www.kaiponte.com

Installing the Cisco VPN Client on Linux

•

Kai

Introduction

I telecommute at least one day every two weeks and need access to my corporate network. Since we use a Cisco VPN at my office, I have been using the Cisco client to connect.

However, after a recent kernel upgrade, I noticed that I got the following message when I tried to run the client:

Cisco Systems VPN Client Version 4.0.4 (B)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.8-24.11-default #1 Fri Jan 14 13:01:26 UTC 2005 i686

Could not attach to driver. Is kernel module loaded?
The application was unable to communicate with the VPN sub-system.

Uh-huh. That means the service didn’t start. Let’s see what happens when the service is run manually. Typing: /etc/init.d/vpnclient_init_start – I get “no such file or directory.”

After a little searching on the internet I find out that a recent kernel upgrade blew away the service portion of the Cisco client.

Bummer.

Okay, well, that simply means I have to run the setup again. This article describes how to run the setup either the first time or for after a kernel upgrade.

Here’s how – this includes all the steps necesary to install a Cisco VPN Client and put an icon on your desktop.

How To Install

First you need to get the client. You can download it from Cisco if you have a login or get it from your system admin. (You could also probably find it in various download places if you search.) I’m currently running the 4.0.4b client. This works with my 2.6 kernel. The file is a really long name. In my case I got the linux-vpn-404b.tar.gz file.

I downloaded it to my /home/kai/downloads folder, where I store most of my downloads.

Once there, I started a console and typed in the following (after changing to the downloads folder): tar -vxzf linux-vpn-404b.tar.gz

This created a folder called vpnclient which stores all the files extracted from the .gz file I downloaded.

I switched to the vpnclient directory and change to the root user. This is simply done by typing ‘su’ in the console. You will be prompted for your password:

kai@yoda:~/downloads/vpnclient> su
Password:
yoda:/home/kai/downloads/vpnclient #

You can see that my prompt changed. I’m now running as root. This is done so that I can install the files needed using the installer in all the necessary locations. The installer is run simply by typing in ./vpn_install at the command line.

You should get a screen that says the following:

yoda:/home/kai/downloads/vpnclient # ./vpn_install
Cisco Systems VPN Client Version 4.0.4 (B) Linux Installer
Copyright (C) 1998-2001 Cisco Systems, Inc. All Rights Reserved.

By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.

Directory where binaries will be installed [/usr/local/bin]

Now you get to answer a few questions. The first one, “Directory where…” is standard. You just go ahead and hit Enter. The default (between the brackets) will suffice.

Next it will ask if you want to start the service at run time?
Automatically start the VPN service at boot time [yes]
I say yes. This saves you from manually launching the service.

The next question is a bit more tricky. It is asking for the kernel sources. You will need these installed if you want to compile the cisco VPN client. If you don’t have them installed, you can do so by loading your installer tool (Yast, for example) and installing the kernel sources.

Because I’m running SuSE I have my kernel sources loaded in a sub folder of /lib/modules. The current sources are in the 2.6.8.24.11-default folder.

Here’s the next question:

In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.

For RedHat 6.x users these files are installed in /usr/src/linux by default
For RedHat 7.x users these files are installed in /usr/src/linux-2.4 by default
For Suse 7.3 users these files are installed in /usr/src/linux-2.4.10.SuSE by default

Directory containing linux kernel source code [/lib/modules/2.6.8-24.11-default/build]

I go ahead and type in that folder as default, and press Enter.

I then get a confirmation screen:

* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.8-24.11-default/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.8-24.11-default/build” will be used to build the module.

Is the above correct [y]

Pressing enter after this gives me a whole bunch of messages…

Installing license.txt (VPN Client license) in “/etc/CiscoSystemsVPNClient/”:

Installing bundled user profiles in “/etc/CiscoSystemsVPNClient/Profiles/”:
* Replaced Profiles: sample

Copying binaries to directory “/usr/local/bin”.

Setting permissions.
/usr/local/bin/cvpnd (setuid root)
/etc/CiscoSystemsVPNClient (world writeable)
/etc/CiscoSystemsVPNClient/Profiles (world writeable)
/etc/CiscoSystemsVPNClient/Certificates (world writeable)
* You may wish to change these permissions to restrict access to root.

* You must run “/etc/init.d/vpnclient_init start” before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.
yoda:/home/kai/downloads/vpnclient #

Since I didn’t get any error messages, I know everything is right. I’ll start by running the vpnclient_init_start program right now to ensure everything is running smooth.

Assuming that starts, I can now copy my profile over to the /etc/CiscoSystemsVPNClient/Profiles folder.

Cleaning Up

Now that you have the client installed you will want to do two things.

First you will probably want a desktop icon. This can be easily accomplished by right-clicking on the desktop and clicking on Create New -> File – Link to Application. You’ll get the following dialog:

Enter the information as you see it here. You want to put the name of your PCF file (without the exension) after the command line. You’ll get vpnclient connect MyPCF_File.

Click on OK, and you’ll see an icon on your desktop:

Double-clicking on this icon will bring up your VPN window. Enter your username and password as supplied (I use a defender card.) to gain access to your VPN:

Just minimize this window while you work on your VPN network.

You will want to ensure that the client is running at boot time. This can be done with the runlevel editor. Yes, I know you chose the option to run the script at start, but I found it not trustworthy.

Open YaST, enter your Administrator password, then click on the System menu and Runlevel Editor. From there, click on the “Expert Mode” check box and scroll down to the vpnclient_init item. Your screen should look similar to the following:

Congratulations, you’ve now installed and configured the Cisco VPN Client.

•