# CISCO VPN Client

## linuxbum

Hello Everyone,

I have tried three differnet versions of the Csico VPN client.

After fixing the stamp to tstamp structure errors all three version report this error.

```

gentoo-1 everything # vpnclient connect Phoenix_VPN

Cisco Systems VPN Client Version 4.7.00 (0640)

Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Linux

Running on: Linux 2.6.14-gentoo-r5 #1 SMP Mon Jan 9 20:59:26 MST 2006 i686

Config file directory: /etc/opt/cisco-vpnclient

Initializing the VPN connection.

Secure VPN Connection terminated locally by the Client

Reason: The Connection Manager was unable to read the connection entry, or the connection entry has missing or incorrect information.

There are no new notification messages at this time.

```

The cisco_ipsec module loads fine with all three versions.

```

gentoo-1 init.d # ./vpnclient_init status 

Module                  Size  Used by

cisco_ipsec           552812  0 

cipsec0   Link encap:Ethernet  HWaddr 00:0B:FC:F8:01:8F  

          NOARP  MTU:1356  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

```

But if I check the vpnclient status in /etc/init.d directory it shows if failed ??? 

Now I'm condused  by this status ????   :Rolling Eyes: 

```

gentoo-1 init.d # ./vpnclient status

 * status:  stopped

cisco_ipsec           552812  0 

cipsec0   Link encap:Ethernet  HWaddr 00:0B:FC:F8:01:8F  

          NOARP  MTU:1356  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

```

So what is the difference of the two status ???

Here is the kernel version;

```

gentoo-1 init.d # uname -a         

Linux gentoo-1 2.6.14-gentoo-r5 #1 SMP Mon Jan 9 20:59:26 MST 2006 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux

```

I have read many threads and tried most of the fix attemps even the vpnc but the config file used does not work out for my site.

Any Ideas??

Versions tried:

vpnclient-linux-4.6.00.0030-k9.tar.gz

vpnclient-linux-4.6.00.0045-k9.tar.gz

vpnclient-linux-4.7.00.0640-k9.tar.gz

Bryan

----------

## rlittle

I have the following verion running:

 # emerge -pDv cisco-vpnclient-3des

These are the packages that I would merge, in order:

Calculating dependencies ...done!

[ebuild   Rf  ] net-misc/cisco-vpnclient-3des-4.6.03.0190-r1  0 kB

Total size of downloads: 0 kB

#

And I have the following tar file downloaded from Cisco:

vpnclient-linux-x86_64-4.6.03.0190-k9.tar.gz  (I'm running AMD64)

My only suggestion is to capture some logs. 

First you need to edit /etc/opt/cisco-vpnclient/vpnclient.ini and changeEnableLog=0 to EnableLog=1.

Then run /opt/cisco-vpnclient/bin/ipseclog <output filename>. Once you've got that running, then (in a different window) try starting your vpnclient again. Once it's failed you can Ctrl+C the ipseclog process. The resulting log file is pretty cryptic, but I solved some of my connection problems by plowing through it line by line. As a last resort, change the log level in vpnclient.ini to something higher than 3.

Hope this helps a bit.

----------

## linuxbum

Rlittle 

Thanks for replying I did turn on the logging and see the same message that it cannot find the connection file.

But If I move the Phoenix_VPN file from the directory it sure compains about not finding the pfc file   :Surprised: 

So I looking into what the client thinks is the "connection entry"

In the Windows version it is the name you have given the profile.

I read where CISCO says if it fails try lower kernel version.

Nice eh? sure let me just go back to kernel 2.4.1  :Smile:  is that old enough for them   :Twisted Evil: 

Ok of soap box.

Bryan

----------

## rlittle

Hmm.. I'm stumped too. I change my kernel all the time and his hasn't screwed up Cisco since 2.6.5 or so (I'm on 2.6.15 right now). (Geee, THAT brings back bad memories   :Mad:  )

I guess that leaves certificates???? Does your /etc/opt/cisco-vpnclient/Certficates directory have 30-or-so files that look like:

caaaaaaa.cdx

caaaaaaa.dbf

caaaaaaa.fpt

???

....and my *super* lame-o suggestion: maybe Cisco hates the "_" in "Phoenix_VPN".   :Rolling Eyes: 

----------

