in Internet

How To: Cisco VPN Client On Ubuntu

IMPORTANT UPDATE, SEE BELOW

So, I installed Ubuntu 7.04 Feisty Fawn beta about 2 months ago. I installed it on my notebook and one of my workstations, both of which had Windows installed previously. I’m not dual booting on those machine, they’re 100% Ubuntu now.

After getting everything setup and running nicely, I realized I had no way of connecting to the Cisco PIX VPN we have at work. This is really important for me to be able to do, my job depends on it. I immediately went to Google and started searching. Turns out a nice fellow named Alexander Griesser has created a patch for the Cisco VPN client. The most recent CIsco VPN client for linux won’t compile with kernels 2.6.19 or newer. There’s really not much of a difference between his instructions and this how-to. However, I’m including more detailed instructions for those who may not be familiar with compiling software on Linux.

Here’s the steps I took to get the Cisco VPN Client to work under Unbutu 7.04 (Feisty Fawn). In all reality, this should work with any version of Ubuntu, not just 7.04. I used this same method to get the Cisco VPN Client working on Ubuntu 8.04. Note: A $ at the beginning of a line signifies a command to be run from the terminal.

  1. Download vpnclient-linux-4.8.00.0490-k9.tar.gz (mirror) to your home directory.
  2. Open a terminal window and untar the vpnclient with the following command:
    $ tar xzf vpnclient-linux-4.8.00.0490-k9.tar.gz
    This will create a new folder called vpnclient in your home directory. Leave the terminal window open, you’ll need it later.
  3. Download the patch (mirror) and save it to the vpnclient folder that was created in step 2.
  4. Go back to your terminal window and move into the vpnclient folder:
    $ cd vpnclient/
  5. Now patch the Cisco VPN source with this command:
    $ patch < vpnclient-linux-2.6.22.diff
  6. Next we actually build the Cisco VPN client, issue this command:
    $ sudo ./vpn_install
    Just hit enter for everything it asks you, the defaults are all OK. You may see lots of warnings, but those are OK.
  7. The VPN client is installed, now we need to start it:
    $ sudo /etc/init.d/vpnclient_init start
  8. Place your .pcf configuration files in /etc/opt/cisco-vpnclient/Profiles/
  9. If your .pcf file is called myVPN.pcf, you’ll connect to the VPN with the following command:
    $ sudo vpnclient connect myVPN


That’s it! You should now be able to connect to your Cisco VPN with the official Cisco VPN client on Linux. This will probably work on pretty much any linux setup, not just Ubuntu.

UPDATE (8/18/2007):
Alexander Griesser released a new patch that works with kernel versions 2.6.22 and greater. The new patch is backwards compatible, so it also works with older kernels as well, such as 2.6.10 and 2.6.21. All the download links above point to the newest release of the patch. I’ll continue to update this how-to as he releases new patches.

UPDATE (10/04/2007):
Cisco has finally released a new version of their vpn client for Linux. This new version compiles on all the new 2.6.xx kernels without the need for patching! You can download it from Alexander’s site or you can get it right here.

UPDATE (12/29/2007): Alexander Griesser has a new project page for his Cisco VPN client patches. It contains basic usage information and will most likely always have the latest and greatest patch available for download. In addition to that, Alexander has a new patch to make version 4.8.01.0640-k9 of the Cisco VPN Client compile on 64bit systems. Again, you can download the latest Cisco VPN Client for linux from the following link:
http://www.longren.org/downloads/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
UPDATE (8/11/2011): Marius B commented and mentioned he has a post up on this same subject. It’s worth checking his post out. He basically suggests enabling the option to only use the VPN connection for resources on the network you’re connected to. See his post for more.

Where to now?

Work with Me

Think you'd need help getting somethink like this setup on your own? Or maybe you've got an idea for a product but don't know how to turn it into 'something'. I can help on both fronts! Just get in touch and we can chat about your needs.

Leave some Feedback

Got a question or some updated information releavant to this post? Please, leave a comment! The comments are a great way to get help, I read them all and almost always reply to every comment.

Enter your email address to subscribe and receive notifications of new posts by email.

  • mustali

    Nice tutorial.

    Unfortunately, I am getting the following error:


    Entering directory `/usr/src/linux-source-2.6.20'

    ERROR: Kernel configuration is invalid.
    include/linux/autoconf.h or include/config/auto.conf are missing.
    Run 'make oldconfig && make prepare' on kernel src to fix it.

    WARNING: Symbol version dump /usr/src/linux-source-2.6.20/Module.symvers
    is missing; modules will have no dependencies and modversions.

    can you help?

    thanks!

  • mustali

    Just want to add that I received the above error after sudo ./vpn_install and specifying /usr/src/linux-source-2.6.20 for location of kernel source.

    I upgraded from Dapper today. It was long and scary but all seems to be working fine except VPN.

    I would appreciate the help.

    thanks.

  • http://longren.org Tyler

    mustali: When you run “sudo ./vpn_install”, try leaving the kernel source option at it’s default location (I believe it’s /lib/modules/2.6.20-15-generic/build).

    That should do the trick. Let me know if that works or not.

  • mustali

    Thanks for replying Tyler.

    I am now able to compile with warnings. No more compiler errors! The problem was that on the first try, the default for the location of kernel header was blank ‘[]‘. So I entered /lib/modules/2.6.20-15-386 and created a ‘build’ link within it similar to 2.6.20-15-generic/build.

    Now when I used ‘/lib/modules/2.6.20-15-generic/build’ the compilation worked fine.

    Great. But now when I start the vpn service I get this

    sudo /etc/init.d/vpnclient_init start
    Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting '/lib/modules/2.6.20-15-386/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
    Failed (insmod)

    FYI, here is the output from the installation:

    Automatically start the VPN service at boot time [yes]

    In order to build the VPN kernel module, you must have the
    kernel headers for the version of the kernel you are running.

    Directory containing linux kernel source code [/lib/modules/2.6.20-15-386/build]/lib/modules/2.6.20-15-generic/build

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.20-15-386/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “/lib/modules/2.6.20-15-generic/build” will be used to build the module.

    Is the above correct [y]

    Making module
    make -C /lib/modules/2.6.20-15-generic/build SUBDIRS=/home/mustali/Desktop/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.20-15-generic'
    Building modules, stage 2.
    MODPOST 1 modules
    WARNING: /home/mustali/Desktop/vpnclient/cisco_ipsec.o - Section mismatch: reference to .init.text: from .data between 'interceptor_dev' (at offset 0xb4) and 'interceptor_notifier'
    WARNING: could not find /home/mustali/Desktop/vpnclient/.libdriver.so.cmd for /home/mustali/Desktop/vpnclient/libdriver.so
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.20-15-generic’
    Copying module to directory “/lib/modules/2.6.20-15-386/CiscoVPN”.
    Already have group ‘bin’

    Creating start/stop script “/etc/init.d/vpnclient_init”.
    /etc/init.d/vpnclient_init
    Enabling start/stop script for run level 3,4 and 5.

    Installing license.txt (VPN Client license) in “/opt/cisco-vpnclient/”:

    Installing bundled user profiles in “/etc/opt/cisco-vpnclient/Profiles/”:
    * Replaced Profiles: Copying binaries to directory “/opt/cisco-vpnclient/bin”.
    Adding symlinks to “/usr/local/bin”.
    /opt/cisco-vpnclient/bin/vpnclient
    /opt/cisco-vpnclient/bin/cisco_cert_mgr
    /opt/cisco-vpnclient/bin/ipseclog
    Copying setuid binaries to directory “/opt/cisco-vpnclient/bin”.
    /opt/cisco-vpnclient/bin/cvpnd
    Copying libraries to directory “/opt/cisco-vpnclient/lib”.
    /opt/cisco-vpnclient/lib/libvpnapi.so
    Copying header files to directory “/opt/cisco-vpnclient/include”.
    /opt/cisco-vpnclient/include/vpnapi.h

    Setting permissions.
    /opt/cisco-vpnclient/bin/cvpnd (setuid root)
    /opt/cisco-vpnclient (group bin readable)
    /etc/opt/cisco-vpnclient (permissions not changed)
    * You may wish to change these permissions to restrict access to root.
    * You must run “/etc/init.d/vpnclient_init start” before using the client.
    * This script will be run AUTOMATICALLY every time you reboot your computer.

    Help!

  • http://longren.org Tyler

    mustali: Reboot your PC and see if “sudo /etc/init.d/vpnclient_init start” works after rebooting. Let me know if that works.

  • mustali

    Rebooted and saw the same response.

    Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting ‘/lib/modules/2.6.20-15-386/CiscoVPN/cisco_ipsec.ko’: -1 Invalid module format
    Failed (insmod)

    Man, what could it be? The installer compiled a module that has a bad format!

    any ideas?

  • http://longren.org Tyler

    mustali: Try starting over from the beginning. Remove the vpnclient folder created in step 2 and start over, starting with step #2. Let me know how that works.

  • mustali

    figured it out.

    It was the flipping headers. I had headers for 2.6.20-15-generic and 2.6.20-15. Synaptic caused the confusion.

    After I installed the 2.6.20-16-386 linux headers, it was clockwork.

    Thanks for the help Tyler.

    Now if only I can get my dual monitor to run correctly…

    you see, Fiesty is on my Dell Inspiron 630m. Dual booting XP. At work I have an external Dell CRT. I must have tried at least 500 different configurations of xorg.conf but none are working. Thats an ongoing battle.

    Thanks again T!

  • mustali

    correction. I meant 2.6.20-15-386

  • http://longren.org Tyler

    Glad you got it working mustali. Xorg can be difficult to get working exactly the way you want it. Took me about 10 tries to get my Nvidia card to work properly, way more times than it should have taken :)

  • mustali

    I take my words back. Earlier I was just trying to get the VPN service start successfully but now when I actually tried to vpn into my office, I couldn’t get around this:

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.

    In frustration I turned to google and found that vpnc was being as an alternative to Cisco. With a little perl script, VPN worked instantly. This is what I did:

    1) Install vpnc

    sudo apt-get install vpnc

    2) Download and execute a perl script that will convert Cisco pcf files to the vpnc format

    wget http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc
    pcf2vpnc ciscoprofile.pcf > ciscoprofile.conf

    3) Connect to your vpn

    sudo vpnc-connect ciscoprofile.conf

  • http://longren.org Tyler

    mustali: That’s pretty funny. I initially started out trying to use vpnc, after hours of tinkering I couldn’t get it to connect. I even used that pcf2vpnc tool. I finally got fed up, dug around and found the official Cisco VPN client for Linux, and was able to get it working without much problem.

    I am gonna see if I can’t get vpnc to work now too, I’d like to use the vpnc plugin for Network Manager, seems pretty slick.

    Glad you’re able to connect to your office now, even though you weren’t able to use the official Cisco VPN Client. :) Thanks for following up with that info, I’m sure people will find your comments to be quite helpful.

  • http://www.jjsplace.ca JJ

    Hey Tyler!

    This is a little offtopic of the post (so I do apologize for that) but I’ve also recently moved away from Windows and have been Linux only on my desktop.

    I’m totally a Linux-newb, so I was just curious for your thoughts/opinions on Ubuntu. I’ve been using a different distro thus far, but Ubuntu/Kubuntu look pretty appealing.

    Thanks, and sorry again for being somewhat offtopic! ;)

  • http://longren.org Tyler

    Not a problem JJ. Ubuntu, for me, is the ultimate OS. It’s radically easier to use and learn than most linux distributions. Previous to Ubuntu, Slackware was my distribution of choice, which is a lot less n00b-friendly. Ubuntu is the perfect distro for linux newcomers. It’s easy to use (a GUI for almost everything) but still gives you the opportunity to do everything from the command line.

    Ubuntu is very polished and 99% of my hardware has “just worked”, with the exception of my Linksys wireless cards and my Nvidia video card. I was so struck by how well put together Ubuntu was, I installed it on all my PC’s, except the router, which still runs Slackware.

    Give Ubuntu a try, you’ll love it. I’d never touch Kubuntu, Gnome rocks my socks. KDE makes me want to puke, it’s ugly. I’m sure others would disagree. :)

  • Tim

    Following your directions I was able to get the vpn client patched and installed, but when I try to connect to my VPN, it terminates the connection. The exact message is as follows:

    Initializing the VPN Client
    Secure VPN Connection terminated locally by the Client
    Reason: The Connection Manager was unable to read the connection entry, or the connection entry has missing or incorrect information.

    My VPN.pcf contains the following:

    [main]
    Description=AU Wireless VPN
    Host=10.6.8.1
    AuthType=1
    GroupName=Wireless-Users
    GroupPwd=
    enc_GroupPwd=removed by Tyler
    EnableISPConnect=0
    ISPConnectType=0
    ISPConnect=
    ISPCommand=
    Username=
    SaveUserPassword=0
    UserPassword=
    enc_UserPassword=
    NTDomain=
    EnableBackup=0
    BackupServer=
    EnableMSLogon=1
    MSLogonType=0
    EnableNat=1
    TunnelingMode=0
    TcpTunnelingPort=10000
    CertStore=0
    CertName=
    CertPath=
    CertSubjectName=
    CertSerialHash=00000000000000000000000000000000
    SendCertChain=0
    VerifyCertDN=
    DHGroup=2
    ForceKeepAlives=0
    PeerTimeout=90
    EnableLocalLAN=0
    ISPPhonebook=

    Any help is greatly appreciated.

  • Fred

    Hey guys, this page has helped me a lot. I was using FC6-64 and got tired of not being able to see a lot of the multimedia content available on the web (like youtube). Periodic lock-ups with the vpn client helped me decide to try something new…

    So I went to Feisty… vpn is the most important thing for me, working at home is the only reason I really even need Linux at home (although dumping windows is nice). After all the hoops of trying to get the cisco vpn client to work (after finally getting it compiled, it would lock up some minutes into any session – lock up hard, requiring a reset).

    I tried that vpnc before and could never get it to work, but I tried it again after reading this page and all I can say is THANK YOU VERY MUCH. It’s one of those Linux things that if it doesn’t work this week, it’ll likely work next week, so you have to keep trying. In fact, I’ve tried Ubuntu before (Edgy, just a few months ago), and it wouldn’t recognize my ethernet card. Feisty’s got no problem with any of my hardware.

    Tim… just go ahead and give vpnc a try.

  • dp

    What is it lately- I also installed linux. weird. seems like everyone is in sink. But the problem is my suound card has no drivers – firewire 410 – sucks cuase I would honestly use this OS over zindows any day.

  • Frank

    I got a wired problem.
    When the first time I want to connect VPN, it always failed, without any exception. Just like this
    “Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection. ”

    However, I reboot my computer, and then it worked.

    It seemed that I didn’t add it to kernel, cause every time I need to run”sudo /etc/init.d/vpnclient_init start”

    Any suggestions?

  • Matt

    Just to let you know that the vpnc trick mentioned by mustali worked perfectly for me.

  • Srikanth

    Thank you for this informative discussion. I have followed both alternatives (the cisco-client version as well as the vpnc version) and found the former to work but not the latter. I am not sure why vpnc doesn’t work, though (I must admit that I am a novice when it comes to networking technologies and terminology).
    Thanks again!.
    Srikanth.

  • jceliason

    Like Tim, I too was having a problem getting Cisco VPN client working on Ubuntu 7.04, The patch and install worked fine, but when trying to connect, would get the following:

    Initializing the VPN Client
    Secure VPN Connection terminated locally by the Client
    Reason: The Connection Manager was unable to read the connection entry, or the connection entry has missing or incorrect information.

    While investigating, I tried the sample.pcf, substituting my login specs, and it worked. Returning to my original pcf file, matched it up exactly the same, but still it would not work. After running od and diff and never finding any anomalies, I happened to do an ls of the directory. The file colors were different. Running ls -lda *.pcf revealed that the file modes for mine compared to sample were different.

    If you get the above message, please make sure to run:

    sudo chmod 644 /etc/opt/cisco-vpnclient/Profiles/*.pcf

    Cheers to all!

  • Matt

    A couple of problems I found:

    ################################
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Wed May 23 01:46:23 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    The profile specified could not be read.
    ################################

    was caused by having my profile stored in the wrong folder. This seems obvious, but on my installation the profiles are kept in /etc/
    CiscoSystemsVPNClient/Profiles/
    This is different from the discription above. Moving my .pcf file to this folder solved the problem.

    The following message:
    ################################
    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.
    ################################

    was caused by having my wireless card and ethernet card enabled, while the outside world is only accessible via the ethernet. I think this is probably a routing problem, but temporarily disabling the wireless card solved the problem.

    Hope this helps someone.
    Good luck

  • Jerome

    Excellent posts.

    Tyler’s Cisco VPN client instructions worked to the T, Jceliason’s chmod fixed one issue and Matt experiencing of disabling the unused network connection completed the hat trick.

    Truly great information. Thanks a million.

  • http://nilakanta-mallick.blogspot.com/ nilakanta

    Thanks for these simple instructions, worked without any problem for me.

  • Tim

    Thanks so much for all the help. I had given up on this for a while, but recently came back and the help about chmod by Jceliason fixed the profile configuration file, as well as Matt’s idea of disabling the unused network connection (in my case, I disabled the wired connection and just used wireless).

    Thanks again!

  • Michael Groves

    The vpnc method worked like a charm for me. I am running Ubuntu 7.04 with the latest kernel (2.6.20-16-generic). Cisco’s client stopped working a kernel or so ago. The vpnc works!!!

    Mike

  • http://insideview.com John

    Thank you so much.

    I have been struggling with for weeks. You saved me.

    Thank you so much. Keep up the good work!!

  • John J

    @Frank

    Check your /etc/rc5.d/ directory. It should have a symbolic link to /etc/init.d/vpnclient_init (or something similar, I haven’t yet installed it on mine). If it doesn’t you will have to create a symbolic link to the startup script:

    # ln -s /etc/init.d/vpnclient_init /etc/rc5.d/vpnclient_init

  • Andy

    Hi,

    I am fairly new to Ubuntu. I’ve followed the instructions above and I have both vpnc and Cisco VPN with the patch installed and they seem to work. However they both fail to establish a VPN connection. I am able to establish a VPN connection from the same laptop under Windows.

    Is there anything else I need to know about Ubuntu that might be blocking the connection? Or anything else I can try with the VPN configuration?

    Thanks,
    Andy

  • Hypatia

    I got the cisco vpnclient installed, but I cannot connect using my windows pcf file. I get:

    $ sudo vpnclient connect corporatevpn
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Wed May 23 01:46:23 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Initializing the VPN connection.
    Initiating TCP to 199.223.16.5, port 10000
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    Therre is not much debugging information. Any ideas?

  • Theresa

    mustali

    I needed to thank you for the pcf2conf and vpnc advice! You were a life saver!!

    I was fiddling around with Cisco’s vpnclient for a while, but vpnc worked on the first attempt!

  • Matt

    Hypatia,
    have you started the vpn client service, ie:

    sudo /etc/init.d/vpn-somethingICantRemember start

    I can never remember the name, but auto complete always knows.

  • Mustali

    I am glad vpnc worked out for so many when Cisco failed. I wonder what is the unknown piece that causes either one to fail or work.

    @Hypatia
    Have you tried the ‘network disable’ and ‘profile permission change’ workarounds suggested earlier?

    Turns out that Cisco client has started working for me. Probably becuase of the recent automatic upgrades. I am now on 2.6.20-16.

    @Fred
    Give VPN client another shot ;)

    Peace.

  • AzSanMan

    Thank you for your work on the instructions! Worked without issue on a Dell Inspiron 6000 w/Feisty.

  • Patricia

    Fabulous! I’ve been trying all year to get connected to the internet at University College London, and these instructions made it really simple: download the client, patch it, install it, and turn off my wired connection. Just a shame I went all school year without it!

    Thanks so much, everyone.

  • http://bjoerkman.se DarkTux

    Thanx ! works like a charm !

    you are truly one of the linux goodguys !

    /Darktux

  • Tom

    I am trying to follow the instructions – downloaded, untarred, applied the patch, ran install with defaults. I get this error:

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.20-16-generic/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “/lib/modules/2.6.20-16-generic/build” will be used to build the module.

    Is the above correct [y]

    Making module
    make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/tmloos/programs/cisco vpn client/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.20-16-generic'
    make[1]: *** No rule to make target
    vpn’. Stop.
    make[1]: Leaving directory /usr/src/linux-headers-2.6.20-16-generic'
    make: *** [default] Error 2
    Failed to make module "cisco_ipsec.ko".
    tmloos@frogger:~/programs/cisco vpn client/vpnclient$
    tmloos@frogger:~/programs/cisco vpn client/vpnclient$ *** No rule to make target
    vpn’. Stop.

    Please help! I too hook in to the home office vpn for access to everything…

    Thanks!

  • Mustali

    @Tom

    Remove the 2.6.20-16-generic linux-headers/source packages and install the 2.6.20-16-i386 header/source packages instead. Try vpn_install once again and see what happens.

    Mustali

  • Johannes

    Nice tutorial! Probably had some problem with the patch I used, this one works fine!
    Thanks a lot!

  • Ben

    Nice tutorial, worked a treat. Thanks.

  • Uwe Brauer

    Hi

    thanks for the instructions. However it seems not to work for me
    (Kubuntu 7.04 with kernel 2.6.20-16)
    Config file directory: /etc/opt/cisco-vpnclient

    privsep: unable to drop privileges: group set failed.
    The application was unable to communicate with the VPN sub-system.

    According to the instructions of my university server I have just
    to set the host and the user but no group or anything

    is there anything wrong in the configuration?

    thanks

    Uwe Brauer

  • http://longren.org Tyler

    Uwe: Did you run the following command?

    sudo /etc/init.d/vpnclient_init start

  • Uwe Brauer

    Tyler:
    Yes of course. I now tried the kde backend kvpc, when I import my
    pcf conf file I am asked for a group passwd. According to the instructions I have this passwd should not be necessary. I best
    talk to our IP guys and report back

    Uwe

  • Mustali

    @Uwe Brauer

    Try this

    sudo chmod 4111 /opt/cisco-vpnclient/bin/cvpnd

    Restart the client

    sudo /etc/init.d/vpnclient_init restart

    HTH

  • Paul Gevers

    Used the Cisco client until I upgraded to feisty this week. Compiling the client didn’t work. Thanks to this howto it does now. VPNC did NOT connect (I tried moving to it because it is supported in Ubuntu, so I would not need to recompile each time I upgrade). If anybody finds out why VPNC does not work I like to know. http://ubuntuforums.org/showthread.php?t=410172&highlight=vpnc mention it might be a bug related to wireless, but I find it hard to believe that…

    Anyway thanks for the patch/howto.

  • Peterrabbid

    Just wanted to say THANKS!! I’ve been trying to get this to work for 3 days now, and the directions you published worked perfectly!

  • Jorg

    Hello!

    @Paul Gevers:
    Is it possible that vpnc doesn’t work for you (or some of the others above) because it doesn’t support e.g. certificates or hybrid auth (yet) (see http://www.unix-ag.uni-kl.de/~massar/vpnc/). I don’t even completely understand what these are about, but the IT staff at my college told me that this is the reason vpnc can’t connect to their vpn concentrator…

    Jörg

  • Jim

    This did the trick. Very clearly written and easy to follow. I am a unix sysadmin, but I don’t think that had too much to do with how easy I found the instructions to follow
    Jim

  • Pingback: .:: a few thoughts on the subject by rob wright ::. » links for 2007-07-09

  • Calaz

    Thanks is working fine with 0 errors.

