SUMMARY: Complilng VPNC

Sorry about the delay, but it took a while.

The real issue is not compiling vnpc. I got throught that. The real issue is
the vpnc-script. The one that comes with vpnc 0.5.1 simply won't work with
X86. It doesn't handle resolv.conf properly and doesn't setup the routing
correctly. After some hacking and slashing I finally got a script that works
(at least for me, your milage may vary). There are things in the script that
possibly could be improved and things that could be deleted.

#!/usr/bin/bash
#* reason -- why this script was called, one of:
pre-init connect disconnect
#* VPNGATEWAY -- vpn gateway address (always present)
#* TUNDEV -- tunnel device (always present)
#* INTERNAL_IP4_ADDRESS -- address (always present)
#* INTERNAL_IP4_NETMASK -- netmask (often unset)
#* INTERNAL_IP4_DNS -- list of dns serverss
#* INTERNAL_IP4_NBNS -- list of wins servers
#* CISCO_DEF_DOMAIN -- default domain name
#* CISCO_BANNER -- banner from server
#* CISCO_SPLIT_INC -- number of networks in split-network-list
#* CISCO_SPLIT_INC_%d_ADDR -- network address
#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0)
#* CISCO_SPLIT_INC_%d_MASKLEN -- subnet masklen (for example: 24)
#* CISCO_SPLIT_INC_%d_PROTOCOL -- protocol (often just 0)
#* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0)
#* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0)

#set -x

# =========== script (variable) setup ====================================

PATH=/sbin:/usr/sbin:$PATH

OS="`uname -s`"

DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute
RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup
FULL_SCRIPTNAME=/usr/local/sbin/vpnc
SCRIPTNAME=`basename $FULL_SCRIPTNAME`

if ! [ -d "/var/run/vpnc" ]; then
mkdir -p /var/run/vpnc
fi


MODIFYRESOLVCONF=modify_resolvconf_generic
RESTORERESOLVCONF=restore_resolvconf_generic

# =========== tunnel interface handling ====================================

do_ifconfig() {
ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" "$INTERNAL_IP4_ADDRESS"
netmask 255.255.255.255 mtu 1412 up
}

# =========== route handling ====================================

# use route command
get_default_gw() {
# isn't -n supposed to give --numeric output? apperently not...
# Get rid of lines containing IPv6 addresses (':')
netstat -r -n | sed 's/default/0.0.0.0/' | sed 's/^.*:.*$//' | grep
'^0.0.0.0' | awk '{print $2}'
}

set_vpngateway_route() {
route add "$VPNGATEWAY" "$DEFAULTGW"
}

del_vpngateway_route() {
DEFAULTGW=`cat $DEFAULT_ROUTE_FILE`
route delete -host "$VPNGATEWAY" "$DEFAULTGW"
}

set_default_route() {
DEFAULTGW="`get_default_gw`"
echo "$DEFAULTGW" > "$DEFAULT_ROUTE_FILE"
route delete default $DEFAULTGW
route add default "$INTERNAL_IP4_ADDRESS" -interface }

reset_default_route() {
if [ -s "$DEFAULT_ROUTE_FILE" ]; then
route $route_syntax_del default $INTERNAL_IP4_ADDRESS
route add default `cat "$DEFAULT_ROUTE_FILE"`
rm -f -- "$DEFAULT_ROUTE_FILE"
fi
}


# =========== resolv.conf handling for any OS =========================

modify_resolvconf_generic() {
grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 || cp --
/etc/resolv.conf "$RESOLV_CONF_BACKUP"
NEW_RESOLVCONF="#@VPNC_GENERATED@ -- this file is generated by vpnc # and
will be overwritten by vpnc # as long as the above mark is intact"

