I’ve spent quite some time trying to make Cisco’s “vpnclient” work under
Ubuntu. I’ve seen a lot of posts on the Internet about it, but not a single
one with a comprehensive solution. I’ll try to summarize (in a nutshell)
what I’ve been through, hoping it will help the next guy (or girl).
First, it’s important to remember that Cisco’s VPNClient is not an open
source solution — it just integrates with open source. The installation
procedure needs to compile a module that matches the current Linux kernel
configuration, and that usually needs a properly configured kernel source
As a practice, I always keep a compiled version of my current kernel under
“/usr/src/linux”. This is helpful, as many important configuration files and
headers are generated during this process. You’ll need a configured kernel to
install most “semi-open” Linux modules.
There are lots of references on how to compile a kernel on Debian (or
Ubuntu), and I assume if you’re installing a VPN client, you know how to find
your way around. Just remember that your kernel source must match your
currently running kernel and you must compile the Cisco client using
the same version of gcc that was used to compile the kernel (Hint: “cat
/proc/version” will tell you what was used to compile the current kernel, and
“gcc -v” will tell you what is your current version of gcc).
Another source of confusion is that changes have been made to the 2.6 kernel
series that make it impossible to compile the Cisco VPN client. Fortunately,
Cisco already adapted to the ever-changing 2.6 kernel and released version
4.8 of their Cisco VPN software. Make sure you have version 4.8, or
you’ll need to patch your VPN Client source.
Once all that is at hand, just unpack the Cisco VPN tarball, enter
the VPN directory and, as root, execute “./vpn_install”. Answer the
script’s questions (the default is usually fine) and the installer
will do everything for you. Make sure you have some profiles under
“/etc/CiscoSystemsVPNClient/Profiles” to play with.
One unexplained source of headaches for me was the VPN Certificate
Store. I’ve installed older versions of the Cisco VPN Client literally
dozens of times, and I usually copy the “/etc/CiscoSystemsVPNClient/Certificates”
directory freely from one computer to another. Interestingly enough, and
for some unexplained reason, this did not work for the current version of
vpnclient. If your vpnclient works without certificates but always fails
when you try a connection using certificates, you may want to “export” your
certificates on a computer where it is running and re-import them into your
Linux box. You can do this type “ciscocertmgr -U -op import” to import the
user’s certificate. Substitute the “-U” in the previous command by “-R” to
import the root certificate (usually your firewall’s certificate).
A final word: The logging facilities of the Cisco VPN client for Linux are
not intuitive at all. By reading the documentation, you’re left with the
impression that turning logging alone in the “vpnclient.ini” file is enough
to get some kind of “binary” logs, which are then translated by “ipseclog”
into something readable. This is not true. In reality, you must be
running “ipseclog filename” to get logs. The VPN client will connect to the
“ipseclog” program, which generates the physical log files.
I hope this will help you spend less time configuring your VPN client than I
had to. :)
Most GNU utilities and tools come with
extensive documentation in the GNU “info” format. Info files
are usually installed under “/usr/share/info” and read by the
info program. Unfortunately, info uses
emacs keybings and other not so obvious concepts which may make it difficult
tkinfo is a graphical TCL/TK reader
for GNU info documentation. It contains all the important features of the
text-mode version of info, plus some such as menus, navigational buttons,
X-support, etc. You can also embed tkinfo in your application to provide
Keywords: Daily Debian, tkinfo, info, GNU info, browser, documentation
I routinely use ICQ to keep in touch with friends and family abroad, but
lately more and more people are using MSN for their instant messaging needs.
I still prefer the old ICQ protocol (which allows me to leave messages to
offline contacts, for instance), but the purpose of a instant messaging
application is to communicate with people, meaning that some kind of MSN
client was in my future. And so began my search for an MSN clone for Linux,
a companion for the lonely flower of licq
lying in my fluxbox dock.
I tested a few clients and ended up choosing
gaim for my MSN instant
messaging needs, but recently a friend told me to take a look at
amsn, a fully featured MSN IM Client for
What instantly caught my attention about amsn was the fact that it is written
in “TCL”. In a flash, visions of a poorly written application, with crude
menus and bad performance came to my mind but I couldn’t resist the curiosity
and installed it anyway. Oh boy, I was so wrong…
Amsn is indeed a fully-featured MSN client. It supports instant messages,
full-speed file transfers, emoticons, multiple languages, tabbed chat
windows, group support, dock support, webcam and many other features present
in the original MSN client. On top of all that, amsn has a very polished
look, with a nice interface and graphics, making it the most complete MSN
client for Linux I’ve seen.
Keywords: Daily Debian, amsn, msn messenger, instant messaging, icq, aol
When I migrated from RedHat to Debian, I immediately noticed that Debian
relies on a set of commands (apt-get, apt-cache, dpkg, and others) to
manipulate packages and the packages database. This is a big contrast to RPM
(RedHat package management system), which uses a single command to perform
the same tasks.
Despite its superior performance (IMHO), Debian’s packaging system can be
daunting to the newcomer, or to those with difficulties remembering command
names. Wajig solves the problem by
providing a wrapper around “apt-get”, “apt-cache”, “dpkg” and other standard
Debian tools. With wajig, most (all?) package related tasks can now be
performed with a single command, and a more intuitive command-line interface.
Wajig can also start and stop packages, and perform other tasks that
would require multiple commands or shell scripts with apt-get and dpkg
alone. Another interesting feature is the “teaching” mode, where it shows the
Debian commands that will be executed to perform a given task.
After years using Debian, I still dislike the standard output of “dpkg -l”
(lots of information I don’t need, and trims the package names). Wajig can
easily display the package names with “wajig listnames” (it calls “apt-cache
pkgnames | sort” for you).
Another useful command is “wajig findpkg file”, which files a package that
supplies a given command or file (by searching packages.debian.org).
Debian wajig Page
- Wajig Page
Keywords: Daily Debian, wajig, apt-get, dpkg, apt, sysadmin
bootchart is a tool for performance
analysis and visualization of the Linux boot process.
Bootchart works at boot time, by temporarily replacing the “init” program
and collecting timing data about the startup scripts. All collected data is
converted into a graph and saved as a PNG, SVG, or EPS chart for further
Bootchart allowed me to shorten my boot time by 15 seconds or so. If you
think this is a small improvement, try to sit in front of your computer for
15 seconds without touching the keyboard. :)
Keywords: Daily Debian, bootchart, boot process, fine-tuning, tuning, linux