Cisco vpnclient 4.8.00 on x86_64 FC5: Failed to establish a VPN connection

I've been successfully using vpnclient-linux-x86_64-4.8.00.0490-k9
from Cisco on a Fedora Core 5 x86_64 computer, but
kernel-2.6.20-1.2312.fc5 no longer plays nicely with it.
It did work fine with 2.6.18-1.2257 from January.

Firstly, I had to install the patch from
http://www.tuxx-home.at/archives/2006/12/07/T09_36_48/
which makes it possible to compile the vpn package, albeit with a few
warnings. I end up with a module that the kernel accepts, but trying
to open the vpn connection always fails with the rather cryptic error
message "Failed to establish a VPN connection" without producing
anything else in the system logs.

Suggestions, anyone?

Compile log (newlines added and slightly edited down for clarity):

# tail -f /var/log/messages &
# uname -a
Linux tigger.otto.net 2.6.20-1.2312.fc5 #1 SMP Tue Apr 10 15:14:58 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/redhat-release
Fedora Core release 5 (Bordeaux)
# tar xzf vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz
# cd vpnclient

vpnclient# patch < ../vpnclient-linux-2.6.19+-rev1.diff
patching file IPSecDrvOS_linux.c
patching file frag.c
patching file interceptor.c
patching file linuxcniapi.c

vpnclient# ./vpn_install
Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.

Directory where binaries will be installed [/usr/local/bin]

Automatically start the VPN service at boot time [yes]

In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.

Directory containing linux kernel source code [/lib/modules/2.6.20-1.2312.fc5/build]

* Binaries will be installed in "/usr/local/bin".
* Modules will be installed in "/lib/modules/2.6.20-1.2312.fc5/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from "/lib/modules/2.6.20-1.2312.fc5/build" will be used to build the module.

Is the above correct [y]

Shutting down /opt/cisco-vpnclient/bin/vpnclient: module cisco_ipsec is not running.
Stopped: /etc/init.d/vpnclient_init (VPN init script)
Making module
make -C /lib/modules/2.6.20-1.2312.fc5/build SUBDIRS=/home/otto/Software/vpn/vpnclient modules
make[1]: Entering directory `/usr/src/kernels/2.6.20-1.2312.fc5-x86_64'
CC [M] /home/otto/Software/vpn/vpnclient/linuxcniapi.o
In file included from /home/otto/Software/vpn/vpnclient/Cniapi.h:15,
from /home/otto/Software/vpn/vpnclient/linuxcniapi.c:27:
/home/otto/Software/vpn/vpnclient/GenDefs.h:110:2: warning: #warning 64 bit
CC [M] /home/otto/Software/vpn/vpnclient/frag.o
In file included from /home/otto/Software/vpn/vpnclient/Cniapi.h:15,
from /home/otto/Software/vpn/vpnclient/frag.c:16:
/home/otto/Software/vpn/vpnclient/GenDefs.h:110:2: warning: #warning 64 bit
CC [M] /home/otto/Software/vpn/vpnclient/IPSecDrvOS_linux.o
In file included from /home/otto/Software/vpn/vpnclient/IPSecDrvOS_linux.c:20:
/home/otto/Software/vpn/vpnclient/GenDefs.h:110:2: warning: #warning 64 bit
CC [M] /home/otto/Software/vpn/vpnclient/interceptor.o
In file included from /home/otto/Software/vpn/vpnclient/Cniapi.h:15,
from /home/otto/Software/vpn/vpnclient/interceptor.c:30:
/home/otto/Software/vpn/vpnclient/GenDefs.h:110:2: warning: #warning 64 bit
/home/otto/Software/vpn/vpnclient/interceptor.c: In function 'handle_vpnup':
/home/otto/Software/vpn/vpnclient/interceptor.c:322: warning: assignment from incompatible pointer type
/home/otto/Software/vpn/vpnclient/interceptor.c:346: warning: assignment from incompatible pointer type
/home/otto/Software/vpn/vpnclient/interceptor.c:347: warning: assignment from incompatible pointer type
/home/otto/Software/vpn/vpnclient/interceptor.c: In function 'do_cleanup':
/home/otto/Software/vpn/vpnclient/interceptor.c:390: warning: assignment from incompatible pointer type
CC [M] /home/otto/Software/vpn/vpnclient/linuxkernelapi.o
/home/otto/Software/vpn/vpnclient/linuxkernelapi.c: In function 'kernel_alloc':
/home/otto/Software/vpn/vpnclient/linuxkernelapi.c:12: warning: format '%d' expects type 'int', but argument 2 has type 'size_t'
LD [M] /home/otto/Software/vpn/vpnclient/cisco_ipsec.o
Building modules, stage 2.
MODPOST 1 modules
WARNING: /home/otto/Software/vpn/vpnclient/cisco_ipsec.o - Section mismatch: reference to .init.text: from .data between 'interceptor_dev' (at offset 0xd0) and 'interceptor_notifier'
WARNING: could not find /home/otto/Software/vpn/vpnclient/.libdriver64.so.cmd for /home/otto/Software/vpn/vpnclient/libdriver64.so
CC /home/otto/Software/vpn/vpnclient/cisco_ipsec.mod.o
LD [M] /home/otto/Software/vpn/vpnclient/cisco_ipsec.ko
make[1]: Leaving directory `/usr/src/kernels/2.6.20-1.2312.fc5-x86_64'
Copying module to directory "/lib/modules/2.6.20-1.2312.fc5/CiscoVPN".
Already have group 'bin'

