HI,

The Cisco VPN Client works, but i can not open my Lotus Notes Mailbox or a Samba Share, only ping,http and so on works. I have seen this issue before on Debian SID, and solved this prob by installing a 2.4.27 Kernel.

Is it possible to install a 2.4.x KErnel on FC3?
Anybody here which uses the Cisco VPN Client? I use Version 4.6.00 (0045).

I've had good results using the 4.0.4.B version - where did you get the 4.6 version from?

hm, i searched the internet and find it :-)
i don't know where, but if you want we can exchange the versions :)

I'll find it later and give it a shot and let you know... ;)

here it is http://ncc.rz.uni-mannheim.de/vpn/ciscoclient/vpnclient-linux-4.6.00.0045-k9.tar.gz

Update: the 4.6 version blew chunks on "Authorizing user" and quit. I re-enabled 4.0.4.B and it worked correctly. I found a copy at http://www.cs.uu.nl/technical/services/vpn/vpnclient-linux-4.0.4.B-k9.tar.gz

With the latest version of the kernel (724) the VPN client doesn't work ...

There is a error during compilation of interceptor.c ...

The fix : (given by slacker775 on linuxquestion.org)

Copy/paste this patch:

code:

--- interceptor.c.orig 2005-01-04 14:55:44.246848280 -0500
+++ interceptor.c 2005-01-04 14:56:15.955027904 -0500
@@ -236,6 +236,24 @@
dev_kfree_skb(skb);
return 0;
}
+
+static int
+inline supported_device(struct net_device* dev)
+{
+ int rc=0;
+
+ if(dev->type == ARPHRD_ETHER)
+ {
+ rc=1;
+ }
+ else if(dev->type == ARPHRD_PPP)
+ {
+ rc=1;
+ }
+
+ return rc;
+}
+
static int
add_netdev(struct net_device *dev)
{
@@ -476,23 +494,6 @@
s->rc = 0;
}

-static int
-inline supported_device(struct net_device* dev)
-{
- int rc=0;
-
- if(dev->type == ARPHRD_ETHER)
- {
- rc=1;
- }
- else if(dev->type == ARPHRD_PPP)
- {
- rc=1;
- }
-
- return rc;
-}
-

static BINDING *
getbindingbydev(struct net_device *dev)


and apply it with 'patch -p0 < patch.txt' when you are in the vpnclient directory. All that is being done is modifying interceptor.c by moving the supported_device() function definition before the add_netdev() call. I was able to build it today against FC3s new 724 kernel.

I didn't try but maybe it can help

deuch

With the latest version of the kernel (724) the VPN client doesn't work ...
..
and apply it with 'patch -p0 < patch.txt' when you are in the vpnclient directory. All that is being done is modifying interceptor.c by moving the supported_device() function definition before the add_netdev() call. I was able to build it today against FC3s new 724 kernel.

I didn't try but maybe it can help

deuch

Thank you for the patch,

I was able to compile CiscoVPN 4.6 on FC3 with Kernel (724) and connect to VPN Server at work.

Thomas

I've tried it yesterday and it(s OK for me too :-)

Another thing, if you have this kind of problem (with kernel 2.6.10) :

"After issuing vpnclient connect somewhere the system freezes completely.
Cannot login from another host on the network, ping fails, ... "

Try this patch (given by urr on linuxquestions.org) :

Make following change (line 607 and 732 - delete character '&') in vpnclient's code:

$ diff vpnclient/interceptor.c vpnclient.1/interceptor.c
607c607
< if (skb_checksum_help(&skb,1))
---
> if (skb_checksum_help(skb,1))
732c732
< if (skb_checksum_help(&skb,0))
---
> if (skb_checksum_help(skb,0))

hope it helps,

deuch

I get this error when I try the patch -p0 < patch.txt command:

patching file interceptor.c
patch: **** malformed patch at line 4: dev_kfree_skb(skb);

I copied and pasted the listed code into a file named patch.txt. I'm pretty much a noob when it comes to patching files so I'm probably doing something wrong. I would appreciate any help.

Thanks in advance.

I put this file on my website : deuch.free.fr/patch.txt

Just save it and try again

It works with the new version of the kernel : 2.6.10-1.737.

Hope it helps,

deuch

Hello,

Thanks for the file. It worked, but was still unable to install the VPN client. So, I installed Debian on my laptop to see if it might work with that kernel...but again no dice.

I did discover however a program called vpnc. It's a cisco vpn client and it worked great with Debian then again with FC3 when I tried it on that box. I found an rpm for it off of pbone.net.

