152, PROT_NONE) = 0
    mmap(0x2ab770e13000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x147000) = 0x2ab770e13000
    mmap(0x2ab770e18000, 16568, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2ab770e18000
    close(3) = 0
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab770e1d000
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab770e1e000
    arch_prctl(ARCH_SET_FS, 0x2ab770e1db00) = 0
    mprotect(0x2ab770e13000, 12288, PROT_READ) = 0
    munmap(0x2ab7704c2000, 53091) = 0
    geteuid() = 1000
    write(2, “sudo: “, 6sudo: ) = 6
    write(2, “must be setuid root”, 19must be setuid root) = 19
    write(2, “n”, 1
    ) = 1
    exit_group(1) = ?
    Process 7290 detached

  54. Hi Tyler –
    Thanks for the great tutorial–I am now able to access my work files on my new linux machine. One minor setback I am having is that whenever I restart the OS and go to start vpnclient I get the following message:

    matt@matt-desktop:~$ vpnclient connect ISPtoPSU &
    [1] 6232
    matt@matt-desktop:~$ Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Could not attach to driver. Is kernel module loaded?
    The application was unable to communicate with the VPN sub-system.

    If I restart vpn with:

    matt@matt-desktop:~$ sudo /etc/init.d/vpnclient_init restart

    I am then able to run vpn successfully:

    matt@matt-desktop:~$ vpnclient connect ISPtoPSU
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Initializing the VPN connection.
    Contacting the gateway at 128.118.97.125
    User Authentication for ISPtoPSU…

    Any ideas regarding what I can do to fix this and, further, if it is possible to have linux open my vpn connection on startup is possible.

    Thanks much, Matt

  55. Thanks Tyler,

    Very helpful tutorial, I could able to set up & get connected & access the office files in no time on my ubuntu fiesty fawn (gnome-love it).

  56. awesome tutorial, but after it is successful, nothing happens in the term and i can’t mount the network shares i’m trying to get at. am i missing something?

  57. I followed the exact same steps mentioned above. I got the following error when I do vpn_install. But install appears good. When I try to access vpn it’s not working any idea?

    Making module
    make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/root/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.20-16-generic'
    CC [M] /root/vpnclient/linuxcniapi.o
    CC [M] /root/vpnclient/frag.o
    CC [M] /root/vpnclient/IPSecDrvOS_linux.o
    CC [M] /root/vpnclient/interceptor.o
    /root/vpnclient/interceptor.c: In function ‘handle_vpnup’:
    /root/vpnclient/interceptor.c:313: warning: assignment from incompatible pointer type
    /root/vpnclient/interceptor.c:337: warning: assignment from incompatible pointer type
    /root/vpnclient/interceptor.c:338: warning: assignment from incompatible pointer type
    /root/vpnclient/interceptor.c: In function ‘do_cleanup’:
    /root/vpnclient/interceptor.c:386: warning: assignment from incompatible pointer type
    CC [M] /root/vpnclient/linuxkernelapi.o
    LD [M] /root/vpnclient/cisco_ipsec.o
    Building modules, stage 2.
    MODPOST 1 modules
    WARNING: /root/vpnclient/cisco_ipsec.o - Section mismatch: reference to .init.text: from .data between 'interceptor_dev' (at offset 0xb4) and 'interceptor_notifier'
    WARNING: could not find /root/vpnclient/.libdriver.so.cmd for /root/vpnclient/libdriver.so
    CC /root/vpnclient/cisco_ipsec.mod.o
    LD [M] /root/vpnclient/cisco_ipsec.ko
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.20-16-generic’
    Copying module to directory “/lib/modules/2.6.20-16-generic/CiscoVPN”.
    Already have group ‘bin’

    Creating start/stop script “/etc/init.d/vpnclient_init”.
    /etc/init.d/vpnclient_init
    Enabling start/stop script for run level 3,4 and 5.
    Creating global config /etc/opt/cisco-vpnclient

    Installing license.txt (VPN Client license) in “/opt/cisco-vpnclient/”:

    Installing bundled user profiles in “/etc/opt/cisco-vpnclient/Profiles/”:
    * New Profiles : sample

    Copying binaries to directory “/opt/cisco-vpnclient/bin”.
    Adding symlinks to “/usr/local/bin”.
    /opt/cisco-vpnclient/bin/vpnclient
    /opt/cisco-vpnclient/bin/cisco_cert_mgr
    /opt/cisco-vpnclient/bin/ipseclog
    Copying setuid binaries to directory “/opt/cisco-vpnclient/bin”.
    /opt/cisco-vpnclient/bin/cvpnd
    Copying libraries to directory “/opt/cisco-vpnclient/lib”.
    /opt/cisco-vpnclient/lib/libvpnapi.so
    Copying header files to directory “/opt/cisco-vpnclient/include”.
    /opt/cisco-vpnclient/include/vpnapi.h

    Setting permissions.
    /opt/cisco-vpnclient/bin/cvpnd (setuid root)
    /opt/cisco-vpnclient (group bin readable)
    /etc/opt/cisco-vpnclient (group bin readable)
    /etc/opt/cisco-vpnclient/Profiles (group bin readable)
    /etc/opt/cisco-vpnclient/Certificates (group bin readable)
    * You may wish to change these permissions to restrict access to root.
    * You must run “/etc/init.d/vpnclient_init start” before using the client.
    * This script will be run AUTOMATICALLY every time you reboot your computer.
    root@xaviea-ubuntu:~/vpnclient#

    ./start_vpn
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

  58. Hello,
    Thanks for the GREAT tutorial and patches. I was able to successfully connect to the VPN. However, I have a strange error that once I disconnect, I cannot reconnect. I get the following:

    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a TCP connection.
    There are no new notification messages at this time.

  59. Oh, and it DOES attempt to connect. This is the whole message:

    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Fri Aug 31 00:55:27 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Initializing the VPN connection.
    Initiating TCP to xx.xx.xx.xx, port 10000
    Contacting the gateway at xx.xx.xx.xx
    Initiating TCP to xx.xx.xx.xx, port 10000 (backup)
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a TCP connection.
    There are no new notification messages at this time.

  60. One final comment. It would appear that if I continuously connect, sometimes, eventually, the connection succeeds. I also rebooted and attempted to reconnect. It failed 3 or 4 times, and than worked. Go figure :). Anyhow, if you have any suggestions, please let me know.

  61. Ok, but how do I use vpnc and use my PCF file from my original Cisco VPN client. I need to use a group name in the authentication with an encrypted password.

  62. I tried following this on an Ubuntu 7.04 laptop, since after updating the gateway between my home LAN and the world from debian sarge to debian etch (ie. from a 2.4 kernel to a 2.6 kernel), vpnc no longer connects from the inside (the initial ISAKMP package is the only traffic), but the cisco client from a windows machine still works (the ISAKMP package is much smaller than vpnc’s package, perhaps that is a clue).

    Anyway following this howto worked fine for me while building, but when doing running vpnclient I get the following output:

    $ sudo vpnclient connect company
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Fri Aug 31 00:55:27 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    The profile specified could not be read

    This is the same problem as this http://www.experts-exchange.com/Security/Misc/Q_21031158.html

    I’ve tried all the obvious things:
    1. check the path (it’s ok)
    2. check the privileges (they are 644)
    3. use full path to the .pcf files
    4. try removing the .pcf extension

    Nothing changes the error message. I get “The profile specified could not be read” both when I use a real file name, and when I use a non-existing filename. So perhaps vpnclient looks in the wrong directory, despite what it prints out…?

  63. I had the same issue mustali reported:

    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    I tried several things that did not work. in the end, all I had to do was reboot. Hopefully this tip saves others some time and headaches.

    Mike

  64. I’m so close I can taste it.

    Any ideas what I’m doing wrong?

    Ian

    morgoth@morgoth-laptop:~$ sudo vpnclient connect RHACM
    Password:
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Fri Aug 31 00:55:27 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Could not attach to driver. Is kernel module loaded?
    The application was unable to communicate with the VPN sub-system.
    morgoth@morgoth-laptop:~$

  65. having had compilation problems under Fedora, i tried out vpnc as an alternative and it worked after decoding what .vcf parameters fit where and decoding my encoded group password. just an fyi to those who run into a brick wall with vpnclient.

  66. Thanks for all the information on this blog entry and the comments. I was getting the dreaded:

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.

    I am only connected via wifi, so I ran “sudo ifdown eth0″ and now I can connect.

  67. I am getting this:

    In order to build the VPN kernel module, you must have the
    kernel headers for the version of the kernel you are running.

    For RedHat 6.x users these files are installed in /usr/src/linux by default
    For RedHat 7.x users these files are installed in /usr/src/linux-2.4 by default
    For Suse 7.3 users these files are installed in /usr/src/linux-2.4.10.SuSE by default

    Directory containing linux kernel source code []

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.20-16-generic/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “” will be used to build the module.

    Is the above correct [y]

    Making module
    ./driver_build.sh
    Cisco Systems VPN Client Version BUILDVER_STRING
    Copyright (C) 1998-2001 Cisco Systems, Inc. All Rights Reserved.

    usage:
    ./driver_build.sh ‘kernel_src_dir’

    ‘kernel_src_dir’ is the directory containing the linux kernel sour
    ce

    Failed to make module “cisco_ipsec.ko”.

    How do I fix that???

    thx, your help is appreciated! :)

  68. Hi,
    Cisco is still having hard times with keeping up with continuous changes to Linux kernel. Patch vpnclient-linux-2.6.22.diff works fine for vpnclient-linux-4.8.00.0490-k9.tar.gz with 32 bit Linux kernel 2.6.22.

    Anyhow on 64 bit linux, the vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz compiles and starts fine with same patch (tried on Ubantu 7.04 and openSUSE 10.3), but locks up the system about after hour of use (time seems to depend on amount of data traffic. System will need hard reset.
    vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz on 64 bit linux: Ubantu 7.04 behaves as previous version with the patch, but on openSUSE 10.3 this will not even compile.

    I ended up using VPNC. It seems to run fine, but was a hell to get working (only because I could not find documentation, It really works fine after I figured it out). openSUSE 10.3 KDE: Install vpnc and Kvpnc (graphic user interface) RPM packages by YAST. Kvncp will appear in [Start][Applications][New Applications]. Convert your Cisco configuration file using Kvpnc. When you log in type in both Group password and your real one (PIN + SecureID). This would need documentation.

    Underlying reason for these problems is not Cisco, but changes in data structures in skbuf.h kernel file. I would propose Cisco to do one of following:
    – Give the kernel part of the Linux Cisco VPN client an open source compliant license. This would move the headache of keeping up with ever changing kernels to distro makers.
    – Alternatively support and sponsor development of VPNC, so that it will be fully functional Cisco client. Then it would be no need to maintain Linux versions of the official Cisco client.
    – Alternatively again. Separate Cisco VPN client from Kernel, there should be lot less upkeep.

    Best regards,
    Pekka Lehtikoski

  69. Dear All,

    I had the same thing as Felix (Aug 26th, 2007), namely
    I had to disable the wireless otherwise cisco VPN would
    not work.

    THANK YOU!!!

  70. Tried using the updated Cisco Client from 10/4/2007. Built it, installed it, but keep getting the infamous “Failed to establish a TCP connection” error :(.

  71. Hi,

    Everything works fine, except that he is asking me for the group name and group password. I give him the right decoded one, but he always gives the error

    Initialiying the VPN connection
    Secure VPN Connection terminated locally by the Client
    Reason: Bad Parameter.
    There are no new notification messages at this time

    I thought he should read the Group name and password from my pcf – file?

    Thanks for help,
    Jonathan

  72. Ok, it seemed that the .pcf file changed while rebooting. It was nearly blank, besides

    [main]
    Groupname= (blank)
    password= (blank).

    I copied the right information into it. But when I now start the connection it just shows

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the client
    Reason: Failed to establish a VPN connection.

    Ok, now I don’t know what to do anymore…

  73. ok, now it works. i just didn’t know how to put the wired connection off, for anyone who is as silly as i am and using wireless, just add in your terminal:

    sudo ifconfig eth0 down

    it works now. i am so happy. thanks for this tutorial.

  74. Hi,

    i have another problem now. My wireless connection at home doesnt work (no vpn). The connection is established, but when i open the browser firefox, no site is shown. it just happened after configuring the cisco vpn connection, i did nothing else, so i am sure it has something to do with it. anyone had the same problem? is it maybe because of:

    sudo chmod 644 /etc/opt/cisco-vpnclient/Profiles/*.pcf

    jonathan

  75. I was just trying the new Cisco Client from 10/4/2007 and I get …

    Making module
    make -C /lib/modules/2.6.20-16-386/build SUBDIRS=/home/dsailer/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.20-16-386'
    Building modules, stage 2.
    MODPOST 0 modules
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.20-16-386′
    Failed to make module “cisco_ipsec.ko”.

  76. I can’t compile, I get these errors… any ideas:

    Making module
    make -C /lib/modules/2.6.22-14-generic/build SUBDIRS=/home/ronb/Programs/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.22-14-generic'
    make[2]: *** No rule to make target
    /home/ronb/Programs/vpnclient/libdriver64.so’, needed by /home/ronb/Programs/vpnclient/cisco_ipsec.o'. Stop.
    make[1]: *** [_module_/home/ronb/Programs/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.22-14-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

  77. Error:

    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Sun Sep 23 19:50:39 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    The profile specified could not be read.

    Profile is in both /etc/opt/cisco-vpnclient and /etc/opt/cisco-vpnclient with 777 permission

    In windows enviroment this profile works…
    Any suggestions
    Thanks a lot
    Best Regards

  78. Hey Ron,

    Sorry I made a copy-paste error. the situation is:

    Profile is in both /etc/opt/cisco-vpnclient and /etc/opt/cisco-vpnclient/Profiles with 777 permission

    Also with sample.pcf same error…

    Thanks

  79. please, can anyone take a look at my oct 22 post? Poor me has to do much of my development on windows till I get this working.

  80. Pekka Lehtikoski’s comments at Oct 2nd, 2007 at 7:24 pm pretty much sum up my experience with the cisco client. It works intermittantly, I have no idea why its not working, or when it does what I have done to make it work.

    I will try VPNC, it couldn’t be worse that the Cisco client.

    cheers,

    Kane

  81. Hey everyone,

    I haven’t read all the comments, but I just wanted to post and say thanks for the article. It got everything going for me on Ubuntu 7.10.

    I did have one issue, which is nearly the same as Matt pointed out on June 4th above. I had received the error message:

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    I use my wireless connection (whereas Matt used ethernet), and I had to disable eth0 in order to get it to connect.

  82. Thanks for the tutorial in installing VPN. It worked flawlessly. I would only add that with Ubuntu 7.04 the VPN initialization script doesn’t run automatically on boot (despite its claim). Therefore you get the “Could not attach to driver. Is kernel module loaded?”
    when trying to connect with VPN. You could either run “/etc/init.d/vpnclient_init start” every time when connecting or run ONCE
    “sudo ln -s /etc/init.d/vpnclient_init /etc/rc2.d/S85vpnclient_init”. In essence you are creating a symbolic link in run level 2, which is the default level in Ubuntu. VPN installation incorrectly assumes that level 3 or 5 are the default ones – hence the hickup in loading the kernel automatically on reboot.

  83. Hi Guys,

    I was reading this site and doing exactly from the first instruction but seems I got strange error. here is the error;


    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.22-14-generic #1 SMP Sun Oct 14 23:05:12 GMT 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Enter a group password:
    Initializing the VPN connection.
    bind: Address already in use
    bind: dst addr 0.0.0.0 port 500
    bind: Illegal seek
    bind: Address already in use
    bind: dst addr 0.0.0.0 port 500
    bind: Address already in use
    bind: Address already in use
    bind: dst addr 0.0.0.0 port 500
    bind: Address already in use
    bind: Address already in use
    bind: dst addr 0.0.0.0 port 500
    bind: Address already in use
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    Any idea with the port 500? it is very strange.

    My setup is Kubuntu 7.10 I run the network under wireless and using KNetworkManager

    Any tips?

    Regards,

    Kutch

  84. Hi,

    This article was really a great help. I got my Cisco vpn client working on Ubuntu 7.10 Gutsy Gibbon box on Dell D620 laptop.

    I did notice though that my local LAN Connection is disabled even though I have set the flag for it to be enabled in my .pcf file

    Here is the response I get back (masked ip addresses for security reasons)

    Initializing the VPN connection.
    Contacting the gateway at xx.xx.xx.xxx
    Authenticating user.
    Negotiating security policies.
    Securing communication channel.

    Your VPN connection is secure.

    VPN tunnel information.
    Client address: xx.xx.xx.xxx
    Server address: xx.xx.xx.xxx
    Encryption: 168-bit 3-DES
    Authentication: HMAC-MD5
    IP Compression: None
    NAT passthrough is inactive
    Local LAN Access is disabled

    I know that even when I connect to my company vpn in windows I have the same problem where I cannot access internal website and local LAN. I can however browse and access external websites. Any idea why this would happen. Any help in this regard is appreciated.

    Thanks once again for a great tutorial!!

    Sachin

  85. This Problem is in Ubuntu 6.10 , How to solve this ..

    sudo ./vpn_install
    Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

    By installing this product you agree that you have read the
    license.txt file (The VPN Client license) and will comply with
    its terms.

    Directory where binaries will be installed [/usr/local/bin]

    Automatically start the VPN service at boot time [yes]

    In order to build the VPN kernel module, you must have the
    kernel headers for the version of the kernel you are running.

    For RedHat 6.x users these files are installed in /usr/src/linux by default
    For RedHat 7.x users these files are installed in /usr/src/linux-2.4 by default
    For Suse 7.3 users these files are installed in /usr/src/linux-2.4.10.SuSE by default

    Directory containing linux kernel source code []kernel_src_dir
    Directory “kernel_src_dir” doesn’t exist

    Directory containing linux kernel source code []”kernel_src_dir”
    Directory “”kernel_src_dir”” doesn’t exist

    Directory containing linux kernel source code []

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.15-28-386/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “” will be used to build the module.

    Is the above correct [y]

    Making module
    ./driver_build.sh
    Cisco Systems VPN Client Version BUILDVER_STRING
    Copyright (C) 1998-2001 Cisco Systems, Inc. All Rights Reserved.

    usage:
    ./driver_build.sh ‘kernel_src_dir’

    ‘kernel_src_dir’ is the directory containing the linux kernel sour
    ce

    Failed to make module “cisco_ipsec.ko”.
    spark@Opensourcedev1:~/vpnclient$ sudo ./vpn_install
    Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

    By installing this product you agree that you have read the
    license.txt file (The VPN Client license) and will comply with
    its terms.

    Directory where binaries will be installed [/usr/local/bin]

    Automatically start the VPN service at boot time [yes]no

    In order to build the VPN kernel module, you must have the
    kernel headers for the version of the kernel you are running.

    For RedHat 6.x users these files are installed in /usr/src/linux by default
    For RedHat 7.x users these files are installed in /usr/src/linux-2.4 by default
    For Suse 7.3 users these files are installed in /usr/src/linux-2.4.10.SuSE by default

    Directory containing linux kernel source code []

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.15-28-386/CiscoVPN”.
    * The VPN service will *NOT* be started automatically at boot time.
    * Kernel source from “” will be used to build the module.

    Is the above correct [y]

    Making module
    ./driver_build.sh
    Cisco Systems VPN Client Version BUILDVER_STRING
    Copyright (C) 1998-2001 Cisco Systems, Inc. All Rights Reserved.

    usage:
    ./driver_build.sh ‘kernel_src_dir’

    ‘kernel_src_dir’ is the directory containing the linux kernel sour
    ce

    Failed to make module “cisco_ipsec.ko”.

  86. ————————-
    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.
    ————————-
    if u got this error,u can try this:
    use network-admin to check out whether there are multi adapters enabled.
    And to disable that u do not use currently,left only one enabled.Then try
    connect vpn client again.

    reference http://ubuntuforums.org/archive/index.php/t-365676.html

  87. Newbie here. I have read through all the options here a couple times but i am still stuck. I am running ubunto 7.10.
    first, with the cisco vpn, this is the error i cannot get past:

    sudo /etc/init.d/vpnclient_init start
    [sudo] password for xxxxxx:
    Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting ‘/lib/modules/2.6.22-14-server/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
    Failed (insmod)

    Secondly, when trying the alternative vpn, vpnc, i attempted:

    pcf2vpnc ciscoprofile.pcf > ciscoprofile.conf

    but this is what i get:
    linux:~$ pcf2vpnc xxxx.pcf > xxxx.conf
    bash: pcf2vpnc: command not found

    I feel as if i am missing something very obvious for either option.

    any help would be greatly appreciated.

    -mrkagey

  88. Hi,
    I was able to install the vpn client on an rhel3 m/c but when i tried to connect it to our office network its saying
    “Cisco Systems VPN Client Version 4.8.01 (0640)
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:28:55 EDT 2005 i686
    Config file directory: /etc/opt/cisco-vpnclient

    The profile specified could not be read.”

    Can any one help me please,
    Regards,
    Hari

  89. Great tutorial.

    I am a complete newbie with unixubuntu and amazingly got the vpn connection right. Great for working from home :P

    Now. How do I close the VPN session?? lol. I’m serious btw ^^

  90. Hello

    After reading all above I still can’t get it to work. I get the following message:

    x@pc001:~$ vpnclient connect xxxxx.pcf
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.22-14-generic #1 SMP Tue Feb 12 07:42:25 UTC 2008 i686
    Config file directory: /etc/opt/cisco-vpnclient

    privsep: unable to drop privileges: group set failed.
    The application was unable to communicate with the VPN sub-system.
    x@pc001:~$ sudo /etc/init.d/vpnclient_init start
    [sudo] password for x:
    Starting /opt/cisco-vpnclient/bin/vpnclient: Done
    x@pc001:~$ vpnclient connect xxxxx.pcf
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.22-14-generic #1 SMP Tue Feb 12 07:42:25 UTC 2008 i686
    Config file directory: /etc/opt/cisco-vpnclient

    privsep: unable to drop privileges: group set failed.
    The application was unable to communicate with the VPN sub-system.
    x@pc001:~$

    What can I do next?

  91. Extra info:

    Feb 22 12:22:21 keetpc001 pppd[5245]: Using interface ppp0
    Feb 22 12:22:21 keetpc001 pppd[5245]: Connect: ppp0 /dev/ttyACM0
    Feb 22 12:22:24 keetpc001 pppd[5245]: PAP authentication succeeded
    Feb 22 12:22:24 keetpc001 kernel: [ 110.532000] PPP BSD Compression module registered
    Feb 22 12:22:24 keetpc001 kernel: [ 110.808000] PPP Deflate Compression module registered
    Feb 22 12:22:25 keetpc001 pppd[5245]: Cannot determine ethernet address for proxy ARP
    Feb 22 12:22:25 keetpc001 pppd[5245]: local IP address 77.62.53.78
    Feb 22 12:22:25 keetpc001 pppd[5245]: remote IP address 10.6.6.6
    Feb 22 12:22:25 keetpc001 pppd[5245]: primary DNS address 62.133.126.28
    Feb 22 12:22:25 keetpc001 pppd[5245]: secondary DNS address 62.133.126.29

  92. Hi I was getting this error
    Running on: Linux 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:28:55 EDT 2005 i686
    Config file directory: /etc/opt/cisco-vpnclient

    The profile specified could not be read.”

    I retried without using .pcf externsion and it worked.
    i.e.

    use
    sudo vpnclient connect ABC
    instead of
    sudo vpnclient connect ABC.pcf

  93. I try to install on Suse’s istributor ID: SUSE LINUX
    Description: openSUSE 10.3 (X86-64)
    kernel: 2.6.22.5-31

    I use the patch vpnclient-linux-2.6.22.diff , like one person said.
    and I still got this error, any idea:

    Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.22.5-31-default/CiscoVPN”.
    * The VPN service will *NOT* be started automatically at boot time.
    * Kernel source from “/usr/src/linux-2.6.22.5-31″ will be used to build the module.

    Is the above correct [y]

    Making module
    make -C /usr/src/linux-2.6.22.5-31 SUBDIRS=/home/dominica/vpnclient modules
    make[1]: Entering directory /usr/src/linux-2.6.22.5-31'

    WARNING: Symbol version dump /usr/src/linux-2.6.22.5-31/Module.symvers
    is missing; modules will have no dependencies and modversions.

    Building modules, stage 2.
    MODPOST 0 modules
    make[1]: Leaving directory
    /usr/src/linux-2.6.22.5-31′
    Failed to make module “cisco_ipsec.ko”.

  94. I was having the same problem that many here have raised, regarding the error message below.

    Config file directory: /etc/opt/cisco-vpnclient

    The profile specified could not be read.

    Bo’s solution to execute

    $vpnclient connect MyPCF

    without the .pcf extension did the trick.

    Thank you Tyler.

    -mike

  95. Dear friends

    I have installed de vpnclient from cisco in my desktop (linux 2.6-24) and it’s running very well.

    When I established a connection with my work centre, the client ask me this question:

    do you wish to continue?

    And I have to answer it.

    That’s problem for my since I want make a script for to connect at my work centre when the pc reboot without any intervention by my part and I don’t know how I can do it.

    Please if somebody could help my, I will be very gratefull.

    Thanks a lot

    Luis Martin

  96. I have 2 feisty systems. On one I was able to succesfully connect to my work server. On the other I was able to install the vpn client without a problem but when I connected using the same profile I lost dns connection on my system.

    The moment I disconnected everything was OK again. Any ideas?

    JB

  97. Thanks a lot for all the support given by this blog. It is very helpful.

    I have the following problem with my Cisco vpnclient : I can succeed in connecting to my VPN :

    root@laptop:~# vpnclient connect myVPN
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Tue Feb 12 05:41:34 UTC 2008 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Enter Certificate password:
    Initializing the VPN connection.
    Contacting the gateway at XXX.XXX.XXX.XXX
    User Authentication for myVPN…

    Enter Username and Password.

