I’ve spent quite some time trying to make Cisco’s “vpnclient” work under Ubuntu. I’ve seen a lot of posts on the Internet about it, but not a single one with a comprehensive solution. I’ll try to summarize (in a nutshell) what I’ve been through, hoping it will help the next guy (or girl).

First, it’s important to remember that Cisco’s VPNClient is not an open source solution — it just integrates with open source. The installation procedure needs to compile a module that matches the current Linux kernel configuration, and that usually needs a properly configured kernel source under “/usr/src/linux”.

As a practice, I always keep a compiled version of my current kernel under “/usr/src/linux”. This is helpful, as many important configuration files and headers are generated during this process. You’ll need a configured kernel to install most “semi-open” Linux modules.

There are lots of references on how to compile a kernel on Debian (or Ubuntu), and I assume if you’re installing a VPN client, you know how to find your way around. Just remember that your kernel source must match your currently running kernel and you must compile the Cisco client using the same version of gcc that was used to compile the kernel (Hint: “cat /proc/version” will tell you what was used to compile the current kernel, and “gcc -v” will tell you what is your current version of gcc).

Another source of confusion is that changes have been made to the 2.6 kernel series that make it impossible to compile the Cisco VPN client. Fortunately, Cisco already adapted to the ever-changing 2.6 kernel and released version 4.8 of their Cisco VPN software. Make sure you have version 4.8, or you’ll need to patch your VPN Client source.

Once all that is at hand, just unpack the Cisco VPN tarball, enter the VPN directory and, as root, execute “./vpn_install”. Answer the script’s questions (the default is usually fine) and the installer will do everything for you. Make sure you have some profiles under “/etc/CiscoSystemsVPNClient/Profiles” to play with.

One unexplained source of headaches for me was the VPN Certificate Store. I’ve installed older versions of the Cisco VPN Client literally dozens of times, and I usually copy the “/etc/CiscoSystemsVPNClient/Certificates” directory freely from one computer to another. Interestingly enough, and for some unexplained reason, this did not work for the current version of vpnclient. If your vpnclient works without certificates but always fails when you try a connection using certificates, you may want to “export” your certificates on a computer where it is running and re-import them into your Linux box. You can do this type “ciscocertmgr -U -op import” to import the user’s certificate. Substitute the “-U” in the previous command by “-R” to import the root certificate (usually your firewall’s certificate).

A final word: The logging facilities of the Cisco VPN client for Linux are not intuitive at all. By reading the documentation, you’re left with the impression that turning logging alone in the “vpnclient.ini” file is enough to get some kind of “binary” logs, which are then translated by “ipseclog” into something readable. This is not true. In reality, you must be running “ipseclog filename” to get logs. The VPN client will connect to the “ipseclog” program, which generates the physical log files.

I hope this will help you spend less time configuring your VPN client than I had to. :)

[Permalink] | | | | |

Most GNU utilities and tools come with extensive documentation in the GNU “info” format. Info files are usually installed under “/usr/share/info” and read by the info program. Unfortunately, info uses emacs keybings and other not so obvious concepts which may make it difficult to use.

tkinfo is a graphical TCL/TK reader for GNU info documentation. It contains all the important features of the text-mode version of info, plus some such as menus, navigational buttons, X-support, etc. You can also embed tkinfo in your application to provide on-line help.

• Debian tkinfo Page
• tkinfo Page

Keywords: Daily Debian, tkinfo, info, GNU info, browser, documentation

[Permalink] | | | | |

I routinely use ICQ to keep in touch with friends and family abroad, but lately more and more people are using MSN for their instant messaging needs. I still prefer the old ICQ protocol (which allows me to leave messages to offline contacts, for instance), but the purpose of a instant messaging application is to communicate with people, meaning that some kind of MSN client was in my future. And so began my search for an MSN clone for Linux, a companion for the lonely flower of licq lying in my fluxbox dock.

I tested a few clients and ended up choosing gaim for my MSN instant messaging needs, but recently a friend told me to take a look at amsn, a fully featured MSN IM Client for Linux.

What instantly caught my attention about amsn was the fact that it is written in “TCL”. In a flash, visions of a poorly written application, with crude menus and bad performance came to my mind but I couldn’t resist the curiosity and installed it anyway. Oh boy, I was so wrong…

Amsn is indeed a fully-featured MSN client. It supports instant messages, full-speed file transfers, emoticons, multiple languages, tabbed chat windows, group support, dock support, webcam and many other features present in the original MSN client. On top of all that, amsn has a very polished look, with a nice interface and graphics, making it the most complete MSN client for Linux I’ve seen.

• Debian amsn Page
• amsn Page

Keywords: Daily Debian, amsn, msn messenger, instant messaging, icq, aol

[Permalink] | | | | |

When I migrated from RedHat to Debian, I immediately noticed that Debian relies on a set of commands (apt-get, apt-cache, dpkg, and others) to manipulate packages and the packages database. This is a big contrast to RPM (RedHat package management system), which uses a single command to perform the same tasks.

Despite its superior performance (IMHO), Debian’s packaging system can be daunting to the newcomer, or to those with difficulties remembering command names. Wajig solves the problem by providing a wrapper around “apt-get”, “apt-cache”, “dpkg” and other standard Debian tools. With wajig, most (all?) package related tasks can now be performed with a single command, and a more intuitive command-line interface.

Wajig can also start and stop packages, and perform other tasks that would require multiple commands or shell scripts with apt-get and dpkg alone. Another interesting feature is the “teaching” mode, where it shows the Debian commands that will be executed to perform a given task.

TIPS:

• After years using Debian, I still dislike the standard output of “dpkg -l” (lots of information I don’t need, and trims the package names). Wajig can easily display the package names with “wajig listnames” (it calls “apt-cache pkgnames | sort” for you).

• Another useful command is “wajig findpkg file”, which files a package that supplies a given command or file (by searching packages.debian.org).

• Debian wajig Page

• Wajig Page

Keywords: Daily Debian, wajig, apt-get, dpkg, apt, sysadmin

[Permalink] | | | | |

bootchart is a tool for performance analysis and visualization of the Linux boot process.

Bootchart works at boot time, by temporarily replacing the “init” program and collecting timing data about the startup scripts. All collected data is converted into a graph and saved as a PNG, SVG, or EPS chart for further analysis.

Bootchart allowed me to shorten my boot time by 15 seconds or so. If you think this is a small improvement, try to sit in front of your computer for 15 seconds without touching the keyboard. :)

• Debian bootchart Page
• Bootchart Page

Keywords: Daily Debian, bootchart, boot process, fine-tuning, tuning, linux

[Permalink] | | | | |