Just thought I'd let you know about it in case you'd never heard of it.

Thanks again.

when I copied & pastedthe text into a file, the patch process did not work, the patch text I downloded (pasted below) worked great.

Linux computer.steve.org 2.6.10-1.770_FC3 #1 Thu Feb 24 14:00:06 EST 2005 i686 i686 i386 GNU/Linux
--- interceptor.c.orig 2005-01-04 14:55:44.246848280 -0500
+++ interceptor.c 2005-01-04 14:56:15.955027904 -0500
@@ -236,6 +236,24 @@
dev_kfree_skb(skb);
return 0;
}
+
+static int
+inline supported_device(struct net_device* dev)
+{
+ int rc=0;
+
+ if(dev->type == ARPHRD_ETHER)
+ {
+ rc=1;
+ }
+ else if(dev->type == ARPHRD_PPP)
+ {
+ rc=1;
+ }
+
+ return rc;
+}
+
static int
add_netdev(struct net_device *dev)
{
@@ -476,23 +494,6 @@
s->rc = 0;
}

-static int
-inline supported_device(struct net_device* dev)
-{
- int rc=0;
-
- if(dev->type == ARPHRD_ETHER)
- {
- rc=1;
- }
- else if(dev->type == ARPHRD_PPP)
- {
- rc=1;
- }
-
- return rc;
-}
-

static BINDING *
getbindingbydev(struct net_device *dev)

I discovered the problem in interceptor.c on my own and corrected it by manually doing exactly what the patch is supposed to, i.e moving the "supported_device function ahead of where it's called. Having done that, the client (4.0.5) installed without trouble. The init.d script to start is also worked without incident.

BUT... after executing the "vpnclient connect <profile-name>", I found I could not access web sites or email accounts. It was as though the HTTP and POP protocols were blocked. I could, however ssh without apprent difficulty. Executing the "vpnclient connect <profile-name>" command produces the following in /var/log/messages;

May 15 14:49:59 berts5 kernel: Badness in local_bh_enable at kernel/softirq.c:140 (Tainted: P )
May 15 14:49:59 berts5 kernel: [<c0125165>] local_bh_enable+0x55/0x70
May 15 14:49:59 berts5 kernel: [<e0cff39b>] handle_vpnup+0x5b/0x150 [cisco_ipsec]
May 15 14:49:59 berts5 kernel: [<e0cff085>] interceptor_ioctl+0x265/0x3b0 [cisco_ipsec]
May 15 14:49:59 berts5 kernel: [<e0cfee20>] interceptor_ioctl+0x0/0x3b0 [cisco_ipsec]
May 15 14:49:59 berts5 kernel: [<c02f247a>] dev_ifsioc+0x10a/0x3d0
May 15 14:49:59 berts5 kernel: [<c02f2908>] dev_ioctl+0x1c8/0x270
May 15 14:49:59 berts5 kernel: [<c02e7209>] sock_ioctl+0x99/0x260
May 15 14:49:59 berts5 kernel: [<c02e7170>] sock_ioctl+0x0/0x260
May 15 14:49:59 berts5 kernel: [<c0185466>] do_ioctl+0x46/0x60
May 15 14:49:59 berts5 kernel: [<c0185621>] vfs_ioctl+0x51/0x1b0
May 15 14:49:59 berts5 kernel: [<c01857d4>] sys_ioctl+0x54/0x70
May 15 14:49:59 berts5 kernel: [<c0103867>] syscall_call+0x7/0xb
May 15 14:49:59 berts5 kernel: Badness in local_bh_enable at kernel/softirq.c:140 (Tainted: P )
May 15 14:49:59 berts5 kernel: [<c0125165>] local_bh_enable+0x55/0x70
May 15 14:49:59 berts5 kernel: [<c02f02a5>] dev_remove_pack+0x5/0x10
May 15 14:49:59 berts5 kernel: [<e0cff3c7>] handle_vpnup+0x87/0x150 [cisco_ipsec]
May 15 14:49:59 berts5 kernel: [<e0cff085>] interceptor_ioctl+0x265/0x3b0 [cisco_ipsec]
May 15 14:49:59 berts5 kernel: [<e0cfee20>] interceptor_ioctl+0x0/0x3b0 [cisco_ipsec]
May 15 14:49:59 berts5 kernel: [<c02f247a>] dev_ifsioc+0x10a/0x3d0
May 15 14:49:59 berts5 kernel: [<c02f2908>] dev_ioctl+0x1c8/0x270
May 15 14:49:59 berts5 kernel: [<c02e7209>] sock_ioctl+0x99/0x260
May 15 14:49:59 berts5 kernel: [<c02e7170>] sock_ioctl+0x0/0x260
May 15 14:49:59 berts5 kernel: [<c0185466>] do_ioctl+0x46/0x60
May 15 14:49:59 berts5 kernel: [<c0185621>] vfs_ioctl+0x51/0x1b0
May 15 14:49:59 berts5 kernel: [<c01857d4>] sys_ioctl+0x54/0x70
May 15 14:49:59 berts5 kernel: [<c0103867>] syscall_call+0x7/0xb
May 15 14:49:59 berts5 kernel: Debug: sleeping function called from invalid context at net/core/dev.c:3074
May 15 14:49:59 berts5 kernel: in_atomic():0, irqs_disabled():1
May 15 14:49:59 berts5 kernel: [<c011bd22>] __might_sleep+0x92/0xa0
May 15 14:49:59 berts5 kernel: [<c02f339f>] synchronize_net+0xf/0x20
May 15 14:49:59 berts5 kernel: [<e0cff3c7>] handle_vpnup+0x87/0x150 [cisco_ipsec]
May 15 14:49:59 berts5 kernel: [<e0cff085>] interceptor_ioctl+0x265/0x3b0 [cisco_ipsec]
May 15 14:49:59 berts5 kernel: [<e0cfee20>] interceptor_ioctl+0x0/0x3b0 [cisco_ipsec]
May 15 14:49:59 berts5 kernel: [<c02f247a>] dev_ifsioc+0x10a/0x3d0
May 15 14:49:59 berts5 kernel: [<c02f2908>] dev_ioctl+0x1c8/0x270
May 15 14:49:59 berts5 kernel: [<c02e7209>] sock_ioctl+0x99/0x260
May 15 14:49:59 berts5 kernel: [<c02e7170>] sock_ioctl+0x0/0x260
May 15 14:49:59 berts5 kernel: [<c0185466>] do_ioctl+0x46/0x60
May 15 14:49:59 berts5 kernel: [<c0185621>] vfs_ioctl+0x51/0x1b0
May 15 14:49:59 berts5 kernel: [<c01857d4>] sys_ioctl+0x54/0x70
May 15 14:49:59 berts5 kernel: [<c0103867>] syscall_call+0x7/0xb

The vpnclient,vers 4.0.5 was compiled against the kernel sources for FC3 2.6.11-<something or other>

Does anuone have a clue? I would really have to have to go back to the old WS3 system I've got, but my work demands a viable vpn client.

Thanks,
Bert

Bert: Dowload the code for 4.0.4B there was a link above and then apply the interceptor.c patch. It should work with FC3 2.6.11 I just downloaded it and compile it and ran it.

Now Does anyone know why 4.6 version does not work with FC3 2.6.11-35? It compiles and installs fine. But when I connect it hangs my whole system? It says type in username but at that point The System is useless I have to turn off power -- its that bad??/

I am working with a 2.6.12 kernel and the Csco VPN Client Version 4.6.00 (0045). To get the thing to compile, I had to add the ---std=gnu99 switch to the Makefile so that gcc would handle the inline directives in interceptor.c. Then the compiler complained because the constant SPIN_LOCK_UNLOCK was not a constant. I looked at the source code for the kernel and I found the following in /usr/src/linux/Documentation/spinlocks.txt:

UPDATE March 21 2005 Amit Gud <gud@eth.net>

Macros SPIN_LOCK_UNLOCKED and RW_LOCK_UNLOCKED are deprecated and will be
removed soon. So for any new code dynamic initialization should be used:

spinlock_t xxx_lock;
rwlock_t xxx_rw_lock;

static int __init xxx_init(void)
{
spin_lock_init(&xxx_lock);
rw_lock_init(&xxx_rw_lock);
...
}

module_init(xxx_init);

Reasons for deprecation
- it hurts automatic lock validators
- it becomes intrusive for the realtime preemption patches

Following discussion is still valid, however, with the dynamic initialization
of spinlocks instead of static.

However, there are a *lot* of references to SPIN_LOCK_UNLOCK in the kernel source code. So this is going to break things, such as the vpn+client.

More research is called for.

And yes, the vpn_client is mucking with the system deep in the kernel, so any bugs in it will tend to cause the system to crash or hang. While the spinlock is spinning, interrupts are disabled. Normally, a spinlock only spins for a few microseconds - much less than the time required to deliver an interrupt, which takes tens or hundreds of microseconds.

Please contact me at jeff at commercialventvac dot com if you develop any insights. Thank you


Jeff