Results 1 to 4 of 4

Thread: Cisco VPN 4.8.05 and 11.3

  1. #1

    Default Cisco VPN 4.8.05 and 11.3

    Hello,

    Trying to get company VPN installed onto 11.3 ... I had this running under 11.2 ... I've been following other threads and tutorials in trying this ... I unzip the vpn, and patch using the 2.6.31-final.diff patch ... I get:

    vpnclient # patch < ./vpnclient-linux-2.6.31-final.diff
    patching file interceptor.c
    Hunk #1 succeeded at 192 with fuzz 2 (offset 72 lines).
    Hunk #2 FAILED at 136.
    Hunk #3 FAILED at 276.
    Hunk #4 FAILED at 299.
    3 out of 4 hunks FAILED -- saving rejects to file interceptor.c.rej

    Pretty sure I need all 4 lines patched ... but I try to install anyway and get:

    Setting permissions.
    /opt/cisco-vpnclient/bin/cvpnd (setuid root)
    /opt/cisco-vpnclient (group bin readable)
    /etc/opt/cisco-vpnclient (permissions not changed)
    * You may wish to change these permissions to restrict access to root.
    * The packaged Root Certificate was imported successfully.
    * You must run "/etc/init.d/vpnclient_init start" before using the client.
    * This script will be run AUTOMATICALLY every time you reboot your computer.
    Regular Install
    Starting Cisco vpnclient...
    insmod: error inserting '/lib/modules/2.6.34-12-desktop/CiscoVPN/cisco_ipsec.ko': -1 Invalid module format
    Building cisco_ipsec module for 2.6.34-12-desktop kernel FAILED.
    Check /usr/local/gds/vpnclient_install.log file for details.

    Can anyone advise please?

    Thanks

    JD

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    27,100
    Blog Entries
    15

    Default Re: Cisco VPN 4.8.05 and 11.3

    Quote Originally Posted by jdlandry
    Hello,

    Trying to get company VPN installed onto 11.3 ... I had this running
    under 11.2 ... I've been following other threads and tutorials in trying
    this ... I unzip the vpn, and patch using the 2.6.31-final.diff patch
    ... I get:

    vpnclient # patch < ./vpnclient-linux-2.6.31-final.diff
    patching file interceptor.c
    Hunk #1 succeeded at 192 with fuzz 2 (offset 72 lines).
    Hunk #2 FAILED at 136.
    Hunk #3 FAILED at 276.
    Hunk #4 FAILED at 299.
    3 out of 4 hunks FAILED -- saving rejects to file interceptor.c.rej

    Pretty sure I need all 4 lines patched ... but I try to install anyway
    and get:

    Setting permissions.
    /opt/cisco-vpnclient/bin/cvpnd (setuid root)
    /opt/cisco-vpnclient (group bin readable)
    /etc/opt/cisco-vpnclient (permissions not changed)
    * You may wish to change these permissions to restrict access to root.
    * The packaged Root Certificate was imported successfully.
    * You must run "/etc/init.d/vpnclient_init start" before using the
    client.
    * This script will be run AUTOMATICALLY every time you reboot your
    computer.
    Regular Install
    Starting Cisco vpnclient...
    insmod: error inserting
    '/lib/modules/2.6.34-12-desktop/CiscoVPN/cisco_ipsec.ko': -1 Invalid
    module format
    Building cisco_ipsec module for 2.6.34-12-desktop kernel FAILED.
    Check /usr/local/gds/vpnclient_install.log file for details.

    Can anyone advise please?

    Thanks

    JD

    Hi
    You need to look at the patch and readjust for the 2.6.34 kernel if the
    patch fails then it won't work.

    --
    Cheers Malcolm (Linux Counter #276890)
    openSUSE 11.3 (x86_64) Kernel 2.6.34-12-default
    up 7 days 0:34, 2 users, load average: 0.18, 0.19, 0.08
    GPU GeForce 8600 GTS Silent - Driver Version: 256.44


  3. #3
    Join Date
    Jun 2008
    Location
    Frisco, TX
    Posts
    1,233

    Default Re: Cisco VPN 4.8.05 and 11.3

    On Tue, 2010-08-10 at 15:13 +0000, malcolmlewis wrote:
    > [QUOTE=jdlandry]
    > Hello,
    >
    > Trying to get company VPN installed onto 11.3 ... I had this running
    > under 11.2 ... I've been following other threads and tutorials in trying
    > this ... I unzip the vpn, and patch using the 2.6.31-final.diff patch
    > .. I get:
    >
    > vpnclient # patch < ./vpnclient-linux-2.6.31-final.diff
    > patching file interceptor.c
    > Hunk #1 succeeded at 192 with fuzz 2 (offset 72 lines).
    > Hunk #2 FAILED at 136.
    > Hunk #3 FAILED at 276.
    > Hunk #4 FAILED at 299.
    > 3 out of 4 hunks FAILED -- saving rejects to file interceptor.c.rej
    >
    > Pretty sure I need all 4 lines patched ... but I try to install anyway
    > and get:
    >
    > Setting permissions.
    > /opt/cisco-vpnclient/bin/cvpnd (setuid root)
    > /opt/cisco-vpnclient (group bin readable)
    > /etc/opt/cisco-vpnclient (permissions not changed)
    > * You may wish to change these permissions to restrict access to root.
    > * The packaged Root Certificate was imported successfully.
    > * You must run "/etc/init.d/vpnclient_init start" before using the
    > client.
    > * This script will be run AUTOMATICALLY every time you reboot your
    > computer.
    > Regular Install
    > Starting Cisco vpnclient...
    > insmod: error inserting
    > '/lib/modules/2.6.34-12-desktop/CiscoVPN/cisco_ipsec.ko': -1 Invalid
    > module format
    > Building cisco_ipsec module for 2.6.34-12-desktop kernel FAILED.
    > Check /usr/local/gds/vpnclient_install.log file for details.


    While there are a couple of configuration scenarios for which you
    would have to use the Cisco poorly maintained and buggy kernel module,
    if possible, I'd work with your network VPN admin and make sure you can
    use the open source and VERY working vpnc tunnel technique instead.
    It's much, much, much, much, much more reliable than Cisco's closed
    solution.

    >
    > Can anyone advise please?


    Use your expensive Cisco contract to obtain support.. but likely they
    won't support the non-enterprise Linux's.

    Remember, the Cisco vpnclient is NOT free. So distribution of it and
    obtaining it need to be done through appropriate Cisco support channels.

    However, vpnc is FREE and works in most cases.

    If your mgmt tells you that have to use the Cisco client because vpnc
    makes it easy to split tunnel, tell them I can show you the minor
    changes to the portions of the Cisco supplied source (the non binary
    blob part) that will allow you bypass the split tunnel prevention
    feature of the Cisco client.

    I cannot overemphasize what a huge difference it is to move away from
    Cisco's proprietary client (which isn't updated often enough) and use
    the open vpnc that uses Linux's built in tun/tap device support.



  4. #4
    Join Date
    Sep 2008
    Location
    Toronto,Canada
    Posts
    549

    Default Re: Cisco VPN 4.8.05 and 11.3

    Would the network guys be able to know if you connected via Cisco client or vpnc? I never asked and vpnc works for me for the last few years and that's one of the reasons I'm using Windows once/twice a year. I replied to someone on the steps I did to setup vpnc but if you cannot find it let me know and I will post again. Very simple and efficient way.
    good luck

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •