[the] Code Girl (aka UnrulyGrrl)

yay! I finally got the Cisco VPN software running on my everyday Ubuntu 7.04 laptop. I had been lugging around an old slow p2 Gentoo laptop with a 2.4 series kernel because i couldnt get the stupid VPN software running under the 2.6 kernel.

Download this: vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz and this: vpnclient-linux-x86_64-4.8.00.0490-k9.patch
then do this:

1. sudo apt-get install linux-headers-2.6.20-16-386

2. tar xzvf  vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz

3. patch -p0 < vpnclient-linux-x86_64-4.8.00.0490-k9.patch

You should see:

patching file vpnclient/IPSecDrvOS_linux.c
patching file vpnclient/frag.c
patching file vpnclient/interceptor.c
patching file vpnclient/linuxcniapi.c
patching file vpnclient/linuxcniapi.h 

4. cd vpnclient
5. sudo ./vpn_install

Cisco Systems VPN Client Version 4.8.00 (0490) Linux Installer
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

By installing this product you agree that you have read the
license.txt file (The VPN Client license) and will comply with
its terms. 

Directory where binaries will be installed [/usr/local/bin]/usr/bin

Automatically start the VPN service at boot time [yes]

In order to build the VPN kernel module, you must have the
kernel headers for the version of the kernel you are running.

Directory containing linux kernel source code [/lib/modules/2.6.20-16-386/build]/usr/src/linux-headers-2.6.20-16-386

* Binaries will be installed in "/usr/bin".
* Modules will be installed in "/lib/modules/2.6.20-16-386/CiscoVPN".
* The VPN service will be started AUTOMATICALLY at boot time.
* Kernel source from "/usr/src/linux-headers-2.6.20-16-386" will be used to build the module.

Is the above correct [y]

Shutting down /opt/cisco-vpnclient/bin/vpnclient: module cisco_ipsec is not running.
Stopped: /etc/init.d/vpnclient_init (VPN init script)
Making module
make -C /usr/src/linux-headers-2.6.20-16-386 SUBDIRS=/usr/src/vpnclient modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.20-16-386'
  CC [M]  /usr/src/vpnclient/linuxcniapi.o
  CC [M]  /usr/src/vpnclient/frag.o
  CC [M]  /usr/src/vpnclient/IPSecDrvOS_linux.o
  CC [M]  /usr/src/vpnclient/interceptor.o
  CC [M]  /usr/src/vpnclient/linuxkernelapi.o
  LD [M]  /usr/src/vpnclient/cisco_ipsec.o
  Building modules, stage 2.
  MODPOST 1 modules
WARNING: /usr/src/vpnclient/cisco_ipsec.o - Section mismatch: reference to .init.text: from .data between 'interceptor_dev' (at offset 0x54) and 'interceptor_notifier'
WARNING: could not find /usr/src/vpnclient/.libdriver.so.cmd for /usr/src/vpnclient/libdriver.so
  CC      /usr/src/vpnclient/cisco_ipsec.mod.o
  LD [M]  /usr/src/vpnclient/cisco_ipsec.ko
make[1]: Leaving directory `/usr/src/linux-headers-2.6.20-16-386'
Create module directory "/lib/modules/2.6.20-16-386/CiscoVPN".
Copying module to directory "/lib/modules/2.6.20-16-386/CiscoVPN".
Already have group 'bin'

Creating start/stop script "/etc/init.d/vpnclient_init".
    /etc/init.d/vpnclient_init
Enabling start/stop script for run level 3,4 and 5.

Installing license.txt (VPN Client license) in "/opt/cisco-vpnclient/":

Installing bundled user profiles in "/etc/opt/cisco-vpnclient/Profiles/":
* Replaced Profiles: sample 

Copying binaries to directory "/opt/cisco-vpnclient/bin".
Adding symlinks to "/usr/bin".
    /opt/cisco-vpnclient/bin/vpnclient
    /opt/cisco-vpnclient/bin/cisco_cert_mgr
    /opt/cisco-vpnclient/bin/ipseclog
Copying setuid binaries to directory "/opt/cisco-vpnclient/bin".
    /opt/cisco-vpnclient/bin/cvpnd
Copying libraries to directory "/opt/cisco-vpnclient/lib".
    /opt/cisco-vpnclient/lib/libvpnapi.so
Copying header files to directory "/opt/cisco-vpnclient/include".
    /opt/cisco-vpnclient/include/vpnapi.h

Setting permissions.
    /opt/cisco-vpnclient/bin/cvpnd (setuid root)
    /opt/cisco-vpnclient (group bin readable)
    /etc/opt/cisco-vpnclient (permissions not changed)
* You may wish to change these permissions to restrict access to root.
* You must run "/etc/init.d/vpnclient_init start" before using the client.
* This script will be run AUTOMATICALLY every time you reboot your computer.

6. Once the module has been created, load it by running

   sudo /etc/init.d/vpnclient_init start

   and you should see:

   Starting /opt/cisco-vpnclient/bin/vpnclient: Done

The thing that was tripping me up forever: that i was supposed to point the ‘linux kernel source code’ directory to /path/to/linux-headers-2.6.20-16-386. I was using ‘linux-headers-2.6.20-16′ and ‘linux-headers-2.6.20-generic’. Since the module compiled when pointed to those dirs, i assumed they were correct. However, whenever I tried to load the module that was generated with the headers from either of those two dirs, I got “invalid module format” errors.

Recently my laptop hard drive died and I had to re-install Ubuntu. Instead of installing Breezy and updating to Dapper, I installed Dapper. Guess what? NO MORE WIRELESS PROBLEMS AT ALL. It seems the problem with the ipw2200 that I had previously only existed in my “upgraded” setup. I don’t know exactly what this means or how to get around it, for those of you who still have Breezy but want to upgrade to Dapper, I don’t want to recommend you blowing away Ubuntu and re-installing. Just an FYI and followup to a previous post.

I recently installed Crypt::SSLeay and had a strange result: any script that uses that module would get a Segmentation Fault when it hit a certain point. I found another person complaining about this and the suggestion was downgrading OpenSSL. I did that, and it didn;t work. I upgraded to 0.9.8b and that didnt work.

Finally, I converted the .deb file for openssl to a tarball (using alien) and extracted it into a subdirectory in my personal home dir. I then re-installed Crypt::SSLeay and pointed it to my subdir to link against for OpenSSL. No more seg faults!

I got tired of all the little script kiddies banging away at my SSH server 24 hours a day, so I run ssh on a different port than the default of 22. I setup CVS on this server as well, and wanted to check in/out some files remotely but didn’t know how to handle the alternate port issue.

Just like you would do with CVS over SSH on the standard port, you would include this in your ~/.bashrc file:

export CVS_RSH='ssh'
export CVSROOT=':ext:user@server:/path/to/cvsroot'


to get around the alternate port issue, use the ~/.ssh/config file. It’s this simple:

Host my.hostname.com
Port 12345


Not only does this make CVS work for your remote server, you no longer have to always specify the port number from the command line when SSHing to the server (I wish had known about this months ago)

Think you can’t run Linux on an old pc you have laying around because of the bloated KDE/Gnome desktop “environments”? Luckily there’s a great alternative: Fluxbox + pypanel. I’m running it on an old P2 450 Mhz laptop. It’s not super speedy, but it’s perfect for web browsing, email, etc.

First off: You DO NOT NEED KDE OR GNOME! They are both nice looking with tons of eye candy, but all that “wow that looks cool!”-type stuff is sucking up all your ram and some of your CPU cycles. Toss it. All you need is a window manager (do you see that bar at the top of each of your windows, the one with the title in it and usually “X” and “_”…..thats the window manager doing that). However, if all you have is a window manager, you have a blank desktop and will probably feel a little lost. I know I did when I first dropped Gnome.

(more…)

For all of you who love running things from the command line, check out this series of articles on Linux.com:
http://www.linux.com/search.pl?tid=89

alias dot='ls -ldF .[a-zA-Z0-9]*'

i have always wondered if there was a way to view JUST files and dirs that start with a “.”

I noticed that my wireless would randomly stop working ever since I upgraded Ubuntu Linux from Breezy to Dapper. syslog showed a lot of:

ipw2200: Firmware error detected.  Restarting.

I tried installing the latest firmware…and STILL got these errors constantly.

Dapper uses v1.1.1 of the ipw2200 driver, and Breezy used the 1.0.6 version. The kernel was also upgrade from 2.6.12 to 2.6.15. I’m not the only one complaining about this issue, as I found several posts at the Ubuntu forums. Loading the older kernel from the GRUB bootup menu didn’t help (i couldn’t even get the ipw2200 driver to load at all).

I didn’t want to deal with compiling a new or old ipw2200 driver from source merely in the hopes that it would work. I have things TO DO. last weekend, after I had unloaded and reload ipw2200 module at least 5 times within the space of 2 or 3 hours, I gave the #*%& up on it, and ran a long piece of Cat5e from my office to the family room. I’ve been zipping along at 100MBps since then and have not had a single problem since.

You may want to think twice about upgrading from Breezy to Dapper if you have an Intel wireless chipset that uses the ipw2200 driver/module.