Can't connect Ubuntu 7.04 client to VPN - group set failed.

Unanswered Question
Jun 17th, 2007

I've been trying with little success to connect to the VPN we have at work using the VPN clients I have on my x86 linux (Ubuntu Feisty v7.04) client. Our IT department has me using the prorpietary Cisco client for Mac OS X which works just fine and uses the same home network the linux box does.

I have moved over the .pcf to the linux box and am using the exact same user name and password the Mac client is using. However, whenever I try to connect I get:

eric@frank:/etc/init.d$ vpnclient connect cmg

Cisco Systems VPN Client Version 4.8.00 (0490)

Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Linux

Running on: Linux 2.6.20-06-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686

Config file directory: /etc/opt/cisco-vpnclient

privsep: unable to drop privileges: group set failed.

The application was unable to communicate with the VPN sub-system.

eric@frank:/etc/init.d$

Network security is not one of my skills. Any guidance as to how to proceed from here would be truly appreciated.

EB

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aaron.mason@orau.org Mon, 06/18/2007 - 18:51

From the looks of it, when you installed the client you did so as Sudo and need to modify the permission for the client to allow a normal user to run the vpn client.

Found this on Google..

chmod 4111 /opt/cisco-vpnclient/bin/cvpnd

beyere5398 Tue, 06/19/2007 - 08:29

I tried what you suggested and am now getting the following:

root@frank:/home/eric# chmod 4111 /opt/cisco-vpnclient/bin/cvpnd

root@frank:/home/eric# vpnclient connect cmg

Cisco Systems VPN Client Version 4.8.00 (0490)

Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Linux

Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686

Config file directory: /etc/opt/cisco-vpnclient

Could not attach to driver. Is kernel module loaded?

The application was unable to communicate with the VPN sub-system.

root@frank:/home/eric#

New error, but no joy. Any other ideas?

Thanks.

EB

beyere5398 Tue, 06/19/2007 - 08:31

I tried what you suggested and am now getting the following:

root@frank:/home/eric# chmod 4111 /opt/cisco-vpnclient/bin/cvpnd

root@frank:/home/eric# vpnclient connect cmg

Cisco Systems VPN Client Version 4.8.00 (0490)

Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Linux

Running on: Linux 2.6.20-16-generic #2 SMP Thu Jun 7 20:19:32 UTC 2007 i686

Config file directory: /etc/opt/cisco-vpnclient

Could not attach to driver. Is kernel module loaded?

The application was unable to communicate with the VPN sub-system.

root@frank:/home/eric#

New error, but no joy. Any other ideas?

Thanks.

EB

aaron.mason@orau.org Tue, 06/19/2007 - 08:56

When you installed the client, did you ensure you have the correct kernel headers for the current running kernel version.

by typing uname-r you will get the kernel version number.

Using that information we can (in Ubuntu and other Debian based distributions) easily download the kernel headers with a command like this:

user@joe:~$ sudo apt-get install linux-headers-`uname -r`

Reading package lists... Done

Building dependency tree... Done

linux-headers-2.6.15-23-686 is already the newest version.

0 upgraded, 0 newly installed, 0 to remove and 66 not upgraded.

beyere5398 Tue, 06/19/2007 - 09:11

I am pretty sure I did not.

uname -r gives me:

eric@frank:~$ uname -r

2.6.20-16-generic

eric@frank:~$

Following what I think you wanted me to do, I entered:

eric@frank:~$ sudo apt-get install linux-headers-'2.6.20-16-generic'

Reading package lists... Done

Building dependency tree

Reading state information... Done

linux-headers-2.6.20-16-generic is already the newest version.

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

eric@frank:~$

Does this help?

EB

aaron.mason@orau.org Thu, 06/28/2007 - 06:51

I ran into a glitch with my cisco client on Ubuntu last night, it has been a while since I last used it. Went to run it and realized I was getting the same error as you!!

Looking at the Synaptic logs shows some automatic updates ran by Synaptic that modified files for cisco. If you remove and reinstall the cisco client (takes 1 minute) but leave the certificates and profiles (it will prompt you if you would like to remove them or not) you should be able to reconnect. This worked for me.

beyere5398 Thu, 06/28/2007 - 08:21

Could you please walk through with me what you reinstalled? Did you use Synaptic?

Thanks.

EB

aaron.mason@orau.org Thu, 06/28/2007 - 08:29

I actually uninstalled the cisco vpn client. Then reinstalled it.

Navigate to the directory it is installed and issue the uninstall command.

(user@ubuntu /cisco/vpnclient$ sudo ./vpn_uninstall)

You will recieve a prompt to remove profiles and certificates, select No (unless you want to reinstall for the heck of it)

Then from the /cisco/vpnclient folder issue ./vpn_install

The client will reinstall and should work.

If not this link http://popey.com/node/62 has excellent step-by-step procedures for installing cisco client on ubuntu. Disregard the portion about getting the update that was for a previous version of the client, with the latest one this is unessasary.

Note if you follow the directions on the website above, they do not cover importing the certificate, you will also need to issue that command.

I hope this helps.

Actions

This Discussion