Login Main site Create account

07.12.2006 09:36

Cisco VPN Client and Linux Kernel 2.6.19

============================== ATTENTION ==============================
This article is _OUTDATED_. You can find an updated version of the patch below in the Links section.
============================== ATTENTION ==============================

Yesterday I upgraded my system to Linux kernel 2.6.19 and tried to recompile the "cisco_ipsec" kernel module, but failed.

There were some changes in 2.6.19 that prevented it from compiling cleanly. One of these changes was known to me from my work at the Matrox Parhelia drivers, the other one was due to an argument number change in skb_checksum_help.

I used the latest - to me - available Cisco VPN Client version for linux, which is vpnclient-linux- and represents the 32bit version of the driver. I don't really know, if the following patch will work for the 64bit version too, so if someone tried it out, please tell me.
I wrote a small patch that makes it usable again on 2.6.19 and can be downloaded below.

Due to popular demand, I added the following information on how to apply the patch to your VPN client installation:
1. Untar the VPN Client
# tar xzf vpnclient-linux-

2. Download the patch
# wget -q http://tuxx-home.at/projects/cisco-vpnclient/vpnclient-linux-2.6.19.diff

3. Change to the vpnclient diretory
# cd vpnclient

4. Apply the patch
# patch <../vpnclient-linux-2.6.19.diff
patching file IPSecDrvOS_linux.c
patching file frag.c
patching file interceptor.c
patching file linuxcniapi.c

Now the patch has been applied and you can safely install the client



============================== ATTENTION ==============================
This article is _OUTDATED_. You can find an updated version of the patch above in the Links section.
============================== ATTENTION ==============================
Comments added earlier to http://tuxx-home.at/archives/2006/12/07/T09_36_48/index.html:
fucter on 2006-12-27 02:57:07 wrote:
Dude, you rule, I can use the wifi at Penn State again now. It's ashame no one else has commented on this yet, so let me be the first to say thank you.
Alexander Griesser on 2007-01-02 12:30:30 wrote:
Thanks for the flowers :) I hope many others out there can use
this patch to get the client working again on 2.6.19!
Guest on 2007-01-14 18:05:25 wrote:
Thanks Alexander, that works perfectly for me (on 64bit too).
Alexander Griesser on 2007-01-15 10:18:03 wrote:
Thanks for your feedback!
Guest on 2007-01-22 22:17:47 wrote:
Thx a lot!

Works fine for Fedora Core 6 (Zod) in 64bit, after updating the kernel to 2.6.19-x today.

R-e-s-p-e-c-t !


Guest on 2007-01-28 23:24:38 wrote:
Thanks a lot. I can compile and install Cisco VPN. Now, I try it.
Two thumbs up!
Guest on 2007-02-10 16:45:12 wrote:
Alexander - you're the man! I've been chasing this problem for two weeks. Thanks for saving my bacon.

Alexander Griesser on 2007-02-10 17:01:26 wrote:
That's nice to hear :) Thanks for all the feedback guys!
Guest on 2007-02-17 19:57:22 wrote:
Vielen Dank! Das hat mir ein Paar Stunden gespart!
Guest on 2007-02-18 11:12:38 wrote:
Thanks so much! Now I have VPN access again!

For the record, it works on Fedora Core 6 (2.6.19) x86_32
Alexander Griesser on 2007-02-18 16:38:06 wrote:
I never would have thought that making such a little patch to the Cisco VPN Client pulls so many people to
my site, but I'm glad that I could help you all out with
this :)

I'll add compatibility changes to the Cisco VPN Client onto
my todo list for the future so that you can always come
back here in terms of troubles :)

Thanks for all your feedback!
Guest on 2007-02-20 04:46:35 wrote:
Sounds like this is the fix I've been looking for. Can you please tell a new user how to apply this patch?

Alexander Griesser on 2007-02-20 08:15:56 wrote:
The patch has to be applied to the vpnclients source directory, so if you
extracted the vpnclient to e.g. /usr/src/vpnclient and downloaded this patch
to /usr/src/vpnclient-linux-2.6.19.diff, issue the following commands:

cd /usr/src/vpnclient
patch </usr/src/vpnclient-linux-2.6.19.diff

That should be enough, afterwards you will be able to do a ./vpn_install.
Guest on 2007-02-21 08:44:17 wrote:
Thank you. That did the trick. As always, I appreciate all the good help.

Alexander Griesser on 2007-02-21 09:54:17 wrote:
You're welcome.
Guest on 2007-02-21 11:23:08 wrote:
It works with 64Bit as well. Thanks a lot pal!
Guest on 2007-02-22 04:29:32 wrote:
Thank you very much..
Guest on 2007-02-23 01:05:07 wrote:
Yeah, thank you, it is working great, you rock!
Guest on 2007-02-28 18:12:56 wrote:
Excellent - very helpful! Helped me get a customer w/ FC6 up and running on our VPN.
Guest on 2007-03-05 16:17:12 wrote:

Thanks for the patch and info. I was able to get vpn working on ubuntu feisty.

Guest on 2007-03-05 16:35:53 wrote:
doenot work for me.
* Binaries will be installed in "/usr/local/bin".
* Modules will be installed in "/lib/modules/2.6.19-1.2911.6.4.fc6xen/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from &quot;/lib/modules/2.6.19-1.2911.6.4.fc6xen/build&quot; will be used to build the module.

Is the above correct [y]

Making module
make -C /lib/modules/2.6.19-1.2911.6.4.fc6xen/build SUBDIRS=/home/jigar/My document/3.Installers/vpnclient modules
make[1]: Entering directory `/usr/src/kernels/2.6.19-1.2911.6.4.fc6-xen-i686'
make[1]: *** No rule to make target `document/3.Installers/vpnclient'. Stop.
make[1]: Leaving directory `/usr/src/kernels/2.6.19-1.2911.6.4.fc6-xen-i686'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko".

can anyone please help me
Guest on 2007-03-13 19:14:55 wrote:
Excellent !!! work fine for me with FC6.
Thank you
Alejandro Neyra
Guest on 2007-03-24 12:18:43 wrote:
I did the same thing and it worked on my 64bit laptop. Nice thing you posted it for all others!
Guest on 2007-03-24 14:02:17 wrote:
Thanks so much! Now I was looking for something like this for weeks.

Guest on 2007-03-24 18:32:07 wrote:
Excellent post. Thanks for taking the time to put this together!
Guest on 2007-04-03 01:16:17 wrote:
Guest on 2007-04-04 02:56:40 wrote:
Here is yet another person helped by this patch. My machine runs Fedora Core 6 using a 2.6.18 kernel. When I originally tried to compile the vpnclient I got complaints about a missing linux/config.h file. The patch went in cleanly and the vpnclient compiled with only four warnings when compiling the interceptor.h file.

Now I just have to configure the program and all should be well.

Thank you so much.

Kevin C.
Alexander Griesser on 2007-04-04 07:47:20 wrote:
Great :)
Thanks for all your feedback!
Guest on 2007-04-09 10:16:46 wrote:
Nice job! Works great with 2.6.20 kernels, both 32 and 64 bit.

Thanks man!
Guest on 2007-05-09 18:35:14 wrote:
thank you + 1000!
Guest on 2007-05-10 11:59:01 wrote:
This my problem :
make -C /lib/modules/2.6.18-1.2798.fc6/build SUBDIRS=/root/vpnclient modules
make[1]: Entering directory `/usr/src/kernels/2.6.18-1.2798.fc6-x86_64'
CC [M] /root/vpnclient/linuxcniapi.o
/root/vpnclient/linuxcniapi.c:12:26: error: linux/config.h: No such file or directory
In file included from /root/vpnclient/Cniapi.h:15,
from /root/vpnclient/linuxcniapi.c:27:
/root/vpnclient/GenDefs.h:110:2: warning: #warning 64 bit
make[2]: *** [/root/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/root/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/kernels/2.6.18-1.2798.fc6-x86_64'
make: *** [default] Error 2
Failed to make module "cisco_ipsec.ko".
Plz help me :(
Alexander Griesser on 2007-05-10 15:01:11 wrote:
You didn't apply the patch correctly. If you would have applied it, in linuxcniapi.c would be no mention of linux/config.h.
Guest on 2007-05-11 10:40:18 wrote:
Plz, let's me known how to patch it correctly?
Alexander Griesser on 2007-05-11 13:32:26 wrote:
At the top of this page, there's an explanation on about how to do this correctly.
If you still have problems getting this done, please contact me via e-mail.
Guest on 2007-05-15 17:07:16 wrote:
You are a GOD! Thank you soooo much!
Guest on 2007-05-16 23:41:02 wrote:
Works on FC5 2.6.20-1.2316.fc5 x86-64
YDM Baby!
Alexander Griesser on 2007-05-17 07:46:18 wrote:
Please make sure that you are using the latest available patch (vpnclient-linux-2.6.19+-rev1.diff), not the one
that is mentioned in this blog entry here.

