Index

Instructions for 64-bit
Instructions for 32-bit

Linux Cisco VPN Client on Intel for amd64 kernel 2.6.31

Introduction

I've upgraded my laptop to Ubuntu Karmic and noticed my Cisco VPN client didn't work with the new (2.6.31) kernel. The guys in the tuxx-home.at support forum have a working solution, but the supplied patches don't apply very cleanly. Here are the instructions one by one (, mainly meant for my collegues running on the same hardware as I do). All credits go to the guys in the tuxx-home.at support forum!

Please note: this is only for amd64 people, running on an Intel processor!

Instructions

Download vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz.

wget http://projects.tuxx-home.at/ciscovpn/clients/linux/4.8.02/vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz

Unpack it

tar zxf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz

Download vpnclient-linux-4.8.02-64bit.patch

wget http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-4.8.02-64bit.patch

Download vpnclient-linux-4.8.02-64bit.ge.2.6.31.patch

wget http://painfullscratch.nl/code/vpn/vpnclient-linux-4.8.02-64bit.ge.2.6.31.patch

Change directory
```
cd vpnclient
```

Patch with existing patch

patch < ../vpnclient-linux-4.8.02-64bit.patch

Patch with greater or equal (ge) 2.6.31 patch

patch < ../vpnclient-linux-4.8.02-64bit.ge.2.6.31.patch

Update netdevice.h and change 'const struct net_device_ops *netdev_ops;' to 'struct net_device_ops *netdev_ops;' as described at this link
```
sudo vi -c ':750' /usr/src/linux-headers-`uname -r`/include/linux/netdevice.h
```
Install vpn client
```
sudo ./vpn_install
```

Handy script (i.e. $HOME/bin/vpn)

#!/bin/bash
#
# Cool to put in your $HOME/.profile or $HOME/.bashrc or whatever ...
#  'complete -W 'connect disconnect' vpn'
#

PROFILE=your-profile-name

if [ $1 == "connect" ]; then
	# See http://forum.tuxx-home.at/viewtopic.php?f=15&t=457&st=0&sk=t&sd=a&start=15
	# Optional: disable one CPU when you experience freezes
	# sudo sh -c 'echo 0 > /sys/devices/system/cpu/cpu1/online'
	sudo /etc/init.d/vpnclient_init start
	vpnclient $1 $PROFILE 
elif [ $1 == "disconnect" ]; then
	vpnclient $1 
	# Optional: reenable CPU
	# sudo sh -c 'echo 1 > /sys/devices/system/cpu/cpu1/online'
	sudo /etc/init.d/vpnclient_init stop
else 
	echo "Unknown option $1";
fi

Linux Cisco VPN Client on Intel for x86 kernel 2.6.31

Introduction

For several reasons I switched my Ubuntu Karmic, which uses the 2.6.31-kernel, back from 64bit to 32bit. After migration, I noticed that for some reason, applications I was using in the VPN timed out after several minutes. A 'sudo tcpdump -i eth0 -n arp' showed my that my system didn't respond to the ARP-queries sent by my router. The reason for this is that my local lan access is disabled when I connect to my VPN server. Fortunatly I've found a fix at ilap and in the tuxx-home.at support forum!

Thanks guys! Please note: this is only for x86 people

Instructions

Download vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz.

wget http://projects.tuxx-home.at/ciscovpn/clients/linux/4.8.02/vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz

Unpack it

tar zxf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz

Download vpnclient-linux.2.6.31.diff

wget http://dl.dropbox.com/u/1289817/vpnclient-linux.2.6.31.diff

Download override-local-lan-access.diff

wget http://painfullscratch.nl/code/vpn/override-local-lan-access.diff

Change directory
```
cd vpnclient
```
Patch with existing patch
```
patch < ../vpnclient-linux.2.6.31.diff
```

Patch with override-local-lan-access.diff

patch < ../override-local-lan-access.diff

Install vpn client
```
sudo ./vpn_install
```
After you successfully connected to your VPN, add a route to your private vlan. I.e.:
```
sudo route add -net 192.168.1.0/24 dev eth0
```
(Where 192.168.0.1/24 should be replaced by your own private network and eth0 should be replaced by your own private interface)

Handy script (i.e. $HOME/bin/vpn)

#!/bin/bash
#
# Cool to put in your $HOME/.profile or $HOME/.bashrc or whatever ...
# 'complete -W 'connect disconnect' vpn'

if [ ! $1 ]; then
	echo "Usage: $(basename $0) <connect|disconnect>";
	exit 1;
fi;

PROFILE=your-profile-name
PRIVATEVLAN=192.168.1.0/24
PRIVATEINT=eth0

if [ $1 == "connect" ]; then
	# See http://forum.tuxx-home.at/viewtopic.php?f=15&t=457&st=0&sk=t&sd=a&start=15
	# Optional: disable one CPU when you experience freezes
	# sudo sh -c 'echo 0 > /sys/devices/system/cpu/cpu1/online'
	sudo /etc/init.d/vpnclient_init start
	(sleep 30 && sudo /sbin/route add -net $PRIVATEVLAN dev $PRIVATEINT)&
	vpnclient $1 $PROFILE 
elif [ $1 == "disconnect" ]; then
	vpnclient $1
	# Optional: reenable CPU again
	# sudo sh -c 'echo 1 > /sys/devices/system/cpu/cpu1/online'
	sudo /etc/init.d/vpnclient_init stop
else
	echo "Unknown option $1";
fi