Avec la version vpnclient-linux-4.8.00.0490-k9.tar.gz plus besoin de patcher sur une ubuntu 6.06 (le reste reste valable)
Avec la version vpnclient-linux-4.7.00.0640-k9.tar.gz suivre ce howto:
One of my customers has a VPN which I'd like to access. They provided me with a copy of the Cisco VPN client for Linux, and a "pcf" configuration file for the client. Here's what i had to do to get the Cisco VPN client working in Linux - and it does work just fine.
First we make a directory to put the bits and bobs in
alan@hactar:~$ mkdir cisco
alan@hactar:~$ cd cisco/
I then downloaded the Cisco VPN client from my customers intranet and saved it in the cisco directory I just created. I then unpacked it which makes a directory called vpnclient and unpacks the files into it.
alan@hactar:~/cisco$ tar zxvf vpnclient-linux-4.6.02.0030-k9.tar.gz
vpnclient/
vpnclient/libvpnapi.so
vpnclient/vpnapi.h
vpnclient/cisco_cert_mgr
vpnclient/vpnclient
vpnclient/ipseclog
vpnclient/cvpnd
vpnclient/vpn_install
vpnclient/vpnclient_init
vpnclient/vpn_uninstall
vpnclient/driver_build.sh
vpnclient/sample.pcf
vpnclient/vpnclient.ini
vpnclient/license.txt
vpnclient/license.rtf
vpnclient/interceptor.c
vpnclient/linuxcniapi.c
vpnclient/linuxcniapi.h
vpnclient/vpn_ioctl_linux.h
vpnclient/IPSecDrvOS_linux.c
vpnclient/linux_os.h
vpnclient/frag.h
vpnclient/frag.c
vpnclient/GenDefs.h
vpnclient/mtu.h
vpnclient/IPSecDrvOSFunctions.h
vpnclient/IPSecDrvOS_linux.h
vpnclient/Cniapi.h
vpnclient/unixcniapi.h
vpnclient/config.h
vpnclient/libdriver.so
vpnclient/Makefile
Dive into the directory and check all the files are there
alan@hactar:~/cisco/vpnclient$ ls -l
total 4580
-rwxr-xr-x 1 alan alan 1149812 2005-03-11 22:43 cisco_cert_mgr
-rw-r--r-- 1 alan alan 15974 2005-03-11 22:43 Cniapi.h
-rw-r--r-- 1 alan alan 4474 2005-03-11 22:43 config.h
-rwxr-xr-x 1 alan alan 1943604 2005-03-11 22:43 cvpnd
-rwxr-xr-x 1 alan alan 1430 2005-03-11 22:43 driver_build.sh
-rw-r--r-- 1 alan alan 6301 2005-03-11 22:43 frag.c
-rw-r--r-- 1 alan alan 227 2005-03-11 22:43 frag.h
-rw-r--r-- 1 alan alan 4500 2005-03-11 22:43 GenDefs.h
-rw-r--r-- 1 alan alan 21952 2005-03-11 22:43 interceptor.c
-rw-r--r-- 1 alan alan 2524 2005-03-11 22:43 IPSecDrvOSFunctions.h
-rw-r--r-- 1 alan alan 5138 2005-03-11 22:43 IPSecDrvOS_linux.c
-rw-r--r-- 1 alan alan 1249 2005-03-11 22:43 IPSecDrvOS_linux.h
-rwxr-xr-x 1 alan alan 205464 2005-03-11 22:43 ipseclog
-rwxr-xr-x 1 alan alan 516924 2005-03-11 22:43 libdriver.so
-rwxr-xr-x 1 alan alan 356756 2005-03-11 22:43 libvpnapi.so
-rw-r--r-- 1 alan alan 4449 2005-03-11 22:43 license.rtf
-rw-r--r-- 1 alan alan 4130 2005-03-11 22:43 license.txt
-rw-r--r-- 1 alan alan 16856 2005-03-11 22:43 linuxcniapi.c
-rw-r--r-- 1 alan alan 1291 2005-03-11 22:43 linuxcniapi.h
-rw-r--r-- 1 alan alan 1852 2005-03-11 22:43 linux_os.h
-rw-r--r-- 1 alan alan 908 2005-03-11 22:43 Makefile
-rw-r--r-- 1 alan alan 1926 2005-03-11 22:43 mtu.h
-rw-r--r-- 1 alan alan 349 2005-03-11 22:43 sample.pcf
-rw-r--r-- 1 alan alan 946 2005-03-11 22:43 unixcniapi.h
-rw-r--r-- 1 alan alan 24385 2005-03-11 22:43 vpnapi.h
-rwxr-xr-x 1 alan alan 263264 2005-03-11 22:43 vpnclient
-rw-r--r-- 1 alan alan 172 2005-03-11 22:43 vpnclient.ini
-rwxr-xr-x 1 alan alan 2961 2005-03-11 22:43 vpnclient_init
-rwxr-xr-x 1 alan alan 13826 2005-03-11 22:43 vpn_install
-rw-r--r-- 1 alan alan 1008 2005-03-11 22:43 vpn_ioctl_linux.h
-rwxr-xr-x 1 alan alan 5992 2005-03-11 22:43 vpn_uninstall
To make this you need the kernel headers for your current running kernel version. uname -r tells us the kernel version number:
alan@hactar:~$ uname -r
2.6.15-23-686
Using that information we can (in Ubuntu and other Debian based distributions) easily download the kernel headers with a command like this:
alan@hactar:~$ sudo apt-get install linux-headers-`uname -r`
Reading package lists... Done
Building dependency tree... Done
linux-headers-2.6.15-23-686 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 66 not upgraded.
Looks like I already have it. Lets double check:
alan@hactar:~/cisco/vpnclient$ ls /usr/src/linux-headers-2.6.15-23-686/
arch crypto include kernel mm scripts usr
block drivers init lib Module.symvers security
cluster fs ipc Makefile net sound
That all looks sane. Now we need to patch the client because it won't compile otherwise.
Get the patch from here:
Here is a direct link:
Save it in the vpnclient directory then apply it:
alan@hactar:~/cisco/vpnclient$ patch -p0 <>
Do a quick make to see if it compiles sanely.
alan@hactar:~/cisco/vpnclient$ make
make -C /lib/modules/2.6.15-23-686/build SUBDIRS=/home/alan/cisco/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.15-23-686'
CC [M] /home/alan/cisco/vpnclient/linuxcniapi.o
CC [M] /home/alan/cisco/vpnclient/frag.o
CC [M] /home/alan/cisco/vpnclient/IPSecDrvOS_linux.o
CC [M] /home/alan/cisco/vpnclient/interceptor.o
/home/alan/cisco/vpnclient/interceptor.c: In function ‘handle_vpnup’:
/home/alan/cisco/vpnclient/interceptor.c:312: warning: assignment from incompatible pointer type
/home/alan/cisco/vpnclient/interceptor.c:336: warning: assignment from incompatible pointer type
/home/alan/cisco/vpnclient/interceptor.c:337: warning: assignment from incompatible pointer type
/home/alan/cisco/vpnclient/interceptor.c: In function ‘do_cleanup’:
/home/alan/cisco/vpnclient/interceptor.c:380: warning: assignment from incompatible pointer type
LD [M] /home/alan/cisco/vpnclient/cisco_ipsec.o
Building modules, stage 2.
MODPOST
Warning: could not find /home/alan/cisco/vpnclient/.libdriver.so.cmd for /home/alan/cisco/vpnclient/li bdriver.so
CC /home/alan/cisco/vpnclient/cisco_ipsec.mod.o
LD [M] /home/alan/cisco/vpnclient/cisco_ipsec.ko
make[1]: Leaving directory `/usr/src/linux-headers-2.6.15-23-686'
That looks good. Now lets do it for real with the vpn_install script supplied by Cisco.
alan@hactar:~/cisco/vpnclient$ sudo ./vpn_install
Cisco Systems VPN Client Version 4.6.02 (0030) Linux Installer
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.
Directory where binaries will be installed [/usr/local/bin]
Automatically start the VPN service at boot time [yes]
In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.
Directory containing linux kernel source code [/lib/modules/2.6.15-23-686/build]
* Binaries will be installed in "/usr/local/bin".
* Modules will be installed in "/lib/modules/2.6.15-23-686/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from "/lib/modules/2.6.15-23-686/build" will be used to build the module.
Is the above correct [y]
Making module
make -C /lib/modules/2.6.15-23-686/build SUBDIRS=/home/alan/cisco/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.15-23-686'
Building modules, stage 2.
MODPOST
Warning: could not find /home/alan/cisco/vpnclient/.libdriver.so.cmd for /home/alan/cisco/vpnclient/li bdriver.so
make[1]: Leaving directory `/usr/src/linux-headers-2.6.15-23-686'
Create module directory "/lib/modules/2.6.15-23-686/CiscoVPN".
Copying module to directory "/lib/modules/2.6.15-23-686/CiscoVPN".
Already have group 'bin'
Creating start/stop script "/etc/init.d/vpnclient_init".
/etc/init.d/vpnclient_init
Enabling start/stop script for run level 3,4 and 5.
Creating global config /etc/opt/cisco-vpnclient
Installing license.txt (VPN Client license) in "/opt/cisco-vpnclient/":
Installing bundled user profiles in "/etc/opt/cisco-vpnclient/Profiles/":
* New Profiles : sample
Copying binaries to directory "/opt/cisco-vpnclient/bin".
Adding symlinks to "/usr/local/bin".
/opt/cisco-vpnclient/bin/vpnclient
/opt/cisco-vpnclient/bin/cisco_cert_mgr
/opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory "/opt/cisco-vpnclient/bin".
/opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory "/opt/cisco-vpnclient/lib".
/opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory "/opt/cisco-vpnclient/include".
/opt/cisco-vpnclient/include/vpnapi.h
Setting permissions.
/opt/cisco-vpnclient/bin/cvpnd (setuid root)
/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient/Profiles (group bin readable)
/etc/opt/cisco-vpnclient/Certificates (group bin readable)
* You may wish to change these permissions to restrict access to root.
* You must run "/etc/init.d/vpnclient_init start" before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.
Yay! That all looks pretty good. There is a sample profile supplied with the client which lives by default in /etc/opt/cisco-vpnclient/Profiles/, lets see:
alan@hactar:~/cisco/vpnclient$ ls /etc/opt/cisco-vpnclient/Profiles/
sample.pcf
Now I will copy the configuration file supplied by my customer to that location so the software can find it:
alan@hactar:~/cisco/vpnclient$ sudo cp *.pcf /etc/opt/cisco-vpnclient/Profiles/
Lets check they're there.
alan@hactar:~/cisco/vpnclient$ ls /etc/opt/cisco-vpnclient/Profiles/
XXX-XXX_XXX-VPN.pcf YYY-YYY_YYY-VPN.pcf ZZZ-ZZZ-ZZZ-1.pcf sample.pcf
(Note I've changed the names of the files to hide some info.)
The next bit will be started when I reboot, but as I don't want to reboot right now I'll start it myself:
alan@hactar:~/cisco/vpnclient$ sudo /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: Done
I'll now start the client to see if it starts.
alan@hactar:~/cisco/vpnclient$ ./vpnclient
Cisco Systems VPN Client Version 4.6.02 (0030)
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.15-23-686 #1 SMP PREEMPT Tue May 23 14:03:07 UTC 2006 i686
Config file directory: /etc/opt/cisco-vpnclient
Usage:
vpnclient connect[user ] [eraseuserpwd | pwd ]
[nocertpwd]
vpnclient disconnect
vpnclient stat [reset] [traffic] [tunnel] [route] [repeat]
vpnclient notify
vpnclient verify [autoinitconfig]
vpnclient autoinit
Now we actually start the client and connect. Note that I start the client with the word "connect" and the name of the pcf file (without the pcf extension) as a parameter.
alan@hactar:~/cisco/vpnclient$ sudo vpnclient XXX-XXX_XXX-VPN
Cisco Systems VPN Client Version 4.6.02 (0030)
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.15-23-686 #1 SMP PREEMPT Tue May 23 14:03:07 UTC 2006 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Contacting the gateway at XXX.X.XX.XXX
User Authentication for XXX-XXX-XXXX-1...
Enter Username and Password.
Username [DOMAIN\username]:
Password []:
Authenticating user.
Negotiating security policies.
I then get my customers standard welcome message and am connected.
Aucun commentaire:
Enregistrer un commentaire