# Stuck! VPN Client Connection issue

## K-Dawg

Hi gentoo enthusiasts.  I have a question that I desperately need a resolution and an answer to.  I need to connect to a VPN server at work from my gentoo laptop that we usually use a Nortel Contivity VPN Client from our XP machines for our network connection.  This Nortel version uses 3DES encryption, LZS, and is using 128-bit level encryption, and works using ipsec protocol.  I can connect to VPN server 167.210.234.2 or 167.210.234.1 and I am assigned an IP address out of the 167.210.x.x pool.  I use my work e-mail and intranet password to login to this VPN server and authenticate.  My problem is I need to connect to this VPN from my laptop booted into gentoo and have run into a snag on what to use to do this.  I posted a question about this about a week or 2 ago and was kinda let down when there were really no clear answers.  Hopefully w/ the more inclusive and detailed network configuration setup provided  above someone will be able to assist me and point me in the right direction.  I have investigated the option of using freeswan or the cisco-vpnclient-3des.   Am I headed in the right direction and if I am I know that I must emerge one of these packages but what are the commands to create the ipsec tunnel to this VPN server?

----------

## Banjer

I assume the network uses Contivity IP access routers or VPN servers so i would go for the Nortel Contivity Multi-OS VPN Client, wich should support Linux.

http://www.nortelnetworks.com/products/01/contivity/multi_os/

It's propably the same client as you use for the windows clients

----------

## K-Dawg

Yeah I was also gonna mention this option I ran across also w/ the Nortel Networks Contivity Multi OS client for linux which was released back in 9/03.  Does anyone know where I might be able to download or grab this from as it is $80 off Nortel's website adnd I just cant justify this expenditure.  Maybe it's just the open source cheap ass loving guy in me  :Smile: 

----------

## Banjer

You could register and download the 30 day trail and give it a try....

The FreeS/WAN documentation links to this document regarding to FreeS/WAN and Nortel: http://lists.freeswan.org/pipermail/users/2002-May/010924.html... seems to be a no-go..

Source: http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/interop.html#nortel

----------

## K-Dawg

Should I grab the .tar.gz file or the RPM file for linux?  If I grab the RPM file should I just be able to do a RPM -i cvc_linux-rh-gcc3-3.0e-0.src.rpm and that should do the trick?  

EDIT: Well of course I cannot use the RPM system in gentoo  :Smile:  hehe

So... should I go the route of the tar.gz file instead?  Will this work tar -xvf cvc_linux-rh-gcc3-3.0e-0.tar.gz?

Sorry I am a little new at unzipping and compressing stuff w/ linux just yet

----------

## K-Dawg

Well I got the program unzipped using tar -zxvf filename and it created a directory and when I change to this directory and try to follow the readme docs to do a make install from here it give's me the following error:

bash-2.05b# make install

cd src && make install

make[1]: Entering directory `/root/nortel/cvc_linux-gcc2-3.0/src'

gcc -D__KERNEL__ -DMODULE -O -w -c -I/usr/src/linux/include -I/usr/src/linux-2.4/include -I/usr/include  nlvcard.c

In file included from /usr/src/linux/include/asm/smp.h:18,

                 from /usr/src/linux/include/linux/smp.h:17,

                 from /usr/src/linux/include/linux/sched.h:23,

                 from /usr/src/linux/include/linux/module.h:10,

                 from nlvcard.c:42:

/usr/src/linux/include/asm/mpspec.h:6:25: mach_mpspec.h: No such file or directory

In file included from /usr/src/linux/include/asm/smp.h:18,

                 from /usr/src/linux/include/linux/smp.h:17,

                 from /usr/src/linux/include/linux/sched.h:23,

                 from /usr/src/linux/include/linux/module.h:10,

                 from nlvcard.c:42:

/usr/src/linux/include/asm/mpspec.h:8: error: `MAX_MP_BUSSES' undeclared here (not in a function)

/usr/src/linux/include/asm/mpspec.h:9: error: `MAX_MP_BUSSES' undeclared here (not in a function)

/usr/src/linux/include/asm/mpspec.h:10: error: `MAX_MP_BUSSES' undeclared here (not in a function)

/usr/src/linux/include/asm/mpspec.h:12: error: `MAX_MP_BUSSES' undeclared here (not in a function)

/usr/src/linux/include/asm/mpspec.h:19: error: `MAX_APICS' undeclared here (not in a function)

/usr/src/linux/include/asm/mpspec.h:20: error: `MAX_MP_BUSSES' undeclared here (not in a function)

/usr/src/linux/include/asm/mpspec.h:20: error: conflicting types for `mp_bus_id_to_type'

/usr/src/linux/include/asm/mpspec.h:8: error: previous declaration of `mp_bus_id_to_type'

/usr/src/linux/include/asm/mpspec.h:22: error: `MAX_IRQ_SOURCES' undeclared here (not in a function)

/usr/src/linux/include/asm/mpspec.h:24: error: `MAX_MP_BUSSES' undeclared here (not in a function)

/usr/src/linux/include/asm/mpspec.h:24: error: conflicting types for `mp_bus_id_to_pci_bus'

/usr/src/linux/include/asm/mpspec.h:12: error: previous declaration of `mp_bus_id_to_pci_bus'

/usr/src/linux/include/asm/mpspec.h:50: error: `MAX_APICS' undeclared here (not in a function)

In file included from /usr/src/linux/include/asm/smp.h:20,

                 from /usr/src/linux/include/linux/smp.h:17,

                 from /usr/src/linux/include/linux/sched.h:23,

                 from /usr/src/linux/include/linux/module.h:10,

                 from nlvcard.c:42:

/usr/src/linux/include/asm/io_apic.h:160: error: `MAX_IRQ_SOURCES' undeclared here (not in a function)

/usr/src/linux/include/asm/io_apic.h:160: error: conflicting types for `mp_irqs'

/usr/src/linux/include/asm/mpspec.h:22: error: previous declaration of `mp_irqs'

In file included from /usr/src/linux/include/linux/smp.h:17,

                 from /usr/src/linux/include/linux/sched.h:23,

                 from /usr/src/linux/include/linux/module.h:10,

                 from nlvcard.c:42:

/usr/src/linux/include/asm/smp.h:72:26: mach_apicdef.h: No such file or directory

In file included from /usr/src/linux/include/linux/irq.h:20,

                 from /usr/src/linux/include/asm/hardirq.h:6,

                 from /usr/src/linux/include/linux/interrupt.h:11,

                 from /usr/src/linux/include/linux/netdevice.h:501,

                 from nlvcard.c:53:

/usr/src/linux/include/asm/irq.h:16:25: irq_vectors.h: No such file or directory

In file included from /usr/src/linux/include/asm/hardirq.h:6,

                 from /usr/src/linux/include/linux/interrupt.h:11,

                 from /usr/src/linux/include/linux/netdevice.h:501,

                 from nlvcard.c:53:

/usr/src/linux/include/linux/irq.h:70: error: `NR_IRQS' undeclared here (not in a function)

In file included from /usr/src/linux/include/linux/irq.h:72,

                 from /usr/src/linux/include/asm/hardirq.h:6,

                 from /usr/src/linux/include/linux/interrupt.h:11,

                 from /usr/src/linux/include/linux/netdevice.h:501,

                 from nlvcard.c:53:

/usr/src/linux/include/asm/hw_irq.h:28: error: `NR_IRQ_VECTORS' undeclared here (not in a function)

/usr/src/linux/include/asm/hw_irq.h:31: error: `NR_IRQS' undeclared here (not in a function)

make[1]: *** [nlvcard.o] Error 1

make[1]: Leaving directory `/root/nortel/cvc_linux-gcc2-3.0/src'

make: *** [install] Error 2

Then I found this in the doc's and figured my 2.6.5 kernel is probably the culprit wouldn't you all say so?

1) Contivity VPN Client products require the Linux-2.2.x 

kernel or the Linux-2.4.x kernel. Kernel versions 2.4.21

and beyond are not supported.

So my question now is am I going to have to emerge and boot into a 2.4 kernel to get this to work possibly.  I could have sworn I saw a doc on the net stating that Nortel now supports the 2.6 kernel w/ this Nortel Contivity Multi-OS VPN Client.  DANG I will get it eventually though I am persistent  :Smile: 

----------

## K-Dawg

BUMP  :Smile:  In hopes that the right eyes will see this and help me finish up w/ a resolution as I have come a long way.  Ok I was also gonna go the cisco-vpnclient-3des way?  Would this work I googled for the correct file (vpnclient-linux-4.0.3.B-k9.tar.gz) and unzipped it while booted into a 2.6.3 environment and is loaded perfect and after I did a /etc/init.d/cisco_vpnclient start cmd I see that the cisco_vpnclient module is loaded.  So does it look like this will work?  I read off http://www.math.dartmouth.edu/software/resources_Linux/vpn/cvpn.html

As of this writing, Cisco VPN client does not work with Linux kernel 2.6. You should keep this in mind, if you are running 2.4, but might be upgrading to 2.6 soon. Trying to start Cisco VPN client on 2.6 effectively disables the networking and the only way to reset it is to reboot the system (actually it will `hang' while trying to shut down the networking and eventually you'll have to do a hard reset). With 2.6 you can use an open source alternative to Cisco VPN client -- vpnc.

I didnt notice any networking lock up at all (in 2.6) is this because I have not yet actually started the vpn tunnel?

So all in all should I now go the vpnc open source route and scrap the Nortel and Cisco VPN client options?

All help is GREATLY appreciated in getting a final resolution to this and hopefully others can use this post as I now see in the same forums 2 similar questions.

----------

## herda0505

K-dawg, did you get this working?

I'm currently fiddling with it now. I started on 2.6.9 but had to go down to 2.4.26 to get the Contivity Multi-OS  client built. Everything starts up and looks nice, but it doesn't connect. Never gets past the initial request screen. I've been combing through the logs and don't see to much. In the netlock agent log there is an sp_socket_open error after about 10 minutes and then netlock quits.

----------

## spacemoth

There is a new version, just released by Apani networks, that supports kernel 2.6. Apani tech support says it *may* work with Gentoo, although its designed for RH or Suse. I'm working on it today, will post my results.

http://www.apani.com/buytry.html

----------

## spacemoth

The Apani client officially supports RedHat and Suse, and at present does not run on on my gentoo-dev-sources 2.6.9 system (IBM R40 laptop). I tried using the RH and Suse versions, and although everything seems to install okay, the client won't start.

It's one of this point and shoot installer, that doesn't really give you many options to troubleshoot.

Apani support basically says game over when you tell them you're running gentoo.

----------

## herda0505

Thanks spacemoth. I'll play around with it. Currently I installed vmware with a winxp virtual machine and have nortel running through that so I can get work done.  I might try grabbing a rh kernel and attempt to run off of that...

----------

## lucky_rooster

 *spacemoth wrote:*   

> The Apani client officially supports RedHat and Suse, and at present does not run on on my gentoo-dev-sources 2.6.9 system (IBM R40 laptop). I tried using the RH and Suse versions, and although everything seems to install okay, the client won't start.

 

I had been running Netlock v2.1.5 (for RedHat) w/ kernel 2.4.20 and it worked great. I recently upgraded to kernel 2.4.27 (which broke NetLock, as it supports only kernel 2.4.20). I just successfully connected using NetLock v3.1.1e with the 2.4.27 kernel.

I, too, had no luck with the 2.6.9 kernel - when I tried "netlock start" I got an error from insmod and then my system would become rather unstable. I might try kernel 2.6.8 for grins (or, if I'm feeling really ambitious, try the Fedora source).

Anyone had any luck getting Netlock (for Nortel) working with a 2.6.x kernel? I did see the post https://forums.gentoo.org/viewtopic.php?t=60417&highlight=netlock about someone creating an e-build - has anyone tried that or know what version kernel it is for?

----------

## darkarchon

Take a look at the other thread on the same issue. To sum it up:

I was unable to get "Contivity VPN Client v3.1.1" to work with gentoo-dev-sources 2.6.10 and gcc 3.4.3. However, it clearly works on SuSe 9.1 Personal which has a default setup of:

```
kernel   2.6.5-7.147-default

gcc      3.3.3 

glibc    2.3.3
```

The release notes state that the VPN client should work for "2.6.x kernel and gcc 3.x", but there clearly is an issue with 2.6.10 and gcc 3.4.3, and the issue is a very nasty one: it will literally lock up your machine and you have no recourse but to power cycle, and it has happened to just about everyone who did a "netlock start" on 2.6.10. 

I contacted Apani and they used the "unsupported distribution" line, which I felt was not addressing the problem but hiding behind a technicality. I urged Apani to resolve the matter with a "proactive" approach to capture goodwill and be seen in a good light by the Linux community, both of which are valuable in a tight economic climate. 

But, we need to put more pressure to make sure this is fixed, and it may be as simple as recompiling some of the proprietary binaries within a newer setup configuration. So, please call them or email them if you can and urge them to fix the hard lockup issue on the 2.6.10 kernels. 

Just a friendly reminder: lease remember that you will be representing the bleeding edge of Linux users when you contact Apani, so please be civil in your communication. Crude and vulgar language will only give us a bad name, when we really need to develop a good rapport. Thanks!

Apani Technical Support (Monday thru Friday, 8 am to 5 pm PST)

Phone: 714.792.1888

Email: support@apani.com

----------

## zigver

 *darkarchon wrote:*   

> I contacted Apani and they used the "unsupported distribution" line, which I felt was not addressing the problem but hiding behind a technicality. I urged Apani to resolve the matter with a "proactive" approach to capture goodwill and be seen in a good light by the Linux community, both of which are valuable in a tight economic climate. 

 

Any update on this?  I'm in need of connecting to a Nortel VPN with a 2.6 kernel and 3.4.3 gcc.

----------

## darkarchon

 *zigver wrote:*   

> Any update on this?  I'm in need of connecting to a Nortel VPN with a 2.6 kernel and 3.4.3 gcc.

 The following information was on the Apani website. I hope it actually works this time around because I really don't want to go through another afternoon of repeated hard lockups. 

Apani Networks Knowledge Base

Screenshot of KB-10157

Screenshot of KB-10156

 *Quote:*   

> Article ID:    	KB-10157 
> 
> Topic:  	Which Linux distributions are supported by Apani Networks?
> 
> Product(s):  	Contivity VPN Client
> ...

  *Quote:*   

> Article ID:    	KB-10156 
> 
> Topic:  	Which Linux kernels are supported by Apani Networks?
> 
> Product(s):  	Contivity VPN Client
> ...

 

----------

