Document ID: 18882
Cisco has announced the end of sales for the Cisco VPN 5000 Series Concentrators. For more information, please see the End-of-Sales Announcement
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Manually Uninstalling the VPN 5000 Client on Linux
Verify
Troubleshoot
Related Information
Introduction
This document describes how to manually uninstall the VPN 5000 Client version 5.1.5 on Linux 2.4.16 Red Hat Linux Release 6.2 (Zoot). This document assumes that you selected default values when prompted by the installation process. If you used non-default values specific to your installation, you should record these values in order to use this procedure as a guide while uninstalling your specific installation.
Prerequisites
Requirements
Readers of this document should review the installation procedure before using the uninstallation procedure.
Note: The installation script does not use the application packaging systems/package management commands used on various Linux systems. During installation of the client, you should have seen something similar to the following output.
Note: In this example, "~myhomedirectory" is the home directory of user "myhomedirectory," and the machine name is "missile."
[myhomedirectory@missile ~myhomedirectory/COMPvpn]# ./vpn_install Directory where binaries will be installed [/usr/local/bin] Directory where libraries will be installed [/usr/local/lib] Directory containing linux kernel source code [/usr/src/linux] Select network device [eth0] Automatically start the vpn service at boot time [yes] Binaries will be installed in "/usr/local/bin". Libraries will be installed in "/usr/local/lib". Modules will be installed in "/lib/modules/2.4.16/COMPvpn". The "eth0" network device will be used. Certificates must reside in /etc/Intraport Client/certificates. The vpn service will be started automatically at boot time. Is the above correct [y] Making module Copying binaries to directory "/usr/local/bin". Copying libraries to the directory "/usr/local/lib". Copying module to directory "/lib/modules/2.4.16/COMPvpn". Create start/stop script "/etc/rc.d/init.d/vpn". Customize start/stop script. 1578 36 1614 Enable start/stop script for run level 3 and 5. Create initial VPN configuration file "/etc/vpn_config". ln: /usr/lib/libscep.so.1.0: File exists ln: /usr/lib/libscep.so.1: File exists ln: /usr/lib/libscep.so: File exists Setting permissions.
Components Used
The information in this document is based on these software and hardware versions:
-
Cisco VPN 5000 Client 5.1.5
-
Linux Kernel version 2.4.16
-
Red Hat Linux release 6.2 (Zoot)
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Manually Uninstalling the VPN 5000 Client on Linux
Use the following steps to uninstall the VPN 5000 Client.
-
Stop the VPN module:
[myhomedirectory@missile ~myhomedirectory/COMPvpn]# /etc/rc.d/init.d/vpn stop Shutting down VPN services: disable/configure modules Done
If you lost the start/stop script, you may automatically unload the VPN module with the following command:
[myhomedirectory@missile ~myhomedirectory/COMPvpn]#ifconfig vpn0 down [myhomedirectory@missile ~myhomedirectory/COMPvpn]#rmmod vpnmod
You can check that the VPN module has been correctly removed by using the Linux lsmod command which lists the currently loaded modules.
[myhomedirectory@missile ~myhomedirectory/COMPvpn]# lsmod Module Size Used by
If the VPN module is still running, you will see the following:
Module Size Used by vpnmod 185048 -1 (unused)
If the module is not running in the first place, you might get the following error when you attempt to stop the module:
Shutting down VPN services: disable/configure vpn0: unknown interface: No such device
-
Remove the binary files.
To remove the binary files, you will have to remember where you installed them. In the earlier example of the installation process, the binary files were placed in /usr/local/bin.
cd /usr/local/bin [myhomedirectory@missile bin]# rm -i open_tunnel close_tunnel vpn_control scep_app rm: remove `open_tunnel'? y rm: remove `close_tunnel'? y rm: remove `vpn_control'? y rm: remove `scep_app'? y
Note: All files may not be present in all versions of the VPN 5000 Client. Also the directory /usr/local/bin is not exclusive for the VPN Client, so do not remove files other than binaries.
If you forgot where you kept the binary files, you can use the Find option to find one of these files:
[myhomedirectory@missile /]# find / -name open_tunnel ./usr/local/bin/open_tunnel ./home/myhomedirectory/COMPvpn/open_tunnel ./home/myhomedirectory/COMPvpn-5.0.19/open_tunnel [myhomedirectory@missile /]#
-
Remove the library files.
By default, the library files are installed under /usr/local/lib, but you may have placed them elsewhere during installation.
cd /usr/local/lib [myhomedirectory@missile lib]# rm -i libscep.so libscep.so.1 libscep.so.1.0 rm: remove `libscep.so'? y rm: remove `libscep.so.1'? y rm: remove `libscep.so.1.0'? y
Some links to these library files are also created in /usr/lib. Remove them as well.
cd /usr/lib [myhomedirectory@missile lib]# rm -i libscep.so libscep.so.1 libscep.so.1.0 rm: remove `libscep.so'? y rm: remove `libscep.so.1'? y rm: remove `libscep.so.1.0'? y
-
Remove the start/stop script and the automatic startup, if enabled.
The start/stop script is located under /etc/rc.d/init.d/ and is called "vpn."
[myhomedirectory@missile init.d]# rm /etc/rc.d/init.d/vpn rm: remove `/etc/rc.d/init.d/vpn'? y
You may also find vpn.b and vpn.old. You can remove them as well.
If you have enabled automatic startup of the VPN Client, you will also have to remove /etc/rc.d/rc3.d/S85vpn and /etc/rc.d/rc5.d/S85vpn, which are symbolic links to /etc/rc.d/init.d/vpn.
[myhomedirectory@missile init.d]# rm /etc/rc.d/rc3.d/S85vpn /etc/rc.d/rc5.d/S85vpn rm: remove `/etc/rc.d/rc3.d/S85vpn'? y rm: remove `/etc/rc.d/rc5.d/S85vpn'? y
-
Remove the configuration file.
If you want to remove the configuration file (you may want to keep it if you want to reinstall the client later), then remove the following files:
[myhomedirectory@missile init.d]# rm /etc/vpn_config rm: remove `/etc/vpn_config'? y
If vpn_config.old is also present, and you can remove that as well.
-
Remove the module.
Depending on your installation, the module can be located in /lib/modules/preferred/COMPvpn or in lib/modules/x.y.zz/COMPvpn, where x.y.zz is the version of the kernel you are running. You can find the kernel version using the uname -r command.
For example:
[myhomedirectory@missile init.d]# uname -r 2.4.16 [myhomedirectory@missile init.d]# rm -i /lib/modules/2.4.16/COMPvpn/vpnmod rm: remove `/lib/modules/2.4.16/COMPvpn/vpnmod'? y
You may also want to remove the directory /lib/modules/2.4.16/COMPvpn using the rmdir /lib/modules/2.4.16/COMPvpn/vpnmod command.
-
Remove your certificates.
Remove your certificates stored under /etc/Intraport Client/certificates/. The following command will remove everything under the Intraport Client directory:
Note: If there is a space in a file name, such as in "Intraport Client," you will need to use the backslash character "\" in UNIX to precede the character so that the shell may interpret it properly.
[myhomedirectory@missile ~myhomedirectory/COMPvpn]# rm -ri /etc/Intraport\ Client/ rm: descend into directory `/etc/Intraport Client'? y rm: descend into directory `/etc/Intraport Client/certificates'? y rm: descend into directory `/etc/Intraport Client/certificates/root'? y rm: remove directory `/etc/Intraport Client/certificates/root'? y rm: descend into directory `/etc/Intraport Client/certificates/user'? y rm: remove directory `/etc/Intraport Client/certificates/user'? y rm: descend into directory `/etc/Intraport Client/certificates/requests'? y rm: remove directory `/etc/Intraport Client/certificates/requests'? y rm: remove directory `/etc/Intraport Client/certificates'? y rm: remove directory `/etc/Intraport Client'? y
Verify
There is currently no verification procedure available for this configuration.
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
Related Information
- Cisco VPN 5000 Series Concentrators End-of-Sales Announcement
- Cisco VPN 5000 Concentrator Support Page
- Cisco VPN 5000 Client Support Page
- IPSec Support Page
- Technical Support - Cisco Systems
| Updated: Apr 04, 2008 | Document ID: 18882 |