    Username [greg]:
    Password []:
    Authenticating user.
    Negotiating security policies.
    Securing communication channel.

    Welcome Software Client Users!
    Do you wish to continue? (y/n): y

    Your VPN connection is secure.

    VPN tunnel information.
    Client address: XXX.XXX.XXX.XXX
    Server address: YYY.YYY.YYY.YYY
    Encryption: 168-bit 3-DES
    Authentication: HMAC-SHA
    IP Compression: None
    NAT passthrough is inactive
    Local LAN Access is disabled

    But once connected, I have NO traffic at all across my tunnel : I cannot browse any website, I cannot ping any of the systems I should have access to, nor connect to my mail server.

    I have played around with the MTU but I had no success.

    Does anyone have had the same problem ? Is there a fix ?

    Thanks,
    Greg

  98. Hi Greg, make sure you have the firewall on your local machine turned off when connecting to the VPN. Having mine on causes problems like this sometimes.

  99. Thanks Tyler,

    but this is not the case. I have no firewall running on my laptop. And my colleagues (under MS Windows) are using the same ADSL line and succeed in connecting to our VPN (therefore it is not a proxy issue).

    I am stucked :-(

    Thanks,
    Greg

  100. All,

    for those of you who might be interested : I solved my problem by modifying my .pcf file :

    I simply changed
    EnableNat=0
    by
    EnableNat=1

    and it solved the problem.

    HIH,
    Greg

  101. If your VPN Client is behind a NATing firewall then try adding the following two options to your /etc/vpnc/default.conf (or other) config file:

    NAT Traversal Mode cisco-udp
    Cisco UDP Encapsulation Port 0

    It worked for me when previously I got a VPN connection which passed no traffic. Now I’m using UDP NAT-T it works a treat!

    • Sometimes you need to go a step further in setting up vpnc on a linux box – and decrypt a group secret from within a cisco pcf file. There is an example under http://www.spiration.co.uk/post/1293/ which shows how to compile and use the cisco-decrypt.c utility. I have used this approach in the past when taking corporate vpn profiles, where you don’t necessarily know the plaintext group secret.

  102. THANK YOU !! I have been trying to do this for quite some time, and today you just helped me make a gigantic leap away from M$ for good! Now if I can only convince the wife ;)

  103. thanks for the tips.
    I’ve still got a problem, though: when I’m connected to the VPN I loose my internet connection. “EnableLocalLAN=1″ in my *.pcf file does not work

    Same problem using vpnc :(

  104. “Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.

    I am only connected via wifi, so I ran “sudo ifdown eth0″ and now I can connect.” – have a same thing :(

  105. Thanks for the nice article and very helpful posts. I was able to get the cisco vpn client installed. (after applying the patch). However I am not able to connect. I get the following messages that several others reported:

    Initializing the VPN connection.
    Contacting the gateway at ******
    Contacting the gateway at ******
    Contacting the gateway at ******
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    After looking at the other posts, I tried to disable the ethernet interface.

    >> sudo ifdown eth0
    I get the following output:
    ifdown: interface eth0 not configured

    I am not able to get past this. Please help.

    PS: I am linux newbe. I am establish a wireless connection. I have bluetooth adapter installed too. Could that be the cause of this problem? If yes, how can I disable it?

  106. i had this client working flawlessly on ubuntu 7.10. i think i made a bad mistake upgrading to ubuntu 8.04 because i can not recompile the source under the new libs.

    please take a look at this snippet & let me know what you think:

    Directory containing linux kernel source code [/lib/modules/2.6.24-16-generic/build]

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.24-16-generic/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “/lib/modules/2.6.24-16-generic/build” will be used to build the module.

    Is the above correct [y]

    Shutting down /opt/cisco-vpnclient/bin/vpnclient: module cisco_ipsec is not running.
    Stopped: /etc/init.d/vpnclient_init (VPN init script)
    Making module
    make -C /lib/modules/2.6.24-16-generic/build SUBDIRS=/home/yusufg/vpn/distro/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.24-16-generic'
    scripts/Makefile.build:46: *** CFLAGS was changed in "/home/yusufg/vpn/distro/vpnclient/Makefile". Fix it to use EXTRA_CFLAGS. Stop.
    make[1]: *** [_module_/home/yusufg/vpn/distro/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.24-16-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    tia,
    -y

  107. I have tried all the above steps, But similar to others i am getting the error
    Initializing the VPN connection.
    Contacting the gateway at x.x.x.x
    Contacting the gateway at x.x.x.x
    Contacting the gateway at x.x.x.x
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.

    Its trying for 3 servers. I have even enable the outgoing port for iptables. Still doesn’t work

    Then i tried the vpnc client it did import the .pcf file successfully but when i connect it asks me first the user name/password which i enter and then it asks me for the password to open the certificate. My vpn profiles come with another folder “Certificates” with a couple of files.

    I was not given any certificate password by the IT dept. Using the same password for the user name/password doesn’t help either.

    Any help would be nice :)

  108. HI, i followed directions for 8.04 and installed successfully, now im having an issue with computer crashing after about 10-15 min of use of vpn connect + rdesktop.

    anyone else experiencing this issue?

  109. I Updated my Ubuntu 6.10 to 7.04 and the VPN is Not connecting ,

    How can i solve this

    Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting ‘/lib/modules/2.6.20-15-generic/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
    Failed (insmod)
    john@john-desktop:/etc/opt/cisco-vpnclient/Profiles$

    Regards
    Varghese John
    Chennai

  110. Yusuf,
    Did you ever get Hardy working? I am running 64-bit Hardy and can not get the client loaded. Same error as you show above..

  111. UbuntuHappy –

    thanks for asking. as a matter of fact, i was working on this problem when i saw your comment.

    i am able to compile after following the instructions on this page: http://forum.tuxx-home.at/viewtopic.php?f=15&t=543. i’m up to lib modules 2.6.24-19-generic.

    now i can not establish a connection and receive this error on start up:

    Cisco Systems VPN Client Version 4.8.01 (0640)
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.24-19-generic #1 SMP Wed Jun 4 15:10:52 UTC 2008 x86_64
    Config file directory: /etc/opt/cisco-vpnclient

    WARNING:
    Using the “pwd” option may allow other users
    on this computer to see your password.

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    lsmod does show the ‘cisco_ipsec’ module has loaded.

    i’m pretty much at a dead end. i’m not sure if there are any logs to review and the web has been clueless.

    any help from anyone would be useful.

    regards to all!

