Sunday, September 07, 2008

Ubuntu and Cisco VPN clients

I recently decided that I would abandon Windows completely and start using only Linux as a desktop environment for my work laptop. At home I already used Linux on a majority of the workstations and even my girlfriend is using Linux on here laptop. However, using a Linux workstation in a corporate environment can be somewhat hard if the rest of the company is still sticking with Windows.

So I have hade some problems to solve and one of them was the connection to the office and the datacenter. We use cisco PIX equiopment to give remote users access to the office so they all have a Cisco VPN client installed. I have checked the Cisco website and the amount of Linux tools they are offering was somewhat disapointing. I found a part of the solution written by Tyler on his weblog.

However, I did have some problems when I followed his setup steps when I tried to install it on Ubuntu hardy (Ubuntu 8.04.1). To check the version of Ubuntu enter the following command: lsb_release -a

The problem was that I got the following error during the making of the module:

Making module
make -C /lib/modules/2.6.24-16-generic/build SUBDIRS=/home/igfud/Desktop/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic'
CC [M] /home/igfud/Desktop/vpnclient/linuxcniapi.o
In file included from /home/igfud/Desktop/vpnclient/Cniapi.h:15,
from /home/igfud/Desktop/vpnclient/linuxcniapi.c:31:
/home/igfud/Desktop/vpnclient/GenDefs.h:113: error: conflicting types for ‘uintptr_t’
include/linux/types.h:40: error: previous declaration of ‘uintptr_t’ was here
make[2]: *** [/home/igfud/Desktop/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/igfud/Desktop/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.24-16-generic'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko".

After some searching I found the solution. So if you experiencing the same problems you can try and follow the following steps:
  1. Download vpnclient-linux-x86_64- from the website.
  2. Extract the downloaded archive with tar xzf
  3. Download the patch from the website, this is patch vpnclient-linux-2.6.24-final.diff
  4. go into the new directory created by extracting the client and apply the diff patch by executing the following command: patch <>
  5. Now start the installer by exectuting: sudo ./vpn_install
This is all it takes to install the VPN client. You might want to install you pcf profiles. This can be done by simply placing them into /etc/opt/cisco-vpnclient/profiles/

You can start a VPN session by executing the following command: sudo vpnclient connect myprofile (if your profile is named myprofile).

You have to make sure that the vpn client itself is started. you can find the start/stop script in /etc/init.d however to make things more easy for myself I have created a script for every connection I have. You might want to use the same approuche, the script is below so you can edit it to your own use:

echo init the vpnclient
/etc/init.d/vpnclient_init restart
echo vpnlient process started
vpnclient connect myprofile

Make sure you start the script with a sudo.

1 comment:

Anonymous said...

indeed, i don't care too much about what people do with their desktop environment. what is important is using open and available standards. this cisco vpn stuff isn't one of them.

it's a pain in the butt. it breaks each time a new kernel version comes out, sometimes ubuntu kernel updates require you to compile the whole thing again. and for what? a miserable vpn client that doesn't work decent on linux (and if i have to believe my windows colleagues, it doesn't run great on windows either).

and what about wireless? oddysse or whatever it is called, what's the use in that!

companies have got to learn not to lock themself in, in these fast changing times you need to be able to switch to new tools quickly if needed.