Hi there, I try to install & use the cisco vpn client for linux, version 3.7.2 The installation goes well, so does the module loading. But when trying to run a vpnclient connect, it waits and finally abandon without setting up the tunnel. 1. The software installation worked without a problem. See the vpn.install attached file for more details. 2. Module loading also performed well: # cd /etc/init.d # ./vpnclient_init start Starting /usr/local/bin/vpnclient: Warning: loading /lib/modules/2.4.19-16mdk/CiscoVPN/cisco_ipsec will taint the kernel: no license See http://www.tux.org/lkml/#export-tainted for information about tainted modules Module cisco_ipsec loaded, with warnings Done # ./vpnclient_init status Module Size Used by Tainted: P cisco_ipsec 377024 0 (unused) cipsec0 Lien encap:Ethernet HWaddr 00:00:00:00:00:00 BROADCAST MULTICAST MTU:1400 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) 3. Profile setup: I created a new profile /etc/CiscoSystemsVPNClient/Profiles/rvi.pcf This profile is copied from a friend's machine and is working. 4. The connect fails without any given reasons. The line "Failed to establish..." appears after about one minute and a half. $ vpnclient connect rvi Cisco Systems VPN Client Version 3.7.2 (Rel) Copyright (C) 1998-2002 Cisco Systems, Inc. All Rights Reserved. Client Type(s): Linux Running on: Linux 2.4.19-16mdk #1 Fri Sep 20 18:15:05 CEST 2002 i686 Initializing the IPSec link. Failed to establish a connection. There are no new notification messages at this time. $ Between "Initializing the IPSec link." and "Failed...", all my connections do not work anymore, as they're supposed to (this means that the module is performing correctly - if the module is responsible for this behavior). After returning to the prompt, the connections are working back. 5. I tried to strace the vpnclient while it was trying to establish the connection. See attached file strace.vpn for more details (I removed some repeted lines - marked with "[ lots of lines skipped ]"). Anyway, the important thing is (if I'm reading correctly) that vpnclient tries to reach a given UDP port, that must be opened by cvpnd (I guess). 6. But if I look at the open ports of cvpnd: # lsof -p `pgrep cvpnd` COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME cvpnd 2276 jquelin mem REG 3,4 1374448 156363 /usr/local/bin/cvpnd cvpnd 2276 jquelin mem REG 3,4 539887 154887 /lib/ld-2.2.5.so cvpnd 2276 jquelin mem REG 3,4 8220 154898 /lib/libdl-2.2.5.so cvpnd 2276 jquelin mem REG 3,4 137780 123914 /lib/i686/libm-2.2.5.so cvpnd 2276 jquelin mem REG 3,4 1167240 123912 /lib/i686/libc-2.2.5.so cvpnd 2276 jquelin mem REG 3,4 36296 154908 /lib/libnss_files-2.2.5.so cvpnd 2276 jquelin mem REG 3,4 12884 154906 /lib/libnss_dns-2.2.5.so cvpnd 2276 jquelin mem REG 3,4 60716 154918 /lib/libresolv-2.2.5.so ==> there are no UDP listening port. Is it normal? If you want some information: - running mandrake linux 9.0, stock kernel (2.4.19) - hotplug not used (I read the release notes) - connected to internet via (working ) adsl line, with PPP protocol - USB Alcatel Speedtouch adsl modem - more information: $ uname -a Linux merlin 2.4.19-16mdk #1 Fri Sep 20 18:15:05 CEST 2002 i686 unknown unknown GNU/Linux $ gcc -v Reading specs from /usr/lib/gcc-lib/i586-mandrake-linux-gnu/3.2/specs Configured with: ../configure --prefix=/usr --libdir=/usr/lib --with-slibdir=/lib --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --enable-long-long --enable-__cxa_atexit --enable-languages=c,c++,ada,f77,objc,java --host=i586-mandrake-linux-gnu --with-system-zlib Thread model: posix gcc version 3.2 (Mandrake Linux 9.0 3.2-1mdk) Do you have any ideas why the connection fails? Is it normal for cvpnd not to have open UDP ports? If you need some more information, I'll be more than happy to provide them. Regards, Jerome
I forgot to tell that I'm not using iptables nor any firewalling product. Nor am I using other vpn clients. Jerome
Sorry, but in fact, there are some open udp ports: # netstat -an | grep 29749 udp 59136 0 127.0.0.1:29749 0.0.0.0:* # lsof -i udp:29749 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME cvpnd 2921 jquelin 9u IPv4 21821 UDP merlin:29749 # # ps -ef | grep vpn jquelin 2920 1849 0 22:18 pts/4 00:00:00 vpnclient jquelin 2921 2920 0 22:18 ? 00:00:00 cvpnd root 2927 2001 0 22:19 pts/2 00:00:00 grep vpn # lsof -p 2920 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME vpnclient 2920 jquelin cwd DIR 3,4 4096 156356 /etc/CiscoSystemsVPNClient vpnclient 2920 jquelin rtd DIR 3,4 4096 2 / vpnclient 2920 jquelin txt REG 3,4 181408 156362 /usr/local/bin/vpnclient vpnclient 2920 jquelin mem REG 3,4 539887 154887 /lib/ld-2.2.5.so vpnclient 2920 jquelin mem REG 3,4 137780 123914 /lib/i686/libm-2.2.5.so vpnclient 2920 jquelin mem REG 3,4 1167240 123912 /lib/i686/libc-2.2.5.so vpnclient 2920 jquelin 0u CHR 136,4 6 /dev/pts/4 vpnclient 2920 jquelin 1u CHR 136,4 6 /dev/pts/4 vpnclient 2920 jquelin 2u CHR 136,4 6 /dev/pts/4 vpnclient 2920 jquelin 3u IPv4 21808 UDP merlin:29748 vpnclient 2920 jquelin 4u sock 0,0 21809 can't identify protocol # lsof -p 2921 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME cvpnd 2921 jquelin cwd DIR 3,4 4096 156356 /etc/CiscoSystemsVPNClient cvpnd 2921 jquelin rtd DIR 3,4 4096 2 / cvpnd 2921 jquelin txt REG 3,4 1374448 156363 /usr/local/bin/cvpnd cvpnd 2921 jquelin mem REG 3,4 539887 154887 /lib/ld-2.2.5.so cvpnd 2921 jquelin mem REG 3,4 8220 154898 /lib/libdl-2.2.5.so cvpnd 2921 jquelin mem REG 3,4 137780 123914 /lib/i686/libm-2.2.5.so cvpnd 2921 jquelin mem REG 3,4 1167240 123912 /lib/i686/libc-2.2.5.so cvpnd 2921 jquelin mem REG 3,4 36296 154908 /lib/libnss_files-2.2.5.so cvpnd 2921 jquelin mem REG 3,4 12884 154906 /lib/libnss_dns-2.2.5.so cvpnd 2921 jquelin mem REG 3,4 60716 154918 /lib/libresolv-2.2.5.so cvpnd 2921 jquelin 0wW REG 3,4 5 125266 /var/run/cvpnd.pid cvpnd 2921 jquelin 1u IPv4 21811 UDP *:isakmp cvpnd 2921 jquelin 2u CHR 136,4 6 /dev/pts/4 cvpnd 2921 jquelin 3u IPv4 21812 UDP *:4500 cvpnd 2921 jquelin 4u IPv4 21814 UDP merlin:29747 cvpnd 2921 jquelin 5u IPv4 21815 UDP merlin:29755 cvpnd 2921 jquelin 6u IPv4 21816 UDP merlin:29756 cvpnd 2921 jquelin 7u IPv4 21817 UDP merlin:29753 cvpnd 2921 jquelin 8u IPv4 21819 UDP merlin:29751 cvpnd 2921 jquelin 9u IPv4 21821 UDP merlin:29749 cvpnd 2921 jquelin 10u sock 0,0 21823 can't identify protocol < here lsof hangs for a moment > cvpnd 2921 jquelin 11u IPv4 21841 UDP 81.248.234.145:32853->193.252.19.4:domain < here lsof hangs for a moment > cvpnd 2921 jquelin 12u IPv4 22582 UDP 81.248.234.145:32854->193.252.19.3:domain < here lsof hangs for a moment > cvpnd 2921 jquelin 13u IPv4 22889 UDP 81.248.234.145:32855->dns-adsl-gpe2-b.wanadoo.fr:domain < lsof stops when vpnclient stops > # 81.248.234.145 is my current ip on my ppp link (adsl). 193.252.19.3 is one my isp dns servers. Still investigating, Jerome
