• Projects index
• Matrox drivers
• Cisco VPN client
• VMware updates
• donations

Unofficial Cisco VPN client updates for Linux

I'm providing unofficial updates to the Cisco VPN client for Linux, because Cisco doesn't update their clients on a regular basis.
Nearly all new kernel versions break the official Cisco VPN client and usually you should get working updates here.

How to install the Cisco VPN client for Linux?

The installation of the client is as easy as 1, 2, 3, just follow these simple steps:

1. Untar the VPN Client
# tar xzf vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz

2. Change to the vpnclient directory
# cd vpnclient

3. Install the client
#./vpn_install

Attention dear AMD 64bit users

You will need a specially patched version of this client, because the vanilla versions don't work on your system. One of our forum members (t3x) has created patched versions that should work in this case.

If you - and only if you - have a 64bit AMD system that is running in 64bit mode and the latest Cisco vpn client version segfaults on your system, use this version instead:

vpnclient-linux-x86_64-4.8.02.0030-k9-AMD64_ONLY_by_t3x.tar.gz

Patch to compile 4.8.01.0640 on Linux kernel 2.6.24+

I've written a patch that allows to compile the cisco_ipsec.ko kernel module on Linux kernel 2.6.24.

Update 2008-01-13: I finally managed to come up with a patch that does not violate the GPL anymore and doesn't fake the cisco_ipsec's MODULE_LICENSE(). Therefore I replaced the first version of vpnclient-linux-2.6.24.diff with the new one and would suggest you do this too on your system. The new version works around the use of the GPL-only init_net symbol and therefore doesn't do nasty things anymore.

Update 2008-01-25: 2.6.24 has been released today and they revoked the change to export "init_net" only to GPL-compatible kernel modules so the workarounds aren't necessary anymore, we may directly make use of the "init_net" symbol. Therefore I updated the patch to reflect this change. If you still need to compile this module on 2.6.24-rc kernels, please have a look here.

To install this patch, follow these instructions:

1. Untar the VPN Client
# tar xzf vpnclient-linux-4.8.01.0640-k9.tar.gz

2. Download the patch
# wget -q http://projects.tuxx-home.at/ciscovpn/patches/vpnclient-linux-2.6.24-final.diff

3. Change to the vpnclient diretory
# cd vpnclient

4. Apply the patch
# patch <../vpnclient-linux-2.6.24-final.diff
patching file GenDefs.h
patching file interceptor.c

Now the patch has been applied and you can safely install the client
#./vpn_install

Patch to compile 4.8.01.0640 on 64bit systems

Unfortunately, Cisco Systems hasn't tested the latest release very well on 64bit systems and therefore the latest available VPN client doesn't compile on 64bit systems. You'll get the following error message when trying to compile the client:

interceptor.c:778: error: invalid operands to binary -

Fortunately, a guy named Stephen Frost has provided a patch to make it compile again.
To install his patch, follow these instructions:

1. Untar the VPN Client
# tar xzf vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz

2. Download the patch
# wget -q http://projects.tuxx-home.at/ciscovpn/patches/cisco_skbuff_offset.patch

3. Change to the vpnclient directory
# cd vpnclient

4. Apply the patch
# patch <../cisco_skbuff_offset.patch
patching file frag.c
patching file interceptor.c
patching file linuxcniapi.c
patching file linuxkernelapi.c

5. Now the patch has been applied and you can safely install the client
#./vpn_install

Known Issues during Compilation

During compilation you might get the following error message:

make[1]: Entering directory `/usr/src/linux-headers-2.6.24-16-generic'
scripts/Makefile.build:46: *** CFLAGS was changed in "/path/to/vpnclient_install/vpnclient/Makefile". Fix it to use EXTRA_CFLAGS.  Stop.

Known Issues with 64bit Systems

/usr/local/bin/vpnclient: No such file or directory