  112. make[1]: Entering directory /usr/src/linux-headers-2.6.24-16-generic'
    CC [M] /home/rahuld/vpnclient/linuxcniapi.o
    In file included from /home/rahuld/vpnclient/Cniapi.h:15,
    from /home/rahuld/vpnclient/linuxcniapi.c:30:
    /home/rahuld/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
    make[2]: *** [/home/rahuld/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/rahuld/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.24-16-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

  113. Hi,
    I get following error when I try to install vpn
    make[1]: Entering directory /usr/src/linux-headers-2.6.24-16-generic'
    CC [M] /home/rahuld/vpnclient/linuxcniapi.o
    In file included from /home/rahuld/vpnclient/Cniapi.h:15,
    from /home/rahuld/vpnclient/linuxcniapi.c:30:
    /home/rahuld/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
    make[2]: *** [/home/rahuld/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/rahuld/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.24-16-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

  114. Vedanta.

    If you’re using ubuntu 8.04 64bit version.
    you need to patch vpnclient-linux-2.6.24-final.diff in addition to this, cisco_skbuff_offset.patch.

    this is an implied procedure for 64 bit system, though not clearly mentioned in the official blog. Anyway, this solves my problem.

    regards

  115. If you have build problems like Tom above – he gets stuff like this

    Making module
    make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/tmloos/programs/cisco vpn client/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.20-16-generic’
    make[1]: *** No rule to make target
    vpn’. Stop.
    make[1]: Leaving directory /usr/src/linux-headers-2.6.20-16-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.
    tmloos@frogger:~/programs/cisco vpn client/vpnclient$
    tmloos@frogger:~/programs/cisco vpn client/vpnclient$ *** No rule to make target
    vpn’. Stop.

    Then you need a patch.
    Go to this link
    http://www.lamnk.com/blog/vpn/with-kernel-2624-you-will-need-a-patch-to-install-cisco-vpn-client/

  116. Nope.

    I have 2.6.24.19

    downloaded and untared vpnclient-linux-4.8.00.0490-k9.tar.gz

    ran patch <../vpnclient-linux-2.6.24.diff
    and I get:
    patching file GenDefs.h
    patching file interceptor.c
    Hunk #1 succeeded at 24 (offset -4 lines).
    Hunk #2 succeeded at 75 (offset -4 lines).
    Hunk #3 FAILED at 134.
    Hunk #4 succeeded at 150 (offset -23 lines).
    Hunk #5 succeeded at 321 (offset -23 lines).
    Hunk #6 FAILED at 388.
    Hunk #7 succeeded at 887 (offset -86 lines).
    Hunk #8 succeeded at 929 (offset -86 lines).
    2 out of 8 hunks FAILED — saving rejects to file interceptor.c.rej

    tried running vpn_install anyway, and I get:
    make -C /usr/src/linux-headers-2.6.24-19-generic/ SUBDIRS=/home/thomas/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.24-19-generic'
    CC [M] /home/thomas/vpnclient/linuxcniapi.o
    /home/thomas/vpnclient/linuxcniapi.c:12:26: error: linux/config.h: No such file or directory
    /home/thomas/vpnclient/linuxcniapi.c: In function ‘CniInjectReceive’:
    /home/thomas/vpnclient/linuxcniapi.c:297: error: implicit declaration of function ‘skb_set_timestamp’
    /home/thomas/vpnclient/linuxcniapi.c:331: error: ‘struct sk_buff’ has no member named ‘nh’
    /home/thomas/vpnclient/linuxcniapi.c:332: error: ‘struct sk_buff’ has no member named ‘mac’
    /home/thomas/vpnclient/linuxcniapi.c: In function ‘CniInjectSend’:
    /home/thomas/vpnclient/linuxcniapi.c:454: error: ‘struct sk_buff’ has no member named ‘mac’
    /home/thomas/vpnclient/linuxcniapi.c:455: error: ‘struct sk_buff’ has no member named ‘nh’
    /home/thomas/vpnclient/linuxcniapi.c:458: error: ‘struct sk_buff’ has no member named ‘h’
    /home/thomas/vpnclient/linuxcniapi.c:458: error: ‘struct sk_buff’ has no member named ‘nh’
    make[2]: *** [/home/thomas/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/thomas/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.24-19-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    The 4.8.01 release is for 64 usage only, isn’t it?

  117. Cisco recently released the new VPN Client that does not require patch and works under latest kernel. I have Ubuntu Hardy 8.04 and after installing the new client it works well.
    1. Download the new client from Cisco’s website. You need an account to download that file.
    http://www.cisco.com/pcgi-bin/tablebuild.pl?topic=270636499
    There is an option to register on the page.
    2. Untar the new file:
    tar xvfz vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
    3. Open the new folder:
    cd vpnclient/
    4. Run the installer:
    sudo ./vpn_install
    5. Choose all of the default options.
    6. Installation creates a service that will start upon reboot. The first time it needs to be started manually :
    /etc/init.d/vpnclient_init start
    7. Copy the .pcf profile file to:
    /etc/opt/cisco-vpnclient/profiles
    8. Connect to VPN from terminal window:
    vpnclient connect “your profile name”

    Following the instructions above worked for me perfectly and only took a couple of minutes. Good luck !

  118. I followed all the instructions for the patch here and the installations seems to have been done without problems. But I get the following message when trying to connect:

    faraz@hussain-machine:/etc/opt/cisco-vpnclient/Profiles$ sudo vpnclient connect ucf
    Cisco Systems VPN Client Version 4.8.01 (0640)
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.24-19-generic #1 SMP Fri Jul 11 23:41:49 UTC 2008 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    Any ideas?

    Thanks.

  119. # apt-get install network-manager-vpnc

    Network Manager -> VPN Connections -> Configure VPN

    Point and click your way to productivity.

  120. I’ve successfully installed Cisco VPN on my 64-bit machine running Ubuntu. I have the latest version of VPN (4.8.02). The patch was obtained from http://birdman.dynalias.org/CiscoVPN.

    When I try to run it (e.g. sudo vpnclient connect myVPN, or just sudo vpnclient) I get a /usr/local/bin/vpnclient: No such file or directory. However, /usr/local/bin/vpnclient contains a link to /opt/cisco-vpnclient/bin/vpnclient. And this also exists. It seems as if something simple is not correct. ANy suggestions?

  121. I’ve been trying to get a GUI app to work with this client, tried a few of them, does anyone use one, if please explain how to configure it. I’d like to use network manager if possible (running Hardy). Thanks in advance.

  122. I’ve been told that Hardy has the built-in GUI VPN stuff just like Intrepid.

    # apt-get install network-manager-vpnc

    Then just click on the network manager icon, go to VPN and configure away…

  123. Thanks Rev. Dr., I ended up using KVpnc instead of the network manager. I would rather use the network manager as it is very simple and part of the standard network connection menu, but i don’t have the group key for my company as it is encrypted in the .pcf file, thus can’t get it working. If there is a work around please voice it. KVpnc is easy to set up, simply import the .pcf, put add the domain name on the configuration page, and you should be good to go….

  124. Have you tried asking your network admins for the group password? I had the same problem, and just ended up asking them. They told me without hesitation. Of course, we use unique RSA logins for each connection, so it may be different where you’re at.

  125. I was able to get the Cisco VPN client configured and installed on Ubuntu 8.10. I used this package – http://www.longren.org/downloads/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz, and applied the patch from here : http://tuxx-home.at/projects/cisco-vpnclient/vpnclient-linux-2.6.22.diff and just followed the steps above. Creating the PCF / Profile was probably the hardest part. I’d probably recommend copying a working PCF from another system first.

    It works fine from the CLI.

    I also decided to look for a GUI, so I installed the KVpnc application which uses the vpnc package. I am also able to use it, but I simply imported the working PCF file that I used above. Seems pretty nice.

    Thanks a lot!!!

  126. I had tried installing the vpn client with or without the patch, but it just doesn’t work (see) error messages below:

    In order to build the VPN kernel module, you must have the
    kernel headers for the version of the kernel you are running.

    Directory containing linux kernel source code [/lib/modules/2.6.27-11-generic/build]

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.27-11-generic/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “/lib/modules/2.6.27-11-generic/build” will be used to build the module.

    Is the above correct [y]

    Making module
    make -C /lib/modules/2.6.27-11-generic/build SUBDIRS=/home/nightcrawler/Download/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.27-11-generic'
    CC [M] /home/nightcrawler/Download/vpnclient/linuxcniapi.o
    In file included from /home/nightcrawler/Download/vpnclient/Cniapi.h:15,
    from /home/nightcrawler/Download/vpnclient/linuxcniapi.c:31:
    /home/nightcrawler/Download/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
    make[2]: *** [/home/nightcrawler/Download/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/nightcrawler/Download/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.27-11-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    Any suggestions?

  127. How can I fix this error:

    Making module
    make -C /lib/modules/2.6.27-11-generic/build SUBDIRS=/home/henry/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.27-11-generic'
    CC [M] /home/henry/vpnclient/linuxcniapi.o
    In file included from /home/henry/vpnclient/Cniapi.h:15,
    from /home/henry/vpnclient/linuxcniapi.c:31:
    /home/henry/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
    make[2]: *** [/home/henry/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/henry/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.27-11-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    Thanks.

  128. Upgraded to Jaunty and could not start the client, so I tried to reinstall, but failed. Here is the output:

    lori@lori-laptop:~$ tar xfv vpnclient-linux-4.8.00.0490-k9.tar.gz
    vpnclient/
    vpnclient/libvpnapi.so
    vpnclient/vpnapi.h
    vpnclient/cisco_cert_mgr
    vpnclient/vpnclient
    vpnclient/ipseclog
    vpnclient/cvpnd
    vpnclient/vpn_install
    vpnclient/vpnclient_init
    vpnclient/vpn_uninstall
    vpnclient/driver_build.sh
    vpnclient/sample.pcf
    vpnclient/vpnclient.ini
    vpnclient/license.txt
    vpnclient/license.rtf
    vpnclient/interceptor.c
    vpnclient/linuxcniapi.c
    vpnclient/linuxcniapi.h
    vpnclient/vpn_ioctl_linux.h
    vpnclient/IPSecDrvOS_linux.c
    vpnclient/linux_os.h
    vpnclient/frag.h
    vpnclient/frag.c
    vpnclient/linuxkernelapi.c
    vpnclient/GenDefs.h
    vpnclient/mtu.h
    vpnclient/IPSecDrvOSFunctions.h
    vpnclient/IPSecDrvOS_linux.h
    vpnclient/Cniapi.h
    vpnclient/unixcniapi.h
    vpnclient/unixkernelapi.h
    vpnclient/config.h
    vpnclient/libdriver.so
    vpnclient/Makefile
    lori@lori-laptop:~$ cp vpnclient-linux-2.6.22.diff vpnclient/
    lori@lori-laptop:~$ cd vpnclient/
    lori@lori-laptop:~/vpnclient$ patch < vpnclient-linux-2.6.22.diff
    patching file frag.c
    patching file interceptor.c
    patching file IPSecDrvOS_linux.c
    patching file linuxcniapi.c
    patching file linux_os.h
    lori@lori-laptop:~/vpnclient$ sudo ./vpn_install
    Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

    By installing this product you agree that you have read the
    license.txt file (The VPN Client license) and will comply with
    its terms.

    Directory where binaries will be installed [/usr/local/bin]

    Automatically start the VPN service at boot time [yes]no

    In order to build the VPN kernel module, you must have the
    kernel headers for the version of the kernel you are running.

    Directory containing linux kernel source code [/lib/modules/2.6.28-11-generic/build]

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.28-11-generic/CiscoVPN”.
    * The VPN service will *NOT* be started automatically at boot time.
    * Kernel source from “/lib/modules/2.6.28-11-generic/build” will be used to build the module.

    Is the above correct [y]

    Making module
    make -C /lib/modules/2.6.28-11-generic/build SUBDIRS=/home/lori/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.28-11-generic'
    CC [M] /home/lori/vpnclient/linuxcniapi.o
    In file included from /home/lori/vpnclient/Cniapi.h:15,
    from /home/lori/vpnclient/linuxcniapi.c:30:
    /home/lori/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
    make[2]: *** [/home/lori/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/lori/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.28-11-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.
    lori@lori-laptop:~/vpnclient$ ls /lib/modules/2.6.28-11-generic/build
    arch drivers init lib Module.symvers security
    block firmware ipc Makefile net sound
    crypto fs Kbuild mm samples ubuntu
    Documentation include kernel modules.order scripts usr
    lori@lori-laptop:~/vpnclient$

    Luckily my vmware is working and have it installed there.

    Many thanks.

  129. Hello,
    I followed the instructions provided for 64bit Hardy Cisco VPN
    by
    http://forum.tuxx-home.at/viewtopic.php?f=15&t=543
    and the installation gave no errors but when I tryed to start the program I got the following:

    elina@FEMale:~/vpnclient$ sudo /etc/init.d/vpnclient_init start
    Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting ‘/lib/modules/2.6.22-16-generic/CiscoVPN/cisco_ipsec.ko': -1999975736 Function not implemented
    Failed (insmod)

    And if I try to connect to VPN I have:
    elina@FEMale:~/vpnclient$ sudo vpnclient connect sample
    Cisco Systems VPN Client Version 4.8.01 (0640)
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.22-16-generic #1 SMP Sun Jan 25 23:29:15 GMT 2009 x86_64
    Config file directory: /etc/opt/cisco-vpnclient
    Could not attach to driver. Is kernel module loaded?
    The application was unable to communicate with the VPN sub-system.

    Do you know how I can solve the problem??
    thanks a lot

    • You may delete the default route and restore your previous default ISP route out. Then you can add your static routes:

      #after connecting
      ip route del default
      ip route add 192.168.11.0/24 dev tun0 # for each subnet you need to access in the vpn ¿can I do this with network manager?
      ip route add default via 192.168.1.1 # your gateway

  130. Hi,
    I get following error when I try to install vpn
    make[1]: Entering directory /usr/src/linux-headers-2.6.24-16-generic’
    CC [M] /home/rahuld/vpnclient/linuxcniapi.o
    In file included from /home/rahuld/vpnclient/Cniapi.h:15,
    from /home/rahuld/vpnclient/linuxcniapi.c:30:
    /home/rahuld/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
    make[2]: *** [/home/rahuld/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/rahuld/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.24-16-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

  131. I installed succesfully without any sort of troubles. Bad-luck, during vpnclient connect *.pcf command it is showing “the profile specified could not be read”. I tried various possible way like changing the permission and providing the absolute path, but no hope same error repeated.

    I show there are few post with same issue. Did any one solved it out ? Any help is great help for me. Thanks

    Jaynarayan

  132. HI, i followed directions for 8.04 and installed successfully, now im having an issue with computer crashing after about 10-15 min of use of vpn connect + rdesktop.

    anyone else experiencing this issue?

  133. Thank you for this post, it works fine for me, but I get the following error when I try to connect. “The profile specified could not be read.”

  134. I am using Ubuntu 10.04 and I can’t get any of the above to work. I am at my wits end with VPN and blackberry Internet modem based access. I was going to try VNC RDP next but with all the crappy luck I’ve been having forget that; i can’t get there; i can’t secure; and I probably wont be able to RDP either. this sucks! I have tried every available blog with direction! I have resigned myself to going back to windows or pay some stranger what ever he wants an hour to just get this working.

    Search craigslist for my support add. I can’t believe I have given up.

  135. “The profile specified could not be read.” – Solution.
    Don’t use an absolute path and drop the .pcf from the profile name. Simples!

  136. i tried cisco vpn client on my T510+Ubuntu 10.10, but failed during the install step with error ‘cannot find file: links/autoconf.h’. did anyone have the same problem?

  137. Ubuntu 10.10 amd_64

    I get the following error output using the 64 bit client/patch:

    Making module
    make -C /lib/modules/2.6.32-30-generic/build SUBDIRS=/home/user/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.32-30-generic'
    scripts/Makefile.build:49: *** CFLAGS was changed in "/home/user/vpnclient/Makefile". Fix it to use EXTRA_CFLAGS. Stop.
    make[1]: *** [_module_/home/user/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.32-30-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    Thanks in advance…

  138. I am using Ubuntu 11.04. I could install VPN client but when I went to the next step that is $ sudo /etc/init.d/vpnclient_init start, it says the command not found.
    Is there any one who had the same problem and got it solved please? If so how to solve it?

  139. I got to know that my VPN Clent installation was not complete. I got the following portion of information:
    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.38-8-generic/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “/lib/modules/2.6.38-8-generic/build” will be used to build the module.

    Is the above correct [y]y

    Making module
    make -C /lib/modules/2.6.38-8-generic/build SUBDIRS=/home/nagendra/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.38-8-generic'
    CC [M] /home/nagendra/vpnclient/linuxcniapi.o
    /home/nagendra/vpnclient/linuxcniapi.c:15:28: fatal error: linux/autoconf.h: No such file or directory
    compilation terminated.
    make[2]: *** [/home/nagendra/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/nagendra/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.38-8-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    May you tell me how to solve it please?

  140. I need to read the VPN.pcf from my university to find the encrypted password, which I can then decode with a programme online (I hope). What is the command in Ubuntu to read the .pcf line by line, please?

  141. Thanks, Tyler.

    The message says failure to authenticate (group password).

    The IT people told me the decrypted password was correct, but they only support Cisco.

    Could it be relevant that the passwords are being sourced from config and not the Kwallet (which I think I deleted some while ago!)? If so I could download KPvnc all over again.

    Many thanks.

    Thanks.

  142. Have you tried asking your network admins for the group password? I had the same problem, and just ended up asking them. They told me without hesitation.

  143. Have you tried asking your network admins for the group password? I had the same problem, and just ended up asking them. They told me without hesitation. Of course, we use unique RSA logins for each connection, so it may be different where you’re at.

  144. /bin/sh: scripts/mod/modpost: No such file or directory
    make[2]: *** [__modpost] Error 127
    make[1]: *** [modules] Error 2
    make[1]: Leaving directory /usr/local/src/xen-3.1.0-src-ec2-v1.4/linux-2.6.18'
    make: *** [default] Error 2
    Failed to make module "cisco_ipsec.ko".

    =>'make scripts' in kernel tree dir

    /usr/local/src/xen-3.1.0-src-ec2-v1.4/linux-2.6.18/scripts/Makefile.modpost:38: include/config/auto.conf: No such file or directory
    make[2]: *** No rule to make target
    include/config/auto.conf’. Stop.
    make[1]: *** [modules] Error 2
    make[1]: Leaving directory `/usr/local/src/xen-3.1.0-src-ec2-v1.4/linux-2.6.18′
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    => make oldconfig

    the whole thing should be done with the following (depending on your kernel)

    cd /usr/local/src/

    wget http://ec2-downloads.s3.amazonaws.com/xen-3.1.0-src-ec2-v1.4.tgz

    tar xvzf xen-3.1.*

    cd /usr/local/src/xen-3.1.0-src-ec2-v1.4/

    tar xvfj linux-2.6.18*

    cd linux-2.6.18

    make oldconfig

    make prepare

    make scripts

    cd /mnt/

    wget http://projects.tuxx-home.at/ciscovpn/clients/linux/4.8.02/vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz

    tar xvzf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz

    cd vpnclient

    ./vpn_install

    type in the path to the kernel

    /usr/local/src/xen-3.1.0-src-ec2-v1.4/linux-2.6.18