Installing and using the Cisco AnyConnect client with Ubuntu for UCI VPN- Jeff Stern (jas at uci dot edu) (1)
OIT has a good general instruction page on setting up the Cisco AnyConnect VPN client software for Linux, but I got tripped up in a couple of places and thought I'd pass on some heads-ups for other Ubuntu users.
I originally wrote this "How-To" for Ubuntu version 10, but have updated it through version 13. It should also work for derived distributions (XUbuntu, KUbuntu, etc.).
To get the Cisco VPN client working for an Ubuntu system, you'll need to install at least the Cisco AnyConnect client (Section 1). This installs a shell vpn command to connect to / disconnect from the UCI VPN. KDE users (like myself) will have to use this method and stop here.
If you run a Gnome-based desktop, you can also optionally add the Linux NetworkManager OpenConnect GUI icon.(2) to connect and disconnect from the UCI VPN using your mouse. (Section 2)
1. Go to UCI'S VPN page. 2. Click on Download the Software VPN. 3. Log in with your UCINetID if it asks. 4. Click on Linux 32-bit AnyConnect or Linux 64-bit AnyConnect, depending on your system, and click get the VPN client. 5. Now, supposing you downloaded this to ~/Downloads, open a terminal and.. $ cd ~/Downloads $ tar zxvf anyconnect-3.1.03103.tar.gz $ cd anyconnect-3.1.03103/vpn $ sudo ./vpn_install.sh (Of course by the time you read this, the anyconnect version number -- anyconnect-3.1.03103 -- will probably be different/newer for you -- make the appropriate replacements in the lines above, for yourself.) 6. Accept the terms and let it finish. Do you accept the terms in the license agreement? [y/n] y You have accepted the license agreement. Please wait while Cisco AnyConnect Secure Mobility Client is being installed... Starting Cisco AnyConnect Secure Mobility Client Agent... Done! 7. When the script is finished, the vpn client should now have been installed on your system and the vpnagentd process started. You can verify this by looking at the active processes: $ ps auxw | grep vpnagentd | grep -v grep root 3049 0.0 0.2 165960 8356 ? Sl 09:07 0:04 /opt/cisco/anyconnect/bin/vpnagentd 8. During the installation, the vpnagentd daemon should now be set up to be started each time your system is booted. To verify: $ find /etc/rc?.d -type l -name *vpnagentd* /etc/rc2.d/K25vpnagentd /etc/rc2.d/S85vpnagentd /etc/rc3.d/K25vpnagentd /etc/rc3.d/S85vpnagentd /etc/rc4.d/K25vpnagentd /etc/rc4.d/S85vpnagentd /etc/rc5.d/K25vpnagentd /etc/rc5.d/S85vpnagentd or $ ls -l /etc/rc?.d/*vpn* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc2.d/K25vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc2.d/S85vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc3.d/K25vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc3.d/S85vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc4.d/K25vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc4.d/S85vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc5.d/K25vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc5.d/S85vpnagentd -> /etc/init.d/vpnagentd* 9. Make an alias to point to the vpn command, so that you only have to type, "vpn" to start it. Insert the following line into either your ~/.bashrc or ~/.bash_aliases file: alias vpn='/opt/cisco/anyconnect/bin/vpn' 10. Now sign out and back in so that alias takes effect.
1. To start the client from a command-line prompt in a terminal window, using the alias you made above: $ vpn 2. At the "VPN>" prompt, type "connect vpn.uci.edu" and press return. You will now see: VPN> connect vpn.uci.edu >> Please enter your UCInetID and password. 0) Default-WebVPN 1) Merage 2) MerageFull 3) UCI 4) UCIFull If you do not see this, but get a connect error instead, please see NOTE 1 - Connect Error below. 3. Ignore the message about entering your UCInetID and password, for now. 4. Choose one of the choices by number and press return -- usually "UCI" or "UCIFull". (See the differences in the Tunnels below.) For instance, for "UCI", press 3 and return. 5. Enter your UCInetID and password in the Username and Password boxes and press return. 6. At the "accept? [y/n]:" prompt, type "y" and press return. You may get several notices the first time about the downloader performing update checks. At the end you should see a ">> state: Connected" message and a new "VPN>" prompt. You are now connected. 7. Either leave the VPN> prompt open or if you want your terminal back just type 'quit' at the VPN> prompt (the connection will remain active). NOTE 1 - Connect-error In most cases I have seen, a connection is made. I have, however, seen the below error before only once. It was when the person was installing on a netbook (running Gnome) which was on campus and using the campus wifi system (though I don't know if those factors were the cause). It didn't matter if they answered y or n, they continued to get the error and be denied connection. If you get this error, call OIT Help desk at 949-824-2222, or write them at firstname.lastname@example.org. If you find a solution, I'd appreciate knowing what it is: (jas at uci dot edu). Thx. ------------------------------------------------------------------ Error: VPN> connect vpn.uci.edu connect vpn.uci.edu >> contacting host (vpn.uci.edu) for login information... >> notice: Contacting vpn.uci.edu. VPN> AnyConnect cannot verify the VPN server: vpn.uci.edu - Certificate is from an untrusted source. Connecting to this server may result in a severe security compromise! Most users do not connect to untrusted VPN servers unless the reason for the error condition is known. Connect Anyway? [y/n]: ------------------------------------------------------------------
1. At the "VPN>" prompt, type "disconnect" and hit return.
1. At the "VPN>" prompt, type "quit" and hit return.
1. As root or sudo, run /opt/cisco/anyconnect/bin/vpn_uninstall.sh
If you prefer, you can actually stop here, and from now on, just connect and disconnect using your terminal per the above instructions. If, however, you're using a Gnome-based desktop environment, you also have the option of connecting and disconnecting to the VPN via the NetworkManager icon. Instructions for adding that functionality are below. (If you do install the NetworkManager icon functionality, you can still use the command-line method, too.)
in a terminal, type:
sudo apt-get install network-manager-openconnect(or install via Synaptic)
(From now on, all you should have to do is this section any time you want to connect.)
now all your connections to UCI (web, ssh, ftp, etc.) will be through the VPN until you disconnect.
Please email me to let me know how this process went for you, and/or with any suggestions for improvement on this page itself. Thanks.
(1) Tux Cisco image snarfed from Tom Distler's page, How to connect Linux to a Cisco VPN using a PCF file.
(2) ..thanks to a page at Georgia Tech, from which this page was adapted
(3) or from the main desktop menu, click System->Preferences->Network Connections and select the VPN tab. OR from the main desktop menu, click Settings Manager->Hardware->Network Connections. One of these (or something like them) should get you in the ballpark. (Don't you just love the Linux desktop Zoo???)
Last Updated June 6 2014