Cisco VPN 5000 Client User Guide for Linux and Solaris, Version 5.2.x - Installing the VPN Client [Cisco VPN 5000 Client]

Table Of Contents

Installing the Cisco VPN 5000 Client

Contents

About the Configuration File

Configuration File Permissions

Installing the VPN Client for Linux

System Requirements

Unpacking the VPN Client Files

About the VPN Client for Linux Install Script

Installing the Software

Uninstalling an Old VPN Client for Solaris

Installing the VPN Client for Solaris

System Requirements

Using the 32-Bit Kernel

Unpacking the VPN Client Files

About the VPN Client for Solaris Install Script

Installing the Software

Installing the Cisco VPN 5000 Client

This chapter describes how to install the VPN client software for Linux and Solaris on your computer.

Contents

This chapter includes the following sections:

•About the Configuration File

•Installing the VPN Client for Linux

•Uninstalling an Old VPN Client for Solaris

•Installing the VPN Client for Solaris

About the Configuration File

The VPN clients for Linux and Solaris have a generic configuration file, which is automatically created as part of the installation process. This configuration file can be edited at any time to enable security features, change IP addresses, use digital certificates, and enter or change passwords. The configuration file is named vpn_config and is located by default in the /etc directory.

For more information on the configuration file, see "Configuration File Keywords."

Configuration File Permissions

User information is stored in the vpn_config file. After the initial installation, only the root user has write permissions. Non-root users are able to utilize the VPN client and user configurations within the vpn_config file but they cannot make changes to this file.

Because the VPN client updates the vpn_config file upon exit, non-root users receive an error message that indicates the user does not have permission to write to the vpn_config file. If the root user has included all required user information, non-root users are not required to update this file.

To allow non-root users permission to make changes to the vpn_config file:

•Assign the non-root users to a group and allow that group permission to write to the vpn_config file. This is the recommended method.

•Allow all users permission to write to vpn_config file. This method is not recommended because the integrity of the information in the vpn_config file is vital to the security of the vpn application.

Installing the VPN Client for Linux

This section describes how to install the VPN client for Linux. You should be familiar with Linux and software installation on Linux before you perform this procedure.

The VPN client for Linux consists of a driver, which is a loadable module, and a set of commands accessible through your shell, which is used to access the applications.

The commands and some parts of the driver are distributed in binary form only.

System Requirements

The VPN client for Linux supports Red Hat Version 6.0 Linux (Intel), or compatible libraries with globed Version 2.1.1-6 or later, using kernel Versions 2.2.5-15 or later.

Unpacking the VPN Client Files

The VPN client for Linux is shipped as a compressed tar file.

To unpack the files

Step 1 Download the packed files (from either your internal network or the Cisco website) to a directory of your choice.

Step 2 Copy the VPN client file to a selected directory.

Step 3 Unpack the file using the zcat and tar commands. For example:
zcat COMPvpn-vpn-5000-linux-x.x.x-3des-K9.tar.z | tar xvf -
(where x.x.x is the version number)

This command creates the COMPvpn directory in the current directory.

About the VPN Client for Linux Install Script

During the installation process:

1. The module is compiled, linked, and copied to either the directory /lib/modules/preferred/COMPvpn, if it exists, or to /lib/modules/system/COMPvpn, where system is the kernel version.

2. The application binaries are copied to the specified destination directory.

3. The startup file /etc/rc.d/init.d/vpn is created to enable and disable the VPN service.

4. The links /etc/rc3.d/s85vpn and /etc/rc5.d/s85vpn are added to run level 3 and run level 5 if startup at boot time is requested.

These links allow the tunnel server to start at boot time and run in levels 3 and 5.

Installing the Software

Before you install a new version of the VPN client or reinstall your current version, you must use the stop command to disable VPN service.

/etc/rc.d/init.d/vpn stop

To install the VPN client for Linux

Step 1 Obtain superuser privileges to run the install script.

Step 2 Type the following commands:
cd COMPvpn
./vpn_install
Step 3 At the prompt, choose a directory in which to install the VPN client.

Use the default directory (by pressing Enter), or choose a directory in your user's path.

Step 4 Select the network interface.

Use the default, eth0, or choose your own network interface.

Note To switch between Ethernet and PPP connections, you must reinstall the VPN client and select the appropriate interface.

Step 5 Enable the VPN service by using one of the following methods:

•Reboot your computer.

•Enable the service without rebooting. Type the following command:
/etc/rc.d/init.d/vpn start
To disable the VPN service, type the following command:

/etc/rc.d/init.d/vpn stop

Uninstalling an Old VPN Client for Solaris

If a VPN client for Solaris was previously installed, you must remove the old client before you install a new one.

To uninstall a package, use the pkgrm command. For example:
pkgrm COMPvpn
Installing the VPN Client for Solaris

This section describes how to install the VPN client for Solaris. You should be familiar with Solaris and software installation on Solaris before you perform this procedure.

System Requirements

The VPN client for Solaris runs on any SPARC or Intel computer running a 32-bit Solaris kernel OS Version 2.5.1 or later.

Using the 32-Bit Kernel

Some Solaris machines run a 64-bit kernel by default. To use the VPN client, run the 32-bit version of the kernel.

One way to run the 32-bit version is to specify kernel/unix as the boot file. For example, enter the following command:

ok boot kernel/unix

Unpacking the VPN Client Files

The VPN client for Solaris comes as a compressed tar file.

To unpack the files

Step 1 Download the packed files, either from your internal network or the Cisco website, to a directory of your choice.

Step 2 Copy the VPN client file to a selected directory.

Step 3 Unpack the files.

•For versions prior to 5.1.5, the VPN client for SPARC Solaris distribution is a directory which contains the installation scripts and the files to be installed.

Use the zcat and tar commands to unpack the files. For example, the command for SPARC Solaris is:
zcat COMPvpn-vpn-5000-solaris-x.x.x-3des-K9.tar.z | tar xvf -
(where x.x.x is the version number)

For Intel Solaris, the command is:
zcat COMPvpn-vpn-5000-isolaris-x.x.x-3des-K9.tar.z | tar xvf -
This command creates a COMPvpn directory in the current directory.

•For Version 5.1.5 and later, the distribution package is a single file. This conforms to the standard packages that are shipped with the 64-bit Solaris operating system.

The binaries are installed in the same base directories but the soft links to the binaries are located in the standard /usr/local/bin directory.

The installation files are bundled as a .gz instead of a .tar package. Use the following commands to install the VPN client for Solaris package:
gunzip vpn-5000-solaris-x.x.x-3des-k9.gz
pkgadd -d vpn-5000-solaris-x.x.x-3des-k9 COMPvpn
(where x.x.x is the version number)

About the VPN Client for Solaris Install Script

During the installation process:

•The following line is added to the /etc/iu.ap file to enable the autopush facility at startup:
hme -1 0 vpnmod 
•The VPN module is copied to a directory in the system's module search path.

–The 32-bit VPN module is copied to /kernel/strmod.

–The 64-bit module is copied to /kernel/strmod/sparcv9.

The pkginfo command provides information about the installed packages. For more information on other package-related commands, type:
man pkgadd
Installing the Software

To install the VPN client for Solaris

Step 1 Obtain superuser privileges to run the install script.

Step 2 Type the following command:
pkgadd -d . COMPvpn
Step 3 At the prompt, choose a directory in which to install the VPN client applications.

Use the default directory (by pressing Enter), or choose a directory in your user's path.

Step 4 Select the network interface.

Choose the default interface of hme0 for the first 100-Mbps Ethernet interface, le0 for the first 10-Mbps Ethernet interface, or choose another network interface.

Step 5 Respond Yes to any other prompts to complete the installation.

Step 6 Reboot your computer.

	Cisco VPN 5000 Client User Guide for Linux and Solaris, Version 5.2.x
	Installing the VPN Client
Cisco VPN 5000 Client User Guide for Linux and Solaris, Version 5.2.x Preface Introduction to the VPN Client Installing the VPN Client Running the VPN Client Configuration File Keywords Index	Download this chapter Installing the VPN Client Table Of Contents Installing the Cisco VPN 5000 Client Contents About the Configuration File Configuration File Permissions Installing the VPN Client for Linux System Requirements Unpacking the VPN Client Files About the VPN Client for Linux Install Script Installing the Software Uninstalling an Old VPN Client for Solaris Installing the VPN Client for Solaris System Requirements Using the 32-Bit Kernel Unpacking the VPN Client Files About the VPN Client for Solaris Install Script Installing the Software Installing the Cisco VPN 5000 Client This chapter describes how to install the VPN client software for Linux and Solaris on your computer. Contents This chapter includes the following sections: •About the Configuration File •Installing the VPN Client for Linux •Uninstalling an Old VPN Client for Solaris •Installing the VPN Client for Solaris About the Configuration File The VPN clients for Linux and Solaris have a generic configuration file, which is automatically created as part of the installation process. This configuration file can be edited at any time to enable security features, change IP addresses, use digital certificates, and enter or change passwords. The configuration file is named vpn_config and is located by default in the /etc directory. For more information on the configuration file, see "Configuration File Keywords." Configuration File Permissions User information is stored in the vpn_config file. After the initial installation, only the root user has write permissions. Non-root users are able to utilize the VPN client and user configurations within the vpn_config file but they cannot make changes to this file. Because the VPN client updates the vpn_config file upon exit, non-root users receive an error message that indicates the user does not have permission to write to the vpn_config file. If the root user has included all required user information, non-root users are not required to update this file. To allow non-root users permission to make changes to the vpn_config file: •Assign the non-root users to a group and allow that group permission to write to the vpn_config file. This is the recommended method. •Allow all users permission to write to vpn_config file. This method is not recommended because the integrity of the information in the vpn_config file is vital to the security of the vpn application. Installing the VPN Client for Linux This section describes how to install the VPN client for Linux. You should be familiar with Linux and software installation on Linux before you perform this procedure. The VPN client for Linux consists of a driver, which is a loadable module, and a set of commands accessible through your shell, which is used to access the applications. The commands and some parts of the driver are distributed in binary form only. System Requirements The VPN client for Linux supports Red Hat Version 6.0 Linux (Intel), or compatible libraries with globed Version 2.1.1-6 or later, using kernel Versions 2.2.5-15 or later. Unpacking the VPN Client Files The VPN client for Linux is shipped as a compressed tar file. To unpack the files Step 1 Download the packed files (from either your internal network or the Cisco website) to a directory of your choice. Step 2 Copy the VPN client file to a selected directory. Step 3 Unpack the file using the zcat and tar commands. For example: zcat COMPvpn-vpn-5000-linux-x.x.x-3des-K9.tar.z \| tar xvf - (where x.x.x is the version number) This command creates the COMPvpn directory in the current directory. About the VPN Client for Linux Install Script During the installation process: 1. The module is compiled, linked, and copied to either the directory /lib/modules/preferred/COMPvpn, if it exists, or to /lib/modules/system/COMPvpn, where system is the kernel version. 2. The application binaries are copied to the specified destination directory. 3. The startup file /etc/rc.d/init.d/vpn is created to enable and disable the VPN service. 4. The links /etc/rc3.d/s85vpn and /etc/rc5.d/s85vpn are added to run level 3 and run level 5 if startup at boot time is requested. These links allow the tunnel server to start at boot time and run in levels 3 and 5. Installing the Software Before you install a new version of the VPN client or reinstall your current version, you must use the stop command to disable VPN service. /etc/rc.d/init.d/vpn stop To install the VPN client for Linux Step 1 Obtain superuser privileges to run the install script. Step 2 Type the following commands: cd COMPvpn ./vpn_install Step 3 At the prompt, choose a directory in which to install the VPN client. Use the default directory (by pressing Enter), or choose a directory in your user's path. Step 4 Select the network interface. Use the default, eth0, or choose your own network interface. Note To switch between Ethernet and PPP connections, you must reinstall the VPN client and select the appropriate interface. Step 5 Enable the VPN service by using one of the following methods: •Reboot your computer. •Enable the service without rebooting. Type the following command: /etc/rc.d/init.d/vpn start To disable the VPN service, type the following command: /etc/rc.d/init.d/vpn stop Uninstalling an Old VPN Client for Solaris If a VPN client for Solaris was previously installed, you must remove the old client before you install a new one. To uninstall a package, use the pkgrm command. For example: pkgrm COMPvpn Installing the VPN Client for Solaris This section describes how to install the VPN client for Solaris. You should be familiar with Solaris and software installation on Solaris before you perform this procedure. System Requirements The VPN client for Solaris runs on any SPARC or Intel computer running a 32-bit Solaris kernel OS Version 2.5.1 or later. Using the 32-Bit Kernel Some Solaris machines run a 64-bit kernel by default. To use the VPN client, run the 32-bit version of the kernel. One way to run the 32-bit version is to specify kernel/unix as the boot file. For example, enter the following command: ok boot kernel/unix Unpacking the VPN Client Files The VPN client for Solaris comes as a compressed tar file. To unpack the files Step 1 Download the packed files, either from your internal network or the Cisco website, to a directory of your choice. Step 2 Copy the VPN client file to a selected directory. Step 3 Unpack the files. •For versions prior to 5.1.5, the VPN client for SPARC Solaris distribution is a directory which contains the installation scripts and the files to be installed. Use the zcat and tar commands to unpack the files. For example, the command for SPARC Solaris is: zcat COMPvpn-vpn-5000-solaris-x.x.x-3des-K9.tar.z \| tar xvf - (where x.x.x is the version number) For Intel Solaris, the command is: zcat COMPvpn-vpn-5000-isolaris-x.x.x-3des-K9.tar.z \| tar xvf - This command creates a COMPvpn directory in the current directory. •For Version 5.1.5 and later, the distribution package is a single file. This conforms to the standard packages that are shipped with the 64-bit Solaris operating system. The binaries are installed in the same base directories but the soft links to the binaries are located in the standard /usr/local/bin directory. The installation files are bundled as a .gz instead of a .tar package. Use the following commands to install the VPN client for Solaris package: gunzip vpn-5000-solaris-x.x.x-3des-k9.gz pkgadd -d vpn-5000-solaris-x.x.x-3des-k9 COMPvpn (where x.x.x is the version number) About the VPN Client for Solaris Install Script During the installation process: •The following line is added to the /etc/iu.ap file to enable the autopush facility at startup: hme -1 0 vpnmod •The VPN module is copied to a directory in the system's module search path. –The 32-bit VPN module is copied to /kernel/strmod. –The 64-bit module is copied to /kernel/strmod/sparcv9. The pkginfo command provides information about the installed packages. For more information on other package-related commands, type: man pkgadd Installing the Software To install the VPN client for Solaris Step 1 Obtain superuser privileges to run the install script. Step 2 Type the following command: pkgadd -d . COMPvpn Step 3 At the prompt, choose a directory in which to install the VPN client applications. Use the default directory (by pressing Enter), or choose a directory in your user's path. Step 4 Select the network interface. Choose the default interface of hme0 for the first 100-Mbps Ethernet interface, le0 for the first 10-Mbps Ethernet interface, or choose another network interface. Step 5 Respond Yes to any other prompts to complete the installation. Step 6 Reboot your computer.
	© 1992-2008 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.