  • http://www.ylitalot.net/ Juha Ylitalo

    Just wanted to say thanks for well written tutorial.
    Worked without any errors on my i686 box with freshly installed Feisty Fawn.

  • http://www.meetlinux.com Alex Launi

    I’m having a really weird issue with both this and vpnc. I can connect, but I can’t resolve anything… vpnc changes my resolv.conf, but I can’t ping anything, and the cisco client doesn’t do anything. I have no idea why this is happening, anyone have any thoughs?

  • Kthanuva

    Thanks. It worked in the first attempt in Ubuntu Fiesty (Mac Book Pro)

  • Newbie_57Y.

    Just Installed KUBUNTU 7.04, Could’nt get KVPNC working, found this description, worked 1 time. Now I can connect, and open a tunnel. Now I only have some problems with my mouse, which don’t work in the RDP connected window, which bye the way seems a little slow. Thanks for the good yasy followed description.

  • Mayron Guevara

    Excellent…

    Thanks for all…

  • Scott

    Thanks for this! I just followed this tutorial and everything worked flawlessly!

  • http://none ranjit

    Mustaliś ( on May 21st, 2007 at 10:51 pm) workaround with converting pcf to vpnc worked for me too .

  • Pingback: linuxagenda.com » Blog Archive » Cisco vpnclient on Debian

  • jeff

    I downloaded the patch and installed it as you said and the Cisco client works perfect. Thank you…

  • moin

    Hey Tyler. when i try to initialize the vpn client from terminal, i get the following error:-

    You have entered an unrecognized command.
    Usage:
    vpnclient connect [user ] [eraseuserpwd | pwd ]
    [nocertpwd]
    vpnclient disconnect
    vpnclient stat [reset] [traffic] [tunnel] [route] [repeat]
    vpnclient notify
    vpnclient verify [autoinitconfig]
    vpnclient autoinit

    I have typed out the command just fine, and excluded the .pcf extension. Not sure what i’m doing wrong? thanks much.

  • moin

    Figured it out. my pcf file name is pretty long with spaces. quoted it with single quotes and connected successfully. only problem left now is that local lan access is forbidden. some posts online say to enable it on the pcf file itself. will see. thanks for the walkthrough.

  • Scorn

    Thanks for the Great Tutorial, worked first time:- no problems.

    Cheers.

  • Petter

    Just wanted to say that this works with Ubuntu Gutsy as well. Just use the newer patch (2.6.22) available at the same location.

    Thanks for the tutorial.

  • canti

    Dear all,

    I need to establish a VPN-connection to the Tilburg University (Netherlands) and followed the instruction of Tyler. However, after executing step 9 (“sudo vpnclient connect myVPN”) I got the following error message:

    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Could not attach to driver. Is kernel module loaded?
    The application was unable to communicate with the VPN sub-system.

    What did I wrong? I’m fairly new to Ubuntu, so please keep it simple (as Tyler did).

    Regards,
    canti

  • http://longren.org Tyler

    canti: Try doing step # 7 again and then try executing step #9 again.

    Let me know if that works or not.

  • canti

    Hi Tyler,

    With your instructions I got no old error message, but a new one arose:

    Enter a group password:
    Initializing the VPN connection.
    Contacting the gateway at 137.56.127.10
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    I found out that I used the wrong password (I accidently used the name of the Group Access Information instead of the password). Now I fixed the connection!

    However, I cannot use the normal internet, it seems there could be only one connection at one time, not two connections: VPN and wired (for internet). I need to establish the VPN-connection with the online contents for journal articles, accessible via common internet connection. Do you understand my problem? I’m sorry for my bad English…

    I hope you can help me.

    Regards,
    canti

  • canti

    Dear Tyler,

    Now it unexpectedly works! I didn’t change anything, just tried it for the second time, and everything works! I don’t understand it, but in any case I’m very happy!

    Now I have one another question, if you may allow me to do that (I hope I’m not boring…). Is there an easier way than to write in the terminal every time I want to establish the vpn-connect? For example selecting the monitor symbol for network in a toolbar? Just a question to make my life with the computer easier, not important.

    Thank you anyway for the clear instructions!

    canti

  • plateofshrimp

    works! so far anyway. running 7.04. snags:

    1. incorrect kernel headers – installed mine as per ‘uname -a’:

    .Linux ubuntu-desktop 2.6.20-16-386 #2 Thu Jun 7 20:16:13 UTC 2007 i686 GNU/Linux

    2. symlinked kernel header dir to /usr/src/linux so vpn_install would find them easily. optional.

    thanks for sharing the information, this saved me sooo much time :D

  • Alan S

    Trying to install. I followed all the instructions and got the following error:

    Making module
    make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/oracle/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.20-16-generic'
    make[2]: *** No rule to make target
    /home/oracle/vpnclient/libdriver64.so’, needed by /home/oracle/vpnclient/cisco_ipsec.o'. Stop.
    make[1]: *** [_module_/home/oracle/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.20-16-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    I am using Feisty EMT64 bit release. Is there an additional library set I need? It appears this is a needed file for the install.

    I have installed gcc,build-essentials,libc6,libstdC++5

  • Alan S

    This is Alan again, sorry for the issues. I found the lib in another copy I had of the download. It has compiled now…

  • at

    Nice Tip,
    I was searching for it for a long time.
    It works great with my Kubuntu 7.04

    Thanks for sharing this information.

    AT

  • Felix

    Thanks all. This tutorial really save my life :D. It works in my KUBUNTU 7.04. Just to remind other people, if you get this message after installing and trying to run the cisco vpn client:

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    Just Disable your unused network device. For example, if you connect using LAN then disable your wireless.

    Cheers.

  • Alan S

    I try and execute the command:
    sudo vpnclient connect EMSInc

    And Got:
    sudo: unable to execute /usr/local/bin/vpnclient: No such file or directory

  • Alan S

    Here is an actual strace with the issue:

    It appears the issue is with /etc/ld.so.preload and so forth…

    oracle@oracledev:~$ strace sudo vpnclient connect EMSInc
    execve(“/usr/bin/sudo”, ["sudo", "vpnclient", "connect", "EMSInc"], [/* 31 vars */]) = 0
    brk(0) = 0x51c000
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab7704bf000
    uname({sys=”Linux”, node=”oracledev”, …}) = 0
    access(“/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
    mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab7704c0000
    access(“/etc/ld.so.preload”, R_OK) = -1 ENOENT (No such file or directory)
    open(“/etc/ld.so.cache”, O_RDONLY) = 3
    fstat(3, {st_mode=S_IFREG|0644, st_size=53091, …}) = 0
    mmap(NULL, 53091, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ab7704c2000
    close(3) = 0
    access(“/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
    open(“/lib/libpam.so.0″, O_RDONLY) = 3
    read(3, “177ELF2113>124035″…, 832) = 832
    fstat(3, {st_mode=S_IFREG|0644, st_size=34256, …}) = 0
    mmap(NULL, 2129448, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ab7706c0000
    mprotect(0x2ab7706c8000, 2093056, PROT_NONE) = 0
    mmap(0x2ab7708c7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0×7000) = 0x2ab7708c7000
    close(3) = 0
    access(“/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
    open(“/lib/libdl.so.2″, O_RDONLY) = 3
    read(3, “177ELF2113>1 16″…, 832) = 832
    fstat(3, {st_mode=S_IFREG|0644, st_size=14624, …}) = 0
    mmap(NULL, 2109728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ab7708c8000
    mprotect(0x2ab7708ca000, 2097152, PROT_NONE) = 0
    mmap(0x2ab770aca000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0×2000) = 0x2ab770aca000
    close(3) = 0
    access(“/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
    open(“/lib/libc.so.6″, O_RDONLY) = 3
    read(3, “177ELF2113>1340331″…, 832) = 832
    fstat(3, {st_mode=S_IFREG|0755, st_size=1367432, …}) = 0
    mmap(NULL, 3473592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ab770acc000
    mprotect(0x2ab770c13000, 2097152, PROT_NONE) = 0
    mmap(0x2ab770e13000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0×147000) = 0x2ab770e13000
    mmap(0x2ab770e18000, 16568, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2ab770e18000
    close(3) = 0
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab770e1d000
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab770e1e000
    arch_prctl(ARCH_SET_FS, 0x2ab770e1db00) = 0
    mprotect(0x2ab770e13000, 12288, PROT_READ) = 0
    munmap(0x2ab7704c2000, 53091) = 0
    geteuid() = 1000
    write(2, “sudo: “, 6sudo: ) = 6
    write(2, “must be setuid root”, 19must be setuid root) = 19
    write(2, “n”, 1
    ) = 1
    exit_group(1) = ?
    Process 7290 detached

  • Matt

    Hi Tyler –
    Thanks for the great tutorial–I am now able to access my work files on my new linux machine. One minor setback I am having is that whenever I restart the OS and go to start vpnclient I get the following message:

    matt@matt-desktop:~$ vpnclient connect ISPtoPSU &
    [1] 6232
    matt@matt-desktop:~$ Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Could not attach to driver. Is kernel module loaded?
    The application was unable to communicate with the VPN sub-system.

    If I restart vpn with:

    matt@matt-desktop:~$ sudo /etc/init.d/vpnclient_init restart

    I am then able to run vpn successfully:

    matt@matt-desktop:~$ vpnclient connect ISPtoPSU
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Initializing the VPN connection.
    Contacting the gateway at 128.118.97.125
    User Authentication for ISPtoPSU…

    Any ideas regarding what I can do to fix this and, further, if it is possible to have linux open my vpn connection on startup is possible.

    Thanks much, Matt

  • Quique
  • Veer

    Thanks Tyler,

    Very helpful tutorial, I could able to set up & get connected & access the office files in no time on my ubuntu fiesty fawn (gnome-love it).

  • moore.bryan

    awesome tutorial, but after it is successful, nothing happens in the term and i can’t mount the network shares i’m trying to get at. am i missing something?

  • Andrew

    I followed the exact same steps mentioned above. I got the following error when I do vpn_install. But install appears good. When I try to access vpn it’s not working any idea?

    Making module
    make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/root/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.20-16-generic'
    CC [M] /root/vpnclient/linuxcniapi.o
    CC [M] /root/vpnclient/frag.o
    CC [M] /root/vpnclient/IPSecDrvOS_linux.o
    CC [M] /root/vpnclient/interceptor.o
    /root/vpnclient/interceptor.c: In function ‘handle_vpnup’:
    /root/vpnclient/interceptor.c:313: warning: assignment from incompatible pointer type
    /root/vpnclient/interceptor.c:337: warning: assignment from incompatible pointer type
    /root/vpnclient/interceptor.c:338: warning: assignment from incompatible pointer type
    /root/vpnclient/interceptor.c: In function ‘do_cleanup’:
    /root/vpnclient/interceptor.c:386: warning: assignment from incompatible pointer type
    CC [M] /root/vpnclient/linuxkernelapi.o
    LD [M] /root/vpnclient/cisco_ipsec.o
    Building modules, stage 2.
    MODPOST 1 modules
    WARNING: /root/vpnclient/cisco_ipsec.o - Section mismatch: reference to .init.text: from .data between 'interceptor_dev' (at offset 0xb4) and 'interceptor_notifier'
    WARNING: could not find /root/vpnclient/.libdriver.so.cmd for /root/vpnclient/libdriver.so
    CC /root/vpnclient/cisco_ipsec.mod.o
    LD [M] /root/vpnclient/cisco_ipsec.ko
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.20-16-generic’
    Copying module to directory “/lib/modules/2.6.20-16-generic/CiscoVPN”.
    Already have group ‘bin’

    Creating start/stop script “/etc/init.d/vpnclient_init”.
    /etc/init.d/vpnclient_init
    Enabling start/stop script for run level 3,4 and 5.
    Creating global config /etc/opt/cisco-vpnclient

    Installing license.txt (VPN Client license) in “/opt/cisco-vpnclient/”:

    Installing bundled user profiles in “/etc/opt/cisco-vpnclient/Profiles/”:
    * New Profiles : sample

    Copying binaries to directory “/opt/cisco-vpnclient/bin”.
    Adding symlinks to “/usr/local/bin”.
    /opt/cisco-vpnclient/bin/vpnclient
    /opt/cisco-vpnclient/bin/cisco_cert_mgr
    /opt/cisco-vpnclient/bin/ipseclog
    Copying setuid binaries to directory “/opt/cisco-vpnclient/bin”.
    /opt/cisco-vpnclient/bin/cvpnd
    Copying libraries to directory “/opt/cisco-vpnclient/lib”.
    /opt/cisco-vpnclient/lib/libvpnapi.so
    Copying header files to directory “/opt/cisco-vpnclient/include”.
    /opt/cisco-vpnclient/include/vpnapi.h

    Setting permissions.
    /opt/cisco-vpnclient/bin/cvpnd (setuid root)
    /opt/cisco-vpnclient (group bin readable)
    /etc/opt/cisco-vpnclient (group bin readable)
    /etc/opt/cisco-vpnclient/Profiles (group bin readable)
    /etc/opt/cisco-vpnclient/Certificates (group bin readable)
    * You may wish to change these permissions to restrict access to root.
    * You must run “/etc/init.d/vpnclient_init start” before using the client.
    * This script will be run AUTOMATICALLY every time you reboot your computer.
    root@xaviea-ubuntu:~/vpnclient#

    ./start_vpn
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

  • Pingback: ernie.cz » Archiv » ubuntu cisco vpn client

  • Dave

    Hello,
    Thanks for the GREAT tutorial and patches. I was able to successfully connect to the VPN. However, I have a strange error that once I disconnect, I cannot reconnect. I get the following:

    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a TCP connection.
    There are no new notification messages at this time.

  • Dave

    Oh, and it DOES attempt to connect. This is the whole message:

    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Fri Aug 31 00:55:27 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Initializing the VPN connection.
    Initiating TCP to xx.xx.xx.xx, port 10000
    Contacting the gateway at xx.xx.xx.xx
    Initiating TCP to xx.xx.xx.xx, port 10000 (backup)
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a TCP connection.
    There are no new notification messages at this time.

  • Dave

    One final comment. It would appear that if I continuously connect, sometimes, eventually, the connection succeeds. I also rebooted and attempted to reconnect. It failed 3 or 4 times, and than worked. Go figure :). Anyhow, if you have any suggestions, please let me know.

  • matt

    answer to everyone’s problems: use vpnc CiscoVPN sucks on Linux2.6

  • Dave

    Ok, but how do I use vpnc and use my PCF file from my original Cisco VPN client. I need to use a group name in the authentication with an encrypted password.

  • Dave

    Ok, I answered my own question using this information:
    http://ubuntuforums.org/showthread.php?t=500504

    I just used that perl script convert my pcf file to a conf file for vpnc and it works perfectly. Thanks for the prodding ;).

  • Steinar

    I tried following this on an Ubuntu 7.04 laptop, since after updating the gateway between my home LAN and the world from debian sarge to debian etch (ie. from a 2.4 kernel to a 2.6 kernel), vpnc no longer connects from the inside (the initial ISAKMP package is the only traffic), but the cisco client from a windows machine still works (the ISAKMP package is much smaller than vpnc’s package, perhaps that is a clue).

    Anyway following this howto worked fine for me while building, but when doing running vpnclient I get the following output:

    $ sudo vpnclient connect company
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Fri Aug 31 00:55:27 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    The profile specified could not be read

    This is the same problem as this http://www.experts-exchange.com/Security/Misc/Q_21031158.html

    I’ve tried all the obvious things:
    1. check the path (it’s ok)
    2. check the privileges (they are 644)
    3. use full path to the .pcf files
    4. try removing the .pcf extension

    Nothing changes the error message. I get “The profile specified could not be read” both when I use a real file name, and when I use a non-existing filename. So perhaps vpnclient looks in the wrong directory, despite what it prints out…?

  • http://www.whereshouldirent.com emailandthings

    You know I tried everything you said, but it didn’t work

    ultimately I ended up following this instructions

    https://help.ubuntu.com/community/VPNClient

    works great! wireless + Cisco

  • http://www.mmtoscano.com Mike

    I had the same issue mustali reported:

    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    I tried several things that did not work. in the end, all I had to do was reboot. Hopefully this tip saves others some time and headaches.

    Mike

  • doug

    worked great the first time for me

  • Pavan

    These posts have been a treasure. They have been really lifesavers :).

  • Ian Trump

    I’m so close I can taste it.

    Any ideas what I’m doing wrong?

    Ian

    morgoth@morgoth-laptop:~$ sudo vpnclient connect RHACM
    Password:
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Fri Aug 31 00:55:27 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Could not attach to driver. Is kernel module loaded?
    The application was unable to communicate with the VPN sub-system.
    morgoth@morgoth-laptop:~$

  • http://rhaleblian.wordpress.com plateofshrimp

    having had compilation problems under Fedora, i tried out vpnc as an alternative and it worked after decoding what .vcf parameters fit where and decoding my encoded group password. just an fyi to those who run into a brick wall with vpnclient.

  • Courtney

    Thanks for all the information on this blog entry and the comments. I was getting the dreaded:

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.

    I am only connected via wifi, so I ran “sudo ifdown eth0″ and now I can connect.

  • Diogo

    I am getting this:

    In order to build the VPN kernel module, you must have the
    kernel headers for the version of the kernel you are running.

    For RedHat 6.x users these files are installed in /usr/src/linux by default
    For RedHat 7.x users these files are installed in /usr/src/linux-2.4 by default
    For Suse 7.3 users these files are installed in /usr/src/linux-2.4.10.SuSE by default

    Directory containing linux kernel source code []

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.20-16-generic/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “” will be used to build the module.

    Is the above correct [y]

    Making module
    ./driver_build.sh
    Cisco Systems VPN Client Version BUILDVER_STRING
    Copyright (C) 1998-2001 Cisco Systems, Inc. All Rights Reserved.

    usage:
    ./driver_build.sh ‘kernel_src_dir’

    ‘kernel_src_dir’ is the directory containing the linux kernel sour
    ce

    Failed to make module “cisco_ipsec.ko”.

    How do I fix that???

    thx, your help is appreciated! :)

  • Pekka Lehtikoski

    Hi,
    Cisco is still having hard times with keeping up with continuous changes to Linux kernel. Patch vpnclient-linux-2.6.22.diff works fine for vpnclient-linux-4.8.00.0490-k9.tar.gz with 32 bit Linux kernel 2.6.22.

    Anyhow on 64 bit linux, the vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz compiles and starts fine with same patch (tried on Ubantu 7.04 and openSUSE 10.3), but locks up the system about after hour of use (time seems to depend on amount of data traffic. System will need hard reset.
    vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz on 64 bit linux: Ubantu 7.04 behaves as previous version with the patch, but on openSUSE 10.3 this will not even compile.

    I ended up using VPNC. It seems to run fine, but was a hell to get working (only because I could not find documentation, It really works fine after I figured it out). openSUSE 10.3 KDE: Install vpnc and Kvpnc (graphic user interface) RPM packages by YAST. Kvncp will appear in [Start][Applications][New Applications]. Convert your Cisco configuration file using Kvpnc. When you log in type in both Group password and your real one (PIN + SecureID). This would need documentation.

    Underlying reason for these problems is not Cisco, but changes in data structures in skbuf.h kernel file. I would propose Cisco to do one of following:
    - Give the kernel part of the Linux Cisco VPN client an open source compliant license. This would move the headache of keeping up with ever changing kernels to distro makers.
    - Alternatively support and sponsor development of VPNC, so that it will be fully functional Cisco client. Then it would be no need to maintain Linux versions of the official Cisco client.
    - Alternatively again. Separate Cisco VPN client from Kernel, there should be lot less upkeep.

    Best regards,
    Pekka Lehtikoski

  • renato

    Dear All,

    I had the same thing as Felix (Aug 26th, 2007), namely
    I had to disable the wireless otherwise cisco VPN would
    not work.

    THANK YOU!!!

  • MillardB

    Thanks and Job well done.

  • Pingback: PattonCentral » Cisco VPN under Ubuntu 6.0

  • Dave

    Tried using the updated Cisco Client from 10/4/2007. Built it, installed it, but keep getting the infamous “Failed to establish a TCP connection” error :(.

  • http://www.fadalti.com Aldo

    Nice page!
    Continue sharing knowledge

    aldo

  • Jonathan

    Hi,

    Everything works fine, except that he is asking me for the group name and group password. I give him the right decoded one, but he always gives the error

    Initialiying the VPN connection
    Secure VPN Connection terminated locally by the Client
    Reason: Bad Parameter.
    There are no new notification messages at this time

    I thought he should read the Group name and password from my pcf – file?

    Thanks for help,
    Jonathan

  • Jonathan

    Ok, it seemed that the .pcf file changed while rebooting. It was nearly blank, besides

    [main]
    Groupname= (blank)
    password= (blank).

    I copied the right information into it. But when I now start the connection it just shows

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the client
    Reason: Failed to establish a VPN connection.

    Ok, now I don’t know what to do anymore…

  • Henrik

    Excellent how-to. With the last update from cisco everything worked as a charm. Thanks!

  • Jonathan

    ok, now it works. i just didn’t know how to put the wired connection off, for anyone who is as silly as i am and using wireless, just add in your terminal:

    sudo ifconfig eth0 down

    it works now. i am so happy. thanks for this tutorial.

  • Jonathan

    Hi,

    i have another problem now. My wireless connection at home doesnt work (no vpn). The connection is established, but when i open the browser firefox, no site is shown. it just happened after configuring the cisco vpn connection, i did nothing else, so i am sure it has something to do with it. anyone had the same problem? is it maybe because of:

    sudo chmod 644 /etc/opt/cisco-vpnclient/Profiles/*.pcf

    jonathan

  • dailer

    I was just trying the new Cisco Client from 10/4/2007 and I get …

    Making module
    make -C /lib/modules/2.6.20-16-386/build SUBDIRS=/home/dsailer/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.20-16-386'
    Building modules, stage 2.
    MODPOST 0 modules
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.20-16-386′
    Failed to make module “cisco_ipsec.ko”.

  • Ron

    I can’t compile, I get these errors… any ideas:

    Making module
    make -C /lib/modules/2.6.22-14-generic/build SUBDIRS=/home/ronb/Programs/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.22-14-generic'
    make[2]: *** No rule to make target
    /home/ronb/Programs/vpnclient/libdriver64.so’, needed by /home/ronb/Programs/vpnclient/cisco_ipsec.o'. Stop.
    make[1]: *** [_module_/home/ronb/Programs/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.22-14-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

  • dailer

    isn’t there something in earlier comments about not using generic headers?

  • Yeppi

    Error:

    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Sun Sep 23 19:50:39 UTC 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    The profile specified could not be read.

    Profile is in both /etc/opt/cisco-vpnclient and /etc/opt/cisco-vpnclient with 777 permission

    In windows enviroment this profile works…
    Any suggestions
    Thanks a lot
    Best Regards

  • Ron

    Yeppi:

    put a copy of your profile in: /etc/opt/cisco-vpnclient/Profiles

  • Yeppi

    Hey Ron,

    Sorry I made a copy-paste error. the situation is:

    Profile is in both /etc/opt/cisco-vpnclient and /etc/opt/cisco-vpnclient/Profiles with 777 permission

    Also with sample.pcf same error…

    Thanks

  • Eric

    Just wanted to say thanks, the chmod 4111 on cvpnd did the trick for me. You saved a drive into work!!

  • dailer

    please, can anyone take a look at my oct 22 post? Poor me has to do much of my development on windows till I get this working.

  • Pingback: Minformix Blog

  • ike

    Pekka Lehtikoski’s comments at Oct 2nd, 2007 at 7:24 pm pretty much sum up my experience with the cisco client. It works intermittantly, I have no idea why its not working, or when it does what I have done to make it work.

    I will try VPNC, it couldn’t be worse that the Cisco client.

    cheers,

    Kane

  • Nate

    Hey everyone,

    I haven’t read all the comments, but I just wanted to post and say thanks for the article. It got everything going for me on Ubuntu 7.10.

    I did have one issue, which is nearly the same as Matt pointed out on June 4th above. I had received the error message:

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    I use my wireless connection (whereas Matt used ethernet), and I had to disable eth0 in order to get it to connect.

  • Pingback: {Li C Zhao} » Blog Archive » Setting up Cisco VPN Client on Ubuntu

  • Skender

    Thanks for the tutorial in installing VPN. It worked flawlessly. I would only add that with Ubuntu 7.04 the VPN initialization script doesn’t run automatically on boot (despite its claim). Therefore you get the “Could not attach to driver. Is kernel module loaded?”
    when trying to connect with VPN. You could either run “/etc/init.d/vpnclient_init start” every time when connecting or run ONCE
    “sudo ln -s /etc/init.d/vpnclient_init /etc/rc2.d/S85vpnclient_init”. In essence you are creating a symbolic link in run level 2, which is the default level in Ubuntu. VPN installation incorrectly assumes that level 3 or 5 are the default ones – hence the hickup in loading the kernel automatically on reboot.

  • http://km33.com kutch

    Hi Guys,

    I was reading this site and doing exactly from the first instruction but seems I got strange error. here is the error;


    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.22-14-generic #1 SMP Sun Oct 14 23:05:12 GMT 2007 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Enter a group password:
    Initializing the VPN connection.
    bind: Address already in use
    bind: dst addr 0.0.0.0 port 500
    bind: Illegal seek
    bind: Address already in use
    bind: dst addr 0.0.0.0 port 500
    bind: Address already in use
    bind: Address already in use
    bind: dst addr 0.0.0.0 port 500
    bind: Address already in use
    bind: Address already in use
    bind: dst addr 0.0.0.0 port 500
    bind: Address already in use
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    Any idea with the port 500? it is very strange.

    My setup is Kubuntu 7.10 I run the network under wireless and using KNetworkManager

    Any tips?

    Regards,

    Kutch

  • tuomas

    thanks mate! saved my morning.

  • Sachin

    Hi,

    This article was really a great help. I got my Cisco vpn client working on Ubuntu 7.10 Gutsy Gibbon box on Dell D620 laptop.

    I did notice though that my local LAN Connection is disabled even though I have set the flag for it to be enabled in my .pcf file

    Here is the response I get back (masked ip addresses for security reasons)

    Initializing the VPN connection.
    Contacting the gateway at xx.xx.xx.xxx
    Authenticating user.
    Negotiating security policies.
    Securing communication channel.

    Your VPN connection is secure.

    VPN tunnel information.
    Client address: xx.xx.xx.xxx
    Server address: xx.xx.xx.xxx
    Encryption: 168-bit 3-DES
    Authentication: HMAC-MD5
    IP Compression: None
    NAT passthrough is inactive
    Local LAN Access is disabled

    I know that even when I connect to my company vpn in windows I have the same problem where I cannot access internal website and local LAN. I can however browse and access external websites. Any idea why this would happen. Any help in this regard is appreciated.

    Thanks once again for a great tutorial!!

    Sachin

  • http://www.lathahr.com john

    This Problem is in Ubuntu 6.10 , How to solve this ..

    sudo ./vpn_install
    Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

    By installing this product you agree that you have read the
    license.txt file (The VPN Client license) and will comply with
    its terms.

    Directory where binaries will be installed [/usr/local/bin]

    Automatically start the VPN service at boot time [yes]

    In order to build the VPN kernel module, you must have the
    kernel headers for the version of the kernel you are running.

    For RedHat 6.x users these files are installed in /usr/src/linux by default
    For RedHat 7.x users these files are installed in /usr/src/linux-2.4 by default
    For Suse 7.3 users these files are installed in /usr/src/linux-2.4.10.SuSE by default

    Directory containing linux kernel source code []kernel_src_dir
    Directory “kernel_src_dir” doesn’t exist

    Directory containing linux kernel source code []“kernel_src_dir”
    Directory “”kernel_src_dir”” doesn’t exist

    Directory containing linux kernel source code []

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.15-28-386/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “” will be used to build the module.

    Is the above correct [y]

    Making module
    ./driver_build.sh
    Cisco Systems VPN Client Version BUILDVER_STRING
    Copyright (C) 1998-2001 Cisco Systems, Inc. All Rights Reserved.

    usage:
    ./driver_build.sh ‘kernel_src_dir’

    ‘kernel_src_dir’ is the directory containing the linux kernel sour
    ce

    Failed to make module “cisco_ipsec.ko”.
    spark@Opensourcedev1:~/vpnclient$ sudo ./vpn_install
    Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

    By installing this product you agree that you have read the
    license.txt file (The VPN Client license) and will comply with
    its terms.

    Directory where binaries will be installed [/usr/local/bin]

    Automatically start the VPN service at boot time [yes]no

    In order to build the VPN kernel module, you must have the
    kernel headers for the version of the kernel you are running.

    For RedHat 6.x users these files are installed in /usr/src/linux by default
    For RedHat 7.x users these files are installed in /usr/src/linux-2.4 by default
    For Suse 7.3 users these files are installed in /usr/src/linux-2.4.10.SuSE by default

    Directory containing linux kernel source code []

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.15-28-386/CiscoVPN”.
    * The VPN service will *NOT* be started automatically at boot time.
    * Kernel source from “” will be used to build the module.

    Is the above correct [y]

    Making module
    ./driver_build.sh
    Cisco Systems VPN Client Version BUILDVER_STRING
    Copyright (C) 1998-2001 Cisco Systems, Inc. All Rights Reserved.

    usage:
    ./driver_build.sh ‘kernel_src_dir’

    ‘kernel_src_dir’ is the directory containing the linux kernel sour
    ce

    Failed to make module “cisco_ipsec.ko”.

  • http://www.soyle.net chat

    Thanks once again for a great tutorial!!

  • Pingback: HillBlues » Blog Archive » links for 2008-01-04

  • Alexei Colin

    Thank you for those who posted about disabling the unused connection! It worked well. who would’ve known…

  • Pingback: Install Cisco VPN on Ubuntu

  • Pluto

    ————————-
    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.
    ————————-
    if u got this error,u can try this:
    use network-admin to check out whether there are multi adapters enabled.
    And to disable that u do not use currently,left only one enabled.Then try
    connect vpn client again.

    reference http://ubuntuforums.org/archive/index.php/t-365676.html

  • http://www.guzelhikayeler.net güzel sözler

    Thanks

  • Mrojas

    Worked like a charm for me, thank you very much.

  • http://www.tamdost.com guzel mesajlar

    thxxxx

  • http://ivan-sanchez-nieves.neurona.com/ Ivan Sanchez

    Hi…

    Nice tutorial…

    Ivan

    FLISOL (Festival Latinoamericano de Instalación de Software Libre)
    En simultanea Sábado 26 de Abril 2008
    http://flisol.info/FLISOL2008/Colombia

  • mrkagey

    Newbie here. I have read through all the options here a couple times but i am still stuck. I am running ubunto 7.10.
    first, with the cisco vpn, this is the error i cannot get past:

    sudo /etc/init.d/vpnclient_init start
    [sudo] password for xxxxxx:
    Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting ‘/lib/modules/2.6.22-14-server/CiscoVPN/cisco_ipsec.ko’: -1 Invalid module format
    Failed (insmod)

    Secondly, when trying the alternative vpn, vpnc, i attempted:

    pcf2vpnc ciscoprofile.pcf > ciscoprofile.conf

    but this is what i get:
    linux:~$ pcf2vpnc xxxx.pcf > xxxx.conf
    bash: pcf2vpnc: command not found

    I feel as if i am missing something very obvious for either option.

    any help would be greatly appreciated.

    -mrkagey

  • hari

    Hi,
    I was able to install the vpn client on an rhel3 m/c but when i tried to connect it to our office network its saying
    “Cisco Systems VPN Client Version 4.8.01 (0640)
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:28:55 EDT 2005 i686
    Config file directory: /etc/opt/cisco-vpnclient

    The profile specified could not be read.”

    Can any one help me please,
    Regards,
    Hari

  • http://www.resimlere.org resimler

    thankss

  • http://... jr82

    Great tutorial.

    I am a complete newbie with unixubuntu and amazingly got the vpn connection right. Great for working from home :P

    Now. How do I close the VPN session?? lol. I’m serious btw ^^

  • http://longren.org Tyler

    jr82: To disconnect, just hit +c in the terminal window where you ran the “sudo vpnclient” command.

  • Jaap Bont

    Hello

    After reading all above I still can’t get it to work. I get the following message:

    x@pc001:~$ vpnclient connect xxxxx.pcf
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.22-14-generic #1 SMP Tue Feb 12 07:42:25 UTC 2008 i686
    Config file directory: /etc/opt/cisco-vpnclient

    privsep: unable to drop privileges: group set failed.
    The application was unable to communicate with the VPN sub-system.
    x@pc001:~$ sudo /etc/init.d/vpnclient_init start
    [sudo] password for x:
    Starting /opt/cisco-vpnclient/bin/vpnclient: Done
    x@pc001:~$ vpnclient connect xxxxx.pcf
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.22-14-generic #1 SMP Tue Feb 12 07:42:25 UTC 2008 i686
    Config file directory: /etc/opt/cisco-vpnclient

    privsep: unable to drop privileges: group set failed.
    The application was unable to communicate with the VPN sub-system.
    x@pc001:~$

    What can I do next?

  • Jaap Bont

    Extra info:

    Feb 22 12:22:21 keetpc001 pppd[5245]: Using interface ppp0
    Feb 22 12:22:21 keetpc001 pppd[5245]: Connect: ppp0 /dev/ttyACM0
    Feb 22 12:22:24 keetpc001 pppd[5245]: PAP authentication succeeded
    Feb 22 12:22:24 keetpc001 kernel: [ 110.532000] PPP BSD Compression module registered
    Feb 22 12:22:24 keetpc001 kernel: [ 110.808000] PPP Deflate Compression module registered
    Feb 22 12:22:25 keetpc001 pppd[5245]: Cannot determine ethernet address for proxy ARP
    Feb 22 12:22:25 keetpc001 pppd[5245]: local IP address 77.62.53.78
    Feb 22 12:22:25 keetpc001 pppd[5245]: remote IP address 10.6.6.6
    Feb 22 12:22:25 keetpc001 pppd[5245]: primary DNS address 62.133.126.28
    Feb 22 12:22:25 keetpc001 pppd[5245]: secondary DNS address 62.133.126.29

  • bo

    Hi I was getting this error
    Running on: Linux 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:28:55 EDT 2005 i686
    Config file directory: /etc/opt/cisco-vpnclient

    The profile specified could not be read.”

    I retried without using .pcf externsion and it worked.
    i.e.

    use
    sudo vpnclient connect ABC
    instead of
    sudo vpnclient connect ABC.pcf

  • http://www.jeffyamada.com Jeff Yamada

    Thanks you! Thanks you! Thank you!

  • http://N/A Dom

    I try to install on Suse’s istributor ID: SUSE LINUX
    Description: openSUSE 10.3 (X86-64)
    kernel: 2.6.22.5-31

    I use the patch vpnclient-linux-2.6.22.diff , like one person said.
    and I still got this error, any idea:

    Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.22.5-31-default/CiscoVPN”.
    * The VPN service will *NOT* be started automatically at boot time.
    * Kernel source from “/usr/src/linux-2.6.22.5-31″ will be used to build the module.

    Is the above correct [y]

    Making module
    make -C /usr/src/linux-2.6.22.5-31 SUBDIRS=/home/dominica/vpnclient modules
    make[1]: Entering directory /usr/src/linux-2.6.22.5-31'

    WARNING: Symbol version dump /usr/src/linux-2.6.22.5-31/Module.symvers
    is missing; modules will have no dependencies and modversions.

    Building modules, stage 2.
    MODPOST 0 modules
    make[1]: Leaving directory
    /usr/src/linux-2.6.22.5-31′
    Failed to make module “cisco_ipsec.ko”.

  • karen

    hi mate

    all goes well until i enter sudo ./vpn_install

    it then tells me “no such file or directory”…help?

  • http://www.mikeskramstad.com michael skramstad

    I was having the same problem that many here have raised, regarding the error message below.

    Config file directory: /etc/opt/cisco-vpnclient

    The profile specified could not be read.

    Bo’s solution to execute

    $vpnclient connect MyPCF

    without the .pcf extension did the trick.

    Thank you Tyler.

    -mike

  • rach

    Thank you for the instructions and links to patches!
    4.8.01 (0640) client now works well on my Gusty 64 bit.

  • Luis Martin

    Dear friends

    I have installed de vpnclient from cisco in my desktop (linux 2.6-24) and it’s running very well.

    When I established a connection with my work centre, the client ask me this question:

    do you wish to continue?

    And I have to answer it.

    That’s problem for my since I want make a script for to connect at my work centre when the pc reboot without any intervention by my part and I don’t know how I can do it.

    Please if somebody could help my, I will be very gratefull.

    Thanks a lot

    Luis Martin

  • http://www.resimsakla.com Komik Resimler

    Just wanted to say THANKS!! I’ve been trying to get this to work for 3 days now, and the directions you published worked perfectly!

  • spor

    thanks great site

  • http://www.bakimliyiz.com örgü

    thnks

  • http://www.damak.net oktay usta

    I am a complete newbie with unixubuntu and amazingly got the vpn connection right.

  • http://www.limewiretr.com limewire

    Thanks a lot.

  • jb

    I have 2 feisty systems. On one I was able to succesfully connect to my work server. On the other I was able to install the vpn client without a problem but when I connected using the same profile I lost dns connection on my system.

    The moment I disconnected everything was OK again. Any ideas?

    JB

  • http://www.sektorburada.com Firmalar

    The moment I disconnected everything was OK again. Any ideas?

  • Greg

    Thanks a lot for all the support given by this blog. It is very helpful.

    I have the following problem with my Cisco vpnclient : I can succeed in connecting to my VPN :

    root@laptop:~# vpnclient connect myVPN
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.20-16-generic #2 SMP Tue Feb 12 05:41:34 UTC 2008 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Enter Certificate password:
    Initializing the VPN connection.
    Contacting the gateway at XXX.XXX.XXX.XXX
    User Authentication for myVPN…

    Enter Username and Password.

    Username [greg]:
    Password []:
    Authenticating user.
    Negotiating security policies.
    Securing communication channel.

    Welcome Software Client Users!
    Do you wish to continue? (y/n): y

    Your VPN connection is secure.

    VPN tunnel information.
    Client address: XXX.XXX.XXX.XXX
    Server address: YYY.YYY.YYY.YYY
    Encryption: 168-bit 3-DES
    Authentication: HMAC-SHA
    IP Compression: None
    NAT passthrough is inactive
    Local LAN Access is disabled

    But once connected, I have NO traffic at all across my tunnel : I cannot browse any website, I cannot ping any of the systems I should have access to, nor connect to my mail server.

    I have played around with the MTU but I had no success.

    Does anyone have had the same problem ? Is there a fix ?

    Thanks,
    Greg

  • http://longren.org Tyler

    Hi Greg, make sure you have the firewall on your local machine turned off when connecting to the VPN. Having mine on causes problems like this sometimes.

  • Greg

    Thanks Tyler,

    but this is not the case. I have no firewall running on my laptop. And my colleagues (under MS Windows) are using the same ADSL line and succeed in connecting to our VPN (therefore it is not a proxy issue).

    I am stucked :-(

    Thanks,
    Greg

  • Greg

    All,

    for those of you who might be interested : I solved my problem by modifying my .pcf file :

    I simply changed
    EnableNat=0
    by
    EnableNat=1

    and it solved the problem.

    HIH,
    Greg

  • http://longren.org Tyler

    Thanks for letting us know how you got it working Greg!

  • Graham

    If your VPN Client is behind a NATing firewall then try adding the following two options to your /etc/vpnc/default.conf (or other) config file:

    NAT Traversal Mode cisco-udp
    Cisco UDP Encapsulation Port 0

    It worked for me when previously I got a VPN connection which passed no traffic. Now I’m using UDP NAT-T it works a treat!

    • http://www.spiration.co.uk/post/1293/ cisco vpn

      Sometimes you need to go a step further in setting up vpnc on a linux box – and decrypt a group secret from within a cisco pcf file. There is an example under http://www.spiration.co.uk/post/1293/ which shows how to compile and use the cisco-decrypt.c utility. I have used this approach in the past when taking corporate vpn profiles, where you don’t necessarily know the plaintext group secret.

  • http://www.stmarytx.edu Maryjane

    Worked like a charm …first time …Ubuntu 7.10!
    The last I tried I got bogged down and gave up… Thanks!

  • LPW

    THANK YOU !! I have been trying to do this for quite some time, and today you just helped me make a gigantic leap away from M$ for good! Now if I can only convince the wife ;)

  • http://www.chat.gen.tr Chat

    wery nice thanks

  • http://www.assosadonis.com assos

    nice thank you

  • http://www.resimden.com resimler

    well good post dude! I liked it quite much. it helped me save hard work and time. therefore thanks quite a lot.

  • http://www.rapsotek.com rap

    thanks for the good post!

  • jul

    thanks for the tips.
    I’ve still got a problem, though: when I’m connected to the VPN I loose my internet connection. “EnableLocalLAN=1″ in my *.pcf file does not work

    Same problem using vpnc :(

  • http://www.portakal.tv müzik dinle

    oh its just waht I need guys!

  • http://vpnprivacy.com/vpn-service.html vpn service

    “Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.

    I am only connected via wifi, so I ran “sudo ifdown eth0″ and now I can connect.” – have a same thing :(

  • jay

    Thanks for the nice article and very helpful posts. I was able to get the cisco vpn client installed. (after applying the patch). However I am not able to connect. I get the following messages that several others reported:

    Initializing the VPN connection.
    Contacting the gateway at ******
    Contacting the gateway at ******
    Contacting the gateway at ******
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    After looking at the other posts, I tried to disable the ethernet interface.

    >> sudo ifdown eth0
    I get the following output:
    ifdown: interface eth0 not configured

    I am not able to get past this. Please help.

    PS: I am linux newbe. I am establish a wireless connection. I have bluetooth adapter installed too. Could that be the cause of this problem? If yes, how can I disable it?

  • jay

    Sorry, it was a problem with the certificate. The tutorial rocks!!!

  • http://www.yurtchat.net sohbet

    thankyou

  • yusuf

    i had this client working flawlessly on ubuntu 7.10. i think i made a bad mistake upgrading to ubuntu 8.04 because i can not recompile the source under the new libs.

    please take a look at this snippet & let me know what you think:

    Directory containing linux kernel source code [/lib/modules/2.6.24-16-generic/build]

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.24-16-generic/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “/lib/modules/2.6.24-16-generic/build” will be used to build the module.

    Is the above correct [y]

    Shutting down /opt/cisco-vpnclient/bin/vpnclient: module cisco_ipsec is not running.
    Stopped: /etc/init.d/vpnclient_init (VPN init script)
    Making module
    make -C /lib/modules/2.6.24-16-generic/build SUBDIRS=/home/yusufg/vpn/distro/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.24-16-generic'
    scripts/Makefile.build:46: *** CFLAGS was changed in "/home/yusufg/vpn/distro/vpnclient/Makefile". Fix it to use EXTRA_CFLAGS. Stop.
    make[1]: *** [_module_/home/yusufg/vpn/distro/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.24-16-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    tia,
    -y

  • http://swaroop.in Swaroop

    I have tried all the above steps, But similar to others i am getting the error
    Initializing the VPN connection.
    Contacting the gateway at x.x.x.x
    Contacting the gateway at x.x.x.x
    Contacting the gateway at x.x.x.x
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.

    Its trying for 3 servers. I have even enable the outgoing port for iptables. Still doesn’t work

    Then i tried the vpnc client it did import the .pcf file successfully but when i connect it asks me first the user name/password which i enter and then it asks me for the password to open the certificate. My vpn profiles come with another folder “Certificates” with a couple of files.

    I was not given any certificate password by the IT dept. Using the same password for the user name/password doesn’t help either.

    Any help would be nice :)

  • http://www.omarsamad.com Omar Samad

    HI, i followed directions for 8.04 and installed successfully, now im having an issue with computer crashing after about 10-15 min of use of vpn connect + rdesktop.

    anyone else experiencing this issue?

  • http://www.akenna.net chat

    tenkssss

  • Varghese John

    I Updated my Ubuntu 6.10 to 7.04 and the VPN is Not connecting ,

    How can i solve this

    Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting ‘/lib/modules/2.6.20-15-generic/CiscoVPN/cisco_ipsec.ko’: -1 Invalid module format
    Failed (insmod)
    john@john-desktop:/etc/opt/cisco-vpnclient/Profiles$

    Regards
    Varghese John
    Chennai

  • http://www.resimcim.net Resim

    Thanks much!

  • http://www.meleklermekani.com/diyet-saglikli-beslenme/ diyet

    Thanks good. I like it.

  • http://www.plustc.net/ Plus Tc

    Oh thnak man..

  • Mz

    Nice shoot guys .. it fix the problem.
    i’ll try the vpnc for now.
    cheers

  • UbuntuHappy

    Yusuf,
    Did you ever get Hardy working? I am running 64-bit Hardy and can not get the client loaded. Same error as you show above..

  • yusuf

    UbuntuHappy -

    thanks for asking. as a matter of fact, i was working on this problem when i saw your comment.

    i am able to compile after following the instructions on this page: http://forum.tuxx-home.at/viewtopic.php?f=15&t=543. i’m up to lib modules 2.6.24-19-generic.

    now i can not establish a connection and receive this error on start up:

    Cisco Systems VPN Client Version 4.8.01 (0640)
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.24-19-generic #1 SMP Wed Jun 4 15:10:52 UTC 2008 x86_64
    Config file directory: /etc/opt/cisco-vpnclient

    WARNING:
    Using the “pwd” option may allow other users
    on this computer to see your password.

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    lsmod does show the ‘cisco_ipsec’ module has loaded.

    i’m pretty much at a dead end. i’m not sure if there are any logs to review and the web has been clueless.

    any help from anyone would be useful.

    regards to all!

  • vedanta

    make[1]: Entering directory /usr/src/linux-headers-2.6.24-16-generic'
    CC [M] /home/rahuld/vpnclient/linuxcniapi.o
    In file included from /home/rahuld/vpnclient/Cniapi.h:15,
    from /home/rahuld/vpnclient/linuxcniapi.c:30:
    /home/rahuld/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
    make[2]: *** [/home/rahuld/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/rahuld/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.24-16-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

  • vedanta

    Hi,
    I get following error when I try to install vpn
    make[1]: Entering directory /usr/src/linux-headers-2.6.24-16-generic'
    CC [M] /home/rahuld/vpnclient/linuxcniapi.o
    In file included from /home/rahuld/vpnclient/Cniapi.h:15,
    from /home/rahuld/vpnclient/linuxcniapi.c:30:
    /home/rahuld/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
    make[2]: *** [/home/rahuld/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/rahuld/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.24-16-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

  • http://www.douglas.tw/ Douglas Liu

    Vedanta.

    If you’re using ubuntu 8.04 64bit version.
    you need to patch vpnclient-linux-2.6.24-final.diff in addition to this, cisco_skbuff_offset.patch.

    this is an implied procedure for 64 bit system, though not clearly mentioned in the official blog. Anyway, this solves my problem.

    regards

  • peter

    for those of you having build problems like

    /usr/src/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here

    See this link. You need a patch.
    http://www.lamnk.com/blog/vpn/with-kernel-2624-you-will-need-a-patch-to-install-cisco-vpn-client/

  • peter

    If you have build problems like Tom above – he gets stuff like this

    Making module
    make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/tmloos/programs/cisco vpn client/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.20-16-generic’
    make[1]: *** No rule to make target
    vpn’. Stop.
    make[1]: Leaving directory /usr/src/linux-headers-2.6.20-16-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.
    tmloos@frogger:~/programs/cisco vpn client/vpnclient$
    tmloos@frogger:~/programs/cisco vpn client/vpnclient$ *** No rule to make target
    vpn’. Stop.

    Then you need a patch.
    Go to this link
    http://www.lamnk.com/blog/vpn/with-kernel-2624-you-will-need-a-patch-to-install-cisco-vpn-client/

  • Thomas

    Nope.

    I have 2.6.24.19

    downloaded and untared vpnclient-linux-4.8.00.0490-k9.tar.gz

    ran patch <../vpnclient-linux-2.6.24.diff
    and I get:
    patching file GenDefs.h
    patching file interceptor.c
    Hunk #1 succeeded at 24 (offset -4 lines).
    Hunk #2 succeeded at 75 (offset -4 lines).
    Hunk #3 FAILED at 134.
    Hunk #4 succeeded at 150 (offset -23 lines).
    Hunk #5 succeeded at 321 (offset -23 lines).
    Hunk #6 FAILED at 388.
    Hunk #7 succeeded at 887 (offset -86 lines).
    Hunk #8 succeeded at 929 (offset -86 lines).
    2 out of 8 hunks FAILED — saving rejects to file interceptor.c.rej

    tried running vpn_install anyway, and I get:
    make -C /usr/src/linux-headers-2.6.24-19-generic/ SUBDIRS=/home/thomas/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.24-19-generic'
    CC [M] /home/thomas/vpnclient/linuxcniapi.o
    /home/thomas/vpnclient/linuxcniapi.c:12:26: error: linux/config.h: No such file or directory
    /home/thomas/vpnclient/linuxcniapi.c: In function ‘CniInjectReceive’:
    /home/thomas/vpnclient/linuxcniapi.c:297: error: implicit declaration of function ‘skb_set_timestamp’
    /home/thomas/vpnclient/linuxcniapi.c:331: error: ‘struct sk_buff’ has no member named ‘nh’
    /home/thomas/vpnclient/linuxcniapi.c:332: error: ‘struct sk_buff’ has no member named ‘mac’
    /home/thomas/vpnclient/linuxcniapi.c: In function ‘CniInjectSend’:
    /home/thomas/vpnclient/linuxcniapi.c:454: error: ‘struct sk_buff’ has no member named ‘mac’
    /home/thomas/vpnclient/linuxcniapi.c:455: error: ‘struct sk_buff’ has no member named ‘nh’
    /home/thomas/vpnclient/linuxcniapi.c:458: error: ‘struct sk_buff’ has no member named ‘h’
    /home/thomas/vpnclient/linuxcniapi.c:458: error: ‘struct sk_buff’ has no member named ‘nh’
    make[2]: *** [/home/thomas/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/thomas/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.24-19-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    The 4.8.01 release is for 64 usage only, isn’t it?

  • Pingback: VPNC alternativa Cisco VPN Clienta | ernie.cz

  • http://www.sygrup.com webtasarım

    thanks for info… GOOOD.

  • Oleg L

    Cisco recently released the new VPN Client that does not require patch and works under latest kernel. I have Ubuntu Hardy 8.04 and after installing the new client it works well.
    1. Download the new client from Cisco’s website. You need an account to download that file.
    http://www.cisco.com/pcgi-bin/tablebuild.pl?topic=270636499
    There is an option to register on the page.
    2. Untar the new file:
    tar xvfz vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
    3. Open the new folder:
    cd vpnclient/
    4. Run the installer:
    sudo ./vpn_install
    5. Choose all of the default options.
    6. Installation creates a service that will start upon reboot. The first time it needs to be started manually :
    /etc/init.d/vpnclient_init start
    7. Copy the .pcf profile file to:
    /etc/opt/cisco-vpnclient/profiles
    8. Connect to VPN from terminal window:
    vpnclient connect “your profile name”

    Following the instructions above worked for me perfectly and only took a couple of minutes. Good luck !

  • Faraz Hussain

    I followed all the instructions for the patch here and the installations seems to have been done without problems. But I get the following message when trying to connect:

    faraz@hussain-machine:/etc/opt/cisco-vpnclient/Profiles$ sudo vpnclient connect ucf
    Cisco Systems VPN Client Version 4.8.01 (0640)
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.24-19-generic #1 SMP Fri Jul 11 23:41:49 UTC 2008 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Initializing the VPN connection.
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a VPN connection.
    There are no new notification messages at this time.

    Any ideas?

    Thanks.

  • Pingback: I love Ubuntu 8.04 - it just works! (plus, notes on Cisco VPN install) « Community in the Age of Constraints

  • http://www.TutkuSohbet.net TutkuSohbet

    Chat

  • http://ubuntuforums.org/showthread.php?p=5725544&posted=1#post5725544 cesar_spain

    I have just written a VPN installation script. It worked fine for me.

    http://ubuntuforums.org/showthread.php?p=5725544&posted=1#post5725544

  • http://www.izlekop.com reklamlar

    To disconnect, just hit +c in the terminal window where you ran the “sudo vpnclient” command.

  • rev. dr.

    # apt-get install network-manager-vpnc

    Network Manager -> VPN Connections -> Configure VPN

    Point and click your way to productivity.

  • rev. dr.

    of course, I’m using intrepid. upgrade already, noobs :)

  • Climey

    I’ve successfully installed Cisco VPN on my 64-bit machine running Ubuntu. I have the latest version of VPN (4.8.02). The patch was obtained from http://birdman.dynalias.org/CiscoVPN.

    When I try to run it (e.g. sudo vpnclient connect myVPN, or just sudo vpnclient) I get a /usr/local/bin/vpnclient: No such file or directory. However, /usr/local/bin/vpnclient contains a link to /opt/cisco-vpnclient/bin/vpnclient. And this also exists. It seems as if something simple is not correct. ANy suggestions?

  • George

    I’ve been trying to get a GUI app to work with this client, tried a few of them, does anyone use one, if please explain how to configure it. I’d like to use network manager if possible (running Hardy). Thanks in advance.

  • Rev. Dr.

    I’ve been told that Hardy has the built-in GUI VPN stuff just like Intrepid.

    # apt-get install network-manager-vpnc

    Then just click on the network manager icon, go to VPN and configure away…

  • George

    Thanks Rev. Dr., I ended up using KVpnc instead of the network manager. I would rather use the network manager as it is very simple and part of the standard network connection menu, but i don’t have the group key for my company as it is encrypted in the .pcf file, thus can’t get it working. If there is a work around please voice it. KVpnc is easy to set up, simply import the .pcf, put add the domain name on the configuration page, and you should be good to go….

  • Rev. Dr.

    Have you tried asking your network admins for the group password? I had the same problem, and just ended up asking them. They told me without hesitation. Of course, we use unique RSA logins for each connection, so it may be different where you’re at.

  • Brad

    I was able to get the Cisco VPN client configured and installed on Ubuntu 8.10. I used this package – http://www.longren.org/downloads/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz, and applied the patch from here : http://tuxx-home.at/projects/cisco-vpnclient/vpnclient-linux-2.6.22.diff and just followed the steps above. Creating the PCF / Profile was probably the hardest part. I’d probably recommend copying a working PCF from another system first.

    It works fine from the CLI.

    I also decided to look for a GUI, so I installed the KVpnc application which uses the vpnc package. I am also able to use it, but I simply imported the working PCF file that I used above. Seems pretty nice.

    Thanks a lot!!!

  • Mimi

    I had tried installing the vpn client with or without the patch, but it just doesn’t work (see) error messages below:

    In order to build the VPN kernel module, you must have the
    kernel headers for the version of the kernel you are running.

    Directory containing linux kernel source code [/lib/modules/2.6.27-11-generic/build]

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.27-11-generic/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “/lib/modules/2.6.27-11-generic/build” will be used to build the module.

    Is the above correct [y]

    Making module
    make -C /lib/modules/2.6.27-11-generic/build SUBDIRS=/home/nightcrawler/Download/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.27-11-generic'
    CC [M] /home/nightcrawler/Download/vpnclient/linuxcniapi.o
    In file included from /home/nightcrawler/Download/vpnclient/Cniapi.h:15,
    from /home/nightcrawler/Download/vpnclient/linuxcniapi.c:31:
    /home/nightcrawler/Download/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
    make[2]: *** [/home/nightcrawler/Download/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/nightcrawler/Download/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.27-11-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    Any suggestions?

    • Oscar

      I have the same problem.

      Did you solve it?
      Do you have any suggestions?

      Thanks.

  • Jassim Raja

    Such a nice post it is :) It helped a lot! Thanks

  • http://www.mirckeyfi.net mirc

    very nice thanks

  • Pingback: mycoffee's me2DAY

  • henry

    How can I fix this error:

    Making module
    make -C /lib/modules/2.6.27-11-generic/build SUBDIRS=/home/henry/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.27-11-generic'
    CC [M] /home/henry/vpnclient/linuxcniapi.o
    In file included from /home/henry/vpnclient/Cniapi.h:15,
    from /home/henry/vpnclient/linuxcniapi.c:31:
    /home/henry/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
    make[2]: *** [/home/henry/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/henry/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.27-11-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    Thanks.

  • lor

    Upgraded to Jaunty and could not start the client, so I tried to reinstall, but failed. Here is the output:

    lori@lori-laptop:~$ tar xfv vpnclient-linux-4.8.00.0490-k9.tar.gz
    vpnclient/
    vpnclient/libvpnapi.so
    vpnclient/vpnapi.h
    vpnclient/cisco_cert_mgr
    vpnclient/vpnclient
    vpnclient/ipseclog
    vpnclient/cvpnd
    vpnclient/vpn_install
    vpnclient/vpnclient_init
    vpnclient/vpn_uninstall
    vpnclient/driver_build.sh
    vpnclient/sample.pcf
    vpnclient/vpnclient.ini
    vpnclient/license.txt
    vpnclient/license.rtf
    vpnclient/interceptor.c
    vpnclient/linuxcniapi.c
    vpnclient/linuxcniapi.h
    vpnclient/vpn_ioctl_linux.h
    vpnclient/IPSecDrvOS_linux.c
    vpnclient/linux_os.h
    vpnclient/frag.h
    vpnclient/frag.c
    vpnclient/linuxkernelapi.c
    vpnclient/GenDefs.h
    vpnclient/mtu.h
    vpnclient/IPSecDrvOSFunctions.h
    vpnclient/IPSecDrvOS_linux.h
    vpnclient/Cniapi.h
    vpnclient/unixcniapi.h
    vpnclient/unixkernelapi.h
    vpnclient/config.h
    vpnclient/libdriver.so
    vpnclient/Makefile
    lori@lori-laptop:~$ cp vpnclient-linux-2.6.22.diff vpnclient/
    lori@lori-laptop:~$ cd vpnclient/
    lori@lori-laptop:~/vpnclient$ patch < vpnclient-linux-2.6.22.diff
    patching file frag.c
    patching file interceptor.c
    patching file IPSecDrvOS_linux.c
    patching file linuxcniapi.c
    patching file linux_os.h
    lori@lori-laptop:~/vpnclient$ sudo ./vpn_install
    Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

    By installing this product you agree that you have read the
    license.txt file (The VPN Client license) and will comply with
    its terms.

    Directory where binaries will be installed [/usr/local/bin]

    Automatically start the VPN service at boot time [yes]no

    In order to build the VPN kernel module, you must have the
    kernel headers for the version of the kernel you are running.

    Directory containing linux kernel source code [/lib/modules/2.6.28-11-generic/build]

    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.28-11-generic/CiscoVPN”.
    * The VPN service will *NOT* be started automatically at boot time.
    * Kernel source from “/lib/modules/2.6.28-11-generic/build” will be used to build the module.

    Is the above correct [y]

    Making module
    make -C /lib/modules/2.6.28-11-generic/build SUBDIRS=/home/lori/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.28-11-generic'
    CC [M] /home/lori/vpnclient/linuxcniapi.o
    In file included from /home/lori/vpnclient/Cniapi.h:15,
    from /home/lori/vpnclient/linuxcniapi.c:30:
    /home/lori/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
    make[2]: *** [/home/lori/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/lori/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.28-11-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.
    lori@lori-laptop:~/vpnclient$ ls /lib/modules/2.6.28-11-generic/build
    arch drivers init lib Module.symvers security
    block firmware ipc Makefile net sound
    crypto fs Kbuild mm samples ubuntu
    Documentation include kernel modules.order scripts usr
    lori@lori-laptop:~/vpnclient$

    Luckily my vmware is working and have it installed there.

    Many thanks.

  • Elina

    Hello,
    I followed the instructions provided for 64bit Hardy Cisco VPN
    by
    http://forum.tuxx-home.at/viewtopic.php?f=15&t=543
    and the installation gave no errors but when I tryed to start the program I got the following:

    elina@FEMale:~/vpnclient$ sudo /etc/init.d/vpnclient_init start
    Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting ‘/lib/modules/2.6.22-16-generic/CiscoVPN/cisco_ipsec.ko’: -1999975736 Function not implemented
    Failed (insmod)

    And if I try to connect to VPN I have:
    elina@FEMale:~/vpnclient$ sudo vpnclient connect sample
    Cisco Systems VPN Client Version 4.8.01 (0640)
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.22-16-generic #1 SMP Sun Jan 25 23:29:15 GMT 2009 x86_64
    Config file directory: /etc/opt/cisco-vpnclient
    Could not attach to driver. Is kernel module loaded?
    The application was unable to communicate with the VPN sub-system.

    Do you know how I can solve the problem??
    thanks a lot

  • http://www.dataoutsourcingindia.com Sujit

    Nice Article, I used VPN and it’s really user friendly!!

  • http://www.girhadi.com kameralı sohbet

    thanks for the tips.
    I’ve still got a problem, though: when I’m connected to the VPN I loose my internet connection

    • Marcos Sánchez Provencio

      You may delete the default route and restore your previous default ISP route out. Then you can add your static routes:

      #after connecting
      ip route del default
      ip route add 192.168.11.0/24 dev tun0 # for each subnet you need to access in the vpn ¿can I do this with network manager?
      ip route add default via 192.168.1.1 # your gateway

  • http://www.sameeryousuf.com Sameer

    Hi, got the cisco vpn installed on my Ubuntu Karmic machine with the help of http://ilapstech.blogspot.com/2009/09/cisco-vpn-client-on-karmic-koala.html#comment-form but now when I try to connect my computer freezes and the caps lock key blinks. Have to hard shutdown. This is all over wireless, when connected through ethernet, it seems to work find. Using kernel 2.6.31-12 and cisco vpn 4.8.01.0640. Anyone else have this problem or know of a solution?

    • Oleg Frayman

      Have the same problem, have a lenovo T400 laptop… anyone knows why this is happening?

    • Mike

      The issue seems to be related to a kernel/cisco vpn issue. I get this as well on fedora 11. The vpn client worked well on ubuntu 9.04 but that has an older kernel. In my searching various forums, its definitely a kernel issue

  • http://www.chatsel.net chat

    Hi,
    I get following error when I try to install vpn
    make[1]: Entering directory /usr/src/linux-headers-2.6.24-16-generic’
    CC [M] /home/rahuld/vpnclient/linuxcniapi.o
    In file included from /home/rahuld/vpnclient/Cniapi.h:15,
    from /home/rahuld/vpnclient/linuxcniapi.c:30:
    /home/rahuld/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
    include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
    make[2]: *** [/home/rahuld/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/rahuld/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.24-16-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    • Zupiks

      I got exactly the same problem, how did you solve it?

  • http://www.idealsohbet.com Sohbet

    Worked like a charm …first time …Ubuntu 7.10!
    The last I tried I got bogged down and gave up… Thanks!

  • Pingback: links for 2009-12-04 « This is Unclassified

  • Pingback: Cisco VPN Client on BackTrack3 - Rajat Swarup's Blog

  • http://www.suspus.org hacı

    Thanks much!

  • http://www.gulumnaz.net Guzel sozler

    Worked like a charm …first time …Ubuntu 7.10!

  • jaynarayan

    I installed succesfully without any sort of troubles. Bad-luck, during vpnclient connect *.pcf command it is showing “the profile specified could not be read”. I tried various possible way like changing the permission and providing the absolute path, but no hope same error repeated.

    I show there are few post with same issue. Did any one solved it out ? Any help is great help for me. Thanks

    Jaynarayan

  • http://www.lapietradaterra.com.ar Joyeria en plata

    Sometimes you need to go a step further in setting up vpnc on a linux box – and decrypt a group secret from within a cisco pcf file.

  • http://www.suskun.net suskun

    HI, i followed directions for 8.04 and installed successfully, now im having an issue with computer crashing after about 10-15 min of use of vpn connect + rdesktop.

    anyone else experiencing this issue?

  • Loloto

    Thank you for this post, it works fine for me, but I get the following error when I try to connect. “The profile specified could not be read.”

  • Benjamin

    I am using Ubuntu 10.04 and I can’t get any of the above to work. I am at my wits end with VPN and blackberry Internet modem based access. I was going to try VNC RDP next but with all the crappy luck I’ve been having forget that; i can’t get there; i can’t secure; and I probably wont be able to RDP either. this sucks! I have tried every available blog with direction! I have resigned myself to going back to windows or pay some stranger what ever he wants an hour to just get this working.

    Search craigslist for my support add. I can’t believe I have given up.

  • Bub

    “The profile specified could not be read.” – Solution.
    Don’t use an absolute path and drop the .pcf from the profile name. Simples!

  • http://errorduringinstallstep john13867

    i tried cisco vpn client on my T510+Ubuntu 10.10, but failed during the install step with error ‘cannot find file: links/autoconf.h’. did anyone have the same problem?

    • rich

      I have the same problem with 10.10. Any fix yet?

  • Lee

    Ubuntu 10.10 amd_64

    I get the following error output using the 64 bit client/patch:

    Making module
    make -C /lib/modules/2.6.32-30-generic/build SUBDIRS=/home/user/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.32-30-generic'
    scripts/Makefile.build:49: *** CFLAGS was changed in "/home/user/vpnclient/Makefile". Fix it to use EXTRA_CFLAGS. Stop.
    make[1]: *** [_module_/home/user/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.32-30-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    Thanks in advance…

  • Naegdnra Dhakal

    I am using Ubuntu 11.04. I could install VPN client but when I went to the next step that is $ sudo /etc/init.d/vpnclient_init start, it says the command not found.
    Is there any one who had the same problem and got it solved please? If so how to solve it?

  • Naegdnra Dhakal

    I got to know that my VPN Clent installation was not complete. I got the following portion of information:
    * Binaries will be installed in “/usr/local/bin”.
    * Modules will be installed in “/lib/modules/2.6.38-8-generic/CiscoVPN”.
    * The VPN service will be started AUTOMATICALLY at boot time.
    * Kernel source from “/lib/modules/2.6.38-8-generic/build” will be used to build the module.

    Is the above correct [y]y

    Making module
    make -C /lib/modules/2.6.38-8-generic/build SUBDIRS=/home/nagendra/vpnclient modules
    make[1]: Entering directory /usr/src/linux-headers-2.6.38-8-generic'
    CC [M] /home/nagendra/vpnclient/linuxcniapi.o
    /home/nagendra/vpnclient/linuxcniapi.c:15:28: fatal error: linux/autoconf.h: No such file or directory
    compilation terminated.
    make[2]: *** [/home/nagendra/vpnclient/linuxcniapi.o] Error 1
    make[1]: *** [_module_/home/nagendra/vpnclient] Error 2
    make[1]: Leaving directory
    /usr/src/linux-headers-2.6.38-8-generic’
    make: *** [default] Error 2
    Failed to make module “cisco_ipsec.ko”.

    May you tell me how to solve it please?

  • http://www.josehelps.com Divious1

    Thanks man nice guide.

  • http://unfoldingcode.com/ Marius B.

    Btw, as a performance tip after the installation, you might also want to enable the option to only use the VPN connection for resources on its network: http://www.unfoldingcode.com/2011/08/how-to-install-cisco-vpn-client-on.html

    • http://tyler.longren.org/ Tyler

      Thanks for the tip Marius! I’ll update this post with a link to your article so more people see it.

      • http://unfoldingcode.com/ Marius B.

        Thanks for the link Tyler!
        And btw, extra thumbs up for the aspect of your blog!

  • http://www.sohbetiks.net Sohbet odalari

    I’ve still got a problem, though: when I’m connected to the VPN I loose my internet Realty..!’

  • http://www.sohbetiks.net Sohbet odalari

    I’ve still got a problem, though: when I’m connected to the VPN I loose my internet

  • Rob

    I need to read the VPN.pcf from my university to find the encrypted password, which I can then decode with a programme online (I hope). What is the command in Ubuntu to read the .pcf line by line, please?

    • http://tyler.longren.org/ Tyler

      Rob, I think I found exactly what you’re looking for:
      http://coreygilmore.com/projects/decrypt-cisco-vpn-password/

      It has details on how to find the encrypted password in the pcf and the site even has a tool to decrypt it.

      Hope it helps!

      • Rob

        Many thanks, Tyler–that was very helpful.
        I’ve now got a clear group password, but it doesn’t work!
        I wonder why.
        Rob

        • http://tyler.longren.org/ Tyler

          Getting any errors at all?

  • Rob

    Thanks, Tyler.

    The message says failure to authenticate (group password).

    The IT people told me the decrypted password was correct, but they only support Cisco.

    Could it be relevant that the passwords are being sourced from config and not the Kwallet (which I think I deleted some while ago!)? If so I could download KPvnc all over again.

    Many thanks.

    Thanks.

  • kam

    The kvpnc client that you install from software center is a very simple to use tool. Try it.

  • http://www.turksohbet.net sohbet

    Have you tried asking your network admins for the group password? I had the same problem, and just ended up asking them. They told me without hesitation.

  • http://www.turkulerdinle.gen.tr türkü dinle

    Have you tried asking your network admins for the group password? I had the same problem, and just ended up asking them. They told me without hesitation. Of course, we use unique RSA logins for each connection, so it may be different where you’re at.

  • http://networkingtipstricks.blogspot.com naveen