This patch has a bug with name resolution inside the
VPN tunnel, the updated patch hasn't.

The link to the new patch is available in the "Links"
section at the end of this blog entry.
Guest on 2007-05-22 19:51:21 wrote:
Thanks a lot for your help !
Guest on 2007-06-01 20:02:12 wrote:
You rule, man, you rule!
Alexander Griesser on 2007-06-02 10:06:48 wrote:
Thanks :)
JFTR: Another update is available, see the links section
above, that works with kernel version 2.6.22 too.
Guest on 2007-07-14 21:38:21 wrote:
This patch works on 64 bit machines. I have a AMD64 bith machine.
Guest on 2007-08-03 12:05:22 wrote:
Hi Alex,

I needed to thanks you for this incredible patch. I tried for the Kernel 2.6.22 and guess what it just works fine.
Can you realize how much this patch is helping people around the globe?
Thanks very much....really!

Alexander Griesser on 2007-08-04 16:20:08 wrote:
That's great to hear :)
Well, you know, there's a Paypal Donate button on my website ;)

Guest on 2007-08-22 11:04:33 wrote:
Hi Alexander,
days ago my Linux FC7 was updated with the latest kernel (the
Trivial I had to re-install the cisco vpnclient (from the same vpnclient-linux- sources and patched as usual with your great latest diff file).
Compile was ok and the module fit properly into the kernel. Btw, once connected to the vpn server, my system becomes no able to exit towards the net (the /sbin/route commend hangs on reply to the shell and write the routing table after ten of seconds...).
Nothing is changed on my FC7 apart the kernel, before the vpn connection worked fine :-(

Any suggestions? comments?
Many thanks everybody wants to share here opinions on that or share similar experiences.
Guest on 2007-08-24 15:01:26 wrote:
thanks Dude...i used your diff to install the latest vpn...will bookmark your website for future kernel upgrades...
Guest on 2007-09-16 06:41:17 wrote:
Alexander Griesser on 2008-01-03 09:48:49 wrote:
Please let's discuss all these issues in the newly created forum:


This comment system is not suitable for debugging such stuff.
Guest on 2008-06-05 13:11:08 wrote:
please help getting following errors while applying patch<BR />patch < ../vpnclient-linux-2.6.19.diff<BR />patching file IPSecDrvOS_linux.c<BR />Hunk #1 FAILED at 11.<BR />1 out of 1 hunk FAILED -- saving rejects to file IPSecDrvOS_linux.c.rej<BR />patching file frag.c<BR />Hunk #1 FAILED at 1.<BR />1 out of 1 hunk FAILED -- saving rejects to file frag.c.rej<BR />patching file interceptor.c<BR />Hunk #1 FAILED at 8.<BR />Hunk #2 succeeded at 45 with fuzz 2 (offset 12 lines).<BR />Hunk #3 FAILED at 574.<BR />Hunk #4 FAILED at 700.<BR />3 out of 4 hunks FAILED -- saving rejects to file interceptor.c.rej<BR />patching file linuxcniapi.c<BR />Hunk #1 FAILED at 9.<BR />1 out of 1 hunk FAILED -- saving rejects to file linuxcniapi.c.rej<BR />
Guest on 2009-03-06 12:06:51 wrote:
Nice work!i use <a href="http://vpnomania.com/proxy-surf.html/">proxy</a> and <a href="http://world-secure-channel.com/why/">vpn</a> to secure my data,it works like a charm

Your comment (HTML tags will be stripped !!):

To verify You are not a bot, type down text from this image.

Your try: