How to install Cisco VPN Client on Ubuntu 10.04
Yesterday, I finally managed to install Cisco VPN client for Linux on my main home workstation, running Ubuntu 10.04. Though, I’m still troubleshooting connection issue with our service provider, I believe I’m one step further of true, Windows free workstation running on ASROCK mini.
Many thanks go to Ngo Ky Lam and his instructions HOW TO INSTALL CISCO VPN CLIENT ON UBUNTU JAUNTY JACKALOPE AND KARMIC KOALA 64 BIT, which are also valid for Lucid Lynx.
Here are the steps that I performed to install Cisco VPN Client 4.8.02.030:
-- -- Download VPN Client for Linux (4.8.02.030) from Cisco if you can, -- since I don't have access to Cisco support site, I searched the web for the client package... -- $ wget http://its.eiu.edu/software/vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz $ tar xzvf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz -- -- Download and install patch from lamnk.com -- $ cd vpnclient $ wget http://www.lamnk.com/download/fixes.patch $ alesk@dbaportal:~/vpnclient$ patch < ./fixes.patch patching file frag.c patching file interceptor.c patching file IPSecDrvOS_linux.c patching file linuxcniapi.c patching file linuxkernelapi.c patching file Makefile -- -- Install VPN Client accepting all defaults -- $ sudo ./vpn_install Cisco Systems VPN Client Version 4.8.02 (0030) Linux Installer Copyright (C) 1998-2006 Cisco Systems, Inc. All Rights Reserved. By installing this product you agree that you have read the license.txt file (The VPN Client license) and will comply with its terms. Directory where binaries will be installed [/usr/local/bin] Automatically start the VPN service at boot time [yes] In order to build the VPN kernel module, you must have the kernel headers for the version of the kernel you are running. Directory containing linux kernel source code [/lib/modules/2.6.32-25-generic/build] * Binaries will be installed in "/usr/local/bin". * Modules will be installed in "/lib/modules/2.6.32-25-generic/CiscoVPN". * The VPN service will be started AUTOMATICALLY at boot time. * Kernel source from "/lib/modules/2.6.32-25-generic/build" will be used to build the module. Is the above correct [y] Making module make -C /lib/modules/2.6.32-25-generic/build SUBDIRS=/home/alesk/vpnclient modules make: Entering directory `/usr/src/linux-headers-2.6.32-25-generic' CC [M] /home/alesk/vpnclient/linuxcniapi.o CC [M] /home/alesk/vpnclient/frag.o CC [M] /home/alesk/vpnclient/IPSecDrvOS_linux.o CC [M] /home/alesk/vpnclient/interceptor.o CC [M] /home/alesk/vpnclient/linuxkernelapi.o LD [M] /home/alesk/vpnclient/cisco_ipsec.o Building modules, stage 2. MODPOST 1 modules WARNING: could not find /home/alesk/vpnclient/.libdriver.so.cmd for /home/alesk/vpnclient/libdriver.so CC /home/alesk/vpnclient/cisco_ipsec.mod.o LD [M] /home/alesk/vpnclient/cisco_ipsec.ko make: Leaving directory `/usr/src/linux-headers-2.6.32-25-generic' Create module directory "/lib/modules/2.6.32-25-generic/CiscoVPN". Copying module to directory "/lib/modules/2.6.32-25-generic/CiscoVPN". Already have group 'bin' Creating start/stop script "/etc/init.d/vpnclient_init". /etc/init.d/vpnclient_init Enabling start/stop script for run level 3,4 and 5. Creating global config /etc/opt/cisco-vpnclient Installing license.txt (VPN Client license) in "/opt/cisco-vpnclient/": /opt/cisco-vpnclient/license.txt Installing bundled user profiles in "/etc/opt/cisco-vpnclient/Profiles/": * New Profiles : at_eiu eiu sample Copying binaries to directory "/opt/cisco-vpnclient/bin". Adding symlinks to "/usr/local/bin". /opt/cisco-vpnclient/bin/vpnclient /opt/cisco-vpnclient/bin/cisco_cert_mgr /opt/cisco-vpnclient/bin/ipseclog Copying setuid binaries to directory "/opt/cisco-vpnclient/bin". /opt/cisco-vpnclient/bin/cvpnd Copying libraries to directory "/opt/cisco-vpnclient/lib". /opt/cisco-vpnclient/lib/libvpnapi.so Copying header files to directory "/opt/cisco-vpnclient/include". /opt/cisco-vpnclient/include/vpnapi.h Setting permissions. /opt/cisco-vpnclient/bin/cvpnd (setuid root) /opt/cisco-vpnclient (group bin readable) /etc/opt/cisco-vpnclient (group bin readable) /etc/opt/cisco-vpnclient/Profiles (group bin readable) /etc/opt/cisco-vpnclient/Certificates (group bin readable) * You may wish to change these permissions to restrict access to root. * You must run "/etc/init.d/vpnclient_init start" before using the client. * This script will be run AUTOMATICALLY every time you reboot your computer.
After you installed the client, copy your Cisco VPN client profile(s) that were given you by your system admin to /etc/opt/cisco-vpnclient/Profiles. If your profile is named AcmeVPN.pcf, then you can connect with:
-- -- Check that vpnclient_init service is running... -- Optionally, install package sysvconfig if service util is missing on your machine -- $ sudo apt-get install sysvconfig -- $ service vpnclient_init status -- -- if vpnclient_init is not running, then start the service... -- $ sudo service vpnclient_init start -- -- now, you can start a VPN connection with the client, -- specifying the name of particular profile... --- $ sudo vpnclient connect AcmeVPN
As I mentioned at the beginning of this post, I’m troubleshooting the connection to my workplace. As far as I can tell, Cisco client is working fine, it’s just that connection is terminated by the client for some (unknown) reason. I’m receiving:
Cisco Systems VPN Client Version 4.8.02 (0030)
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.32-26-generic #47-Ubuntu SMP Wed Nov 17 15:59:05 UTC 2010 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Contacting the gateway at xxx.xxx.xxx.xxx
Contacting the gateway at xxx.xxx.xxx.xxx
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
It must be something either in profile (pcf) file or perhaps with certificates (/etc/opt/cisco-vpnclient/Certificates).
[Update on December 12, 2010: I gave up on troubleshooting Cisco client for Linux – instead I’m happy to report that vpnc works flawlessly on my Ubuntu 10.04, as I wrote it here.]