Cisco VPN for Win7 x64

The Cisco VPN client won't run on 64bit versions of windows, and Cisco has no plans to ship a 64 bit client anytime soon. In order to get VPN working on my shiny new Windows 7 x64 install, I tried to get the Cygwin/linux vpnc client working. I ran into a number of problems, so this post explains how it can be done and hopefully will help you avoid the same problems I had. I spent a lot of time researching information on the 'net, and wound up tweaking steps a bit and hacking scripts myself, but much of this is based on work by Li Zhao and Salty.

NOTE: update 22 Mar 2010 - The client supports Win7 now, and seems to work flawlessly. It’s a much better option if you don’t already have a need for Cygwin.

To get Cisco VPN working on an x64 Windows 7, you need:

Here's how to do it: I turned off UAC for the purposes of getting all of this installed. I ran into a number of permissions issues and false starts when I left it turned on. This reduces the number of things that can go wrong in the install process, particularly with Cygwin. Feel free to turn UAC back on after the install process if you're so inclined.

Install Cygwin:

Install OpenVPN:

Build and install VPNC:

$ cd /tmp
$ tar xvfz vpnc<tab>
$ cd vpnc<tab>
$ make
$ make PREFIX=/usr install
$ mkdir /var/run/vpnc
export PATH=${PATH}:/usr/local/bin
export PATH=${PATH}:/usr/sbin/
$ which vpnc

Repair the VPN Routing configuration script:

function getDefaultGateway()
 var output =   run( "route print"  ) ;
 var pos = output.indexOf("      ") + 30;
 var gw = output.substring(pos,pos+15); // max length of ip address
 gw = gw.substring(0,gw.indexOf(" ")); // trim at first space...
 echo("Default Gateway: [" + gw + "]");
 return gw;
echo("Pausing for 4 seconds to allow the adapter to register itself correctly and therefore correct routing inferences made. You may need to supply a longer delay.");
run("route delete " + env("VPNGATEWAY") + " mask");
//remove internal network routes
if (env("CISCO_SPLIT_INC")) {
for (var i = 0 ; i < parseInt(env("CISCO_SPLIT_INC")); i++) {
var network = env("CISCO_SPLIT_INC_" + i + "_ADDR");
run("route delete " + network );

Create your VPNC Configuration file:

$ cd /tmp
$ pcf2vpnc <old Cisco filename>.pcf /etc/vpnc/<profilename>.conf
Interface name <NameOfTheInterfaceYouPickedEarlier> 
# mine is: CiscoVPN

Interface mode tap
Pidfile /var/run/vpnc/<uniqueName>.pid 
# need a unique one per profile, so may as well use <profilename>.pid

Local Port 0  #auto selects a port
NAT Traversal Mode force-natt
No Detach
Xauth password <yourpassword>  # You've got a secure computer, right? Really? Are you sure?
Debug 1     # valid values: 1-3, 99.  99 = everything, including authorization information (passwords), so be careful

Putting it all together:

$ vpnc <profileNameWithoutExtension>

I hope this works for you, but I can't guarantee anything! Feel free to post comments with your experiences.

Update 10 Aug 09:

I have had issues with routing within the network if the vpn concentrator provides me with a new IP address. I'm not sure exactly why that happened or what to do in order to fix the routing - I'm not a network routing guru. I did figure out how to work around this issue though. In Control Panel\Network and Internet\Network Connections I went to the TCP/IPv4 settings and switched to dhcp ('obtain an IP address automatically, Obtain DNS server address automatically). These settings are overwritten when connecting to the vpn again, but for some reason making that change clears out something so that when connecting via vpnc the routing works again. For today anyways. 🙂



Update 11 Aug 09:

I forgot to mention that in my research, this VPN client: was mentioned by a number of folks as a valid free alternative. It actually looks pretty good, but I didn't try it, as I wanted to get the vpnc option figured out. I always install cygwin on my windows boxes so I didn't mind going down this route. If anyone has experience with the shrewsoft client on x64 bit windows, please comment here.