Creating start/stop script "/etc/init.d/vpnclient_init".
/etc/init.d/vpnclient_init
Enabling start/stop script for run level 3,4 and 5.

Installing license.txt (VPN Client license) in "/opt/cisco-vpnclient/":

Installing bundled user profiles in "/etc/opt/cisco-vpnclient/Profiles/":
* Replaced Profiles: sample

Copying binaries to directory "/opt/cisco-vpnclient/bin".
Adding symlinks to "/usr/local/bin".
/opt/cisco-vpnclient/bin/vpnclient
/opt/cisco-vpnclient/bin/cisco_cert_mgr
/opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory "/opt/cisco-vpnclient/bin".
/opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory "/opt/cisco-vpnclient/lib".
/opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory "/opt/cisco-vpnclient/include".
/opt/cisco-vpnclient/include/vpnapi.h

Setting permissions.
/opt/cisco-vpnclient/bin/cvpnd (setuid root)
/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient (permissions not changed)
* You may wish to change these permissions to restrict access to root.
* You must run "/etc/init.d/vpnclient_init start" before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.

vpnclient#_ /etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: Done
Apr 27 16:13:07 tigger kernel: Cisco Systems VPN Client Version 4.8.00 (0490) kernel module loaded

vpnclient# vpnclient connect my-corporate-profile-name
Cisco Systems VPN Client Version 4.8.00 (0490)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.20-1.2312.fc5 #1 SMP Tue Apr 10 15:14:58 EDT 2007 x86_64
Config file directory: /etc/opt/cisco-vpnclient

Enter Certificate password:
Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: Failed to establish a VPN connection.
There are no new notification messages at this time.

Followup-to: comp.os.linux.networking

--
/* * * Otto J. Makela <(E-Mail Removed)> * * * * * * * * * * * * * * * */
/* Phone: +358 40 765 5772, FAX: +358 42 7655772, ICBM: 60N 25E */
/* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki, FINLAND */
/* * * Computers Rule 01001111 01001011 * * * * * * * * * * * * */

Otto J. Makela wrote:

> I've been successfully using vpnclient-linux-x86_64-4.8.00.0490-k9
> from Cisco on a Fedora Core 5 x86_64 computer, but
> kernel-2.6.20-1.2312.fc5 no longer plays nicely with it.
> It did work fine with 2.6.18-1.2257 from January.
>
> Firstly, I had to install the patch from
> http://www.tuxx-home.at/archives/2006/12/07/T09_36_48/
> which makes it possible to compile the vpn package, albeit with a few
> warnings. I end up with a module that the kernel accepts, but trying
> to open the vpn connection always fails with the rather cryptic error
> message "Failed to establish a VPN connection" without producing
> anything else in the system logs.
>
> Suggestions, anyone?
>
> Compile log (newlines added and slightly edited down for clarity):
>
> # tail -f /var/log/messages &
> # uname -a
> Linux tigger.otto.net 2.6.20-1.2312.fc5 #1 SMP Tue Apr 10 15:14:58 EDT
> 2007 x86_64 x86_64 x86_64 GNU/Linux
> # cat /etc/redhat-release
> Fedora Core release 5 (Bordeaux)
> # tar xzf vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz
> # cd vpnclient
>
> vpnclient# patch < ../vpnclient-linux-2.6.19+-rev1.diff
> patching file IPSecDrvOS_linux.c
> patching file frag.c
> patching file interceptor.c
> patching file linuxcniapi.c
>
> vpnclient# ./vpn_install
> Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
> Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
>
> By installing this product you agree that you have read the
> license.txt file (The VPN Client license) and will comply with
> its terms.
>
> Directory where binaries will be installed [/usr/local/bin]
>
> Automatically start the VPN service at boot time [yes]
>
> In order to build the VPN kernel module, you must have the
> kernel headers for the version of the kernel you are running.
>
> Directory containing linux kernel source code
> [/lib/modules/2.6.20-1.2312.fc5/build]
>
> * Binaries will be installed in "/usr/local/bin".
> * Modules will be installed in "/lib/modules/2.6.20-1.2312.fc5/CiscoVPN".
> * The VPN service will be started AUTOMATICALLY at boot time.
> * Kernel source from "/lib/modules/2.6.20-1.2312.fc5/build" will be used
> to build the module.
>
> Is the above correct [y]
>
> Shutting down /opt/cisco-vpnclient/bin/vpnclient: module cisco_ipsec is
> not running. Stopped: /etc/init.d/vpnclient_init (VPN init script)
> Making module
> make -C /lib/modules/2.6.20-1.2312.fc5/build
> SUBDIRS=/home/otto/Software/vpn/vpnclient modules make[1]: Entering
> directory `/usr/src/kernels/2.6.20-1.2312.fc5-x86_64'
> CC [M] /home/otto/Software/vpn/vpnclient/linuxcniapi.o
> In file included from /home/otto/Software/vpn/vpnclient/Cniapi.h:15,
> from /home/otto/Software/vpn/vpnclient/linuxcniapi.c:27:
> /home/otto/Software/vpn/vpnclient/GenDefs.h:110:2: warning: #warning 64
> bit
> CC [M] /home/otto/Software/vpn/vpnclient/frag.o
> In file included from /home/otto/Software/vpn/vpnclient/Cniapi.h:15,
> from /home/otto/Software/vpn/vpnclient/frag.c:16:
> /home/otto/Software/vpn/vpnclient/GenDefs.h:110:2: warning: #warning 64
> bit
> CC [M] /home/otto/Software/vpn/vpnclient/IPSecDrvOS_linux.o
> In file included from
> /home/otto/Software/vpn/vpnclient/IPSecDrvOS_linux.c:20:
> /home/otto/Software/vpn/vpnclient/GenDefs.h:110:2: warning: #warning 64
> bit
> CC [M] /home/otto/Software/vpn/vpnclient/interceptor.o
> In file included from /home/otto/Software/vpn/vpnclient/Cniapi.h:15,
