Cisco VPN Client for Linux

Introduction

This document outlines source code changes that are needed to get the Cisco VPN client to work with Fedora Core 4. While untested, it is believed that these same changes will work for other Linux distributions based on the Linux 2.6 kernel.

Software

You must obtain version 4.7.00.0640 of the Cisco VPN client.  The file is named: vpnclient-linux-4.7.00.0640-k9.tar.gz Since I'm not sure if I can freely distribute the software, it is not available here; but if you Google for it, you'll find it. The MD5 checksum of the version I downloaded is "3e2f69bed8c3d9b6828f8e0f0d20180c"

Patch

This patch came from one of the Fedora forums.  You should be able to apply it with the "patch" utility:
*** linuxcniapi.c.orig  2006-02-16 19:07:47.000000000 -0500
--- linuxcniapi.c       2006-02-16 19:12:39.000000000 -0500
***************
*** 276,281 ****
--- 276,283 ----
      struct sk_buff *skb = NULL;
      unsigned char *pIP = NULL, *pMac = NULL;

+     struct timeval timecount;
+
      /* we need to build the actual sk_buff from the packet structure */
      pBinding = (PBINDING) Binding;
      lpPacketDescriptor = (LPPACKETDESCRIPTOR) Packet;
***************
*** 289,295 ****
          goto exit_gracefully;
      }
      /* move the data into the packet */
!     do_gettimeofday(&skb->stamp);

      pIP = skb_put(skb, lpPacketDescriptor->uiPacketSize);

--- 291,300 ----
          goto exit_gracefully;
      }
      /* move the data into the packet */
!     do_gettimeofday(&timecount);
!
!     skb->tstamp.off_sec = (u32) timecount.tv_sec;
!     skb->tstamp.off_usec = (u32) timecount.tv_usec;

      pIP = skb_put(skb, lpPacketDescriptor->uiPacketSize);

***************
*** 389,394 ****
--- 394,401 ----
      unsigned char *pIP = NULL, *pMac = NULL;
      int tmp_rc = 0;

+     struct timeval timecount;
+
      int (*tmp_InjectSend) (struct sk_buff * skb, struct net_device * dev);
      tmp_InjectSend = NULL;

***************
*** 429,435 ****
      CniGetPacketData(Packet, 0, lpPacketDescriptor->uiPacketSize, pIP);

      /* put the mac header on */
!     do_gettimeofday(&skb->stamp);

      skb->dev = pBinding->pDevice;

--- 436,445 ----
      CniGetPacketData(Packet, 0, lpPacketDescriptor->uiPacketSize, pIP);

      /* put the mac header on */
!     do_gettimeofday(&timecount);
!
!     skb->tstamp.off_sec = (u32) timecount.tv_sec;
!     skb->tstamp.off_usec = (u32) timecount.tv_usec;

      skb->dev = pBinding->pDevice;

Installation

Login as root, and follow these steps:
# tar zxf vpnclient-linux-4.7.00.0640-k9.tar.gz
# cd vpnclient
# patch < linuxcniapi.patch
patching file linuxcniapi.c
# vpn_install
Cisco Systems VPN Client Version 4.7.00 (0640) Linux Installer
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.

Directory where binaries will be installed [/usr/local/bin] <return>

Automatically start the VPN service at boot time [yes] <return>

In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.

Directory containing linux kernel source code [/lib/modules/2.6.15-1.1831_FC4/build] <return>

* Binaries will be installed in "/usr/local/bin".
* Modules will be installed in "/lib/modules/2.6.15-1.1831_FC4/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from "/lib/modules/2.6.15-1.1831_FC4/build" will be used to build the module.

Is the above correct [y] <return>
After that, the software will be compiled and installed. The easiest thing now is to find your VPN profile (*.pcf) and install it into the /etc/opt/cisco-vpnclient/Profile directory.