Skip to site navigation

Linux Fedora Core 6 Installation Instructions

Summary How to install the Cisco Systems VPN Client on Linux Fedora Core 6 kernel.
Instructions
These instructions were provided by an end-user and are untested.

Here are the steps I went through to install the Cisco VPN client software on my laptop running Fedora Core 6. I'll try and guess where things may be different for other distributions.

0) Connect to RoamNet wirelessly. The SSID is "RoamNet" and the WEP key is "NomadicCampus". Note the capitalization.

1) Once connected wirelessly, it's possible to access the ISD webpages at http://www.ucl.ac.uk/isd/. In particular, the relevant pages for
RoamNet are at http://www.ucl.ac.uk/isd/students/wireless/roamnet/, so go here.

2) Click on the big "Get Connected" button - you'll need to enter your UCL username and password at this point. On the next page, click on the red "download" button. This will take you to https://www.ucl.ac.uk/is/roamnet/bin/distribution/linux/. There are
several directories presented here for different versions of the client. You'll also see a directory called doc which contains documentation for the client (well worth reading if you get stuck) and a directory called profile, which contains files which have the
relevant settings in for the UCL network - we'll use these in step 8. I recommend the latest version - 48000490. Click on that directory. [or 48000490-64 - this is the 64 bit version for 64 bit processor machines, but I doubt there's much advantage to using the 64 bit client].

3) Download the VPN client software to somewhere on your local computer - i.e. click on vpnclient-linux-4.8.00.0490-k9.tar.gz.

4) As root user on your machine, you now need to copy this file somewhere and unzip and untar it. I copied the file to /root. In /root I typed tar -zxf to unpack the software - this creates a directory called vpnclient which contains all the files. All of the remaining steps must also be done as root.

5) You now need to compile the kernel module that is included in the client download. This requires that you have the kernel source code for the currently running kernel installed on your machine. For fedora core 6, this means typing "yum install kernel-devel". Other distributions have similar methods for getting packages of the kernel source code.

6) You now need to compile the client and the kernel module that is needed by the client. Change into the directory containing the client software that you unzipped in step 4 above - "cd vpnclient" if you're in the /root directory.

7) Start the build process by typing "./vpn_install" *. You will then be asked 3 questions:

Directory where binaries will be installed [/usr/local/bin]

Automatically start the VPN service at boot time [yes]

Directory containing linux kernel source code
[/lib/modules/2.6.18-1.2869.fc6/build]

The default answers should be correct, but the install program may need to be told where to find the kernel source code that you installed in step 5.

All being well, this will then build the kernel module and install the software.

* If the ./vpn_install command fails with a message "linux/config.h"
could not be found, please refer to the EDIT CONFIG FILES section.

8) You now need to configure the VPN client for use with the UCL network. Go back to your web browser and go to https://www.ucl.ac.uk/is/roamnet/bin/distribution/linux/profile/

Here you'll see 3 files:
a) GTECyberTrustGlobalRoot.crt needs to be downloaded and placed in /etc/opt/cisco-vpnclient/Certificates.
b) UCL RoamNet.pcf needs to be downloaded to /etc/opt/cisco-vpnclient/Profiles. I renamed this file to simply ucl.pcf for ease of use.
c) vpnclient.ini needs to be downloaded to /etc/opt/cisco-vpnclient/.

9) You now need to import the certificate that you installed in 8a above. Change directory to /etc/opt/cisco-vpnclient/Certificates and type cisco_cert_mgr -R -op import. When asked for a filename, give GTECyberTrustGlobalRoot.crt as the filename.

10) At this point, you need to start the Cisco service. The easiest way to do this is reboot. Or you can type /etc/rc.d/init.d/vpnclient_init start.

11) You now need to open up the relevant ports on your firewall. I did this using the system-config-securitylevel program to bring up a simple GUI. You need to open ports 500 and 10000 for UDP connections and port 50 for TCP connections.

12) Now you should be set to start the vpnclient by simply typing vpnclient connect ucl at the command line. Note: replace "ucl" with whatever you named the profile file to in step 8b. You will need to enter your UCL username and password when prompted.

<-END->

===========================================================================
EDIT CONFIG FILES
===========================================================================

I have a recently installed linux Fedora-Core-6 distribution on a laptop.
I tried to follow the instructions provided in the file https://www.ucl.ac.uk/is/roamnet/bin/distribution/linux/docs/fedora-core_6.txt to install the Cisco VPN client for use at UCL. Following this method, the ./vpn_install command failed at step 7), with a message implying a fileĀ  "linux/config.h" could not be found. A web search reveals that this file hasĀ  been retired in recent versions of Fedora in favour of "linux/autoconf.h".
The following grep command shows that there are four files in the unpacked
vpnclient directory that need to be edited to reflect this change:

[cjo@msslqf vpnclient]$ grep "linux/config.h" * frag.c:#include <linux/config.h>
interceptor.c:#include <linux/config.h> IPSecDrvOS_linux.c:#include <linux/config.h>
linuxcniapi.c:#include <linux/config.h>

In addition, having fixed this problem in these 4 files, the ./vpn_install again failed with a message implying a problem with CHECKSUM_HW. Again a web search reveals this has been retired in recent kernels, and thus a number of further edits are required to the interceptor.c file. For completeness, using the linux diff command to examine all the changes I made from the 4 original files (identified above but renamed *.orig) to the edited files (*.c) which finally successfully compiled shows the following edits:

[cjo@msslqf vpnclient]$ diff -Nur frag.orig frag.c
--- frag.orig 2007-03-01 12:04:03.000000000 +0000
+++ frag.c 2007-03-01 11:21:54.000000000 +0000
@@ -1,4 +1,4 @@
-#include <linux/config.h>
+#include <linux/autoconf.h>
#include <linux/version.h>
#include <linux/netdevice.h>
#include <linux/etherdevice.h>

[cjo@msslqf vpnclient]$ diff -Nur linuxcniapi.orig linuxcniapi.c
--- linuxcniapi.orig 2007-03-01 12:07:20.000000000 +0000
+++ linuxcniapi.c 2007-03-01 11:23:35.000000000 +0000
@@ -9,7 +9,7 @@
* This module implements a translation layer between the CNI API and the
* Linux Interceptor driver.

***************************************************************************/
-#include <linux/config.h>
+#include <linux/autoconf.h>
#include <linux/version.h>
#include <linux/netdevice.h>
#include <linux/if.h>

[cjo@msslqf vpnclient]$ diff -Nur IPSecDrvOS_linux.orig IPSecDrvOS_linux.c
--- IPSecDrvOS_linux.orig 2007-03-01 12:05:06.000000000 +0000
+++ IPSecDrvOS_linux.c 2007-03-01 11:22:15.000000000 +0000
@@ -11,7 +11,7 @@
*
*

***************************************************************************/
-#include <linux/config.h>
+#include <linux/autoconf.h>
#include <linux/version.h>
#include <linux/vmalloc.h>
#include <linux/sched.h>

[cjo@msslqf vpnclient]$ diff -Nur interceptor.orig interceptor.c
--- interceptor.orig 2007-03-01 10:59:43.000000000 +0000
+++ interceptor.c 2007-03-01 11:18:36.000000000 +0000
@@ -8,7 +8,7 @@

***************************************************************************
* This module implements the linux driver.

***************************************************************************/
-#include <linux/config.h>
+#include <linux/autoconf.h>
#include <linux/version.h>
#include <linux/module.h>
#include <linux/init.h>
@@ -32,6 +32,14 @@
#include "frag.h"
#include "mtu.h"
#include "unixkernelapi.h"
+
+// With linux 2.6.19, they renamed CHECKSUM_HW to CHECKSUM_COMPLETE #if
+LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+ #define CHECKSUM_HW CHECKSUM_COMPLETE
+ #define SKB_CHECKSUM_HELP(a,b) skb_checksum_help((a))
+#else
+ #define SKB_CHECKSUM_HELP(a,b) skb_checksum_help((a),(b))
+#endif

static uint8_t interceptor_eth_addr[] = { 0x00, 0x0b, 0xfc, 0xf8, 0x01, 0x8f };

@@ -554,9 +562,9 @@
{
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,7)
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
- if (skb_checksum_help(skb,1))
+ if (SKB_CHECKSUM_HELP(skb,1))
#else
- if (skb_checksum_help(&skb,1))
+ if (SKB_CHECKSUM_HELP(&skb,1))
#endif // LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
{
dev_kfree_skb(skb);
@@ -680,11 +688,11 @@
if (skb->ip_summed == CHECKSUM_HW)
{
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
- if (skb_checksum_help(skb,0))
+ if (SKB_CHECKSUM_HELP(skb,0))
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,7)
- if (skb_checksum_help(&skb,0))
+ if (SKB_CHECKSUM_HELP(&skb,0))
#else
- if ((skb = skb_checksum_help(skb)) == NULL)
+ if ((skb = SKB_CHECKSUM_HELP(skb)) == NULL)
#endif //LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,7)
{
goto exit_gracefully;

After these changes the ./vpn_install command compiled the client successfully,
and the subsequent instructions (Step 8) onwards) in the
https://www.ucl.ac.uk/is/roamnet/bin/distribution/linux/docs/fedora-core_6.txt
file can be followed to set up the client for use at UCL. Although there were
some warnings at the compile stage, this seems to be working OK on my laptop.