> from /home/otto/Software/vpn/vpnclient/interceptor.c:30:
> /home/otto/Software/vpn/vpnclient/GenDefs.h:110:2: warning: #warning 64
> bit /home/otto/Software/vpn/vpnclient/interceptor.c: In function
> 'handle_vpnup': /home/otto/Software/vpn/vpnclient/interceptor.c:322:
> warning: assignment from incompatible pointer type
> /home/otto/Software/vpn/vpnclient/interceptor.c:346: warning: assignment
> from incompatible pointer type
> /home/otto/Software/vpn/vpnclient/interceptor.c:347: warning: assignment
> from incompatible pointer type
> /home/otto/Software/vpn/vpnclient/interceptor.c: In function 'do_cleanup':
> /home/otto/Software/vpn/vpnclient/interceptor.c:390: warning: assignment
> from incompatible pointer type
> CC [M] /home/otto/Software/vpn/vpnclient/linuxkernelapi.o
> /home/otto/Software/vpn/vpnclient/linuxkernelapi.c: In function
> 'kernel_alloc': /home/otto/Software/vpn/vpnclient/linuxkernelapi.c:12:
> warning: format '%d' expects type 'int', but argument 2 has type 'size_t'
> LD [M] /home/otto/Software/vpn/vpnclient/cisco_ipsec.o
> Building modules, stage 2.
> MODPOST 1 modules
> WARNING: /home/otto/Software/vpn/vpnclient/cisco_ipsec.o - Section
> mismatch: reference to .init.text: from .data between 'interceptor_dev'
> (at offset 0xd0) and 'interceptor_notifier' WARNING: could not find
> /home/otto/Software/vpn/vpnclient/.libdriver64.so.cmd for
> /home/otto/Software/vpn/vpnclient/libdriver64.so
> CC /home/otto/Software/vpn/vpnclient/cisco_ipsec.mod.o
> LD [M] /home/otto/Software/vpn/vpnclient/cisco_ipsec.ko
> make[1]: Leaving directory `/usr/src/kernels/2.6.20-1.2312.fc5-x86_64'
> Copying module to directory "/lib/modules/2.6.20-1.2312.fc5/CiscoVPN".
> Already have group 'bin'
>
> Creating start/stop script "/etc/init.d/vpnclient_init".
> /etc/init.d/vpnclient_init
> Enabling start/stop script for run level 3,4 and 5.
>
> Installing license.txt (VPN Client license) in "/opt/cisco-vpnclient/":
>
> Installing bundled user profiles in "/etc/opt/cisco-vpnclient/Profiles/":
> * Replaced Profiles: sample
>
> Copying binaries to directory "/opt/cisco-vpnclient/bin".
> Adding symlinks to "/usr/local/bin".
> /opt/cisco-vpnclient/bin/vpnclient
> /opt/cisco-vpnclient/bin/cisco_cert_mgr
> /opt/cisco-vpnclient/bin/ipseclog
> Copying setuid binaries to directory "/opt/cisco-vpnclient/bin".
> /opt/cisco-vpnclient/bin/cvpnd
> Copying libraries to directory "/opt/cisco-vpnclient/lib".
> /opt/cisco-vpnclient/lib/libvpnapi.so
> Copying header files to directory "/opt/cisco-vpnclient/include".
> /opt/cisco-vpnclient/include/vpnapi.h
>
> Setting permissions.
> /opt/cisco-vpnclient/bin/cvpnd (setuid root)
> /opt/cisco-vpnclient (group bin readable)
> /etc/opt/cisco-vpnclient (permissions not changed)
> * You may wish to change these permissions to restrict access to root.
> * You must run "/etc/init.d/vpnclient_init start" before using the client.
> * This script will be run AUTOMATICALLY every time you reboot your
> computer.
>
> vpnclient#_ /etc/init.d/vpnclient_init start
> Starting /opt/cisco-vpnclient/bin/vpnclient: Done
> Apr 27 16:13:07 tigger kernel: Cisco Systems VPN Client Version 4.8.00
> (0490) kernel module loaded
>
> vpnclient# vpnclient connect my-corporate-profile-name
> Cisco Systems VPN Client Version 4.8.00 (0490)
> Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
> Client Type(s): Linux
> Running on: Linux 2.6.20-1.2312.fc5 #1 SMP Tue Apr 10 15:14:58 EDT 2007
> x86_64 Config file directory: /etc/opt/cisco-vpnclient
>
> Enter Certificate password:
> Initializing the VPN connection.
> Secure VPN Connection terminated locally by the Client
> Reason: Failed to establish a VPN connection.
> There are no new notification messages at this time.
>
> Followup-to: comp.os.linux.networking
>
Mitä?
--
yom

Otto J. Makela wrote:

> I've been successfully using vpnclient-linux-x86_64-4.8.00.0490-k9
> from Cisco on a Fedora Core 5 x86_64 computer, but
> kernel-2.6.20-1.2312.fc5 no longer plays nicely with it.
> It did work fine with 2.6.18-1.2257 from January.
>
> Firstly, I had to install the patch from
> http://www.tuxx-home.at/archives/2006/12/07/T09_36_48/
> which makes it possible to compile the vpn package, albeit with a few
> warnings. I end up with a module that the kernel accepts, but trying
> to open the vpn connection always fails with the rather cryptic error
> message "Failed to establish a VPN connection" without producing
> anything else in the system logs.
>
> Suggestions, anyone?
>
> Compile log (newlines added and slightly edited down for clarity):
>
> # tail -f /var/log/messages &
> # uname -a
> Linux tigger.otto.net 2.6.20-1.2312.fc5 #1 SMP Tue Apr 10 15:14:58 EDT
> 2007 x86_64 x86_64 x86_64 GNU/Linux
> # cat /etc/redhat-release
> Fedora Core release 5 (Bordeaux)
> # tar xzf vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz
> # cd vpnclient
>
> vpnclient# patch < ../vpnclient-linux-2.6.19+-rev1.diff
> patching file IPSecDrvOS_linux.c
> patching file frag.c
> patching file interceptor.c
> patching file linuxcniapi.c
>
> vpnclient# ./vpn_install
> Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
> Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
>
> By installing this product you agree that you have read the
> license.txt file (The VPN Client license) and will comply with
> its terms.
>
> Directory where binaries will be installed [/usr/local/bin]
>
> Automatically start the VPN service at boot time [yes]
>
> In order to build the VPN kernel module, you must have the
> kernel headers for the version of the kernel you are running.
>
> Directory containing linux kernel source code
> [/lib/modules/2.6.20-1.2312.fc5/build]
>
> * Binaries will be installed in "/usr/local/bin".
> * Modules will be installed in "/lib/modules/2.6.20-1.2312.fc5/CiscoVPN".
> * The VPN service will be started AUTOMATICALLY at boot time.
> * Kernel source from "/lib/modules/2.6.20-1.2312.fc5/build" will be used
> to build the module.
>
> Is the above correct [y]
>
> Shutting down /opt/cisco-vpnclient/bin/vpnclient: module cisco_ipsec is
> not running. Stopped: /etc/init.d/vpnclient_init (VPN init script)
> Making module
> make -C /lib/modules/2.6.20-1.2312.fc5/build
> SUBDIRS=/home/otto/Software/vpn/vpnclient modules make[1]: Entering
> directory `/usr/src/kernels/2.6.20-1.2312.fc5-x86_64'
> CC [M] /home/otto/Software/vpn/vpnclient/linuxcniapi.o
> In file included from /home/otto/Software/vpn/vpnclient/Cniapi.h:15,
> from /home/otto/Software/vpn/vpnclient/linuxcniapi.c:27:
> /home/otto/Software/vpn/vpnclient/GenDefs.h:110:2: warning: #warning 64
> bit
> CC [M] /home/otto/Software/vpn/vpnclient/frag.o
> In file included from /home/otto/Software/vpn/vpnclient/Cniapi.h:15,
> from /home/otto/Software/vpn/vpnclient/frag.c:16:
> /home/otto/Software/vpn/vpnclient/GenDefs.h:110:2: warning: #warning 64
> bit
> CC [M] /home/otto/Software/vpn/vpnclient/IPSecDrvOS_linux.o
> In file included from
> /home/otto/Software/vpn/vpnclient/IPSecDrvOS_linux.c:20:
> /home/otto/Software/vpn/vpnclient/GenDefs.h:110:2: warning: #warning 64
> bit
> CC [M] /home/otto/Software/vpn/vpnclient/interceptor.o
> In file included from /home/otto/Software/vpn/vpnclient/Cniapi.h:15,
> from /home/otto/Software/vpn/vpnclient/interceptor.c:30:
> /home/otto/Software/vpn/vpnclient/GenDefs.h:110:2: warning: #warning 64
> bit /home/otto/Software/vpn/vpnclient/interceptor.c: In function
> 'handle_vpnup': /home/otto/Software/vpn/vpnclient/interceptor.c:322:
> warning: assignment from incompatible pointer type
> /home/otto/Software/vpn/vpnclient/interceptor.c:346: warning: assignment
> from incompatible pointer type
> /home/otto/Software/vpn/vpnclient/interceptor.c:347: warning: assignment
> from incompatible pointer type
> /home/otto/Software/vpn/vpnclient/interceptor.c: In function 'do_cleanup':
> /home/otto/Software/vpn/vpnclient/interceptor.c:390: warning: assignment
> from incompatible pointer type
> CC [M] /home/otto/Software/vpn/vpnclient/linuxkernelapi.o
> /home/otto/Software/vpn/vpnclient/linuxkernelapi.c: In function
> 'kernel_alloc': /home/otto/Software/vpn/vpnclient/linuxkernelapi.c:12:
> warning: format '%d' expects type 'int', but argument 2 has type 'size_t'
> LD [M] /home/otto/Software/vpn/vpnclient/cisco_ipsec.o
> Building modules, stage 2.
> MODPOST 1 modules
> WARNING: /home/otto/Software/vpn/vpnclient/cisco_ipsec.o - Section
> mismatch: reference to .init.text: from .data between 'interceptor_dev'
> (at offset 0xd0) and 'interceptor_notifier' WARNING: could not find
> /home/otto/Software/vpn/vpnclient/.libdriver64.so.cmd for
> /home/otto/Software/vpn/vpnclient/libdriver64.so
> CC /home/otto/Software/vpn/vpnclient/cisco_ipsec.mod.o
> LD [M] /home/otto/Software/vpn/vpnclient/cisco_ipsec.ko
> make[1]: Leaving directory `/usr/src/kernels/2.6.20-1.2312.fc5-x86_64'
> Copying module to directory "/lib/modules/2.6.20-1.2312.fc5/CiscoVPN".
> Already have group 'bin'
>
> Creating start/stop script "/etc/init.d/vpnclient_init".
> /etc/init.d/vpnclient_init
> Enabling start/stop script for run level 3,4 and 5.
>
> Installing license.txt (VPN Client license) in "/opt/cisco-vpnclient/":
>
> Installing bundled user profiles in "/etc/opt/cisco-vpnclient/Profiles/":
> * Replaced Profiles: sample
>
> Copying binaries to directory "/opt/cisco-vpnclient/bin".
> Adding symlinks to "/usr/local/bin".
> /opt/cisco-vpnclient/bin/vpnclient
> /opt/cisco-vpnclient/bin/cisco_cert_mgr
> /opt/cisco-vpnclient/bin/ipseclog
> Copying setuid binaries to directory "/opt/cisco-vpnclient/bin".
> /opt/cisco-vpnclient/bin/cvpnd
> Copying libraries to directory "/opt/cisco-vpnclient/lib".
> /opt/cisco-vpnclient/lib/libvpnapi.so
> Copying header files to directory "/opt/cisco-vpnclient/include".
> /opt/cisco-vpnclient/include/vpnapi.h
>
> Setting permissions.
> /opt/cisco-vpnclient/bin/cvpnd (setuid root)
> /opt/cisco-vpnclient (group bin readable)
> /etc/opt/cisco-vpnclient (permissions not changed)
> * You may wish to change these permissions to restrict access to root.
> * You must run "/etc/init.d/vpnclient_init start" before using the client.
> * This script will be run AUTOMATICALLY every time you reboot your
> computer.
>
> vpnclient#_ /etc/init.d/vpnclient_init start
> Starting /opt/cisco-vpnclient/bin/vpnclient: Done
> Apr 27 16:13:07 tigger kernel: Cisco Systems VPN Client Version 4.8.00
> (0490) kernel module loaded
>
> vpnclient# vpnclient connect my-corporate-profile-name
> Cisco Systems VPN Client Version 4.8.00 (0490)
> Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
> Client Type(s): Linux
> Running on: Linux 2.6.20-1.2312.fc5 #1 SMP Tue Apr 10 15:14:58 EDT 2007
> x86_64 Config file directory: /etc/opt/cisco-vpnclient
>
> Enter Certificate password:
> Initializing the VPN connection.
> Secure VPN Connection terminated locally by the Client
> Reason: Failed to establish a VPN connection.
> There are no new notification messages at this time.
>
> Followup-to: comp.os.linux.networking
>
Mitä?
--
yom

On Fri, 27 Apr 2007, Otto J. Makela wrote:

> I've been successfully using vpnclient-linux-x86_64-4.8.00.0490-k9
> from Cisco on a Fedora Core 5 x86_64 computer, but
> kernel-2.6.20-1.2312.fc5 no longer plays nicely with it.
> It did work fine with 2.6.18-1.2257 from January.

[..]

> Suggestions, anyone?

Dump it and deploy vpnc instead. It really works with Cisco equipment.

yum install vpnc

http://www.unix-ag.uni-kl.de/~massar/vpnc/

Jussi

2007-04-27, 13:17(+00), Otto J. Makela:
> I've been successfully using vpnclient-linux-x86_64-4.8.00.0490-k9
> from Cisco on a Fedora Core 5 x86_64 computer, but
> kernel-2.6.20-1.2312.fc5 no longer plays nicely with it.
> It did work fine with 2.6.18-1.2257 from January.
[...]

I think your diff is not correct. CHECKSUM_HW has not been
renamed CHECKSUM_COMPLETE, it has been split into
CHECKSUM_COMPLETE (on the recv side) and CHECKSUM_PARTIAL on the
send side.

The changes I made myself and work for me are:


diff -u vpnclient/frag.c vpnclient.new/frag.c
--- vpnclient/frag.c 2005-11-22 09:52:00.000000000 +0000
+++ vpnclient.new/frag.c 2006-11-28 06:55:47.000000000 +0000
@@ -1,4 +1,4 @@
-#include <linux/config.h>
+/* #include <linux/config.h> */
#include <linux/version.h>
#include <linux/netdevice.h>
#include <linux/etherdevice.h>
diff -u vpnclient/interceptor.c vpnclient.new/interceptor.c
--- vpnclient/interceptor.c 2005-11-22 09:52:00.000000000 +0000
+++ vpnclient.new/interceptor.c 2007-04-27 14:48:33.000000000 +0100
@@ -8,7 +8,7 @@
************************************************** *************************
* This module implements the linux driver.
************************************************** *************************/
-#include <linux/config.h>
+/* #include <linux/config.h> */
#include <linux/version.h>
#include <linux/module.h>
#include <linux/init.h>
@@ -35,6 +35,14 @@

static uint8_t interceptor_eth_addr[] = { 0x00, 0x0b, 0xfc, 0xf8, 0x01, 0x8f };

+#ifndef CHECKSUM_PARTIAL
+#define CHECKSUM_PARTIAL CHECKSUM_HW
+#endif
+
+#ifndef CHECKSUM_COMPLETE
+#define CHECKSUM_COMPLETE CHECKSUM_HW
+#endif
+
// packet statistics
static unsigned long tx_packets;
static unsigned long tx_dropped;
@@ -550,14 +558,16 @@
goto exit_gracefully;
}

- if (skb->ip_summed == CHECKSUM_HW)
+ if (skb->ip_summed == CHECKSUM_COMPLETE)
{
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,7)
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+ if (skb_checksum_help(skb))
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
if (skb_checksum_help(skb,1))
#else
if (skb_checksum_help(&skb,1))
-#endif // LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
+#endif // LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
{
dev_kfree_skb(skb);
skb = NULL;
@@ -677,15 +687,17 @@
tmp_InjectSend = NULL;

#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,0)
- if (skb->ip_summed == CHECKSUM_HW)
+ if (skb->ip_summed == CHECKSUM_PARTIAL)
{
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
+ if (skb_checksum_help(skb))
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
if (skb_checksum_help(skb,0))
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,7)
if (skb_checksum_help(&skb,0))
#else
if ((skb = skb_checksum_help(skb)) == NULL)
-#endif //LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,7)
+#endif //LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
{
goto exit_gracefully;
}
Only in vpnclient.new: interceptor.o
Only in vpnclient.new: .interceptor.o.cmd
diff -u vpnclient/IPSecDrvOS_linux.c vpnclient.new/IPSecDrvOS_linux.c
--- vpnclient/IPSecDrvOS_linux.c 2005-11-22 09:52:00.000000000 +0000
+++ vpnclient.new/IPSecDrvOS_linux.c 2006-11-28 06:56:05.000000000 +0000
@@ -11,7 +11,7 @@
*
*
************************************************** *************************/
-#include <linux/config.h>
+/* #include <linux/config.h> */
#include <linux/version.h>
#include <linux/vmalloc.h>
#include <linux/sched.h>
Only in vpnclient.new: IPSecDrvOS_linux.o
Only in vpnclient.new: .IPSecDrvOS_linux.o.cmd
diff -u vpnclient/linuxcniapi.c vpnclient.new/linuxcniapi.c
--- vpnclient/linuxcniapi.c 2005-11-22 09:52:00.000000000 +0000
+++ vpnclient.new/linuxcniapi.c 2006-11-28 06:55:37.000000000 +0000
@@ -9,7 +9,7 @@
* This module implements a translation layer between the CNI API and the
* Linux Interceptor driver.
************************************************** *************************/
-#include <linux/config.h>
+/* #include <linux/config.h> */
#include <linux/version.h>
#include <linux/netdevice.h>
#include <linux/if.h>


--
Stéphane

On Fri, 27 Apr 2007 13:17:06 GMT, <(E-Mail Removed)> wrote:
>
> vpnclient# vpnclient connect my-corporate-profile-name
> Cisco Systems VPN Client Version 4.8.00 (0490)
> Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
> Client Type(s): Linux
> Running on: Linux 2.6.20-1.2312.fc5 #1 SMP Tue Apr 10 15:14:58 EDT 2007 x86_64
> Config file directory: /etc/opt/cisco-vpnclient
>
> Enter Certificate password:
> Initializing the VPN connection.
> Secure VPN Connection terminated locally by the Client
> Reason: Failed to establish a VPN connection.
> There are no new notification messages at this time.
>

Check that certificate(s) are valid:

cisco_cert_mgr -U -op list
cisco_cert_mgr -U -op verify

-jussi