[VPN] ciscovpn client for linux + wlan-cards

[Eirik Schwenke]

[This mail was delayed almost two weeks -- first rejected because i
mime-included the patch, and then i sent it to the wrong address :-P
I have not been able to test this with the new 3.6.2-client yet,
but I re-post this anyway, in case others have experienced similar
problems. ]

After a few hours of trying to install the cisco vpn
client (3.6.1) on a linux laptop system, and getting it to work over
ethernet, but not wireless lan -- We found that the cisco-client has
a check, refusing to use ipsec over any interface not named
ppp[anything] or eth[anything]

The offending code is in interceptor.c, in two places:

     /* Don't handle non-eth non-ppp devices */
     if(strncmp(dp->name,"eth",3) && strncmp(dp->name,"ppp",3)) {

and

     /* Don't handle non-eth non-ppp packets */
     if(strncmp("eth",dev->name,3) && strncmp("ppp",dev->name,3)) {

Since many wlan-cards register them selves as wlan0-9, this
does not work with some drivers. Expanding the check to include
wlan?-interfaces solved the problem.

As my company does not have a support-contract with cisco, I
post this to the list, rather than to the vendor -- hoping a
support-person at cisco will read it, and inform developers.

See attached patch against the 3.6.1-client (or just fix the
two lines manually).

I would like to thank the two users that helped me identify
the problem, and provide the fix. Saved me from reading up
on c strncmp-calls, as I am no c-programmer ;-)

To use the patch, fist extract the standard 3.6.1-klient,
apply patch and install/compile normally:

  tar xzf vpnclient-linux-3.6.1.Rel-k9.tar.gz
  cd vpnclient
  cat ../vpnclient-linux-3.6.1.Rel-k9-wlan-patch.diff | patch -p1
  ./vpn_install

Please note: This particular patch has not been tested -- the
original quick-fix replaced the ppp-check. But at least it
compiles without errors (tested with build_driver.sh).

(My original posting was rejected, as I included the patch in
mime-format -- hopefully this will go through).

--The patch: cut, and save ---
diff -ruN vpnclient-linux-3.6.1.Rel-k9/interceptor.c
vpnclient-linux-3.6.1.Rel-k
9-wlan-patch/interceptor.c
--- vpnclient-linux-3.6.1.Rel-k9/interceptor.c  Tue Sep  3 21:12:16 2002
+++ vpnclient-linux-3.6.1.Rel-k9-wlan-patch/interceptor.c       Sun Sep
29 21:41
:00 2002
@@ -325,7 +325,7 @@
         }

         /* Don't handle non-eth non-ppp devices */
-        if(strncmp(dp->name,"eth",3) && strncmp(dp->name,"ppp",3)) {
+        if(strncmp(dp->name,"eth",3) && strncmp(dp->name,"ppp",3) &&
strncmp(dp
->name, "wlan", 4)) {
             continue;
         }
         if (num_target_devices >= MAX_DEVICES) {
@@ -458,7 +458,7 @@
     }

     /* Don't handle non-eth non-ppp packets */
-    if(strncmp("eth",dev->name,3) && strncmp("ppp",dev->name,3)) {
+    if(strncmp("eth",dev->name,3) && strncmp("ppp",dev->name,3) &&
strncmp("wla
n",dev->name,4)) {
         rc2 = original_ip_handler.orig_handler_func(skb, dev, type);
         goto exit_gracefully;
     }
--- cut ---

-- 
Eirik Schwenke

"Eat right, exercise regularly, die anyway."