Cisco VPN 4.8.05 and 11.3

Hello,

Trying to get company VPN installed onto 11.3 … I had this running under 11.2 … I’ve been following other threads and tutorials in trying this … I unzip the vpn, and patch using the 2.6.31-final.diff patch … I get:

vpnclient # patch < ./vpnclient-linux-2.6.31-final.diff
patching file interceptor.c
Hunk #1 succeeded at 192 with fuzz 2 (offset 72 lines).
Hunk #2 FAILED at 136.
Hunk #3 FAILED at 276.
Hunk #4 FAILED at 299.
3 out of 4 hunks FAILED – saving rejects to file interceptor.c.rej

Pretty sure I need all 4 lines patched … but I try to install anyway and get:

Setting permissions.
/opt/cisco-vpnclient/bin/cvpnd (setuid root)
/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient (permissions not changed)

  • You may wish to change these permissions to restrict access to root.
  • The packaged Root Certificate was imported successfully.
  • You must run “/etc/init.d/vpnclient_init start” before using the client.
  • This script will be run AUTOMATICALLY every time you reboot your computer.
    Regular Install
    Starting Cisco vpnclient…
    insmod: error inserting ‘/lib/modules/2.6.34-12-desktop/CiscoVPN/cisco_ipsec.ko’: -1 Invalid module format
    Building cisco_ipsec module for 2.6.34-12-desktop kernel FAILED.
    Check /usr/local/gds/vpnclient_install.log file for details.

Can anyone advise please?

Thanks

JD

Hi
You need to look at the patch and readjust for the 2.6.34 kernel if the
patch fails then it won’t work.


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.3 (x86_64) Kernel 2.6.34-12-default
up 7 days 0:34, 2 users, load average: 0.18, 0.19, 0.08
GPU GeForce 8600 GTS Silent - Driver Version: 256.44

On Tue, 2010-08-10 at 15:13 +0000, malcolmlewis wrote:
> [QUOTE=jdlandry]
> Hello,
>
> Trying to get company VPN installed onto 11.3 … I had this running
> under 11.2 … I’ve been following other threads and tutorials in trying
> this … I unzip the vpn, and patch using the 2.6.31-final.diff patch
> … I get:
>
> vpnclient # patch < ./vpnclient-linux-2.6.31-final.diff
> patching file interceptor.c
> Hunk #1 succeeded at 192 with fuzz 2 (offset 72 lines).
> Hunk #2 FAILED at 136.
> Hunk #3 FAILED at 276.
> Hunk #4 FAILED at 299.
> 3 out of 4 hunks FAILED – saving rejects to file interceptor.c.rej
>
> Pretty sure I need all 4 lines patched … but I try to install anyway
> and get:
>
> Setting permissions.
> /opt/cisco-vpnclient/bin/cvpnd (setuid root)
> /opt/cisco-vpnclient (group bin readable)
> /etc/opt/cisco-vpnclient (permissions not changed)
> * You may wish to change these permissions to restrict access to root.
> * The packaged Root Certificate was imported successfully.
> * You must run “/etc/init.d/vpnclient_init start” before using the
> client.
> * This script will be run AUTOMATICALLY every time you reboot your
> computer.
> Regular Install
> Starting Cisco vpnclient…
> insmod: error inserting
> ‘/lib/modules/2.6.34-12-desktop/CiscoVPN/cisco_ipsec.ko’: -1 Invalid
> module format
> Building cisco_ipsec module for 2.6.34-12-desktop kernel FAILED.
> Check /usr/local/gds/vpnclient_install.log file for details.

While there are a couple of configuration scenarios for which you
would have to use the Cisco poorly maintained and buggy kernel module,
if possible, I’d work with your network VPN admin and make sure you can
use the open source and VERY working vpnc tunnel technique instead.
It’s much, much, much, much, much more reliable than Cisco’s closed
solution.

>
> Can anyone advise please?

Use your expensive Cisco contract to obtain support… but likely they
won’t support the non-enterprise Linux’s.

Remember, the Cisco vpnclient is NOT free. So distribution of it and
obtaining it need to be done through appropriate Cisco support channels.

However, vpnc is FREE and works in most cases.

If your mgmt tells you that have to use the Cisco client because vpnc
makes it easy to split tunnel, tell them I can show you the minor
changes to the portions of the Cisco supplied source (the non binary
blob part) that will allow you bypass the split tunnel prevention
feature of the Cisco client.

I cannot overemphasize what a huge difference it is to move away from
Cisco’s proprietary client (which isn’t updated often enough) and use
the open vpnc that uses Linux’s built in tun/tap device support.

Would the network guys be able to know if you connected via Cisco client or vpnc? I never asked and vpnc works for me for the last few years and that’s one of the reasons I’m using Windows once/twice a year. I replied to someone on the steps I did to setup vpnc but if you cannot find it let me know and I will post again. Very simple and efficient way.
good luck