Cisco VPN Client 4.01 does not work in RH 9
Hi folks,
I need help to setup my VPN over Linux RH 9. I've installed and the daemon runs well, but when I execute vpnclient connect xxx, its give me this: ( I've changed the VPN server ip's for xxx - security) ************************************************************************ xxxx@rainman bin]# vpnclient connect scc Cisco Systems VPN Client Version 4.0.1 (A) Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Linux Running on: Linux 2.4.20-18.9 #1 Thu May 29 07:08:16 EDT 2003 i686 Initializing the VPN connection. Contacting the gateway at xxx.xxx.xxx.xxx Contacting the gateway at xxx.xxx.xxx.xxx (backup) Secure VPN Connection terminated locally by the Client Reason: Failed to establish a VPN connection. There are no new notification messages at this time. ************************************************************************ I've stopped iptables, and nothing, same problem. My situation is, I have a RH Linux 9 running in the internal 192.168.2.0 network, using an SMC DSL/Router. The router doesn't have firewall and linux also. Could you help me, please. I heve being looking on internet and I got nothing. Raymond |
I got this from /var/log/messages
Jul 22 23:33:00 rainman kernel: Cisco Systems VPN Client Version 4.0.1 (A) kernel module loaded Jul 22 23:33:00 rainman vpnclient_init: Module cisco_ipsec loaded, with warnings Jul 22 23:33:00 rainman vpnclient_init: Done Jul 22 23:33:00 rainman rc: Starting vpnclient_init: succeeded That means (I think) vpn is running |
Hey,
the cisco 4.0.1.A client works for me on RedHat 9 after setting my NIC to a trusted device in the firewall configuration. Werner |
Cisco VPN
Thanks to answer my question.
How do you did that change, please tell me, I am new in this Linux stuff. I will appreciate your help. Thanks Raymond |
Werner, look this
This is the IPSEC.LOG
[root@rainman tmp]# more LOG.IPSEC Cisco Systems VPN Client Version 4.0.1 (A) Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Linux Running on: Linux 2.4.20-18.9 #1 Thu May 29 07:08:16 EDT 2003 i686 1 21:56:34.147 07/23/2003 Sev=Info/4 CLI/0x43900002 Started vpnclient: Cisco Systems VPN Client Version 4.0.1 (A) Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Linux Running on: Linux 2.4.20-18.9 #1 Thu May 29 07:08:16 EDT 2003 i686 2 21:56:34.156 07/23/2003 Sev=Info/4 CVPND/0x4340000F Started cvpnd: Cisco Systems VPN Client Version 4.0.1 (A) Copyright (C) 1998-2003 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Linux Running on: Linux 2.4.20-18.9 #1 Thu May 29 07:08:16 EDT 2003 i686 3 21:56:34.156 07/23/2003 Sev=Info/4 IPSEC/0x43700014 Deleted all keys 4 21:56:34.156 07/23/2003 Sev=Info/4 IPSEC/0x43700008 IPSec driver successfully started 5 21:56:34.156 07/23/2003 Sev=Info/4 IPSEC/0x43700014 Deleted all keys 6 21:56:34.156 07/23/2003 Sev=Info/4 IPSEC/0x43700014 Deleted all keys 7 21:56:34.156 07/23/2003 Sev=Info/4 IPSEC/0x4370000A IPSec driver successfully stopped 8 21:56:35.170 07/23/2003 Sev=Info/4 CM/0x43100002 Begin connection process 9 21:56:35.171 07/23/2003 Sev=Info/4 CM/0x43100004 Establish secure connection using Ethernet 10 21:56:35.172 07/23/2003 Sev=Info/4 CM/0x43100024 Attempt connection with server "XXX.XXX.XXX.X" 11 21:56:35.172 07/23/2003 Sev=Info/6 IKE/0x4300003B Attempting to establish a connection with XXX.XXX.XXX.X 12 21:56:35.271 07/23/2003 Sev=Warning/2 IKE/0xC3000099 Failed to build P1 SA payload: no proposals (PLMgrSA:266) 13 21:56:35.271 07/23/2003 Sev=Warning/2 IKE/0xC3000099 Failed to create SA Payload (PLMgrSA:166) 14 21:56:35.271 07/23/2003 Sev=Warning/2 IKE/0xC3000099 Failed to build SA payload (MsgHandlerAM:93) 15 21:56:35.271 07/23/2003 Sev=Warning/2 IKE/0xC3000099 Failed to build AG msg1 (NavitagorAM:135) 16 21:56:35.271 07/23/2003 Sev=Warning/2 IKE/0xC30000A5 Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2046) 17 21:56:35.271 07/23/2003 Sev=Info/4 IKE/0x43000017 Marking IKE SA for deletion (I_Cookie=41E8C4CD39B79CCF R_Cookie=0000000000000000) reason = DEL_REASON_IKE_NEG_FAILED 18 21:56:35.272 07/23/2003 Sev=Info/4 IPSEC/0x43700008 IPSec driver successfully started 19 21:56:35.272 07/23/2003 Sev=Info/4 IPSEC/0x43700014 Deleted all keys 20 21:56:35.826 07/23/2003 Sev=Info/4 IKE/0x4300004A Discarding IKE SA negotiation (I_Cookie=41E8C4CD39B79CCF R_Cookie=0000000000000000) reason = DEL_REASON_IKE_NEG_FAILED 21 21:56:35.826 07/23/2003 Sev=Info/4 CM/0x43100014 Unable to establish Phase 1 SA with server "XX.XXX.XXX.X" because of "DEL_REASON_IKE_NEG_FAILED" 22 21:56:35.826 07/23/2003 Sev=Info/4 CM/0x43100011 Attempt connection with backup server "XXX.XXX.XXX.X" 23 21:56:35.826 07/23/2003 Sev=Info/4 CM/0x43100024 Attempt connection with server "XXX.XXX.XXX.X" 24 21:56:35.826 07/23/2003 Sev=Info/6 IKE/0x4300003B Attempting to establish a connection with XX.XXX.XXX.X. 25 21:56:35.904 07/23/2003 Sev=Warning/2 IKE/0xC3000099 Failed to build P1 SA payload: no proposals (PLMgrSA:266) 26 21:56:35.904 07/23/2003 Sev=Warning/2 IKE/0xC3000099 Failed to create SA Payload (PLMgrSA:166) 27 21:56:35.904 07/23/2003 Sev=Warning/2 IKE/0xC3000099 Failed to build SA payload (MsgHandlerAM:93) 28 21:56:35.904 07/23/2003 Sev=Warning/2 IKE/0xC3000099 Failed to build AG msg1 (NavitagorAM:135) 29 21:56:35.904 07/23/2003 Sev=Warning/2 IKE/0xC30000A5 Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2046) 30 21:56:35.904 07/23/2003 Sev=Info/4 IKE/0x43000017 Marking IKE SA for deletion (I_Cookie=2E075ABB9306040D R_Cookie=0000000000000000) reason = DEL_REASON_IKE_NEG_FAILED 31 21:56:36.425 07/23/2003 Sev=Info/4 IKE/0x4300004A Discarding IKE SA negotiation (I_Cookie=2E075ABB9306040D R_Cookie=0000000000000000) reason = DEL_REASON_IKE_NEG_FAILED 32 21:56:36.426 07/23/2003 Sev=Info/4 CM/0x43100014 Unable to establish Phase 1 SA with server "216.240.203.3" because of "DEL_REASON_IKE_NEG_FAILED" 33 21:56:36.426 07/23/2003 Sev=Info/4 CM/0x4310000C All connection attempts with backup server failed 34 21:56:36.426 07/23/2003 Sev=Info/5 CM/0x43100025 Initializing CVPNDrv 35 21:56:36.427 07/23/2003 Sev=Info/4 IKE/0x43000001 IKE received signal to terminate VPN connection 36 21:56:37.543 07/23/2003 Sev=Info/4 IPSEC/0x43700014 Deleted all keys 37 21:56:37.543 07/23/2003 Sev=Info/4 IPSEC/0x43700014 Deleted all keys 38 21:56:37.543 07/23/2003 Sev=Info/4 IPSEC/0x43700014 Deleted all keys 39 21:56:37.543 07/23/2003 Sev=Info/4 IPSEC/0x4370000A IPSec driver successfully stopped |
How does one change the network card to being a trusted device ?
well it's quite simple : In your menu go to System settings - Security Level - and their you have it : in the middle of the dialog box are the trusted devices ... let me know if it worked for you Werner |
Werner
I did what you told me and still does not work.
What I think is may be I need another software more to make it work. I don't really have an idea what is the problem. Thanks Raymond |
I have the same problem.
I am running RH9 (2.4.20-19.9) and Cisco VPN-client 4.0.1 (A). I have tryed setting up the NIC as a trusted device, and even tryed to disable the iptables completely. Please help! |
I'm still running the 2.4.20-18.9 kernel and i haven't tried the 2.4.20-19.9 kernel ... can you try with the 18.9 version and let me know if that works ?
One more question : was your RH9 a clean install or an upgrade of a previous RH version ? Werner |
It was a clean 9.
I tried with 2.4.20-8 to (the one installed with the RH9). I will try the 2.4.20-18.9 kernel. |
Werner,
It doesn't work with that Kernel too, I've tryed with all the kernel that comes with RH 9. I even uninstall iptables but still doesn't work. I did NMAP and I can see only 5 ports open, it look like even if iptables is not installed there is something in the kernel that avoid open the ports. I don't really know what could be the problem. As I told you, from my internal network, my NT and my windows XP works. I don't know why only linux doesn't work. Please help. Thanks Raymond |
All times are GMT -5. The time now is 11:46 AM. |