Cisco Linux VPN on kernels 2.6.19+ (And x86_64)

Cisco seems to have been screwing the pooch recently when it comes to releasing good installers for their VPN software. A version of the VPN client for windows released last February had a nasty glitch where it tried to iterate every group in RIT's active directory environment 4 times. And the previous version of the Linux VPN (4.8.00) unceremoniously broke with kernels higher than 2.6.19 and remained officially unpatched (There were only community written patches) for several years. Cisco recently released 4.8.02, which brings with it full compatibility with modern kernels (tested up to 2.6.25)

However, to compile on a 64 bit kernel the module included code which modifies the compiler flags (or CFLAGS) to build correctly on 64 bit kernels. The linux build system for kernel modules (called Kbuild) does not allow makefiles for modules to modify CFLAGS directly, so it accepts a parameter called EXTRA_CFLAGS. The Makefile for Cisco VPN Client for some reason uses EXTRA_CFLAGS fine normally but in the conditional for 64 bits uses CFLAGS directly, causing the build system to throw a hissy fit. So the simple fix is to change line 15 of the Makefile for Cisco VPN 4.8.02 from

CFLAGS += -mcmodel=kernel -mno-red-zone

To

EXTRA_CFLAGS += -mcmodel=kernel -mno-red-zone

Then there's a whole slew of other issues with 64 bit kernels which are fixed by this patch.
(patch linked from http://www.lamnk.com/blog/, and written by Steven Frost)

At least there's a positive note with that: A codebase patched for 64 bit will still compile (albeit with warnings) on 32 bit systems.

I see stuff like these issues, and I've gotta wonder...Do they TEST this stuff? At all?

--PXA