# cisco vpn client and 2.6 kernel

## zeky

hello

Cisco is still not supporting this vpn client on 2.6 (neither 2.5) kernels. I found some url while googling for a pach to fix that, but i'm not sure how to use that. The URL is HERE . And the word is:

```

i tried to build the cisco 3des vpnclient on my linux-2.6.x box when i=20

encounted a compiling error ... googling turned up this lug's e-mail archiv=

e=20

with someone who had the same problem ...

since i couldnt find anyone who said 'here is the solution', i made a trivi=

al=20

patch (see included)

=2Dmike

--Boundary-01=_G6Xn/QLUN3p5q6+

Content-Type: text/x-diff;

  charset="us-ascii";

  name="4.0.1a-linux26.patch"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: attachment;

   filename="4.0.1a-linux26.patch"

=2D-- interceptor.c.orig   2003-10-27 14:59:18.474879600 -0500

+++ interceptor.c   2003-10-27 14:59:05.186899680 -0500

@@ -322,12 +322,12 @@

=20

     dev_add_pack(&dummy_pt);

     /* this should be the original IP packet handler */

=2D    default_pt =3D dummy_pt.next;

+    default_pt =3D list_entry(dummy_pt.list.next, struct packet_type, list=

);

     /* there may be more than one other packet handler in our bucket,

      * so look through all the buckets */

     while (default_pt !=3D NULL && default_pt->type !=3D htons(ETH_P_IP))

     {

=2D        default_pt =3D default_pt->next;

+        default_pt =3D list_entry(dummy_pt.list.next, struct packet_type, =

list);

     }

     if (!default_pt)

     {

--Boundary-01=_G6Xn/QLUN3p5q6+--
```

So, any ideas anyone?

----------

## infirit

```
emerge cisco-vpnclient-3des
```

And follow the insructions

----------

## zeky

Thanks, didn't know this version works with 2.6. kernels   :Rolling Eyes: 

----------

## spacehug

 *zeky wrote:*   

> Thanks, didn't know this version works with 2.6. kernels  

 

Worked great for me, all I had to do was a small edit to vpnclient_init to have it "support" 2.6.* kernels.

----------

## wangxiaohu

 *spacehug wrote:*   

>  *zeky wrote:*   Thanks, didn't know this version works with 2.6. kernels   
> 
> Worked great for me, all I had to do was a small edit to vpnclient_init to have it "support" 2.6.* kernels.

 

I have emerged this packages too, and everything were compiled fine. I am able to do "/etc/init.d/vpnclient start" and I can see the module is loaded using lsmod. Using "vpnclient connect XXX", the connection is created successfully:

```

root@linux vpnclient # vpnclient connect McMasterVPN

Cisco Systems VPN Client Version 4.0.3 (B)

Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Linux

Running on: Linux 2.6.0-gentoo-r1 #2 Thu Jan 1 18:56:07 UTC 2004 i686

 

Initializing the VPN connection.

Contacting the gateway at 130.113.69.99

User Authentication for McMasterVPN...

 

Enter Username and Password.

 

Username [mugsireg]: mugsireg

Password []:

Authenticating user.

Negotiating security policies.

McMaster Authorized Use Only!

 

Idle sessions are disconnected after 30 minutes of inactivity.

 

All sessions are disconnected after 24 hours of continuous use.

 

For assistance, please contact the CIS Helpline at (905)-525-9140 Ext. 24357.

Do you wish to continue? (y/n): y

 

Your VPN connection is secure.

 

VPN tunnel information.

Client address: 130.113.90.10

Server address: 130.113.69.99

Encryption: 56-bit DES

Authentication: HMAC-MD5

IP Compression: None

NAT passthrough is active on port UDP 10000

Local LAN Access is disabled

```

The problem is, I cannot access the network. I typed ifconfig and it shows me:

```

root@linux vpnclient # ifconfig

eth0      Link encap:Ethernet  HWaddr 00:05:5D:2B:B0:A1

          inet addr:24.150.118.4  Bcast:255.255.255.255  Mask:255.255.240.0

          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:2080492 errors:0 dropped:0 overruns:0 frame:0

          TX packets:27891 errors:0 dropped:0 overruns:0 carrier:0

          collisions:1939 txqueuelen:1000

          RX bytes:150864893 (143.8 Mb)  TX bytes:3743905 (3.5 Mb)

          Interrupt:9 Base address:0x3000

 

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:2248 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2248 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:141442 (138.1 Kb)  TX bytes:141442 (138.1 Kb)

```

I don't see cipsec0 there.

I tried to ping some server and got no response.

Any help would appreciated.

----------

## cephlen

Was this issue ever resolved?

Am having the same problem.  2.6.1 kernel, vpn module loads up just fine, vpn connects and authenticates just fine.

No cipsec0 or any new device is being created.  Pings to the vpn network just hang.

The route rules it creates look good.

----------

## cephlen

ifconfig -a does reveal the cipsec0 interface.  However, no traffic seems to be going out to it.

----------

## triwebb1

Do you have a proper route in your routing table?  Do a 

```
route -n
```

 to check.

----------

## cephlen

The route command does not list the cipsec0 device, nor the ip range that is part of the vpn network.

route add -net 10.0.0.0 netmask 255.255.255.0 dev cipsec0

returns will this error: SIOCADDRT: No such device

vpnclient stat reveals this (I put the ?'s in there to hide the ip address):

Configured routes.

Secured    Network Destination   Netmask

           ?.?.?.64          255.255.255.192

           10.0.0.0              255.0.0.0

----------

## swgeckoman

Slightly different problem here, but Im not able to connect at all.  Are there any kernel modules that I need to install to make it work?

----------

## Aurora

 *swgeckoman wrote:*   

> Slightly different problem here, but Im not able to connect at all.  Are there any kernel modules that I need to install to make it work?

 

In order to make the IPsec work with the 2.6 Kernel, you need PF Key, AHS Transformations, ESP Transformations, IPsec user config interface, and all the cryptos...

I've read you load them in as modules...I wouldn't do that though.  I included all of mine.

----------

## swgeckoman

I got it working.  I do have problems with unloading the cisco_ipsec module though.  Pretty annoying since it screws up shutting down my laptop.

----------

## piquadrat

There is an open source implementation of a (more or less) cisco compatible VPN Client. Here's a quote from this German thread:

 *Quote:*   

> I'll try to summarize all the information we got about this new vpnc software. (This time in english, so that everybody will be able to read it)
> 
> 1. Kernel configuration
> 
> All you need is:
> ...

 

----------

## Arno

vpnc has just been added to portage  :Smile: 

----------

## el*Loco

 *cephlen wrote:*   

> ifconfig -a does reveal the cipsec0 interface.  However, no traffic seems to be going out to it.

 

I have the 4.0.3 Cisco Client working on my Intel P4 Laptop without any problems, however, on my Athlon-XP the cisco_ipsec module compiles and loads without trouble, I can establish a connection, I do have a cipsec0 interface and I can ping single IPs - but UDP packets don't work, so DNS is not working at all. Any idea?

----------

## piquadrat

 *Arno wrote:*   

> vpnc has just been added to portage 

 

Ah, very cool!

----------

## Chris_Hird

I have the same problems as listed previously, I can see the ipsec0 interface using ifconfig -a but if I try to add a route I get the same error? Did you fix the problem? Anyone have any ideas

----------

## numbaonestunna

 *Aurora wrote:*   

>  *swgeckoman wrote:*   Slightly different problem here, but Im not able to connect at all.  Are there any kernel modules that I need to install to make it work? 
> 
> In order to make the IPsec work with the 2.6 Kernel, you need PF Key, AHS Transformations, ESP Transformations, IPsec user config interface, and all the cryptos...
> 
> I've read you load them in as modules...I wouldn't do that though.  I included all of mine.

 

Which kernel libraries are these under?  I didn't see them in the normal make menuconfig... I saw the cryptos and that's it.  I'm using 2.6.3-rc2.ebuild.  

Thanks...

Edit:  Nevermind, found them in device drivers-->networking-->networking options, or something like that.  Thanks anyways.

----------

## xenocide2

the cisco vpn client works fine in 2.6.1 but i cant get it to work in 2.6.3 ...

----------

## v912485

 *xenocide2 wrote:*   

> the cisco vpn client works fine in 2.6.1 but i cant get it to work in 2.6.3 ...

 

Did anyone have any luck getting the vpnclient to work under 2.6.3?

----------

## leszcz

Yes.

look here :

https://forums.gentoo.org/viewtopic.php?t=137394

----------

