[opensuse] Vpn client settings for Cisco vpns?
Hi, using Cisco's vpnclient I can connect to the other side and work in full stability, but compiling the needed module after kernel changes is always a PITA, thus I'd like to replace it. vpnc kind of works, but it disconnects too frequently - even when I'm actually using the vpn connection - and after a while it doesn't reconnect anymore. Is there some magical setting that I have to pass to vpnc to keep the connection stable? If necessary I can use OpenVPN, but since I don't know it at all I'd like to have a configuration example specific for Cisco vpns (I remember that configuring openvpn is really scary). Thanks, Nico -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I use vpnc and kvpn to run a cisco connection and I find it to be fairly reliable, though not as good as cisco's client. However as you've said compiling it on recent kernels involves hacking it ad I've had poor results with that. One of the things that improves stability for me is to select the "reconnect on connection lost" option in kvpn, and also run the keepalive ping there as well. Perhaps you are using vpnc without kvpn.... The combination is better than just one:) wcn Nico Sabbi wrote:
Hi, using Cisco's vpnclient I can connect to the other side and work in full stability, but compiling the needed module after kernel changes is always a PITA, thus I'd like to replace it.
vpnc kind of works, but it disconnects too frequently - even when I'm actually using the vpn connection - and after a while it doesn't reconnect anymore. Is there some magical setting that I have to pass to vpnc to keep the connection stable?
If necessary I can use OpenVPN, but since I don't know it at all I'd like to have a configuration example specific for Cisco vpns (I remember that configuring openvpn is really scary).
Thanks, Nico
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 16 July 2008 01:18:06 am Nico Sabbi wrote:
Hi, using Cisco's vpnclient I can connect to the other side and work in full stability, but compiling the needed module after kernel changes is always a PITA, thus I'd like to replace it.
vpnc kind of works, but it disconnects too frequently - even when I'm actually using the vpn connection - and after a while it doesn't reconnect anymore. Is there some magical setting that I have to pass to vpnc to keep the connection stable?
If necessary I can use OpenVPN, but since I don't know it at all I'd like to have a configuration example specific for Cisco vpns (I remember that configuring openvpn is really scary).
Nico - what cisco client version are you using? There are newer ones that support the updated kernels. I am currently running 4.8.00 and it will connect all day without an issue. (I only wish I didn't have to run it in the CLI.) -- kai www.filesite.org || www.4thedadz.com || www.perfectreign.com remember - a turn signal is a statement, not a request -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Kai Ponte wrote:
On Wednesday 16 July 2008 01:18:06 am Nico Sabbi wrote:
Hi, using Cisco's vpnclient I can connect to the other side and work in full stability, but compiling the needed module after kernel changes is always a PITA, thus I'd like to replace it.
vpnc kind of works, but it disconnects too frequently - even when I'm actually using the vpn connection - and after a while it doesn't reconnect anymore. Is there some magical setting that I have to pass to vpnc to keep the connection stable?
If necessary I can use OpenVPN, but since I don't know it at all I'd like to have a configuration example specific for Cisco vpns (I remember that configuring openvpn is really scary).
Nico - what cisco client version are you using? There are newer ones that support the updated kernels. I am currently running 4.8.00 and it will connect all day without an issue. (I only wish I didn't have to run it in the CLI.)
I'm running the cli version too, and it's quite reliable. I've never had any success with kvpnc. Any attempt to connect to the cisco vpn with kvpnc results in the death of knetwork manager, which is unable to come back until reboot. Needless to say, I avoid kvpnc, and use the command line cisco client. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Kai Ponte wrote:
On Wednesday 16 July 2008 01:18:06 am Nico Sabbi wrote:
Hi, using Cisco's vpnclient I can connect to the other side and work in full stability, but compiling the needed module after kernel changes is always a PITA, thus I'd like to replace it.
vpnc kind of works, but it disconnects too frequently - even when I'm actually using the vpn connection - and after a while it doesn't reconnect anymore. Is there some magical setting that I have to pass to vpnc to keep the connection stable?
If necessary I can use OpenVPN, but since I don't know it at all I'd like to have a configuration example specific for Cisco vpns (I remember that configuring openvpn is really scary).
Nico - what cisco client version are you using? There are newer ones that support the updated kernels. I am currently running 4.8.00 and it will connect all day without an issue. (I only wish I didn't have to run it in the CLI.)
Hi, You could try gvpndialer if you want a gui that is what I use with cisco vpn. Regards Jeff -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, Jul 18, 2008 at 10:50 PM, Jeff Hoare <jeffhoare@xtra.co.nz> wrote:
Kai Ponte wrote:
On Wednesday 16 July 2008 01:18:06 am Nico Sabbi wrote:
Hi, using Cisco's vpnclient I can connect to the other side and work in full stability, but compiling the needed module after kernel changes is always a PITA, thus I'd like to replace it.
since I've gotten a dual core CPU machine (a couple/few years ago) I have not been able to use the cisco client ... I am told by cisco that it does not support an SMP kernel. Is there a newer client now, that works with an SMP kernel? Peter -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Peter Van Lone wrote:
On Fri, Jul 18, 2008 at 10:50 PM, Jeff Hoare <jeffhoare@xtra.co.nz> wrote:
Kai Ponte wrote:
On Wednesday 16 July 2008 01:18:06 am Nico Sabbi wrote:
Hi, using Cisco's vpnclient I can connect to the other side and work in full stability, but compiling the needed module after kernel changes is always a PITA, thus I'd like to replace it.
since I've gotten a dual core CPU machine (a couple/few years ago) I have not been able to use the cisco client ... I am told by cisco that it does not support an SMP kernel.
Is there a newer client now, that works with an SMP kernel?
The default suse kernel has been smp for awhile now, and the cisco client works just fine, so I'd say yes. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 19 July 2008 09:20:00 am Joe Sloan wrote:
Peter Van Lone wrote:
On Fri, Jul 18, 2008 at 10:50 PM, Jeff Hoare <jeffhoare@xtra.co.nz>
wrote:
Kai Ponte wrote:
On Wednesday 16 July 2008 01:18:06 am Nico Sabbi wrote:
Hi, using Cisco's vpnclient I can connect to the other side and work in full stability, but compiling the needed module after kernel changes is always a PITA, thus I'd like to replace it.
since I've gotten a dual core CPU machine (a couple/few years ago) I have not been able to use the cisco client ... I am told by cisco that it does not support an SMP kernel.
Is there a newer client now, that works with an SMP kernel?
The default suse kernel has been smp for awhile now, and the cisco client works just fine, so I'd say yes.
Yeah, that's pretty standard. You'd be hard-pressed to find a single-core system these days. Peter - what version of the Cisco VPN client are you trying? -- kai www.filesite.org || www.4thedadz.com || www.perfectreign.com remember - a turn signal is a statement, not a request -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, Jul 21, 2008 at 12:40 AM, Kai Ponte <kai@perfectreign.com> wrote:
Yeah, that's pretty standard. You'd be hard-pressed to find a single-core system these days.
Peter - what version of the Cisco VPN client are you trying?
Sorry it took so long to get back ... I didn't notice the reply. Anyway, I don't know what the version was, I'll have to look again ... it has been more than 8 months or so since I last tried. I do know that it was the latest version of the client available, at the time. But, I have to say I talked with TAC (Cisco tech support) and they confirmed that the client does not officially support an smp kernel. I'll take a stab at it again .. it's very frustrating to not have it. Peter -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
if you use opensuse 10.3 with kernel 2.6.22 and have error like this: "#./vpn_install ERROR: Kernel configuration is invalid. include/linux/autoconf.h or include/config/auto.conf are missing. Run 'make oldconfig && make prepare' on kernel src to fix it. include/config/auto.conf: No such file or directory" then, install kernel-source and do: #make oldconfig && make prepare next step: download from cisco.com vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz (exactly this version) and do: tar zxf vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz -C /tmp/ cd /tmp/vpnclient ./vpn_install start VPN service: /etc/init.d/vpnclient_init start should work. I've core 2 duo PC with SMP kernel and no problem On Fri, Aug 1, 2008 at 6:33 AM, Peter Van Lone <petervl@gmail.com> wrote:
On Mon, Jul 21, 2008 at 12:40 AM, Kai Ponte <kai@perfectreign.com> wrote:
Yeah, that's pretty standard. You'd be hard-pressed to find a single-core system these days.
Peter - what version of the Cisco VPN client are you trying?
Sorry it took so long to get back ... I didn't notice the reply.
Anyway, I don't know what the version was, I'll have to look again ... it has been more than 8 months or so since I last tried. I do know that it was the latest version of the client available, at the time.
But, I have to say I talked with TAC (Cisco tech support) and they confirmed that the client does not officially support an smp kernel.
I'll take a stab at it again .. it's very frustrating to not have it.
Peter -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 31 July 2008 07:33:52 pm Peter Van Lone wrote:
On Mon, Jul 21, 2008 at 12:40 AM, Kai Ponte <kai@perfectreign.com> wrote:
Yeah, that's pretty standard. You'd be hard-pressed to find a single-core system these days.
Peter - what version of the Cisco VPN client are you trying?
Sorry it took so long to get back ... I didn't notice the reply.
Anyway, I don't know what the version was, I'll have to look again ... it has been more than 8 months or so since I last tried. I do know that it was the latest version of the client available, at the time.
But, I have to say I talked with TAC (Cisco tech support) and they confirmed that the client does not officially support an smp kernel.
I'll take a stab at it again .. it's very frustrating to not have it.
What does My Computer say? I have: Linux 2.6.22.18-0.2-default i686 AFAIK, that *is* a SMP kernel. In fact, the computer is a dual-core system. -- kai www.filesite.org || www.4thedadz.com || www.perfectreign.com remember - a turn signal is a statement, not a request -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (8)
-
Alexander R -
J Sloan -
Jeff Hoare -
Joe Sloan
-
Kai Ponte -
Nico Sabbi -
Peter Van Lone -
Wendell Nichols