While I was preparing for the RS lab, I came across a buggy backbone router in my rack and decided to run dynamips on a laptop with bridged interfaces. The laptop has a 1.6Mhz CPU and 768MB of RAM. I had built the laptop using CentOSv4.4 and booted it into runlevel 3 which used about 250MB of memory. To me, the OS still felt a little bloated. I could have tuned the kernel with specific options, but that’s a bit more tedious than I would prefer.

I started with DSLv4.2.5 because on bootup with a GUI about 50MB of memory was used. I attempted to install the OS and went through the setup procedures. After the CD ejected and the laptop rebooted, the OS wouldn’t start for some odd reason. I ran the install again and had the same problem. I researched some of the errors on Google, but decided to give up on this knoppix variant all together.

After researching more for a small linux alternative, I stumbled upon gOS (pronounced “juice”) which is a debian variant that is installed on the Everex Green PC’s sold at Walmart. Ran the ‘free’ command to see how much memory was used.

The installation process was fine until I tried to change the runlevel to 3. I was unable to locate the inittab file. Creating one didn’t do anything for my cause and I had to Google for the answer. The folks over at Ubuntu decided to use Upstart to segregate from how the RedHat folks manages services. The easiest way for me to to run gOS in runlevel3 was to install the ’sysv-rc-conf’ package.

Once the package was installed with dependencies, I initiated the script and cleared out the gdm service.

Exited out and rebooted. Ran the ‘free’ command again and found that gOS was only using 80MB of memory.

Now I’m able to run about 8 routers in dynamips for studying.

My company has asked me to provide a client VPN solution so that our remote workstations can connect back to our servers securely. The solution of their choice is using Hamachi since all the workstations are running Ubuntu. Having read the online Hamachi manual, I found that the clients would tie back to a Hamachi server located on Hamachi’s network.

Rather than build my own Hamachi server, which I’m not certain if that is even possible, I stated that we could use Cisco’s VPN client instead and have the workstations terminate on our equipment. Demoing Cisco’s VPN client on my Fedora laptop was easy. Now I have about a month to design and implement all the automated scripts to kick off the VPN clients on the remote workstations.

To begin testing, I decided to install Ubuntu 7.04 on a spare laptop. This is a clean install with all the latest updates.

root@r0buntu:~# uname -r
2.6.20-16-generic

I downloaded the client software and placed the file into a folder called ‘downloads’.

root@r0buntu:/home/r0ckwell# cd downloads
root@r0buntu:/home/r0ckwell/downloads# ls
vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz

Next, I extracted the file.

root@r0buntu:/home/r0ckwell/downloads# tar -zxvf vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz
vpnclient/
vpnclient/libvpnapi.so
vpnclient/vpnapi.h
vpnclient/cisco_cert_mgr
vpnclient/vpnclient
vpnclient/ipseclog
vpnclient/cvpnd
vpnclient/vpn_install
vpnclient/vpnclient_init
vpnclient/vpn_uninstall
vpnclient/driver_build.sh
vpnclient/sample.pcf
vpnclient/vpnclient.ini
vpnclient/license.txt
vpnclient/license.rtf
vpnclient/interceptor.c
vpnclient/linuxcniapi.c
vpnclient/linuxcniapi.h
vpnclient/vpn_ioctl_linux.h
vpnclient/IPSecDrvOS_linux.c
vpnclient/linux_os.h
vpnclient/frag.h
vpnclient/frag.c
vpnclient/linuxkernelapi.c
vpnclient/GenDefs.h
vpnclient/mtu.h
vpnclient/IPSecDrvOSFunctions.h
vpnclient/IPSecDrvOS_linux.h
vpnclient/Cniapi.h
vpnclient/unixcniapi.h
vpnclient/unixkernelapi.h
vpnclient/config.h
vpnclient/libdriver64.so
vpnclient/libdriver.so
vpnclient/Makefile
root@r0buntu:/home/r0ckwell/downloads# ls
vpnclient vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz

You’ll notice that all the files ended up in the default directory, vpnclient.

Now I ran the install file.

root@r0buntu:/home/r0ckwell/downloads# cd vpnclient
root@r0buntu:/home/r0ckwell/downloads/vpnclient# ./vpn_install

Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.

Directory where binaries will be installed [/usr/local/bin]

Automatically start the VPN service at boot time [yes]

In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.

Directory containing linux kernel source code [/lib/modules/2.6.20-16-generic/bu
ild]

* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.20-16-generic/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.20-16-generic/build” will be used to buil
d the module.

Is the above correct [y]

Making module
make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/r0ckwell/downloads/vp
nclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-generic’
CC [M] /home/r0ckwell/downloads/vpnclient/linuxcniapi.o
/home/r0ckwell/downloads/vpnclient/linuxcniapi.c:12:26: error: linux/config.h: N
o such file or directory
make[2]: *** [/home/r0ckwell/downloads/vpnclient/linuxcniapi.o] Error 1
make[1]: *** [_module_/home/r0ckwell/downloads/vpnclient] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-generic’
make: *** [default] Error 2
Failed to make module “cisco_ipsec.ko”.

This is the same problem I had when I ran the install on FC6. To resolve it, you need to download the patch, which can be found here. This patch was originally created by Andy Ritger and is actually different than the one posted from my other article.

Ran the patch:

root@r0buntu:/home/r0ckwell/downloads/vpnclient# patch <../vpnclient-linux-2.6.2
0.6.diff
patching file IPSecDrvOS_linux.c
patching file frag.c
patching file interceptor.c
patching file linuxcniapi.c

Ran the install again.

root@r0buntu:/home/r0ckwell/downloads/vpnclient# ./vpn_install
Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.

Directory where binaries will be installed [/usr/local/bin]

Automatically start the VPN service at boot time [yes]

In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.

Directory containing linux kernel source code [/lib/modules/2.6.20-16-generic/bu
ild]

* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.20-16-generic/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.20-16-generic/build” will be used to buil
d the module.

Is the above correct [y]

Making module
make -C /lib/modules/2.6.20-16-generic/build SUBDIRS=/home/r0ckwell/downloads/vp
nclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-generic’
CC [M] /home/r0ckwell/downloads/vpnclient/linuxcniapi.o
CC [M] /home/r0ckwell/downloads/vpnclient/frag.o
CC [M] /home/r0ckwell/downloads/vpnclient/IPSecDrvOS_linux.o
CC [M] /home/r0ckwell/downloads/vpnclient/interceptor.o
/home/r0ckwell/downloads/vpnclient/interceptor.c: In function ‘handle_vpnup’:
/home/r0ckwell/downloads/vpnclient/interceptor.c:322: warning: assignment from i
ncompatible pointer type
/home/r0ckwell/downloads/vpnclient/interceptor.c:346: warning: assignment from i
ncompatible pointer type
/home/r0ckwell/downloads/vpnclient/interceptor.c:347: warning: assignment from i
ncompatible pointer type
/home/r0ckwell/downloads/vpnclient/interceptor.c: In function ‘do_cleanup’:
/home/r0ckwell/downloads/vpnclient/interceptor.c:390: warning: assignment from i
ncompatible pointer type
CC [M] /home/r0ckwell/downloads/vpnclient/linuxkernelapi.o
LD [M] /home/r0ckwell/downloads/vpnclient/cisco_ipsec.o
Building modules, stage 2.
MODPOST 1 modules
WARNING: /home/r0ckwell/downloads/vpnclient/cisco_ipsec.o - Section mismatch: re
ference to .init.text: from .data between ‘interceptor_dev’ (at offset 0xb4) and
‘interceptor_notifier’
WARNING: could not find /home/r0ckwell/downloads/vpnclient/.libdriver.so.cmd for
/home/r0ckwell/downloads/vpnclient/libdriver.so
CC /home/r0ckwell/downloads/vpnclient/cisco_ipsec.mod.o
LD [M] /home/r0ckwell/downloads/vpnclient/cisco_ipsec.ko
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-generic’
Create module directory “/lib/modules/2.6.20-16-generic/CiscoVPN”.
Copying module to directory “/lib/modules/2.6.20-16-generic/CiscoVPN”.
Already have group ‘bin’

Creating start/stop script “/etc/init.d/vpnclient_init”.
/etc/init.d/vpnclient_init
Enabling start/stop script for run level 3,4 and 5.
Creating global config /etc/opt/cisco-vpnclient

Installing license.txt (VPN Client license) in “/opt/cisco-vpnclient/”:

Installing bundled user profiles in “/etc/opt/cisco-vpnclient/Profiles/”:
* New Profiles : sample

Copying binaries to directory “/opt/cisco-vpnclient/bin”.
Adding symlinks to “/usr/local/bin”.
/opt/cisco-vpnclient/bin/vpnclient
/opt/cisco-vpnclient/bin/cisco_cert_mgr
/opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory “/opt/cisco-vpnclient/bin”.
/opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory “/opt/cisco-vpnclient/lib”.
/opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory “/opt/cisco-vpnclient/include”.
/opt/cisco-vpnclient/include/vpnapi.h

Setting permissions.
/opt/cisco-vpnclient/bin/cvpnd (setuid root)
/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient/Profiles (group bin readable)
/etc/opt/cisco-vpnclient/Certificates (group bin readable)
* You may wish to change these permissions to restrict access to root.
* You must run “/etc/init.d/vpnclient_init start” before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.
root@r0buntu:/home/r0ckwell/downloads/vpnclient#

The install worked and I’m ready to start testing the client software running in Ubuntu. All I need to do is copy the profile file and I’m good to go.

I’ve pretty much converted all my home workstations, servers, and laptops from Windows to Fedora. The reason for this is to support my aging hardware. With all of the things going on in my life, I really don’t have enough to purchase a new computer. Maybe after my lab exams, I’ll buy something new, but until then I’ll use linux on my hardware to avoid the Windows bloat.

Tethering, as it pertains to cell phones, refers to using your cell phone as a modem for your laptop or PDA device.

When I’m travelling, I like to take my laptop with me in case a work or client emergency arises. I really dislike the fact that hotels, coffee shops, and book stores require you to pay for an Internet connection. Since I run the network operations at work, it was crucial that I be available 24×7, so lucky for me they agreed to pay for the data portion on my Cingular plan. Now I don’t need to rely on anyone for a connection. I can connect to the Internet, run the Cisco VPN client, and troubleshoot any issue on the road.

From this point forward, I’ll assume the following:

1) ‘yum install wvdial’ (and dependencies) are installed on your laptop
2) you have the USB cable that came with the Blackjack

First, attach the USB cable to the Blackjack. On the Blackjack, go to Start/Settings/Connections/USB and change the value to ‘Modem’. Now attach the other end to your laptop.

In a terminal window, run ‘dmesg’. Your output should look similar to the following:

usb 4-1: new full speed USB device using uhci_hcd and address 2
usb 4-1: configuration #1 chosen from 1 choice
cdc_acm 4-1:1.0: ttyACM0: USB ACM device
usbcore: registered new interface driver cdc_acm
drivers/usb/class/cdc-acm.c: v0.25:USB Abstract Control Model driver for USB modems and ISDN adapters

Now edit the /etc/wvdial.conf file. If it is blank, that’s fine. Your settings should look like:

[Dialer Defaults]
Modem = /dev/ttyACM0
Baud = 460800
Dial Command = ATDT
Init1 = ATZ
Init2 = AT+CGDCONT=3,”IP”,”WAP.CINGULAR”
FlowControl = None
Username = WAP@CINGULARGPRS.COM
Password = CINGULAR1
Phone = *99***3#
Stupid Mode =1

To connect, just type ‘wvdial’. If successful, you’ll notice ppp0 has established a connection

If you would like to use the Network Configuration gui (system-config-network) under System/Administration, just read onward. Click on ‘New’. Select ‘Modem connection’. Here are the settings:

Internet Provider: N/A
Phone Number: *99***3# (no prefix or area code should be entered)
Provider Name: Cingular_MediaNet (or anything you want)
Login Name: WAP@CINGULARGPRS.COM
Password: CINGULAR1

If you ‘cat /etc/wvdial.conf’ after running the wizard, your settings should look as follows:

[Modem0]
Modem = /dev/ttyACM0
Baud = 460800
SetVolume = 0
Dial Command = ATDP
Init1 = ATZ
Init3 = ATM0
FlowControl = NOFLOW

[Dialer Cingular_MediaNet]
Username = WAP@CINGULARGPRS.COM
Password = CINGULAR1
Phone = *99***3#
Stupid Mode = 1
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Inherits = Modem0

Click on ‘Activate’ to start your connection. You should see that your status is now ‘Active’.

As of this writing, I’m running Fedora Core 6 (2.6.20-1.2948.fc6). To avoid having to install additional packages during the setup process, run the following now:

yum install kernel-devel
yum install gcc

Now download the vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz package from Cisco’s website. Untar the package to a directory:

tar -zxvf vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz

A vnpclient directory will be created. If you run ‘./vpn_install’ now, you may run into several errors.

To resolve the errors, you will need to download a patch that was created by Alexander Griesser and can be found here or by running:

wget -q http://tuxx-home.at/projects/cisco-vpnclient/vpnclient-linux-2.6.19.diff

This patch actually has a bug with DNS name resolution when the tunnel is up. If you need name resolution, then use this updated patch instead:

wget -q http://tuxx-home.at/projects/cisco-vpnclient/vpnclient-linux-2.6.19+-rev1.diff

These patches were created for 2.6.19, but it is apparently working in 2.6.20 for me. If you read several of the forums, people have successfully run the patches with both the 32-bit and 64-bit versions.

Originally I copied the patch file into the vpnclient directory, but nothing seemed to happen when I ran it. So I copied into the folder above and ran:

patch <../vpnclient-linux-2.6.19.diff

or

patch <../vpnclient-linux-2.6.19+-rev1.diff

You should see these 4 lines once the patch has completed:

patching file IPSecDrvOS_linux.c

patching file frag.c

patching file interceptor.c

patching file linuxcniapi.c

Now change to the vpnclient directory and run the install script:

./vpn_install

Just accept all the defaults and proceed. You should the output below:

Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms.

