Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
By krbennettmd at 2005-10-20 10:07
Installing the Linux Cisco VPN Client
Download the file vpnclient-linux-x86_64-4.7.00.0640-k9.tar.gz.
As root, untar the tar file into /opt:
Code:
cd /opt
tar xvzf vpnclient-linux-x86_64-4.7.00.0640-k9.tar.gz
Actually, this file can be untarred into any directory. After installation, the main thing you'll need it for is to uninstall and reinstall. A reinstall will need to be done any time you upgrade your kernel.
Go into the newly created vpnclient directory and run the installation, accepting the defaults:
Code:
cd vpnclient
./vpn_install
This will create and populate the /opt/cisco-vpnclient directory.
Although the vpn service will now start automatically whenever you reboot, you will need to start it manually now unless you reboot:
Code:
/etc/init.d/vpnclient_init start
Now you'll need to create a profile file for each host you'll be connecting to. There is a sample file sample.pcf in /opt/vpnclient; copy this to another file and modify the parameters as necessary. The new file must also have an extension of .pcf. Copy the file to where it will be needed at runtime:
Code:
cd /opt/vpnclient
cp sample.pcf myconfig.pcf
kedit myconfig.pcf # or use whatever editor you like
cp myconfig.pcf /etc/opt/cisco-vpnclient/Profiles
Disable SELinux security:
Code:
setenforce 0
Note: the setenforce command may not be found if you have used sudo to get root access; use su - instead.
Now run the client:
Code:
vpnclient connect myconfig
...where myconfig is replaced with the name of your .pcf configuration file. Do not include the extension when you specify the file; it will be assumed.
When you want to disconnect, run:
Code:
vpnclient disconnect
You can also just close the terminal session in which you made the VPN connection.
Reenable SELinux security:
Code:
setenforce 1
My experimentation shows that the SELinux security needs to be disabled only at the time the vpnclient program is run. Therefore, it would be a good idea to wrap your vpnclient calls in a shell script as follows:
Create a new file _vpnclient in a directory in your path:
Then use this shell script instead to run your vpnclient commands, either as root, or using sudo (sudo's a better idea, because the other way, someone can press ctrl-c and have a root shell):
I have yet to actually sit down and dig into selinux policy, so my question is this:
Is Cisco's VPN client for Linux totally incompatible with SELinux, or is it just that no one's taken the trouble to write a policy for it? It seems totally incongruent that you have to disable a security feature of the OS in order to use a particular vendor's security application.
by gbgs53 on Sat, 2005-10-29 15:31
I have been trying to install the vpn client for 32 bit machines, ie vpnclient-linux-4.0.Rel-k9, but have been unable to compile. It always exits with:
ld: frag.o: No such file: No such file or directory
Failed to make module "cisco_ipsec".
Any suggestions? Am I missing some dependency?
by hajvazovic on Mon, 2005-12-12 02:28
Quote:
Originally Posted by gbgs53
Failed to make module "cisco_ipsec".
Hi There,
I am experiencing the same problems with VPN 4.7.
Have you found any solutions?
Greatings,
Nermin
by bax on Sat, 2006-06-03 01:03
Not detailed enough. Why no mention of kernel headers and kernel source?
by osor on Sat, 2006-06-03 20:28
Hi this is kind of offtopic, but has anyone gotten CiscoVPN client to connect to an openswan-based network? I know that awhile ago, one of the freeswan people said it couldn't work because they used some proprietary extensions, but this was with version 4.0(?) of the client. I was wondering if things had changed.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Is Cisco's VPN client for Linux totally incompatible with SELinux, or is it just that no one's taken the trouble to write a policy for it? It seems totally incongruent that you have to disable a security feature of the OS in order to use a particular vendor's security application.
ld: frag.o: No such file: No such file or directory
Failed to make module "cisco_ipsec".
Any suggestions? Am I missing some dependency?
I am experiencing the same problems with VPN 4.7.
Have you found any solutions?
Greatings,
Nermin