Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: HOW TO: Install cisco vpn client

  1. #1
    Join Date
    Oct 2006
    Location
    Starkville, MS
    Beans
    8
    Distro
    Ubuntu 6.10 Edgy

    HOW TO: Install cisco vpn client

    I am a total newbie to linux and ubuntu. After installing ubuntu edgy eft I strugled a few weeks to get the cisco vpnclient 4.8 to work. I couldn't do without it since my campus network required to use it.

    I read a few howtos and got it working finally

    So here goes

    Before doing anything logon as super user. It makes things easy.

    FIRST install network-manager-gnome and the pptp plugin
    ================================================== ======

    You can do this in various ways through synaptic, automatix, or apt-get.

    here's the apt-get commands

    Code:
    apt-get install network-manager-gnome 
    apt-get install network-manager-pptp
    When you do this the network manager applet will start to run in your system tray. It has a similar icon to your network monitor icon. And it will appear beside it

    SECOND Go and edit the "interfaces" file @ /etc/network
    ================================================== =======

    replace

    Code:
    iface eth1 inet dhcp
    wireless-essid MY_NETWORK
    with

    Code:
    auto eth1
    iface eth1 inet dhcp
    I assume your wireless network interface is eth1. If not replace as appropriate.

    THIRDLY you have to shutdown the network manager and restart.
    ================================================== ===========

    here are the commands

    Code:
    ps -ef | grep NetworkManager
    
    When you run this command you'll get a result like
    
    root      4295     1  0 00:56 ?        00:00:00 /usr/sbin/NetworkManager --pid-file /var/run/NetworkManager/NetworkManager.pid
    root      4329     1  0 00:56 ?        00:00:00 /usr/sbin/NetworkManagerDispatcher --pid-file /var/run/NetworkManager/NetworkManagerDispatcher.pid
    root      7535  7511  0 02:07 pts/2    00:00:00 grep NetworkManager
    
    you have to kill both the 'NetworkManager' and the 'NetworkManagerDispatcher' by running the following commands. (use the relevent pids)
    
    kill -9 4295
    kill -9 4329
    
    Then restart application by running the following commands
    
    /etc/init.d/networking restart
    /usr/sbin/NetworkManager
    Now go and left click on the NetworkManager applet icon on the system tray .You should see the available wireless networks with their signal strengths. If you have already connected to a wired lan that will also be indicated by the wired option being toggled on.

    (Now if you go thru Network Monitor and check the properties of your eth1 connection you will see that it is not enabled. LEAVE IT THAT WAY.)

    FOURTHLY you install the cisco vpnclient 4.8
    =============================================

    Before doing this you should have linux headers installed. Get this from synaptic. Before doing this get your kernel version by typing uname -r and install the relevent headers

    cd to the directory which you unpacked it and run ./vpn_install or whatever the install file you have.

    Just follow the installation mostly you can answer yes or enter since the answers to the questions asked are taken by default. This worked for me but it may not work for everybody.

    After you've install copy the .pcf file (eg: abc.pcf) relevent to your network into the /etc/CiscoSystemsVPNClient/Profiles directory.

    then run the following command to start the vpnclient (you need super user access)

    Code:
    /etc/init.d/vpnclient_init start
    and to connect run

    Code:
    vpnclient connect abc
    That's it if it got connected you should have the following resulting screen

    Code:
    root@LSIL-PrecisionM60:/home/laalitha# vpnclient connect abc
    Cisco Systems VPN Client Version 4.8.00 (0490)
    Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.17-10-generic #2 SMP Fri Oct 13 18:45:35 UTC 2006 i686
    Config file directory: /etc/opt/cisco-vpnclient
    
    Initializing the VPN connection.
    Contacting the gateway at xxx.xx.x.xxx
    User Authentication for msu...
    
    Enter Username and Password.
    
    Username []:
    Password []:
    After you enter your username and password it should continue to give you
    Code:
     
    Authenticating user.
    Negotiating security policies.
    Securing communication channel.
    
