Cisco VPN Client - Bug in kernel FC11
FedoraForum.org - Fedora Support Forums and Community
Page 1 of 2 1 2 LastLast
Results 1 to 15 of 17
  1. #1
    Join Date
    May 2009
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Cisco VPN Client - Bug in kernel FC11

    Probably there is bug in kernel used FC11
    http://bugzilla.kernel.org/show_bug.cgi?id=13097
    This bug freeze computer after ping or other data sending over VPN connection.

    Is there any chance to backport this patch to kernel in FC11?



    More about this in topic:
    http://forum.tuxx-home.at/viewtopic....&t=757&start=0

  2. #2
    scottro's Avatar
    scottro is offline Retired Community Manager -- Banned from Texas by popular demand.
    Join Date
    Sep 2007
    Location
    NYC
    Posts
    8,120
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is this vpnc or the Cisco client. I know that for a long time, and possibly still, the Cisco Linux client wouldn't work with SMP machines, 64 bit machines, etc., unless patched with an unofficial patch.

    However, vpnc works quite well for many others, including myself.
    --
    http://srobb.net

  3. #3
    Join Date
    May 2009
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is Cisco client on 64bit Fedora with patches from http://forum.tuxx-home.at/ - this version works with no problem on SMP with older kernels.

    Maybe vpnc works well, but dont support for certificates login so is useless for my...

  4. #4
    scottro's Avatar
    scottro is offline Retired Community Manager -- Banned from Texas by popular demand.
    Join Date
    Sep 2007
    Location
    NYC
    Posts
    8,120
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Not sure about the certificate login. Here's an archlinux forum post about getting it to work, but don't know if it's any use.

    http://bbs.archlinux.org/viewtopic.php?id=49502

    (just offered in case you have no luck with the Cisco client--I haven't used the Cisco client in over a year, so fear I can't be of any help--hopefully, someone else will be able to help though.)
    --
    http://srobb.net

  5. #5
    Join Date
    May 2009
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This not work, I have login and cert without any password (password is for cert only)

  6. #6
    Join Date
    Jun 2009
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Same problem for me, and I have the same client installed with same patch but 32 bit.

  7. #7
    Join Date
    Nov 2008
    Posts
    175
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am consistently not able to even connect using the VPN client. Can someone clue me in on how to get this to at least connect on Fedora 11?

    I have disabled selinux. Is that necessary?
    I have turned off iptables. Is that necessary?

    Is it because i'm running the 32-bit SMP kernel?
    $ uname -a
    Linux server1 2.6.29.4-167.fc11.i686.PAE #1 SMP Wed May 27 17:28:22 EDT 2009 i686 i686 i386 GNU/Linux

    The Cisco VPN client software version I am trying to use is vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz

    The Cisco VPN client module did compile, and it is loaded:
    # lsmod |grep cisco_ipsec
    cisco_ipsec 594620 0

    I consistently get this response (IP and port changed):
    # vpnclient connect profile
    Cisco Systems VPN Client Version 4.8.02 (0030)
    Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
    Client Type(s): Linux
    Running on: Linux 2.6.29.4-167.fc11.i686.PAE #1 SMP Wed May 27 17:28:22 EDT 2009 i686
    Config file directory: /etc/opt/cisco-vpnclient

    Initializing the VPN connection.
    Initiating TCP to 1.2.3.4, port 11000
    Secure VPN Connection terminated locally by the Client
    Reason: Failed to establish a TCP connection.
    There are no new notification messages at this time.

    What am I missing to get this to connect, at least?
    Do I need to apply a patch or something to connect for the 2.6.29 kernel?
    Do I need to apply a patch or something to connect for SMP kernel?

  8. #8
    Join Date
    May 2009
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Probably you have wrong profile.pcf configuration. If you are not using certs, try openvpn... its easier. Im using SMP kernel (64), I have selinux and iptables disabled so I cant tell if this is required

  9. #9
    Join Date
    Jun 2009
    Location
    Washington, D.C.
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    When the last two lines of a failed vpn connection are:

    Reason: Failed to establish a TCP connection.
    There are no new notification messages at this time.


    I may have been able to connect by taking one or more of the following steps:

    0. verify required Linux packages are already installed before running vpn_install
    yum install gcc
    yum install kernel kernel-headers kernel-firmware kernel-devel
    yum erase kernel-PAE
    yum list | grep kernel (verify kernel packages are installed but not PAE)

    1. using a UDP not TCP connection by changing "TunnelingMode" in the .pcf file from 1 to 0

    2. Disable selinux
    System --> Administration --> SELinux

    3. Disable the OS firewall iptables
    System --> Administration --> Services

    4. Uninstall vpnc (the open source VPN client)
    yum list | grep vpnc
    yum erase vpnc [and other vpnc packages]

    5. Try being root to connect

    However, even after I successfully get a prompt to connect with my username and password, and I get our standard warning message about the dangers of entering an important system, my kernel freezes and I have to bounce the system.

    Does anyone else have any ideas what I'm doing wrong? Did I have to apply a patch?

    I'm running an older Dell Latitude D610 single-core laptop:
    CISCO vpnclient-linux-x86_64-4.8.02.0030-k9.tar.gz (unpatched)

    I compiled with gcc 4.4.0-4

    on FEDORA 11 with yum updated kernel packages:
    2.6.29.5-191.fc11.i586 #1 SMP i686 i686 i386 GNU/Linux
    Do I need to be running the PAE kernel instead?

  10. #10
    Join Date
    May 2009
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cisco VPN doesnt work on kernel 2.6.29+

    http://forum.tuxx-home.at/viewtopic.php?f=15&t=757

  11. #11
    Join Date
    Sep 2008
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    New Twist?

    Not to throw too much of a monkey-wrench into the works, but I am having a similar problem.

    My Equipment
    Dell Latitude 610
    Fedora 11
    2.6.29.5-191.fc11.i586 #1 SMP
    vpnclient-linux-x86_64-4.8.02.0030-k9

    I had the hardest time troubleshooting this because it always worked for me from my office, but never from my home. What I finally found was that if I used a wired connection or the VerizonWireless Broadband Access card, my system would completely lock up. However, if I used the internal wireless I could connect just fine.

  12. #12
    Join Date
    May 2006
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Confirmed twist!

    I can confirm that the Cisco VPN client compiles nicely and then has two separate behaviours.

    On wireless (iwl3945) is works just fine....

    On wired connection, it connects then locks out the machine when a ping is performed.

    I am running a Dell D620 with the "Intel Corp PRO/Wireless 3945ABG [Golan] Network connection using the iwl3945 wireless driver from F11.

    The wired connection is Broadcom Corp NeteXtreme BCM5752 Gigabit Ethernet PCI Express which is sorted out through the usual magical way that Fedora works.

    It seems that a call made into the network when the ping is done has two very different results when the wired connection is used. Has there been an upgrade to the wired connection that has not passed through to the wireless one?

    J

  13. #13
    Join Date
    May 2009
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, I confirm. CiscoVPN over WiFi works excellent!!!

    My wifi card is Intel Corporation PRO/Wireless 5100 AGN (iwlagn driver), but I think this is not important
    Last edited by mariuszs; 28th July 2009 at 04:55 PM.

  14. #14
    Join Date
    Oct 2005
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    still panics using wifi

    Quote Originally Posted by mariuszs
    Yes, I confirm. CiscoVPN over WiFi works excellent!!!

    My wifi card is Intel Corporation PRO/Wireless 5100 AGN (iwlagn driver), but I think this is not important
    What version of the cisco client are you and others using (without a panic)?

    And exactly which kernel? PAE or not?

    I tried via wifi, and still got a panic. It's not as consistent as on ethernet, I can ping and get some data.

    I have not been able to see the console screen so far (the capslock are flashing and it's hung, so it must be a panic).

    I hit the panic with both 2.6.29.5-191.fc11.i686.PAE and 2.6.29.6-213.fc11.i686.PAE kernels, using linux-x86_64-4.8.02.0030-k9.

    -- Patrick Mansfield

  15. #15
    Join Date
    Dec 2008
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mariuszs
    Maybe vpnc works well, but dont support for certificates login so is useless for my...
    I'm not sure... but on the following link I've see instruction on how to configure vpnc with certificate authentication:
    http://www.toolsbysk.com/skforums/fo...?m-1247385296/

Page 1 of 2 1 2 LastLast

Similar Threads

  1. Cisco VPN Client on FC8
    By LongeFlucht in forum Using Fedora
    Replies: 13
    Last Post: 3rd April 2008, 03:19 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •