latest versions

12.05.2009

AMD 64bit fix finally available
[ read more ]

25.01.2008

Support for 2.6.24 final
[ read more ]

12.01.2008

Supporting 2.6.24+
[ read more ]

09.11.2007

Patch for 64bit systems
[ read more ]

24.09.2007

VPN client 4.8.01.0640-k9
[ read more ]

downloads

VPN client software

Client archives

Linux Client Patches

Patch archives

links

Weblog archives

Networking and Security

Support forum

Support forum

Company information

Official Cisco website

Unofficial Cisco VPN client updates for Linux

I'm providing unofficial updates to the Cisco VPN client for Linux, because Cisco doesn't update their clients on a regular basis.
Nearly all new kernel versions break the official Cisco VPN client and usually you should get working updates here.

How to install the Cisco VPN client for Linux?

The installation of the client is as easy as 1, 2, 3, just follow these simple steps:

1. Untar the VPN Client
# tar xzf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz

2. Change to the vpnclient directory
# cd vpnclient

3. Install the client
#./vpn_install

Attention dear AMD 64bit users

You will need a specially patched version of this client, because the vanilla versions don't work on your system. One of our forum members (t3x) has created patched versions that should work in this case.

If you - and only if you - have a 64bit AMD system that is running in 64bit mode and the latest Cisco vpn client version segfaults on your system, use this version instead:

vpnclient-linux-x86_64-4.8.02.0030-k9-AMD64_ONLY_by_t3x.tar.gz

Patch to compile 4.8.01.0640 on Linux kernel 2.6.24+

I've written a patch that allows to compile the cisco_ipsec.ko kernel module on Linux kernel 2.6.24.

Update 2008-01-13: I finally managed to come up with a patch that does not violate the GPL anymore and doesn't fake the cisco_ipsec's MODULE_LICENSE(). Therefore I replaced the first version of vpnclient-linux-2.6.24.diff with the new one and would suggest you do this too on your system. The new version works around the use of the GPL-only init_net symbol and therefore doesn't do nasty things anymore.

Update 2008-01-25: 2.6.24 has been released today and they revoked the change to export "init_net" only to GPL-compatible kernel modules so the workarounds aren't necessary anymore, we may directly make use of the "init_net" symbol. Therefore I updated the patch to reflect this change. If you still need to compile this module on 2.6.24-rc kernels, please have a look here.

To install this patch, follow these instructions:

1. Untar the VPN Client
# tar xzf vpnclient-linux-4.8.01.0640-k9.tar.gz

2. Download the patch
# wget -q http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff

3. Change to the vpnclient diretory
# cd vpnclient

4. Apply the patch
# patch <../vpnclient-linux-2.6.24-final.diff
patching file GenDefs.h
patching file interceptor.c

Now the patch has been applied and you can safely install the client
#./vpn_install

Patch to compile 4.8.01.0640 on 64bit systems

Unfortunately, Cisco Systems hasn't tested the latest release very well on 64bit systems and therefore the latest available VPN client doesn't compile on 64bit systems. You'll get the following error message when trying to compile the client:

interceptor.c:778: error: invalid operands to binary -

Fortunately, a guy named Stephen Frost has provided a patch to make it compile again.
To install his patch, follow these instructions:

1. Untar the VPN Client
# tar xzf vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz

2. Download the patch
# wget -q http://projects.tuxx-home.at/ciscovpn/patches/cisco_skbuff_offset.patch

3. Change to the vpnclient directory
# cd vpnclient

4. Apply the patch
# patch <../cisco_skbuff_offset.patch
patching file frag.c
patching file interceptor.c
patching file linuxcniapi.c
patching file linuxkernelapi.c

5. Now the patch has been applied and you can safely install the client
#./vpn_install

Known Issues during Compilation

During compilation you might get the following error message:

make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic'
scripts/Makefile.build:46: *** CFLAGS was changed in "/path/to/vpnclient_install/vpnclient/Makefile". Fix it to use EXTRA_CFLAGS.  Stop.
This seems to happen on newer Ubuntu systems and the like. To get around this issue, do what it tells you and open the file "Makefile" in the vpnclient directory and replace all occurences of "CFLAGS" with "EXTRA_CFLAGS".

Known Issues with 64bit Systems

On 64bit systems you might experience the following error message when trying to start the VPN client:
/usr/local/bin/vpnclient: No such file or directory
As you might have guessed, the file is there and the permissions are OK, but the error message is a bit misleading. "No such file or directory" in this case means that there's a library missing which the VPN client is linked to. To see the name of this library, issue the command:

ldd /usr/local/bin/vpnclient
On 64bit systems, the library missing usually is part of the "ia32-libs" (32bit compatibility libraries) package which can be installed easily using apt-get:

sudo apt-get install ia32-libs

Is there any support for these updates?

Yes, there's a Support Forum available. Some information also might be available in the old weblog archives.