# Remember the original value of CISCO_DEF_DOMAIN we need it later
CISCO_DEF_DOMAIN_ORIG="$CISCO_DEF_DOMAIN"
# Don't step on INTERNAL_IP4_DNS value, use a temporary variable
INTERNAL_IP4_DNS_TEMP="$INTERNAL_IP4_DNS"
exec 6< "$RESOLV_CONF_BACKUP"
while read LINE <&6 ; do
case "$LINE" in
nameserver*)
if [ -n "$INTERNAL_IP4_DNS_TEMP" ]; then
read ONE_NAMESERVER INTERNAL_IP4_DNS_TEMP <<-EOF
$INTERNAL_IP4_DNS_TEMP
EOF
LINE="nameserver $ONE_NAMESERVER"
else
LINE=""
fi
;;
search*)
if [ -n "$CISCO_DEF_DOMAIN" ]; then
LINE="$LINE $CISCO_DEF_DOMAIN"
CISCO_DEF_DOMAIN=""
fi
;;
domain*)
if [ -n "$CISCO_DEF_DOMAIN" ]; then
LINE="domain $CISCO_DEF_DOMAIN"
CISCO_DEF_DOMAIN=""
fi
;;

esac
NEW_RESOLVCONF="$NEW_RESOLVCONF
$LINE"
done
exec 6<&-

for i in $INTERNAL_IP4_DNS_TEMP ; do
NEW_RESOLVCONF="$NEW_RESOLVCONF
nameserver $i"
done
if [ -n "$CISCO_DEF_DOMAIN" ]; then
NEW_RESOLVCONF="$NEW_RESOLVCONF
search $CISCO_DEF_DOMAIN"
fi
echo "$NEW_RESOLVCONF" > /etc/resolv.conf

}

restore_resolvconf_generic() {
if [ ! -e "$RESOLV_CONF_BACKUP" ]; then
return
fi
grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 && cat
"$RESOLV_CONF_BACKUP" > /etc/resolv.conf
rm -f -- "$RESOLV_CONF_BACKUP"
}

# ========= Toplevel state handling =======================================

kernel_is_2_6_or_above() {
case `uname -r` in
1.*|2.[012345]*)
return 1
;;
*)
return 0
;;
esac
}

do_pre_init() {
if [ "$OS" = "Linux" ]; then
if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then
:
else # can't open /dev/net/tun
test -e /proc/sys/kernel/modprobe && `cat /proc/sys/kernel/modprobe`
tun
2>/dev/null
# fix for broken devfs in kernel 2.6.x
if [ "`readlink /dev/net/tun`" = misc/net/tun \
-a ! -e /dev/net/misc/net/tun -a -e /dev/misc/net/tun ] ; then
ln -sf /dev/misc/net/tun /dev/net/tun
fi
# make sure tun device exists
if [ ! -e /dev/net/tun ]; then
mkdir -p /dev/net
mknod -m 0640 /dev/net/tun c 10 200
fi
# workaround for a possible latency caused by udev, sleep max. 10s
if kernel_is_2_6_or_above ; then
for x in `seq 100` ; do
(exec 6<> /dev/net/tun) > /dev/null 2>&1 && break;
sleep 0.1
done
fi
fi
elif [ "$OS" = "FreeBSD" ]; then
if [ ! -e /dev/tun ]; then
kldload if_tun
fi
elif [ "$OS" = "GNU/kFreeBSD" ]; then
if [ ! -e /dev/tun ]; then
kldload if_tun
fi
elif [ "$OS" = "NetBSD" ]; then
:
elif [ "$OS" = "OpenBSD" ]; then
:
elif [ "$OS" = "SunOS" ]; then
:
elif [ "$OS" = "Darwin" ]; then
:
fi
}

do_connect() {
if [ -n "$CISCO_BANNER" ]; then
echo "Connect Banner:"
echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done
echo
fi

do_ifconfig
set_default_route
set_vpngateway_route

if [ -n "$INTERNAL_IP4_DNS" ]; then
$MODIFYRESOLVCONF
fi
}

do_disconnect() {
del_vpngateway_route
reset_default_route

if [ -n "$INTERNAL_IP4_DNS" ]; then
$RESTORERESOLVCONF
fi
}

#### Main

if [ -z "$reason" ]; then
echo "this script must be called from vpnc" 1>&2
exit 1
fi

case "$reason" in
pre-init)
do_pre_init
;;
connect)
do_connect
;;
disconnect)
do_disconnect
;;
*)
echo "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2
exit 1
;;
esac

exit 0





------ Original Question ------


I'm trying to connect an Solaris 10 x86 system to a Cisco VPN. Most of what I
found suggests using VPNC. However I cannot get it to compile. I've installed
the Blastware stuff (gcc 3.4.3, binutils, libgcrypt, libgcrypt, intltool,
libiconv, gmake) but I get errors such as:

gcc -O3 -g -W -Wall -Wmissing-declarations -Wwrite-strings
-DVERSION=\"0.5.1\" -c -o sysdep.o sysdep.c
gcc -O3 -g -W -Wall -Wmissing-declarations -Wwrite-strings
-DVERSION=\"0.5.1\" -c -o vpnc-debug.o vpnc-debug.c
gcc -O3 -g -W -Wall -Wmissing-declarations -Wwrite-strings
-DVERSION=\"0.5.1\" -c -o isakmp-pkt.o isakmp-pkt.c
In file included from isakmp-pkt.c:31:
math_group.h:62: error: syntax error before "gcry_mpi_t"
math_group.h:62: warning: no semicolon at end of struct or union
math_group.h:63: warning: type defaults to `int' in declaration of `p'
math_group.h:63: warning: data definition has no type or storage class
math_group.h:64: error: syntax error before "a"
math_group.h:64: warning: type defaults to `int' in declaration of `a'
math_group.h:64: warning: type defaults to `int' in declaration of `b'
math_group.h:64: warning: type defaults to `int' in declaration of `c'
math_group.h:64: warning: type defaults to `int' in declaration of `d'
math_group.h:64: warning: data definition has no type or storage class
math_group.h:65: error: syntax error before '}' token
In file included from vpnc.h:24,
from isakmp-pkt.c:32:
tunip.h:43: error: syntax error before "gcry_cipher_hd_t"
tunip.h:43: warning: no semicolon at end of struct or union
tunip.h:50: error: syntax error before '}' token
tunip.h:111: error: field `rx' has incomplete type
tunip.h:111: error: field `tx' has incomplete type
gmake: *** [isakmp-pkt.o] Error 1

Has someone gotten this beast to compile or should I just go with openvpn?
The
reason I'm trying VPNC is that there are utilities to convert Cisco PCF files
and searches indicate that once it is compiled it works really well with
Cisco. (Unfortunately Cisco does not have a Solaris x86 VPN client.)


JC

PS: J and C are my initials, look at the email address.
_______________________________________________
sunmanagers mailing list
sunmanagers@xxxxxxxxxxxxxxx
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

Relevant Pages

  • [SUMMARY] Solaris x86 cisco vpn client
    ... Solaris x86 VPN client summary. ... Down to business - With one exception, everyone suggested VPNC. ... The one exception was for the Connectra SSL VPN extender. ... prior to getting a good/working compile of VPNc. ...
    (SunManagers)
  • Re: LEAVE
    ... If definitions were nestable I could have DO do:NONAME and compile ... the xt into the outside definition, and then LEAVE could do EXIT. ...
    (comp.lang.forth)
  • Re: Thank You -- Thomas J. Gritzan
    ... void main ... long *buffer; ... exit(1); ... Someone did not even take the effort to compile their own example!! ...
    (comp.lang.c)
  • Re: Cisco VPN Client (WAS: Re: [opensuse] Re: Checkinstall dropped from Opensuse )
    ... reasons I use suse -- almost everything imaginable is available ... I'd like to use the Cisco vpn client to work from home ... VPN client is tied into the kernel version. ... Well, your compile went smoothly. ...
    (SuSE)
  • Re: Class Termination Woes
    ... >> compile, save everything, exit the ... But one only has to get bitten by a hung program once or twice before ... I generally always save myself before I exit. ... opens the IDE up again. ...
    (microsoft.public.vb.general.discussion)