Index

Instructions for 64-bit
Instructions for 32-bit

Linux Cisco VPN Client on Intel for amd64 kernel 2.6.31

Introduction

I‘ve upgraded my laptop to Ubuntu Karmic and noticed my Cisco VPN client didn‘t work with the new (2.6.31) kernel. The guys in the tuxx-home.at support forum have a working solution, but the supplied patches don‘t apply very cleanly. Here are the instructions one by one (, mainly meant for my collegues running on the same hardware as I do). All credits go to the guys in the tuxx-home.at support forum!

Please note: this is only for amd64 people, running on an Intel processor!

Instructions

• Download vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz.

  wget http://projects.tuxx-home.at/ciscovpn/clients/linux/4.8.02/vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
  

• Unpack it

  tar zxf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
  

• Download vpnclient-linux-4.8.02-64bit.patch

  wget http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-4.8.02-64bit.patch
  

• Download vpnclient-linux-4.8.02-64bit.ge.2.6.31.patch

  wget http://painfullscratch.nl/code/vpn/vpnclient-linux-4.8.02-64bit.ge.2.6.31.patch
  

• Change directory

  cd vpnclient
  

• Patch with existing patch

  patch < ../vpnclient-linux-4.8.02-64bit.patch
  

• Patch with greater or equal (ge) 2.6.31 patch

  patch < ../vpnclient-linux-4.8.02-64bit.ge.2.6.31.patch
  

• Update netdevice.h and change ‘const struct net_device_ops *netdev_ops;‘ to ‘struct net_device_ops *netdev_ops;‘ as described at this link

  sudo sed -i ‘s/const\ struct\ net_device_ops\ \*netdev_ops;/struct\ net_device_ops\ \*netdev_ops;/‘ `find /usr/src -name netdevice.h`

• Install vpn client

  sudo ./vpn_install
  

Handy script (i.e. $HOME/bin/vpn)

#!/bin/bash
#
# Cool to put in your $HOME/.profile or $HOME/.bashrc or whatever ...
#  ‘complete -W ‘connect disconnect‘ vpn‘
#

PROFILE=your-profile-name

if [ $1 == "connect" ]; then
        # See http://forum.tuxx-home.at/viewtopic.php?f=15&t=457&st=0&sk=t&sd=a&start=15
        # Optional: disable one CPU when you experience freezes
        # sudo sh -c ‘echo 0 > /sys/devices/system/cpu/cpu1/online‘
        sudo /etc/init.d/vpnclient_init start
        vpnclient $1 $PROFILE 
elif [ $1 == "disconnect" ]; then
        vpnclient $1 
        # Optional: reenable CPU
        # sudo sh -c ‘echo 1 > /sys/devices/system/cpu/cpu1/online‘
        sudo /etc/init.d/vpnclient_init stop
else 
        echo "Unknown option $1";
fi

Linux Cisco VPN Client on Intel for x86 kernel 2.6.31

Introduction

For several reasons I switched my Ubuntu Karmic, which uses the 2.6.31-kernel, back from 64bit to 32bit. After migration, I noticed that for some reason, applications I was using in the VPN timed out after several minutes. A ‘sudo tcpdump -i eth0 -n arp‘ showed my that my system didn‘t respond to the ARP-queries sent by my router. The reason for this is that my local lan access is disabled when I connect to my VPN server. Fortunatly I‘ve found a fix at ilap and in the tuxx-home.at support forum!

Thanks guys! Please note: this is only for x86 people

Instructions

• Download vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz.

  wget http://projects.tuxx-home.at/ciscovpn/clients/linux/4.8.02/vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
  

• Unpack it

  tar zxf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz
  

• Download vpnclient-linux.2.6.31.diff

  wget http://dl.dropbox.com/u/1289817/vpnclient-linux.2.6.31.diff
  

• Download override-local-lan-access.diff

  wget http://painfullscratch.nl/code/vpn/override-local-lan-access.diff
  

• Change directory

  cd vpnclient
  

• Patch with existing patch

  patch < ../vpnclient-linux.2.6.31.diff
  

• Patch with override-local-lan-access.diff

  patch < ../override-local-lan-access.diff
  

• Install vpn client

  sudo ./vpn_install
  

• After you successfully connected to your VPN, add a route to your private vlan. I.e.:

  sudo route add -net 192.168.1.0/24 dev eth0
  

  (Where 192.168.0.1/24 should be replaced by your own private network and eth0 should be replaced by your own private interface)

Handy script (i.e. $HOME/bin/vpn)

#!/bin/bash
#
# Cool to put in your $HOME/.profile or $HOME/.bashrc or whatever ...
# ‘complete -W ‘connect disconnect‘ vpn‘

if [ ! $1 ]; then
        echo "Usage: $(basename $0) <connect|disconnect>";
        exit 1;
fi;

PROFILE=your-profile-name
PRIVATEVLAN=192.168.1.0/24
PRIVATEINT=eth0

if [ $1 == "connect" ]; then
        # See http://forum.tuxx-home.at/viewtopic.php?f=15&t=457&st=0&sk=t&sd=a&start=15
        # Optional: disable one CPU when you experience freezes
        # sudo sh -c ‘echo 0 > /sys/devices/system/cpu/cpu1/online‘
        sudo /etc/init.d/vpnclient_init start
        (sleep 30 && sudo /sbin/route add -net $PRIVATEVLAN dev $PRIVATEINT)&
        vpnclient $1 $PROFILE 
elif [ $1 == "disconnect" ]; then
        vpnclient $1
        # Optional: reenable CPU again
        # sudo sh -c ‘echo 1 > /sys/devices/system/cpu/cpu1/online‘
        sudo /etc/init.d/vpnclient_init stop
else
        echo "Unknown option $1";
fi