I did a search on the Cisco vpn client on the site and it seems like people are finding non-binary/open source alternatives more useful (like vpnc).

However, for those that are required to use said client like me, I'm happy to finally have gotten it to work with Linux (actually I did this a long time ago but never posted about it).

The distros I've had luck with so far are PCLinuxOS, Ubuntu, and SUSE. Linspire/Freespire were a nightmare, even though I love those distros very much (can't wait for the new CNR).

I'm not an expert, so I encourage you strongly to correct any stupidities I included:


Preparation

1A. You'll need to go into a Windows installation of the Cisco VPN Client (hopefully the pre-configured one you got from your network admins) and get a copy of the .pcf file (found in the folder "profiles" in the Cisco program directory on windows...search for it).

Copy it onto a usb flash drive that linux can read...or if your wired internet access is accesible, e-mail it to yourself.

1B. Now you want to go into your distribution's package manager (synaptic, YAST, etc.) and do separate searches for kernel headers and kernel sources.

How do you know which packages are for your specific kernel? Just go to the terminal and type uname -r and it should give you a number like 2.6.blababla and then match that number with the version of the kernel headers and kernel sources.

2. Then you want to download the Linux version of the Cisco vpnclient (I can't give you a link because of licensing issues) somewhere that'll be easy to get to (the Desktop or wherever for now).

If your distro is fairly modern, you can just right click the icon and select "extract" thanks to Ark.

3. Using the terminal, go into the directory created when you extracted the files, not the original file (i.e. the folder vpnclient)

For example you'd enter something like
4. You must know your root/admin password for the following steps

Now type one of the following:

su ./vpn_install

or if you're using Ubuntu:

sudo ./vpn_install


What this does is execute the installation script. Usually it's safe to go with the defaults when it asks you a couple of questions (*happily presses ENTER, ENTER* ) EXCEPT when it asks you if you want it to start at boot time (say NO), in my case anyway.

If all goes well, you should see lots of lines of code (God I'm so dumb lol) and a message at the end that tells you that every time you want to start the vpn client you have to enter into the terminal something that looks like this:

Yay, it's installed! But wait...

5. Remember that .pcf file we needed? Now we want to copy that into the directory /etc/CiscoVPN/profiles . If you rather not go into the terminal again, you can just copy paste the file into that directory.

Note: make note of the .pcf file's name! Usually you can rename it if you want to make it shorter/easier to remember (networknumber123.pcf to omgvpn.pcf for instance)

Now type into the terminal:

or whatever you were told to run in order to start the vpn client after the installation finished (see step 4)

Then type:

with omgvpn being the name of the pcf file/connection (without the file extension of course).

It should ask you for your username and password (for the vpn network, not your system) and voila!!



If Something Goes Wrong:

1. Make sure you downloaded the right kernel headers and source packages for your distro. Remember the numbers on the packages must exactly match the number you got when typing uname -r

2. Make sure you have the compilers you need (gcc, etc.). Alot of distros come with some development tools by default though and if not you can download them through your package manager.

3. Maybe the installer doesn't know where your specific distro has its modules/kernel headers saved (when it's asking you those questions). In that case, don't accept the defaults during installation.

4. Post your output here? (Warning: I'm the biggest newb ever, so I may just provide moral support lol).


This is what worked for me...it will be different for many of you I know.

Hey there.. I was just looking up information on the cisco vpn client. I've installed it, and it appears to come up. Okay, don't laught, but I'm doing all of this remotely to my machine at home, from my machine at work. So the first time I bring it up, I do ./vpnclient connect blahblah.pcf I come to a sad realization that it just moved my machine to the vpn.. and is no longer accessible on my network. After about 30 minutes or so it becomes available again because it timed out due to inactivity (a setting on our concentrator, I suspect).

Okay, the problem is that if I attempt to ./vpnclient connect blahblah.pcf again, it doesn't start back up. If I try using the init script ./vpnclient_init start, it says it's running and to do restart.. but if I do restart, it tells me it can't unload the module because it's in use.

I've looked at my processes and I've got nothing running (that I can see) that would be using this. I've "ifconfig vpnipsec0 down"ed (I can't remember the actual interface now) but still nothing!

Of course, like a dummy, I tried just rmmod the module, and it failed cause it was "in use", so I rmmod -f'ed it , and here I am on here writing this message because I can't get to my machine at all now. (oops!).

Anyway, any input on this would be appreciated!

Jim

PS. You popped my cherry.. FIRST POST!

PSS. slackware 11, 2.6.19.2, and the latest vpn client.. I don't wanna log into cisco's site again.. it's the latest one.

Well.. nevermind.. I just wasn't being patient enough I guess. It works now.. well it did.. but they changed it up to allow me to do split tunnelling and it's all crapped out again. :P

I’ve found the cisco (i.e., closed source binary kernel-space) driver to be buggy on amd64. I was able to reliably oops the kernel while connected. Another problem with the cisco driver is its restrictiveness (I don’t think it was possible to alter the kernel routing table such that you could do so-called “split-tunneling” based on a setting on the server-side. Before I discovered the vpnc userspace program, I had resorted to the use of a virtual machine for my vpn connections. Life is so much easier, flexible, and ethically satisfying (for me) when using vpnc.

Good going, Blink56K! I've CiscoVPN up and running on both my Debian boxen, too. Wonderful secure feeling.

I pretty much followed the same steps you did, but added a pipe in for a tiny yes file so the connect script would be completely automated. My version asks if I *really* want to keep connecting - how Windowy of it. At least with Linux I can script such foolishness out.

Thank you,
Thank you,
Thank you,

After a lot of tears and crying and digging and searching, I got VPN to work after following your manual, I am using PCLinuxOS, installed jus this morning. I will test it in Ubuntu 7.10 and feed back. I Just don't know what to say, "Thank you" is not enough Really thanks!

I am using this: vpnclient-linux-x86_64-4.8.01.0640-k9

Cisco has finally released a new version of their vpn client for Linux. This new version compiles on all the new 2.6.xx kernels without the need for patching! You can download it from here:
http://www.longren.org/files/vpnclie...0640-k9.tar.gz

I got vpnc working on Fedora 7.

Question that I have is, isn't vpnc supposed to eliminate all routes to the local network and only allow connections through the vpn connection?

After I connect I can access network resources through the vpn connection, but I can also access local network resources. I'm concerned that if I vpn from, say, a training location or conference I may open up my corporate network through my own Linux box...

Can someone please shed some light here for me?

Thx!