    Your VPN connection is secure.
    
    VPN tunnel information.
    Client address: xxx.xx.xxx.xxx
    Server address: xxx.xx.x.xxx
    Encryption: 168-bit 3-DES
    Authentication: HMAC-MD5
    IP Compression: None
    NAT passthrough is inactive
    Local LAN Access is disabled
    Now you are connected thru vpn to the network

    To disconnect open another terminal and type

    Code:
    vpnclient disconnect
    Most people I asked said to use vpnc or pptp or some other daemon but none were successful for my campus network. But the above procedure enabled me to connect to my campus network

    The installation of the NetworkManager was taken from the guide at this link
    http://www.dailytechnology.net/how_t...y_edgy_eft.php
    I thank B.Daily for that info.

    Hope this helps some people who have a difficult time with vpn.
    Bye

    Laalitha

  2. #2
    Join Date
    Apr 2005
    Location
    Illinois
    Beans
    272

    Re: HOW TO: Install cisco vpn client

    I tried the steps you have given. I didn't modify the network/interface file since uncommenting the eth1 part might disable the network manager. I have commented out everything in the interface file except "lo" to make the network manager to work. I started the VPN and got the following:
    Initializing the VPN connection.
    Contacting the gateway at xxx.xxx.xx.xxx
    Contacting the gateway at xxx.xxx.xx.xxx (balancing)
    User Authentication for XXXXX...

    Enter Username and Password.

    Username []: xxx
    Password []:
    Authenticating user.
    Negotiating security policies.
    Securing communication channel.

    Your VPN connection is secure.

    VPN tunnel information.
    Client address: xxx.xxx.xx.xx
    Server address: xxx.xxx.xx.xxx
    Encryption: 168-bit 3-DES
    Authentication: HMAC-MD5
    IP Compression: None
    NAT passthrough is active on port UDP 4500
    Local LAN Access is disabled

    When I tried to connect to my office URL, it doesn't work. The URL works fine with Windows Cisco VPN. I have firestarter installed. I'm not sure if I have to change anything in that. Any idea?
    ===============================
    My Blog: http://www.blog.arun-prabha.com/
    My Home: http://www.arun-prabha.com
    ===============================

  3. #3
    Join Date
    Apr 2005
    Location
    Illinois
    Beans
    272

    Re: HOW TO: Install cisco vpn client

    I got vpnc to work. Please ignore my previous post.
    ===============================
    My Blog: http://www.blog.arun-prabha.com/
    My Home: http://www.arun-prabha.com
    ===============================

  4. #4
    Join Date
    Sep 2005
    Location
    Spain
    Beans
    25
    Distro
    Ubuntu

    Re: HOW TO: Install cisco vpn client

    I also use vpnc, It's got less functions than Cisco VPN Client but it's easier to configure.

    I use it to create an IPSec VPN to a Cisco PIX, and it works like a charm.

    I use a parameter to avoid overwrite DNS's on /etc/resolv.conf

  5. #5

    Re: HOW TO: Install cisco vpn client

    I got the ciscovpn running pretty easily. When I try to connect to work I get the following:
    Secure VPN Connection terminated by Peer.
    Reason: Firewall Policy Mismatch


    I'm the first person in my company attempting to connect with the Linux client. I know some of the unix guys are able to get in without issue. I'm thinking the server is configured to allow connections with machines running firewall software and only accepting TCP/IP traffic originating from the VPN. I found a thread on a mac bulletin board with the following:

    I couldn’t use Cisco because I kept getting ‘firewall policy mismatch’ errors preventing connection with Cisco VPN Client 4.0.2 to a corporate network.
    It turned out that this error is a fairly common error, according to a Cisco engineer. This occures with the Mac client and the VPN concentrator when the concentrator group is set to "Require Firewall" on the connecting host.
    This function (“require firewall”) is available on the Windows VPN client software, but not the Mac client!
    I also found this script at the end of the 4.8 release notes:
    # Firewall configuration written by Cisco Systems
    # Designed for the Linux VPN Client 4.8.00.0490 Virtual Adapter
    # Blocks ALL traffic on eth0 except for tunneled traffic
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]

    # Allow all traffic in both directions through the VA adapter
    -A INPUT -i cipsec0 -j ACCEPT
    -A OUTPUT -o cipsec0 -j ACCEPT

    # Accept all encrypted VPN Client traffic in either direction on eth0
    -A INPUT -i eth0 -p udp -s 0/0 --sport 500 -d 0/0 --dport 500 -j ACCEPT
    -A OUTPUT -o eth0 -p udp -s 0/0 --sport 500 -d 0/0 --dport 500 -j ACCEPT

    -A INPUT -i eth0 -p udp -s 0/0 --sport 4500 -d 0/0 --dport 4500 -j ACCEPT
    -A OUTPUT -o eth0 -p udp -s 0/0 --sport 4500 -d 0/0 --dport 4500 -j ACCEPT

    -A OUTPUT -o eth0 -p udp -s 0/0 --sport 1024: -d 0/0 --dport 29747 -j ACCEPT

    # Block all other traffic in either direction on eth0
    -A INPUT -i eth0 -j REJECT
    -A OUTPUT -o eth0 -j REJECT
    COMMIT


    It's not clear where this should go. Anyone have some tips?


    I'll follow up with unix guys at work to see if they're running iptables or something comparable. Anyone else run into this?
    Thanks in advance.
    Last edited by hackmeister; November 22nd, 2006 at 08:05 PM.
    http://tllts.org - The Linux Link Tech Show
    http://mythtvcast.com - The MythTVCast

  6. #6
    Join Date
    Jan 2006
    Beans
    4,208
    Distro
    Ubuntu 7.04 Feisty Fawn

    Re: HOW TO: Install cisco vpn client

    Another vote for vpnc here. It's nowhere near as difficult to set up as the Cisco VPN client, and it won't break across kernel upgrades.

  7. #7
    Join Date
    Nov 2006
    Beans
    4

    Re: HOW TO: Install cisco vpn client

    I was having trouble with 2.6.19 kernel. I found a patch from the net and everything is working again.

    http://www.tuxx-home.at/projects/cis...ux-2.6.19.diff

  8. #8
    Join Date
    Jul 2005
    Location
    Remote Desert, USA
    Beans
    683

    Re: HOW TO: Install cisco vpn client

    vpnc is a snap and I prefer that. I slapped together an elegant Python GTK GUI for it, which I dubbed 'gvpnc'. If someone knows how to bundle it into a DEB and make it available in the Ubuntu universe for apt-get, and doesn't mind doing that work for me, please let me know. You can even put your stamp on it as co-author -- I don't care. I just don't have the time to do all that, provide a helpfile for it, etc.
    SuperMike
    When in doubt, follow the penguins.
    Evil Kitty is watching you

  9. #9
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: HOW TO: Install cisco vpn client

    Nice How-to

    This thread has been added to the UDSF wiki.

    Cisco_VPN_Client
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  10. #10
    Join Date
    Oct 2005
    Location
    Connecticut, USA
    Beans
    1,574
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: HOW TO: Install cisco vpn client

    I've got vpnclient-linux and I'm not sure the right answer for a few of the question it asks. It fails on the install and I'm thinking it is becuase I'm pointing to the wrong location.
    • Directory where binaries will be installed
    • Directory containing linux kernel source code

    I get the following error instead
    Code:
    Making module
    ./driver_build.sh: line 50: make: command not found
    Failed to make module "cisco_ipsec.ko".
    Any ideas?
    Friends don't let friends wear a red shirt on landing-party duty.
    DACS | Connecticut LoCo Team | My Blog
    Ubuntu User# : 17583, Linux User# : 477531

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •