OpenSUSE 11 and Cisco VPNClient

I just moved back to OpenSUSE and I am having one problem at this point and that is getting the vpnclient to work. I am able to connect using vpnc but it doesn’t appear to disable local lan access as the cisco client does so I am limited on accessing my companies resources unless I know the IP address.

I have followed the steps required when I was using 10.3 but I am unable to get it to work on this version.

Has anyone gotten this to work on 11 and can you post a how-to? I’d appreciate it.

Has anyone gotten this to work on 2.6.25.5-1.1-pae? I assume there is a new .diff somewhere? I really need to get this working. Vpnc is less than ideal at this point.

I’m able to work around the name resolution issue but it is kind of annoying.

I would really appreciate the help.

Well, it looks like I’ve got it working now. For anyone else who runs into this, here is what I ended up doing.

I had to download a newer version of vpnclient which I found here.

[www.tuxx-home.at] - Website of Alexander Griesser | New Cisco VPN Client 4.8.01.0640-k9 compiles on 2.6.22 out of the box!](http://tuxx-home.at/archives/2007/09/24/T15_26_49/)

I had vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz and the new version was vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz.

After downloading the new version I had to apply the 2.4 patch from

http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff

Ares:/opt/vpnclient # patch < ./vpnclient-linux-2.6.24-final.diff
patching file GenDefs.h
patching file interceptor.c
Ares:/opt/vpnclient #

This was by far the cleanest output I’ve gotten. After this the install went perfectly.

I did exactly what you did but I’m still unable to install.

uname -r
2.6.25.5-1.1-default

Making module
make -C /lib/modules/2.6.25.5-1.1-default/build SUBDIRS=/tmp/vpnclient modules
make[1]: Entering directory /usr/src/linux-2.6.25.5-1.1-obj/x86_64/default' make -C /usr/src/linux-2.6.25.5-1.1 O=/usr/src/linux-2.6.25.5-1.1-obj/x86_64/default/. modules /usr/src/linux-2.6.25.5-1.1/scripts/Makefile.build:46: *** CFLAGS was changed in "/tmp/vpnclient/Makefile". Fix it to use EXTRA_CFLAGS. Stop. make[3]: *** [_module_/tmp/vpnclient] Error 2 make[2]: *** [sub-make] Error 2 make[1]: *** [all] Error 2 make[1]: Leaving directory /usr/src/linux-2.6.25.5-1.1-obj/x86_64/default’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.

Any thoughts?

I use kvpnc to connect to my work. Highly customisable for a range of connections. Works great. Available from main repo’s in YaST (10.3) or direct from kvpnc homepage.

You can try editing /tmp/vpnclient/Makefile and replacing CFLAGS entry with EXTRA_CFLAGS to see if that gets you anywhere. With the version of vpnclient you are installing there should be little patching done and an easier install. Are you sure you have all the prereq’s installed?

Tried replacing CFLAGS with EXTRA_CFLAGS and here is the result:

Making module
make -C /lib/modules/2.6.25.5-1.1-default/build SUBDIRS=/home/sbell/vpnclient modules
make[1]: Entering directory /usr/src/linux-2.6.25.5-1.1-obj/x86_64/default' make -C /usr/src/linux-2.6.25.5-1.1 O=/usr/src/linux-2.6.25.5-1.1-obj/x86_64/default/. modules CC [M] /home/sbell/vpnclient/linuxcniapi.o /home/sbell/vpnclient/linuxcniapi.c: In function ‘CniInjectReceive’: /home/sbell/vpnclient/linuxcniapi.c:341: warning: cast from pointer to integer of different size /home/sbell/vpnclient/linuxcniapi.c:342: warning: cast from pointer to integer of different size /home/sbell/vpnclient/linuxcniapi.c: In function ‘CniInjectSend’: /home/sbell/vpnclient/linuxcniapi.c:481: warning: cast from pointer to integer of different size /home/sbell/vpnclient/linuxcniapi.c:482: warning: cast from pointer to integer of different size /home/sbell/vpnclient/linuxcniapi.c:491: warning: cast to pointer from integer of different size /home/sbell/vpnclient/linuxcniapi.c:491: warning: cast from pointer to integer of different size CC [M] /home/sbell/vpnclient/frag.o /home/sbell/vpnclient/frag.c: In function ‘queue_fragment’: /home/sbell/vpnclient/frag.c:50: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:50: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:50: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:50: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:52: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:52: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:52: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:52: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:70: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:70: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:70: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:70: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:73: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:73: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:73: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:73: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c: In function ‘have_all_fragments’: /home/sbell/vpnclient/frag.c:126: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:126: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:126: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:126: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:134: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:134: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:134: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:134: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:141: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:141: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:141: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:141: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:142: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:146: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:146: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:146: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c:146: warning: cast to pointer from integer of different size /home/sbell/vpnclient/frag.c: In function ‘need_reorder_frag’: /home/sbell/vpnclient/frag.c:198: warning: cast to pointer from integer of different size CC [M] /home/sbell/vpnclient/IPSecDrvOS_linux.o CC [M] /home/sbell/vpnclient/interceptor.o /home/sbell/vpnclient/interceptor.c: In function ‘recv_ip_packet_handler’: /home/sbell/vpnclient/interceptor.c:655: warning: assignment makes integer from pointer without a cast /home/sbell/vpnclient/interceptor.c:676: warning: passing argument 2 of ‘CniNewFragment’ makes pointer from integer without a cast /home/sbell/vpnclient/interceptor.c: In function ‘do_cni_send’: /home/sbell/vpnclient/interceptor.c:794: error: invalid operands to binary - (have ‘sk_buff_data_t’ and ‘unsigned char*’) make[4]: *** [/home/sbell/vpnclient/interceptor.o] Error 1 make[3]: *** [_module_/home/sbell/vpnclient] Error 2 make[2]: *** [sub-make] Error 2 make[1]: *** [all] Error 2 make[1]: Leaving directory /usr/src/linux-2.6.25.5-1.1-obj/x86_64/default’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.

~ # rpm -qa glibc kernel gcc
libgcc43-4.3.1_20080507-6.1
glibc-devel-2.8-14.1
glibc-locale-32bit-2.8-14.1
glibc-locale-2.8-14.1
libgcc43-32bit-4.3.1_20080507-6.1
linux-kernel-headers-2.6.25-8.1
gcc-4.3-39.1
glibc-2.8-14.1
glibc-32bit-2.8-14.1
kernel-default-2.6.25.5-1.1
kernel-source-2.6.25.5-1.1
gcc43-4.3.1_20080507-6.1

Am I missing any other prereq’s?

I am having the same VPN compile issues, i got around the extra_cflags thing by setting KBUILD_NOPEDANTIC. I will try this in conjunction with the diff and build above tonight, see if it works.

cyberslug wrote:
> I am having the same VPN compile issues, i got around the extra_cflags
> thing by setting KBUILD_NOPEDANTIC. I will try this in conjunction with
> the diff and build above tonight, see if it works.
>
>

This may not work for all of you… but I use vpnc instead of
the Cisco client (because Cisco really has NO interest in
making their client work right). It all depends of course
upon your config, but if you can use vpnc, you’ll find that
it’s a whole lot more stable then Cisco’s less-than-supported
VPN client.

i got the same probleme . i have installed the kernel-source package and sure gcc-g++ gcc make .
have downlaoded the last patch-diff

patch < …/vpnclient-linux-2.6.24-final.diff

patching file GenDefs.h


then

./vpn_install

Cisco Systems VPN Client Version 4.8.01 (0640) Linux Installer
Copyright 1998-2006 Cisco Systems, Inc. All Rights Reserved.
Is the above correct y ]

Shutting down /opt/cisco-vpnclient/bin/vpnclient: Done
Stopped : /etc/init.d/vpnclient_init (VPN init script)
Making module
make -C /lib/modules/2.6.25.5-1.1-default/build SUBDIRS=/home/mohamed/Documents/
vpnclient modules
make[1] : Entering directory /usr/src/linux-2.6.25.5-1.1-obj/i386/default' make -C /usr/src/linux-2.6.25.5-1.1 O=/usr/src/linux-2.6.25.5-1.1-obj/i386/defau lt/. modules Building modules, stage 2. MODPOST 1 modules WARNING : could not find /home/mohamed/Documents/vpnclient/.libdriver.so.cmd for /home/mohamed/Documents/vpnclient/libdriver.so make 1 ] : Leaving directory /usr/src/linux-2.6.25.5-1.1-obj/i386/default’
Copying module to directory “/lib/modules/2.6.25.5-1.1-default/CiscoVPN”.
Already have group ‘bin’

Creating start/stop script “/etc/init.d/vpnclient_init”.
/etc/init.d/vpnclient_init
insserv: warning : script ‘S01vpnclient_init’ missing LSB tags and overrides
insserv: warning : script ‘vpnclient_init’ missing LSB tags and overrides
vpnclient_init 0 : off 1 : off 2 : off 3 : off 4 : off 5 : off 6 : off
Enabling start/stop script for run level 3,4 and 5.
insserv: warning: script ‘vpnclient_init’ missing LSB tags and overrides
vpnclient_init 0:off 1: off 2: off 3: on 4: off 5: on 6: off

Installing license.txt (VPN Client license) in “/opt/cisco-vpnclient/”:
/opt/cisco-vpnclient/license.txt

Installing bundled user profiles in “/etc/opt/cisco-vpnclient/Profiles/”:

  • Replaced Profiles: sample

Copying binaries to directory “/opt/cisco-vpnclient/bin”.
Adding symlinks to “/usr/local/bin”.
/opt/cisco-vpnclient/bin/vpnclient
/opt/cisco-vpnclient/bin/cisco_cert_mgr
/opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory “/opt/cisco-vpnclient/bin”.
/opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory “/opt/cisco-vpnclient/lib”.
/opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory “/opt/cisco-vpnclient/include”.
/opt/cisco-vpnclient/include/vpnapi.h

Setting permissions.
/opt/cisco-vpnclient/bin/cvpnd (setuid root)
/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient (permissions not changed)

  • You may wish to change these permissions to restrict access to root.
  • You must run “/etc/init.d/vpnclient_init start” before using the client.
  • This script will be run AUTOMATICALLY every time you reboot your computer.

vpnclient connect vpn

Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.25.5-1.1-default #1 SMP 2008-06-07 01:55:22 +0200 i686
Config file directory: /etc/opt/cisco-vpnclient

everything is working FIne

I have Cisco Systems VPN Client Version 4.8.01 (0640) - module compiled after patching vpnclient-linux-2.6.24-final.diff
kernel: 2.6.25.5-1.1-pae
I’ve a problem with connection. Client negotiate a connection, take a IP adress from server


Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.25.5-1.1-pae #1 SMP 2008-06-07 01:55:22 +0200 i686
Config file directory: /etc/opt/cisco-vpnclient

Enter a group password: 
Initializing the VPN connection.
Contacting the gateway at 85.#.#.#
User Authentication for test2...

The server has requested the following information to complete the user authentication:

Username [pooh]: 
Password ]: 
Authenticating user.
Negotiating security policies.
Securing communication channel.

Your VPN connection is secure.

VPN tunnel information.
Client address: 172.#.#.#
Server address: 85.#.#.#
Encryption: 168-bit 3-DES
Authentication: HMAC-SHA
IP Compression: None
NAT passthrough is inactive
Local LAN Access is disabled

…everything looks great but any communication with any host is possible. I try ping host on server side but nothing back
Any idea whats wrong ?

Here’s how I got the client to work on my machine.

Get the patch from http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff

Get this patch from http://projects.tuxx-home.at/ciscovpn/patches/cisco_skbuff_offset.patch

Untar the source code

cd vpnclient

patch < …/vpnclient-linux-2.6.24-final.diff
patch < …/cisco_skbuff_offset.patch

You have an output that might look this. But it look like it patched ok.

patching file GenDefs.h
patching file interceptor.c
Hunk #6 succeeded at 955 (offset 20 lines).
Hunk #7 succeeded at 997 (offset 20 lines).

Since I have a 64 bit system, I have to change this line in the Makefile around line number 15.

CFLAGS += -mcmodel=kernel -mno-red-zone -to-
EXTRA_CFLAGS += -mcmodel=kernel -mno-red-zone

Then run the vpn_install.

Hope that helps!

Jose

Following Jose’s instructions for the Cisco VPN client in applying several patches, I was able to get the client working in OpenSUSE 11.0.

Thanks

Unfortunately in my case it is not working. Maybe you can have an Idea what else I should check to solve that problem.

Installation:



I try to connect:

--------------------
vpnclient connect UK
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.27.7-9-default #1 SMP 2008-12-04 18:10:04 +0100 x86_64
Config file directory: /etc/opt/cisco-vpnclient

Initializing the VPN connection.
Contacting the gateway at 193.32.3.51
Contacting the gateway at 193.32.3.53 (balancing)
User Authentication for UK...

Enter Username and Password.

Username [name]:
Password ]:
Authenticating user.
Negotiating security policies.
Securing communication channel.

Your VPN connection is secure.

VPN tunnel information.
Client address: 141.144.136.60
Server address: 193.32.3.53
Encryption: 168-bit 3-DES
Authentication: HMAC-SHA
IP Compression: None
NAT passthrough is inactive
Local LAN Access is disabled

… but I do not get an connection :frowning:


vpnclient stat
Cisco Systems VPN Client Version 4.8.01 (0640)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.27.7-9-default #1 SMP 2008-12-04 18:10:04 +0100 x86_64
Config file directory: /etc/opt/cisco-vpnclient

VPN tunnel information.
Connection Entry: UK
Client address: 141.144.136.60
Server address: 193.32.3.53
Encryption: 168-bit 3-DES
Authentication: HMAC-SHA
IP Compression: None
NAT passthrough is inactive
Local LAN Access is disabled

VPN traffic summary.
Time connected: 0 day(s), 00:00.14
Bytes in: 0
Bytes out: 0
Packets encrypted: 0
Packets decrypted: 0
Packets bypassed: 24
Packets discarded: 0

Configured routes.
Secured    Network Destination   Netmask
           0.0.0.0               0.0.0.0

any Ideas?

Gideon

Sorry I forgot:

I use a SuSE 11.1 on a 64Bit System:

I use an special package for the installation that is doing all the patching automatically. I can not see an error at the installation.

Although, I’m on 11.1, I would think it would be the same for 11.

I installed everything “kvpnc” in Yast.
The only way I can open the kvpnc program is to do it from Gnome Terminal as su/supwd then kvpnc. This will open the gui cisco client where I entered my .pcf file and setup the connection there.

Works like a champ.:slight_smile:

Does anyone know why gnomesu or sudo don’t work with kvpnc on Gnome?:\

I had never ending probs with the Cisco client under 10.3.

Eventually, I switched to using kvpnc and it worked perfectly ever since.

I’d highly recommend vpnc or kvpnc in preference to Cisoc’s broken client.

I’m just hoping now that when I eventually get my 11.1 64 bit networking problems over, vpnc/kvpnc will still work :wink:

On Sun, 2009-06-28 at 21:16 +0000, back to suse wrote:

> I’m just hoping now that when I eventually get my 11.1 64 bit
> networking problems over, vpnc/kvpnc will still work :wink:

It’ll work… I use it everywhere (32bit and 64bit)
I just use vpnc though.