Directory where binaries will be installed [/usr/local/bin]

Automatically start the VPN service at boot time [yes]

In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.

Directory containing linux kernel source code [/lib/modules/2.6.20-1.2948.fc6/build]

* Binaries will be installed in “/usr/local/bin”.
* Modules will be installed in “/lib/modules/2.6.20-1.2948.fc6/CiscoVPN”.
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from “/lib/modules/2.6.20-1.2948.fc6/build” will be used to build the module.

Is the above correct [y]

Making module
make -C /lib/modules/2.6.20-1.2948.fc6/build SUBDIRS=/home/downloads/vpnclient modules
make[1]: Entering directory `/usr/src/kernels/2.6.20-1.2948.fc6-i686′
CC [M] /home/downloads/vpnclient/linuxcniapi.o
CC [M] /home/downloads/vpnclient/frag.o
CC [M] /home/downloads/vpnclient/IPSecDrvOS_linux.o
CC [M] /home/downloads/vpnclient/interceptor.o
/home/downloads/vpnclient/interceptor.c: In function ‘handle_vpnup’:
/home/downloads/vpnclient/interceptor.c:318: warning: assignment from incompatible pointer type
/home/downloads/vpnclient/interceptor.c:342: warning: assignment from incompatible pointer type
/home/downloads/vpnclient/interceptor.c:343: warning: assignment from incompatible pointer type
/home/downloads/vpnclient/interceptor.c: In function ‘do_cleanup’:
/home/downloads/vpnclient/interceptor.c:386: warning: assignment from incompatible pointer type
CC [M] /home/downloads/vpnclient/linuxkernelapi.o
LD [M] /home/downloads/vpnclient/cisco_ipsec.o
Building modules, stage 2.
MODPOST 1 modules
WARNING: /home/downloads/vpnclient/cisco_ipsec.o - Section mismatch: reference to .init.text: from .data between ‘interceptor_dev’ (at offset 0xb4) and ‘interceptor_notifier’
WARNING: could not find /home/downloads/vpnclient/.libdriver.so.cmd for /home/downloads/vpnclient/libdriver.so
CC /home/downloads/vpnclient/cisco_ipsec.mod.o
LD [M] /home/downloads/vpnclient/cisco_ipsec.ko
make[1]: Leaving directory `/usr/src/kernels/2.6.20-1.2948.fc6-i686′
Create module directory “/lib/modules/2.6.20-1.2948.fc6/CiscoVPN”.
Copying module to directory “/lib/modules/2.6.20-1.2948.fc6/CiscoVPN”.
Already have group ‘bin’

Creating start/stop script “/etc/init.d/vpnclient_init”.
/etc/init.d/vpnclient_init
Enabling start/stop script for run level 3,4 and 5.
Creating global config /etc/opt/cisco-vpnclient

Installing license.txt (VPN Client license) in “/opt/cisco-vpnclient/”:

Installing bundled user profiles in “/etc/opt/cisco-vpnclient/Profiles/”:
* New Profiles : sample

Copying binaries to directory “/opt/cisco-vpnclient/bin”.
Adding symlinks to “/usr/local/bin”.
/opt/cisco-vpnclient/bin/vpnclient
/opt/cisco-vpnclient/bin/cisco_cert_mgr
/opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory “/opt/cisco-vpnclient/bin”.
/opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory “/opt/cisco-vpnclient/lib”.
/opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory “/opt/cisco-vpnclient/include”.
/opt/cisco-vpnclient/include/vpnapi.h

Setting permissions.
/opt/cisco-vpnclient/bin/cvpnd (setuid root)
/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient (group bin readable)
/etc/opt/cisco-vpnclient/Profiles (group bin readable)
/etc/opt/cisco-vpnclient/Certificates (group bin readable)
* You may wish to change these permissions to restrict access to root.
* You must run “/etc/init.d/vpnclient_init start” before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.

/etc/init.d/vpnclient_init start
Starting /opt/cisco-vpnclient/bin/vpnclient: Done

To run the vpnclient service manually:

/etc/init.d/vpnclient_init start

Successfuly, this is what you should see:

Starting /opt/cisco-vpnclient/bin/vpnclient: Done

If you would rather the service start automatically upon every reboot, just run this:

chkconfig vpnclient_init on

The quick and easiest way to start using the vpnclient is to create the client profile in Windows and copy the .pcf file (located in C:\Program Files\Cisco Systems\VPN Client\Profiles) to your machine (/etc/opt/cisco-vpnclient/Profiles/). If you have any associated certificates (C:\Program Files\Cisco Systems\VPN Client\Certificates) with your profiles, copy them over as well to your machine (/etc/opt/cisco-vpnclient/Certificates/).

To run the software, just type:

vpnclient connect profile_name

Notice that I didn’t append the .pcf extension to the profile name.