| View previous topic :: View next topic |
| Author |
Message |
linuxbum
Tux's lil' helper
Joined: 20 Dec 2003
Posts: 131
Location: USA
|
 Posted: Thu Jan 12, 2006 5:25 pm Post subject: CISCO VPN Client |
 |
|
Hello Everyone,
I have tried three differnet versions of the Csico VPN client.
After fixing the stamp to tstamp structure errors all three version report this error.
| Code: |
gentoo-1 everything # vpnclient connect Phoenix_VPN
Cisco Systems VPN Client Version 4.7.00 (0640)
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Linux
Running on: Linux 2.6.14-gentoo-r5 #1 SMP Mon Jan 9 20:59:26 MST 2006 i686
Config file directory: /etc/opt/cisco-vpnclient
Initializing the VPN connection.
Secure VPN Connection terminated locally by the Client
Reason: The Connection Manager was unable to read the connection entry, or the connection entry has missing or incorrect information.
There are no new notification messages at this time.
|
The cisco_ipsec module loads fine with all three versions.
| Code: |
gentoo-1 init.d # ./vpnclient_init status
Module Size Used by
cisco_ipsec 552812 0
cipsec0 Link encap:Ethernet HWaddr 00:0B:FC:F8:01:8F
NOARP MTU:1356 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
But if I check the vpnclient status in /etc/init.d directory it shows if failed ???
Now I'm condused by this status ???? 
| Code: |
gentoo-1 init.d # ./vpnclient status
* status: stopped
cisco_ipsec 552812 0
cipsec0 Link encap:Ethernet HWaddr 00:0B:FC:F8:01:8F
NOARP MTU:1356 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
|
So what is the difference of the two status ???
Here is the kernel version;
| Code: |
gentoo-1 init.d # uname -a
Linux gentoo-1 2.6.14-gentoo-r5 #1 SMP Mon Jan 9 20:59:26 MST 2006 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux
|
I have read many threads and tried most of the fix attemps even the vpnc but the config file used does not work out for my site.
Any Ideas??
Versions tried:
vpnclient-linux-4.6.00.0030-k9.tar.gz
vpnclient-linux-4.6.00.0045-k9.tar.gz
vpnclient-linux-4.7.00.0640-k9.tar.gz
Bryan |
|
| Back to top |
|
 |
rlittle
Apprentice
Joined: 17 Dec 2003
Posts: 200
|
| Posted: Thu Jan 19, 2006 7:29 am Post subject: |
|
|
I have the following verion running:
# emerge -pDv cisco-vpnclient-3des
These are the packages that I would merge, in order:
Calculating dependencies ...done!
[ebuild Rf ] net-misc/cisco-vpnclient-3des-4.6.03.0190-r1 0 kB
Total size of downloads: 0 kB
#
And I have the following tar file downloaded from Cisco:
vpnclient-linux-x86_64-4.6.03.0190-k9.tar.gz (I'm running AMD64)
My only suggestion is to capture some logs.
First you need to edit /etc/opt/cisco-vpnclient/vpnclient.ini and changeEnableLog=0 to EnableLog=1.
Then run /opt/cisco-vpnclient/bin/ipseclog <output filename>. Once you've got that running, then (in a different window) try starting your vpnclient again. Once it's failed you can Ctrl+C the ipseclog process. The resulting log file is pretty cryptic, but I solved some of my connection problems by plowing through it line by line. As a last resort, change the log level in vpnclient.ini to something higher than 3.
Hope this helps a bit.
_________________
I need a better signature... |
|
| Back to top |
|
|
linuxbum
Tux's lil' helper
Joined: 20 Dec 2003
Posts: 131
Location: USA
|
| Posted: Fri Jan 20, 2006 4:06 pm Post subject: |
|
|
Rlittle
Thanks for replying I did turn on the logging and see the same message that it cannot find the connection file.
But If I move the Phoenix_VPN file from the directory it sure compains about not finding the pfc file 
So I looking into what the client thinks is the "connection entry"
In the Windows version it is the name you have given the profile.
I read where CISCO says if it fails try lower kernel version.
Nice eh? sure let me just go back to kernel 2.4.1  is that old enough for them 
Ok of soap box.
Bryan |
|
| Back to top |
|
|
rlittle
Apprentice
Joined: 17 Dec 2003
Posts: 200
|
| Posted: Sat Jan 21, 2006 3:42 pm Post subject: |
|
|
Hmm.. I'm stumped too. I change my kernel all the time and his hasn't screwed up Cisco since 2.6.5 or so (I'm on 2.6.15 right now). (Geee, THAT brings back bad memories  )
I guess that leaves certificates???? Does your /etc/opt/cisco-vpnclient/Certficates directory have 30-or-so files that look like:
caaaaaaa.cdx
caaaaaaa.dbf
caaaaaaa.fpt
???
....and my *super* lame-o suggestion: maybe Cisco hates the "_" in "Phoenix_VPN".
_________________
I need a better signature... |
|
| Back to top |
|
|
|
Networking & Security
