LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-23-2003, 12:30 AM   #1
xmongra
LQ Newbie
 
Registered: Jul 2003
Location: Toronto
Distribution: Red Hat
Posts: 7

Rep: Reputation: 0
Unhappy Cisco VPN Client 4.01 does not work in RH 9


Hi folks,

I need help to setup my VPN over Linux RH 9.

I've installed and the daemon runs well, but when I execute
vpnclient connect xxx, its give me this: ( I've changed the VPN server ip's for xxx - security)

************************************************************************
xxxx@rainman bin]# vpnclient connect scc
Cisco Systems VPN Client Version 4.0.1 (A)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.4.20-18.9 #1 Thu May 29 07:08:16 EDT 2003 i686

Initializing the VPN connection.
Contacting the gateway at xxx.xxx.xxx.xxx
Contacting the gateway at xxx.xxx.xxx.xxx (backup)
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.
************************************************************************

I've stopped iptables, and nothing, same problem.

My situation is, I have a RH Linux 9 running in the internal 192.168.2.0 network, using an SMC DSL/Router.
The router doesn't have firewall and linux also.

Could you help me, please. I heve being looking on internet and I got nothing.

Raymond
 
Old 07-23-2003, 12:50 AM   #2
xmongra
LQ Newbie
 
Registered: Jul 2003
Location: Toronto
Distribution: Red Hat
Posts: 7

Original Poster
Rep: Reputation: 0
I got this from /var/log/messages

Jul 22 23:33:00 rainman kernel: Cisco Systems VPN Client Version 4.0.1 (A) kernel module loaded
Jul 22 23:33:00 rainman vpnclient_init: Module cisco_ipsec loaded, with warnings
Jul 22 23:33:00 rainman vpnclient_init: Done
Jul 22 23:33:00 rainman rc: Starting vpnclient_init: succeeded

That means (I think) vpn is running
 
Old 07-25-2003, 02:57 PM   #3
wernerramaekers
LQ Newbie
 
Registered: Jul 2003
Location: Belgium
Posts: 3

Rep: Reputation: 0
Hey,

the cisco 4.0.1.A client works for me on RedHat 9 after setting my NIC to a trusted device in the firewall configuration.

Werner
 
Old 07-25-2003, 11:14 PM   #4
xmongra
LQ Newbie
 
Registered: Jul 2003
Location: Toronto
Distribution: Red Hat
Posts: 7

Original Poster
Rep: Reputation: 0
Cisco VPN

Thanks to answer my question.

How do you did that change, please tell me, I am new in this Linux stuff.

I will appreciate your help.

Thanks

Raymond
 
Old 07-26-2003, 12:32 AM   #5
xmongra
LQ Newbie
 
Registered: Jul 2003
Location: Toronto
Distribution: Red Hat
Posts: 7

Original Poster
Rep: Reputation: 0
Werner, look this

This is the IPSEC.LOG

[root@rainman tmp]# more LOG.IPSEC
Cisco Systems VPN Client Version 4.0.1 (A)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.4.20-18.9 #1 Thu May 29 07:08:16 EDT 2003 i686

1 21:56:34.147 07/23/2003 Sev=Info/4 CLI/0x43900002
Started vpnclient:
Cisco Systems VPN Client Version 4.0.1 (A)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.4.20-18.9 #1 Thu May 29 07:08:16 EDT 2003 i686

2 21:56:34.156 07/23/2003 Sev=Info/4 CVPND/0x4340000F
Started cvpnd:
Cisco Systems VPN Client Version 4.0.1 (A)
Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.4.20-18.9 #1 Thu May 29 07:08:16 EDT 2003 i686

3 21:56:34.156 07/23/2003 Sev=Info/4 IPSEC/0x43700014
Deleted all keys

4 21:56:34.156 07/23/2003 Sev=Info/4 IPSEC/0x43700008
IPSec driver successfully started

5 21:56:34.156 07/23/2003 Sev=Info/4 IPSEC/0x43700014
Deleted all keys

6 21:56:34.156 07/23/2003 Sev=Info/4 IPSEC/0x43700014
Deleted all keys

7 21:56:34.156 07/23/2003 Sev=Info/4 IPSEC/0x4370000A
IPSec driver successfully stopped

8 21:56:35.170 07/23/2003 Sev=Info/4 CM/0x43100002
Begin connection process

9 21:56:35.171 07/23/2003 Sev=Info/4 CM/0x43100004
Establish secure connection using Ethernet

10 21:56:35.172 07/23/2003 Sev=Info/4 CM/0x43100024
Attempt connection with server "XXX.XXX.XXX.X"

11 21:56:35.172 07/23/2003 Sev=Info/6 IKE/0x4300003B
Attempting to establish a connection with XXX.XXX.XXX.X

12 21:56:35.271 07/23/2003 Sev=Warning/2 IKE/0xC3000099
Failed to build P1 SA payload: no proposals (PLMgrSA:266)

13 21:56:35.271 07/23/2003 Sev=Warning/2 IKE/0xC3000099
Failed to create SA Payload (PLMgrSA:166)

14 21:56:35.271 07/23/2003 Sev=Warning/2 IKE/0xC3000099
Failed to build SA payload (MsgHandlerAM:93)

15 21:56:35.271 07/23/2003 Sev=Warning/2 IKE/0xC3000099
Failed to build AG msg1 (NavitagorAM:135)

16 21:56:35.271 07/23/2003 Sev=Warning/2 IKE/0xC30000A5
Unexpected SW error occurred while processing Aggressive Mode negotiatorNavigator:2046)

17 21:56:35.271 07/23/2003 Sev=Info/4 IKE/0x43000017
Marking IKE SA for deletion (I_Cookie=41E8C4CD39B79CCF R_Cookie=0000000000000000) reason = DEL_REASON_IKE_NEG_FAILED

18 21:56:35.272 07/23/2003 Sev=Info/4 IPSEC/0x43700008
IPSec driver successfully started

19 21:56:35.272 07/23/2003 Sev=Info/4 IPSEC/0x43700014
Deleted all keys

20 21:56:35.826 07/23/2003 Sev=Info/4 IKE/0x4300004A
Discarding IKE SA negotiation (I_Cookie=41E8C4CD39B79CCF R_Cookie=0000000000000000) reason = DEL_REASON_IKE_NEG_FAILED

21 21:56:35.826 07/23/2003 Sev=Info/4 CM/0x43100014
Unable to establish Phase 1 SA with server "XX.XXX.XXX.X" because of "DEL_REASON_IKE_NEG_FAILED"

22 21:56:35.826 07/23/2003 Sev=Info/4 CM/0x43100011
Attempt connection with backup server "XXX.XXX.XXX.X"

23 21:56:35.826 07/23/2003 Sev=Info/4 CM/0x43100024
Attempt connection with server "XXX.XXX.XXX.X"

24 21:56:35.826 07/23/2003 Sev=Info/6 IKE/0x4300003B
Attempting to establish a connection with XX.XXX.XXX.X.

25 21:56:35.904 07/23/2003 Sev=Warning/2 IKE/0xC3000099
Failed to build P1 SA payload: no proposals (PLMgrSA:266)

26 21:56:35.904 07/23/2003 Sev=Warning/2 IKE/0xC3000099
Failed to create SA Payload (PLMgrSA:166)

27 21:56:35.904 07/23/2003 Sev=Warning/2 IKE/0xC3000099
Failed to build SA payload (MsgHandlerAM:93)

28 21:56:35.904 07/23/2003 Sev=Warning/2 IKE/0xC3000099
Failed to build AG msg1 (NavitagorAM:135)

29 21:56:35.904 07/23/2003 Sev=Warning/2 IKE/0xC30000A5
Unexpected SW error occurred while processing Aggressive Mode negotiatorNavigator:2046)

30 21:56:35.904 07/23/2003 Sev=Info/4 IKE/0x43000017
Marking IKE SA for deletion (I_Cookie=2E075ABB9306040D R_Cookie=0000000000000000) reason = DEL_REASON_IKE_NEG_FAILED

31 21:56:36.425 07/23/2003 Sev=Info/4 IKE/0x4300004A
Discarding IKE SA negotiation (I_Cookie=2E075ABB9306040D R_Cookie=0000000000000000) reason = DEL_REASON_IKE_NEG_FAILED

32 21:56:36.426 07/23/2003 Sev=Info/4 CM/0x43100014
Unable to establish Phase 1 SA with server "216.240.203.3" because of "DEL_REASON_IKE_NEG_FAILED"

33 21:56:36.426 07/23/2003 Sev=Info/4 CM/0x4310000C
All connection attempts with backup server failed

34 21:56:36.426 07/23/2003 Sev=Info/5 CM/0x43100025
Initializing CVPNDrv

35 21:56:36.427 07/23/2003 Sev=Info/4 IKE/0x43000001
IKE received signal to terminate VPN connection

36 21:56:37.543 07/23/2003 Sev=Info/4 IPSEC/0x43700014
Deleted all keys

37 21:56:37.543 07/23/2003 Sev=Info/4 IPSEC/0x43700014
Deleted all keys

38 21:56:37.543 07/23/2003 Sev=Info/4 IPSEC/0x43700014
Deleted all keys

39 21:56:37.543 07/23/2003 Sev=Info/4 IPSEC/0x4370000A
IPSec driver successfully stopped
 
Old 07-28-2003, 01:49 PM   #6
wernerramaekers
LQ Newbie
 
Registered: Jul 2003
Location: Belgium
Posts: 3

Rep: Reputation: 0
How does one change the network card to being a trusted device ?
well it's quite simple :
In your menu go to System settings - Security Level -
and their you have it : in the middle of the dialog box are the trusted devices ... let me know if it worked for you

Werner
 
Old 07-28-2003, 11:19 PM   #7
xmongra
LQ Newbie
 
Registered: Jul 2003
Location: Toronto
Distribution: Red Hat
Posts: 7

Original Poster
Rep: Reputation: 0
Werner

I did what you told me and still does not work.

What I think is may be I need another software more to make it work.

I don't really have an idea what is the problem.

Thanks

Raymond
 
Old 08-05-2003, 08:18 AM   #8
Elbil
LQ Newbie
 
Registered: Aug 2003
Posts: 2

Rep: Reputation: 0
I have the same problem.

I am running RH9 (2.4.20-19.9) and Cisco VPN-client 4.0.1 (A). I have tryed setting up the NIC as a trusted device, and even tryed to disable the iptables completely.

Please help!
 
Old 08-05-2003, 04:40 PM   #9
wernerramaekers
LQ Newbie
 
Registered: Jul 2003
Location: Belgium
Posts: 3

Rep: Reputation: 0
I'm still running the 2.4.20-18.9 kernel and i haven't tried the 2.4.20-19.9 kernel ... can you try with the 18.9 version and let me know if that works ?
One more question : was your RH9 a clean install or an upgrade of a previous RH version ?

Werner
 
Old 08-05-2003, 05:11 PM   #10
Elbil
LQ Newbie
 
Registered: Aug 2003
Posts: 2

Rep: Reputation: 0
It was a clean 9.

I tried with 2.4.20-8 to (the one installed with the RH9).
I will try the 2.4.20-18.9 kernel.
 
Old 08-05-2003, 08:56 PM   #11
xmongra
LQ Newbie
 
Registered: Jul 2003
Location: Toronto
Distribution: Red Hat
Posts: 7

Original Poster
Rep: Reputation: 0
Werner,
It doesn't work with that Kernel too, I've tryed with all the kernel that comes with RH 9.

I even uninstall iptables but still doesn't work.

I did NMAP and I can see only 5 ports open, it look like even if iptables is not installed there is something in the kernel that avoid open the ports.

I don't really know what could be the problem.

As I told you, from my internal network, my NT and my windows XP works. I don't know why only linux doesn't work.

Please help.

Thanks

Raymond
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco VPN Client rgbeard Linux - Software 12 04-03-2008 12:44 AM
cisco vpn 4.6 client mnauta Linux - General 6 12-04-2005 07:03 PM
Cisco VPN-Client nodream Linux - Networking 3 12-23-2003 05:36 PM
Connect to Cisco VPN w/o Cisco VPN Client gboutwel Linux - Networking 4 02-07-2003 01:46 PM
cisco vpn client aqoliveira Linux - Networking 4 07-19-2002 09:09 AM


All times are GMT -5. The time now is 01:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration