I've always struggled with the Cisco VPN client for linux. It has seemingly never installed smoothly for me, but now I finally have figured out what's going on. Last week I built a Debian Sarge (stable) box, and installed Cisco's VPN client v4.7. I used a patched installer I had made a long time ago (and forgot why I needed to patch it), but the module compile was failing. After lots of frustration, I reversed the patch to the original sources, and then the installer compiled the kernel module without any problems. I was using the Sarge 686-SMP (officially linux-image-2.6-686-smp) kernel on a dual Xeon SMP 3.0Ghz box, which for Stable means kernel 2.6.8-3-686-smp.
Just now I built a Debian testing machine, this time using kernel 2.6.15-1-686-smp. I rsync'd the Cisco VPN client from the previus box (Sarge 686-SMP), and after running 'make clean', ran the installer. This time I got this:
altefrau:/home/tracv/vpnclient_old# ./vpn_install
Cisco Systems VPN Client Version 4.7.00 (0640) Linux Installer
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.15-1-686-smp/build]
* Binaries will be installed in "/usr/local/bin".
* Modules will be installed in "/lib/modules/2.6.15-1-686-smp/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from "/lib/modules/2.6.15-1-686-smp/build" will be used to build the module.
Is the above correct [y]
Shutting down /opt/cisco-vpnclient/bin/vpnclient: module cisco_ipsec is not running.
Stopped: /etc/init.d/vpnclient_init (VPN init script)
Making module
make -C /lib/modules/2.6.15-1-686-smp/build SUBDIRS=/home/tracv/vpnclient_old modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.15-1-686-smp'
CC [M] /home/tracv/vpnclient_old/linuxcniapi.o
/home/tracv/vpnclient_old/linuxcniapi.c: In function 'CniInjectReceive':
/home/tracv/vpnclient_old/linuxcniapi.c:292: error: 'struct sk_buff' has no member named 'stamp'
/home/tracv/vpnclient_old/linuxcniapi.c: In function 'CniInjectSend':
/home/tracv/vpnclient_old/linuxcniapi.c:432: error: 'struct sk_buff' has no member named 'stamp'
make[2]: *** [/home/tracv/vpnclient_old/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/tracv/vpnclient_old] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.15-1-686-smp'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko". Arg, not this again, I thought. Then I remembered that I had reversed the patch for the last machine, so I re-applied the patch and then re-ran the installer. This time it built the kernel module without a problem, and then all was gravy. What this means is that Cisco's installer does not compile out of the box for kernel 2.6.15, but it does work for kernel 2.6.8. I'm guessing that somewhere in between those releases, code was changed that breaks the Cisco installer.
So, the point of this post is to help anyone out there who has struggled with the Cisco VPN client. First, make sure you've got your kernel's headers installed - apt-get install linux-headers-`uname -r`. If you're still getting a compiler error, try using this patch (I don't even know where I found it anymore):
--- linuxcniapi.c 2005-11-12 11:53:06.000000000 -0600
+++ 2.6.14-vpnclient-linux-4.7.00.0640-linuxcniapi.c 2005-11-12 11:49:20.000000000 -0600
@@ -276,6 +276,8 @@
struct sk_buff *skb = NULL;
unsigned char *pIP = NULL, *pMac = NULL;
+ struct timeval timecount;
+
/* we need to build the actual sk_buff from the packet structure */
pBinding = (PBINDING) Binding;
lpPacketDescriptor = (LPPACKETDESCRIPTOR) Packet;
@@ -289,7 +291,10 @@
goto exit_gracefully;
}
/* move the data into the packet */
- do_gettimeofday(&skb->stamp);
+ do_gettimeofday(&timecount);
+
+ skb->tstamp.off_sec = (u32) timecount.tv_sec;
+ skb->tstamp.off_usec = (u32) timecount.tv_usec;
pIP = skb_put(skb, lpPacketDescriptor->uiPacketSize);
@@ -389,6 +394,8 @@
unsigned char *pIP = NULL, *pMac = NULL;
int tmp_rc = 0;
+ struct timeval timecount;
+
int (*tmp_InjectSend) (struct sk_buff * skb, struct net_device * dev);
tmp_InjectSend = NULL;
@@ -429,7 +436,10 @@
CniGetPacketData(Packet, 0, lpPacketDescriptor->uiPacketSize, pIP);
/* put the mac header on */
- do_gettimeofday(&skb->stamp);
+ do_gettimeofday(&timecount);
+
+ skb->tstamp.off_sec = (u32) timecount.tv_sec;
+ skb->tstamp.off_usec = (u32) timecount.tv_usec;
skb->dev = pBinding->pDevice; Copy and paste that as is into your favorite text editor (or click download on the file at the bottom of this post), and then place it into the Cisco VPN installer root directory, then run:
patch -p0 < vpnclient-linux-4.7.patch.txtThen re-run the installer. Good luck, and feel free to leave a comment if it worked for you (or if you have any questions).
UPDATE AUG 30 2006 - I recently installed version 4.8 of the Cisco client, and it appears as though Cisco fixed the problem. It works with new >2.6.15 kernels without requiring this patch.
| Attachment | Size |
|---|---|
| vpnclient-linux-4.7.patch.txt | 1.32 KB |
May 21st, 2006
Thanks
I was trying to get CiscoVPN running this afternoon, and ran into this problem. A quick search happened to show up this page, and it fixed things for me. Thanks, you saved me some time. :-)
May 27th, 2006
please help,
I've run into the same problem as well, but when i try to run your patch, I get the following output:
merlin:/home/jack/Desktop/vpnclient # patch -p0 < vpnclient-linux-4.7.patch.txt
patching file linuxcniapi.c
patch: **** malformed patch at line 4: struct sk_buff *skb = NULL;
I'm running OpenSUSE 10.1 with the default kernel (2.6.16.13-4-default) and cisco vpn 4.7.00.0640
Any help would be appreciated
switch@linuxmail.org
May 29th, 2006
Download my file
Try downloading the attached file instead of cutting and pasting from the blog post. Seems as though your patch isn't correct.
May 29th, 2006
Patch prob
I received the same "malformed patch at line 4: struct sk_buff *skb = NULL;" error when using your patch on FC5. I don't see an the patch file attached for download, so I used copy/paste.
May 30th, 2006
Right click, save link as.
http://www.victortrac.com/system/files/vpnclient-linux-4.7.patch.txt
June 7th, 2006
Access denied
Hi... I'm running into the very same problem rigth now, and I've tryed your link and is giving me "Access denied"... hope you can re-post or fix the problem...
May 3rd, 2007
Thanks!
I've been struggling for some time with compiling and installing Cisco
" to "#include
" in interceptor.c and linuxcniapi.c fixed my remaining problems. Now
VPN Client 3000 (vpnclient-linux-4.6.02.0030-k9) with Ubuntu 7.04
(2.6.20-15-generic). Applying the "vpnclient-linux-2.6.20.6.diff" patch
brought me closer, but I was still getting compilation errors on
linuxcniapi.c (problem with skb->stamp). Applying the additional
patch "vpnclient-linux-4.7.patch.txt", and manually changing the
line "#include
I can compile, install, and run VPN Client. Thank you very much!
Wish there was a easier way to get here.
Cisco Systems VPN Client Version 4.6.02 (0030)
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-15-generic #2 SMP Sun Apr 15 07:36:31 UTC 2007 i686
Config file directory: /etc/opt/cisco-vpnclient
June 1st, 2006
vpn client hanging my fedora core 5.
Anyone run into this? I manage to compile the vpn-client and the module loads fine, however the system hangs when I attempt to connect with the vpnclient connect command.
June 7th, 2006
Found the patch on another site... here u go...
--- linuxcniapi.c 2005-11-12 11:53:06.000000000 -0600
+++ 2.6.14-vpnclient-linux-4.7.00.0640-linuxcniapi.c 2005-11-12 11:49:20.000000000 -0600
@@ -276,6 +276,8 @@
struct sk_buff *skb = NULL;
unsigned char *pIP = NULL, *pMac = NULL;
+ struct timeval timecount;
+
/* we need to build the actual sk_buff from the packet structure */
pBinding = (PBINDING) Binding;
lpPacketDescriptor = (LPPACKETDESCRIPTOR) Packet;
@@ -289,7 +291,10 @@
goto exit_gracefully;
}
/* move the data into the packet */
- do_gettimeofday(&skb->stamp);
+ do_gettimeofday(&timecount);
+
+ skb->tstamp.off_sec = (u32) timecount.tv_sec;
+ skb->tstamp.off_usec = (u32) timecount.tv_usec;
pIP = skb_put(skb, lpPacketDescriptor->uiPacketSize);
@@ -389,6 +394,8 @@
unsigned char *pIP = NULL, *pMac = NULL;
int tmp_rc = 0;
+ struct timeval timecount;
+
int (*tmp_InjectSend) (struct sk_buff * skb, struct net_device * dev);
tmp_InjectSend = NULL;
@@ -429,7 +436,10 @@
CniGetPacketData(Packet, 0, lpPacketDescriptor->uiPacketSize, pIP);
/* put the mac header on */
- do_gettimeofday(&skb->stamp);
+ do_gettimeofday(&timecount);
+
+ skb->tstamp.off_sec = (u32) timecount.tv_sec;
+ skb->tstamp.off_usec = (u32) timecount.tv_usec;
skb->dev = pBinding->pDevice;
June 7th, 2006
Patch still wron if you copy/paste from this blog...
So here we are with the original link:
ftp://jason.roysdon.net/pub/jroysdon/cisco/vpnclient-linux-4.7.00.0640-k...
June 13th, 2006
The original patch had a small mistake
A + sign was missing in 2 parts of the original patch. I cannot speak to the other ones posted here, but I promise the attached does work.
diff -rc vpnclient.fixed/linuxcniapi.c vpnclient/linuxcniapi.c
*** vpnclient.fixed/linuxcniapi.c 2006-06-13 18:24:13.000000000 -0600
--- vpnclient/linuxcniapi.c 2005-09-13 21:12:39.000000000 -0600
***************
*** 276,283 ****
struct sk_buff *skb = NULL;
unsigned char *pIP = NULL, *pMac = NULL;
- struct timeval timecount;
-
/* we need to build the actual sk_buff from the packet structure */
pBinding = (PBINDING) Binding;
lpPacketDescriptor = (LPPACKETDESCRIPTOR) Packet;
--- 276,281 ----
***************
*** 291,301 ****
goto exit_gracefully;
}
/* move the data into the packet */
! do_gettimeofday(&timecount);
!
! skb->tstamp.off_sec = (u32) timecount.tv_sec;
! skb->tstamp.off_usec = (u32) timecount.tv_usec;
! timecount.tv_usec;
pIP = skb_put(skb, lpPacketDescriptor->uiPacketSize);
--- 289,295 ----
goto exit_gracefully;
}
/* move the data into the packet */
! do_gettimeofday(&skb->stamp);
pIP = skb_put(skb, lpPacketDescriptor->uiPacketSize);
***************
*** 395,402 ****
unsigned char *pIP = NULL, *pMac = NULL;
int tmp_rc = 0;
- struct timeval timecount;
-
int (*tmp_InjectSend) (struct sk_buff * skb, struct net_device * dev);
tmp_InjectSend = NULL;
--- 389,394 ----
***************
*** 437,447 ****
CniGetPacketData(Packet, 0, lpPacketDescriptor->uiPacketSize, pIP);
/* put the mac header on */
! do_gettimeofday(&timecount);
!
! skb->tstamp.off_sec = (u32) timecount.tv_sec;
! skb->tstamp.off_usec = (u32) timecount.tv_usec;
! timecount.tv_usec;
skb->dev = pBinding->pDevice;
--- 429,435 ----
CniGetPacketData(Packet, 0, lpPacketDescriptor->uiPacketSize, pIP);
/* put the mac header on */
! do_gettimeofday(&skb->stamp);
skb->dev = pBinding->pDevice;
June 13th, 2006
I posted the reversed patch
I accidentally created a patch from the fix to the original. Here is the correct one.
iff -rc vpnclient/linuxcniapi.c vpnclient.fixed/linuxcniapi.c
*** vpnclient/linuxcniapi.c 2005-09-13 21:12:39.000000000 -0600
--- vpnclient.fixed/linuxcniapi.c 2006-06-13 18:24:13.000000000 -0600
***************
*** 276,281 ****
--- 276,283 ----
struct sk_buff *skb = NULL;
unsigned char *pIP = NULL, *pMac = NULL;
+ struct timeval timecount;
+
/* we need to build the actual sk_buff from the packet structure */
pBinding = (PBINDING) Binding;
lpPacketDescriptor = (LPPACKETDESCRIPTOR) Packet;
***************
*** 289,295 ****
goto exit_gracefully;
}
/* move the data into the packet */
! do_gettimeofday(&skb->stamp);
pIP = skb_put(skb, lpPacketDescriptor->uiPacketSize);
--- 291,301 ----
goto exit_gracefully;
}
/* move the data into the packet */
! do_gettimeofday(&timecount);
!
! skb->tstamp.off_sec = (u32) timecount.tv_sec;
! skb->tstamp.off_usec = (u32) timecount.tv_usec;
! timecount.tv_usec;
pIP = skb_put(skb, lpPacketDescriptor->uiPacketSize);
***************
*** 389,394 ****
--- 395,402 ----
unsigned char *pIP = NULL, *pMac = NULL;
int tmp_rc = 0;
+ struct timeval timecount;
+
int (*tmp_InjectSend) (struct sk_buff * skb, struct net_device * dev);
tmp_InjectSend = NULL;
***************
*** 429,435 ****
CniGetPacketData(Packet, 0, lpPacketDescriptor->uiPacketSize, pIP);
/* put the mac header on */
! do_gettimeofday(&skb->stamp);
skb->dev = pBinding->pDevice;
--- 437,447 ----
CniGetPacketData(Packet, 0, lpPacketDescriptor->uiPacketSize, pIP);
/* put the mac header on */
! do_gettimeofday(&timecount);
!
! skb->tstamp.off_sec = (u32) timecount.tv_sec;
! skb->tstamp.off_usec = (u32) timecount.tv_usec;
! timecount.tv_usec;
skb->dev = pBinding->pDevice;
June 14th, 2006
Success in applying the patch
Hi
I downloaded the .txt-file and applied the patch according to the article, and I'm glad to announce that it works flawlessly. I'm a student at Aalborg university in Denmark, and even they didn't have a soution, so I started looking for a fix myself. After stumbling across this site and verifying it worked, I have notified the department of network maintenance, and I hope they'll consider adding this fix to the VPNclient package.
Anyways, thx a bunch. This fix has saved me - and hopefully a lot of other students - a lot of headache.
September 5th, 2006
Aalborg University x2
I am also a student of Aalborg University, Denmark
Like the previous, I have the same problem.
The university runs the VPN client 4.6 installer,
and I run the FC5 2.6.17 Fedora Linux - not a good match.
So here goes another attempt from Aalborg to get this working.
Hope the 4.7 patch works for the 4.6 installer aswell...
I think I should mention this to the IT-crew sometime soon :P
June 16th, 2006
Also works for vpnclient-linux-x86_64-4.6.03.0190-k9
Kernel 2.6.16.1, Madriva Linux 2006.
June 19th, 2006
Sort of works for Linux kernel 2.6.15-25-686 Ubuntu Dapper Drake
Thanks very much for putting this up. I got the same patch error, so I just made the changes by hand (I probably should've tried downloading the file first, but it was simple enough). I got some compile errors about passing incompatible types, but the module loaded, so who cares?
When connecting, I ran into the "Privilege Separation: unable to drop privileges." problem. I could sudo vpnclient..., and it worked. However, I also found this solution:
http://urz.unibas.ch/index.cfm?F19548F7C09...77E36FEE#sticky
which is to set the sticky bit on the cvpnd executable (i.e.,
chmod 4111 /opt/cisco-vpnclient/bin/cvpnd
). That got things to work (for whatever definition of "work" Cisco uses).
Thanks again.
Take care,
brad
June 28th, 2006
Patch worked perfectly!!!
Patch worked perfectly!!! thanx!
June 28th, 2006
Patch works (debian, 2.6.15)
I had success compiling vpnclient-linux-4.7.00.0640-k9.tar with the patch you guys published (running a debian system with a precompiled 2.6.15 kernel).
kudos to the original coders and to those digging up the relevant info --thanks!
June 28th, 2006
Works on Fedora Core 5 with kernel 2.6.17-1.2139_FC5smp
Just wanted to say thanks for the patch. Works fine with the latest and greatest SMP kernel for Fedora Core 5.
June 29th, 2006
Fails to connect
Thanks for the patch.. I downloaded the .txt file and patched the installation and got it to compile. However when I try to connect, it fails. Syslog has the following :
Jun 29 20:18:45 XXXXXXX kernel: [17182096.616000] cisco_ipsec: module license 'Proprietary' taints kernel.
Appreciate any help with this.
-RK
June 29th, 2006
RE:Fails to connect
I had the wrong patch. I picked up the one from the FTP link. That works ! Thanks for the patch.
-RK
July 3rd, 2006
works great on gentoo
Patch worked fine i'm on :
2.6.16-gentoo-r9
July 19th, 2006
works with client 4.6
Patch worked perfectly for vpn client 4.6.
Thank you very much.
uname -r 2.6.15-1.2054_FC5
July 21st, 2006
works
Work for me in ubuntu dapper kernel = 2.6.15-26-686
August 1st, 2006
Thanks Victor!
Nice hand. I mean nice patch.
Worked for me on 2.6.17-1.2157_FC5
--Jason H.
August 16th, 2006
Thank you!
Worked for me with VPN 4.6 (my Uni's distribution). If only I had found this page three days earlier... Thank you VERY much.
August 20th, 2006
Make Problems
I'm still running into this after applying your patch. I'm using Ubuntu 6.06, vpnclient-linux-4.6.00.0045-k9, & linux-headers-2.6.15-26-386, GNU Make 3.81beta4. Any suggestions? thanks!
patrice@ubuntu:~/cisco/vpnclient$ make
make -C /lib/modules/2.6.15-26-386/build SUBDIRS=/home/patrice/cisco/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.15-26-386'
CC [M] /home/patrice/cisco/vpnclient/linuxcniapi.o
/home/patrice/cisco/vpnclient/linuxcniapi.c: In function ‘CniInjectReceive’:
/home/patrice/cisco/vpnclient/linuxcniapi.c:302: warning: ISO C90 forbids mixed declarations and code
/home/patrice/cisco/vpnclient/linuxcniapi.c:304: error: redeclaration of ‘timecount’ with no linkage
/home/patrice/cisco/vpnclient/linuxcniapi.c:302: error: previous declaration of ‘timecount’ was here
/home/patrice/cisco/vpnclient/linuxcniapi.c:306: error: redeclaration of ‘timecount’ with no linkage
/home/patrice/cisco/vpnclient/linuxcniapi.c:304: error: previous declaration of ‘timecount’ was here
/home/patrice/cisco/vpnclient/linuxcniapi.c:304: warning: unused variable ‘timecount’
/home/patrice/cisco/vpnclient/linuxcniapi.c:302: warning: unused variable ‘timecount’
/home/patrice/cisco/vpnclient/linuxcniapi.c: In function ‘CniInjectSend’:
/home/patrice/cisco/vpnclient/linuxcniapi.c:423: error: redeclaration of ‘timecount’ with no linkage
/home/patrice/cisco/vpnclient/linuxcniapi.c:421: error: previous declaration of ‘timecount’ was here
/home/patrice/cisco/vpnclient/linuxcniapi.c:425: error: redeclaration of ‘timecount’ with no linkage
/home/patrice/cisco/vpnclient/linuxcniapi.c:423: error: previous declaration of ‘timecount’ was here
/home/patrice/cisco/vpnclient/linuxcniapi.c:423: warning: unused variable ‘timecount’
/home/patrice/cisco/vpnclient/linuxcniapi.c:421: warning: unused variable ‘timecount’
make[2]: *** [/home/patrice/cisco/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/patrice/cisco/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.15-26-386'
make: *** [default] Error 2
patrice@ubuntu:~/cisco/vpnclient$
September 4th, 2006
VPN on FC5
Any ideas...
I have the newest kernel of FC5 loaded in /usr/src/redhat/BUILD/kernel
-2.6.15/linux-2.6.15.i686/ and I am trying to install vpnclient-linux-4.7.00.0640-k9. I have tried a few of these patches, but to no avail.
=============================================
[root@localhost vpnclient]# ./vpn_install
Cisco Systems VPN Client Version 4.7.00 (0640) Linux Installer
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
For RedHat 6.x users these files are installed in /usr/src/linux by default
For RedHat 7.x users these files are installed in /usr/src/linux-2.4 by defa
ult
For Suse 7.3 users these files are installed in /usr/src/linux-2.4.10.SuSE b
y default
Directory containing linux kernel source code []/usr/src/redhat/BUILD/kernel
-2.6.15/linux-2.6.15.i686/
* Binaries will be installed in "/usr/local/bin".
* Modules will be installed in "/lib/modules/2.6.15-1.2054_FC5/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from "/usr/src/redhat/BUILD/kernel-2.6.15/linux-2.6.15.i686/
" will be used to build the module.
Is the above correct [y]
Making module
make -C /usr/src/redhat/BUILD/kernel-2.6.15/linux-2.6.15.i686/ SUBDIRS=/home
/leverenz/vpn/Linux/vpnclient modules
make[1]: Entering directory `/usr/src/redhat/BUILD/kernel-2.6.15/linux-2.6.1
5.i686'
WARNING: Symbol version dump /usr/src/redhat/BUILD/kernel-2.6.15/linux-2.6
.15.i686/Module.symvers
is missing; modules will have no dependencies and modversions.
CC [M] /home/leverenz/vpn/Linux/vpnclient/linuxcniapi.o
/home/leverenz/vpn/Linux/vpnclient/linuxcniapi.c:13:27: error: linux/version
.h: No such file or directory
In file included from include/linux/types.h:15,
from include/linux/if.h:22,
from include/linux/netdevice.h:28,
from /home/leverenz/vpn/Linux/vpnclient/linuxcniapi.c:14:
include/linux/posix_types.h:47:29: error: asm/posix_types.h: No such file or
directory
In file included from include/linux/if.h:22,
from include/linux/netdevice.h:28,
from /home/leverenz/vpn/Linux/vpnclient/linuxcniapi.c:14:
include/linux/types.h:16:23: error: asm/types.h: No such file or directory
In file included from include/linux/if.h:22,
from include/linux/netdevice.h:28,
from /home/leverenz/vpn/Linux/vpnclient/linuxcniapi.c:14:
[...]
make[2]: *** [/home/leverenz/vpn/Linux/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/leverenz/vpn/Linux/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/redhat/BUILD/kernel-2.6.15/linux-2.6.15
.i686'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko".
[root@localhost vpnclient]#
=============================================
Thanks
September 6th, 2006
Try building first
Go to your kernel source directory and try building a kernel first:
make menuconfig
make
Then go back and try running the Cisco installer again.. also suggest making a symlink from your kernel folder to /usr/src/linux so you don't have to type so much. :)
September 8th, 2006
Thanks that was it. Sorry,
Thanks that was it. Sorry, I am new to kernel stuff. This is great. Thanks to all of you. Cheers.
March 20th, 2007
Hi , I am working with
Hi ,
I am working with CentOS. I am using kernel 2.6.15.1. I was able to compile the client without any issues. The problem is in its working.
1) If i move the /etc/CiscoSystemsVPNClient/ folder to some other folder and create a symlink the client does not work.
2) From its default location it works fine. When i connect using ethernet I have no issue. When I connect to the internet using a CDMA phone (serial port) It connects fine. If I yank out the phone cable when the VPN is up, my system hands. The last message recorded by syslog is "Modem is hanged".
On a 2.4 kernel this not an issue.
Any ideas.
Thanks
Warm Regards
March 20th, 2007
In newer version the client,
In newer version the client, it's written like the following:
Every occurence of
do_gettimeofday(&skb->stamp);
is replaced by
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,14)
{
struct timeval timestamp;
do_gettimeofday(×tamp);
skb_set_timestamp(skb,×tamp);
}
#else
do_gettimeofday(&skb->stamp);
#endif
This solution is better and neater because you don't have to do the cast of tv_sec and tv_usec to u32. But instead, you use skb_set_timestamp() which is in kernel API. So in the future if there's any change in sk_buff structure in kernel, you could compile without any additional change.
May 2nd, 2007
Error in installtion of VPN?
I'm using linux centos as OS and kernel 2.4. I'm having an error in installtion of vpnclient. when i insyaleed it it dispalys the following error:
/root/vpnclient/linuxcniapi.c:36: error: conflicting types for 'os_alloc'
/root/vpnclient/unixcniapi.h:38: error: previous declaration of 'os_alloc' was here
/root/vpnclient/linuxcniapi.c:36: error: conflicting types for 'os_alloc'
/root/vpnclient/unixcniapi.h:38: error: previous declaration of 'os_alloc' was here
/root/vpnclient/linuxcniapi.c:42: error: conflicting types for 'os_free'
/root/vpnclient/unixcniapi.h:39: error: previous declaration of 'os_free' was here
/root/vpnclient/linuxcniapi.c:42: error: conflicting types for 'os_free'
/root/vpnclient/unixcniapi.h:39: error: previous declaration of 'os_free' was here
/root/vpnclient/linuxcniapi.c:84: error: conflicting types for 'CniGetFrameType'
/root/vpnclient/Cniapi.h:404: error: previous declaration of 'CniGetFrameType' was here
/root/vpnclient/linuxcniapi.c:84: error: conflicting types for 'CniGetFrameType'
/root/vpnclient/Cniapi.h:404: error: previous declaration of 'CniGetFrameType' was here
/root/vpnclient/linuxcniapi.c:122: error: conflicting types for 'CniGetMacAddress'
/root/vpnclient/Cniapi.h:413: error: previous declaration of 'CniGetMacAddress' was here
/root/vpnclient/linuxcniapi.c:122: error: conflicting types for 'CniGetMacAddress'
/root/vpnclient/Cniapi.h:413: error: previous declaration of 'CniGetMacAddress' was here
/root/vpnclient/linuxcniapi.c:182: error: conflicting types for 'CniGetMacName'
/root/vpnclient/Cniapi.h:408: error: previous declaration of 'CniGetMacName' was here
/root/vpnclient/linuxcniapi.c:182: error: conflicting types for 'CniGetMacName'
/root/vpnclient/Cniapi.h:408: error: previous declaration of 'CniGetMacName' was here
/root/vpnclient/linuxcniapi.c:221: error: conflicting types for 'CniGetMTUSize'
/root/vpnclient/Cniapi.h:417: error: previous declaration of 'CniGetMTUSize' was here
/root/vpnclient/linuxcniapi.c:221: error: conflicting types for 'CniGetMTUSize'
/root/vpnclient/Cniapi.h:417: error: previous declaration of 'CniGetMTUSize' was here
/root/vpnclient/linuxcniapi.c:279: error: conflicting types for 'CniInjectReceive'
/root/vpnclient/Cniapi.h:432: error: previous declaration of 'CniInjectReceive' was here
/root/vpnclient/linuxcniapi.c:279: error: conflicting types for 'CniInjectReceive'
/root/vpnclient/Cniapi.h:432: error: previous declaration of 'CniInjectReceive' was here
/root/vpnclient/linuxcniapi.c:385: error: conflicting types for 'CniInjectSend'
/root/vpnclient/Cniapi.h:438: error: previous declaration of 'CniInjectSend' was here
/root/vpnclient/linuxcniapi.c:385: error: conflicting types for 'CniInjectSend'
/root/vpnclient/Cniapi.h:438: error: previous declaration of 'CniInjectSend' was here
/root/vpnclient/linuxcniapi.c: In function `CniInjectSend':
/root/vpnclient/linuxcniapi.c:434: error: structure has no member named `tstamp'
/root/vpnclient/linuxcniapi.c:435: error: structure has no member named `tstamp'
make[2]: *** [/root/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/root/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/kernels/2.6.9-42.0.10.EL-smp-i686'
make: *** [default] Error 2
i download the first patch and it displays the following error when doing the patch:
Hunk #1 succeeded at 285 with fuzz 2 (offset 9 lines).
Hunk #3 FAILED at 394.
Hunk #4 FAILED at 436.
2 out of 4 hunks FAILED -- saving rejects to file linuxcniapi.c.rej
I copy and paste the latest modification in this blog and still it displays error:
**** malformed patch at line 7: struct sk_buff *skb = NULL;
can you help me fix this error?
thank you.
-Mon-
June 6th, 2007
F1... F1... F1.... F1... Need help to make vpn run on Fedora 7
I'm getting this error message while installing cisco vpn
Regular Install
Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting '/lib/modules/2.6.21-1.3194.fc7/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
Failed (insmod)
.............
while running vpnclient it errors out as
[root@anony vpnclient]# /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting '/lib/modules/2.6.21-1.3194.fc7/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
Failed (insmod)
August 29th, 2007
vpn on fedora 7 kernel 2.6.22.4-65.fc7
I there I tried running the patch
iff -rc vpnclient/linuxcniapi.c vpnclient.fixed/linuxcniapi.c
*** vpnclient/linuxcniapi.c 2005-09-13 21:12:39.000000000 -0600
--- vpnclient.fixed/linuxcniapi.c 2006-06-13 18:24:13.000000000 -0600
***************
*** 276,281 ****
--- 276,283 ----
struct sk_buff *skb = NULL;
unsigned char *pIP = NULL, *pMac = NULL;
+ struct timeval timecount;
+
/* we need to build the actual sk_buff from the packet structure */
pBinding = (PBINDING) Binding;
lpPacketDescriptor = (LPPACKETDESCRIPTOR) Packet;
***************
*** 289,295 ****
goto exit_gracefully;
}
/* move the data into the packet */
! do_gettimeofday(&skb->stamp);
pIP = skb_put(skb, lpPacketDescriptor->uiPacketSize);
--- 291,301 ----
goto exit_gracefully;
}
/* move the data into the packet */
! do_gettimeofday(&timecount);
!
! skb->tstamp.off_sec = (u32) timecount.tv_sec;
! skb->tstamp.off_usec = (u32) timecount.tv_usec;
! timecount.tv_usec;
pIP = skb_put(skb, lpPacketDescriptor->uiPacketSize);
***************
*** 389,394 ****
--- 395,402 ----
unsigned char *pIP = NULL, *pMac = NULL;
int tmp_rc = 0;
+ struct timeval timecount;
+
int (*tmp_InjectSend) (struct sk_buff * skb, struct net_device * dev);
tmp_InjectSend = NULL;
***************
*** 429,435 ****
CniGetPacketData(Packet, 0, lpPacketDescriptor->uiPacketSize, pIP);
/* put the mac header on */
! do_gettimeofday(&skb->stamp);
skb->dev = pBinding->pDevice;
--- 437,447 ----
CniGetPacketData(Packet, 0, lpPacketDescriptor->uiPacketSize, pIP);
/* put the mac header on */
! do_gettimeofday(&timecount);
!
! skb->tstamp.off_sec = (u32) timecount.tv_sec;
! skb->tstamp.off_usec = (u32) timecount.tv_usec;
! timecount.tv_usec;
skb->dev = pBinding->pDevice;
nd i get the following error
[root@localhost vpnclient]# patch -p0 < vpnclient-linux-4.7.patch.txt
patch: **** malformed patch at line 7: struct sk_buff *skb = NULL;
Please help
Thanks in advance
Pavit
September 3rd, 2007
Version 4.8
To everyone still making use of this patch - I've had success with the 4.8 version of Cisco's VPN client, without having to patch. I suggest that everyone try this instead of the patch.. it seems to work very well.
September 13th, 2007
Version 4.8 on FC7
Hi Victor,
Thanks for you comment!
I am trying v4.8 on FC7, but I am getting different error than shown above.
If you have any thought, please let me know.
Thanks,
CH
-----------------------------------------------------------------------------------------------------------------------------------
make -C /lib/modules/2.6.22.5-76.fc7/build SUBDIRS=/home/chang/SoftwareInstall/vpnclient modules
make[1]: Entering directory `/usr/src/kernels/2.6.22.5-76.fc7-i686'
CC [M] /home/chang/SoftwareInstall/vpnclient/linuxcniapi.o
/home/chang/SoftwareInstall/vpnclient/linuxcniapi.c: In function ‘CniInjectReceive’:
/home/chang/SoftwareInstall/vpnclient/linuxcniapi.c:297: warning: implicit declaration of function ‘skb_set_timestamp’
/home/chang/SoftwareInstall/vpnclient/linuxcniapi.c:331: error: ‘struct sk_buff’ has no member named ‘nh’
/home/chang/SoftwareInstall/vpnclient/linuxcniapi.c:332: error: ‘struct sk_buff’ has no member named ‘mac’
/home/chang/SoftwareInstall/vpnclient/linuxcniapi.c: In function ‘CniInjectSend’:
/home/chang/SoftwareInstall/vpnclient/linuxcniapi.c:454: error: ‘struct sk_buff’ has no member named ‘mac’
/home/chang/SoftwareInstall/vpnclient/linuxcniapi.c:455: error: ‘struct sk_buff’ has no member named ‘nh’
/home/chang/SoftwareInstall/vpnclient/linuxcniapi.c:458: error: ‘struct sk_buff’ has no member named ‘h’
/home/chang/SoftwareInstall/vpnclient/linuxcniapi.c:458: error: ‘struct sk_buff’ has no member named ‘nh’
make[2]: *** [/home/chang/SoftwareInstall/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/chang/SoftwareInstall/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/kernels/2.6.22.5-76.fc7-i686'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko".
September 14th, 2007
Kubuntu 7 NEED Help with cisco vpn client 4.8
This is the error that I am receiving after trying to install the 4.8 cisco vpn client.
$ sudo ./vpn_install
Password:
Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.20-16-generic/build]
* Binaries will be installed in "/usr/local/bin".
* Modules will be installed in "/lib/modules/2.6.20-16-generic/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from "/lib/modules/2.6.20-16-generic/build" will be used to build the module.
Is the above correct [y]
Making module
make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/jason/Software/vpn/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-generic'
CC [M] /home/jason/Software/vpn/vpnclient/linuxcniapi.o
/home/jason/Software/vpn/vpnclient/linuxcniapi.c:12:26: error: linux/config.h: No such file or directory
make[2]: *** [/home/jason/Software/vpn/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/jason/Software/vpn/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-generic'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko".
This is what kernel I am using:
$ uname -r
2.6.20-16-generic
September 14th, 2007
This should work for 2.6.20
From http://tuxx-home.at/cmt.php?article=/2006/12/07/T09_36_48/index.html
1. Untar the VPN Client
2. Download the patch
3. Change to the vpnclient diretory
4. Apply the patch
Now the patch has been applied and you can safely install the client
September 14th, 2007
Thanks Chris
Thanx Chris that did the trick. The only problem that I am having now is that the pcf file is no good. I will work with net engineer to correct this. Thanks Again!!!
$ sudo vpnclient connect VPN-linux
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-16-generic #2 SMP Fri Aug 31 00:55:27 UTC 2007 i686
Config file directory: /etc/opt/cisco-vpnclient
Enter a group name:
Enter a group password:
Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Bad Parameter.
There are no new notification messages at this time.
December 7th, 2007
Finally found what caused that Bad Parameter thing!
It was the permissions of the PCFs ....
I had them 600 root.root, and none worked, and in other machine, i had them 640 root.root and vpnclient had no problem
I've been time wondering what the heck was different on that machine, and finally found that :)
so, just chmod 640 your pcf files, and hopefully you're on! :)
January 23rd, 2008
Error with cisco_ipsec.ko\':
Error with cisco_ipsec.ko\': -102870984 Success >>Failed (insmod) . I had to solve. The problem was with the Firewall !!! Normally most users have started Firewall, but it is necesary to allow IPsec protocol and for other VPN clients OpenVPN protocol !!!!
November 19th, 2007
Upgrade to Kubuntu GG 7.10 now vpn does not work.
After the upgrade I am now getting this error when trying to start the vpn client:
Starting /opt/cisco-vpnclient/bin/vpnclient: insmod: error inserting '/lib/modules/2.6.22-14-generic/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
Failed (insmod)
Thanks in advance.
November 22nd, 2007
Need to reinstall
Every time you upgrade a kernel in linux (Kubuntu 7.10 uses a new kernel), you'll need to re-install (i.e. re-compile) all of your custom modules. Re-run the cisco installer, which will detect your new kernel and rebuild the cisco module to work with it.
November 27th, 2007
Ok, so I've struggled w/the
Ok, so I've struggled w/the Cisco VPN client for 2 years now. Whenever I upgraded my kernel, I crossed my fingers that it'd compile again.
However, I just found an excellent open source replacement. vpnc
Check it out.
http://www.unix-ag.uni-kl.de/~massar/vpnc/
I installed it, ran it (vpnc), typed in my credentials and I was on. It was that simple.
Post new comment