by Jeff Stern. [last updated October 28, 2015]
(Note: There is also an alternative method of installing UCI VPN support without using the Cisco client, but using the built-in Debian/Ubuntu openconnect and openvpn drivers, should you find the below method does not work for you, or if you prefer to use open-source non-proprietary software.)
OIT has a good general VPN-Linux page with instructions on setting up the Cisco AnyConnect VPN client software for Linux, but I got tripped up in a couple of places and thought I'd pass on some heads-ups for other Debian and Ubuntu users.
I originally wrote this "How-To" for Ubuntu v10, and have updated it through v15.04. It should also work (or at least get you in the ballpark) for any Debian-derived distributions.
Please do write me to let me know how it went for you, and/or with any suggestions. I'd love to hear that it helped someone and/or any improvements that could be added.
Thanks to several for the help getting here.
To get the Cisco VPN client working for an Ubuntu system, you'll need to install at least the Cisco AnyConnect client (Section 1). This gives you the core VPN functionality -- a shell vpn command to connect to / disconnect from the UCI VPN. KDE users (like myself) will have to use this method and stop here.
If you run a Gnome-based desktop, you can also optionally add the Linux NetworkManager OpenConnect GUI icon to connect and disconnect from the UCI VPN using your mouse. (Section 2)
$ sudo apt-get update $ sudo apt-get install lib32z1 lib32ncurses5
$ uname -a Linux sporkula 3.19.0-31-lowlatency #36-Ubuntu SMP PREEMPT Wed Oct 7 15:44:16 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux $_As you can see from the above example, I am on 64-bit Intel (x86_64) based processor. If you see a '386' somewhere, then you are on a 32-bit machine.
$ cd ~/Downloads $ tar zxvf anyconnect-predeploy-linux-64-3.1.11004-k9.tar.gz $ cd anyconnect-3.1.11004/vpn $ sudo ./vpn_install.sh
Do you accept the terms in the license agreement? [y/n] y You have accepted the license agreement. Please wait while Cisco AnyConnect Secure Mobility Client is being installed... Starting Cisco AnyConnect Secure Mobility Client Agent... Done!
Failed to start vpnagentd.service: Unit vpnagentd.service failed to load: No such file or directory.it most likely means you did not install the two Ubuntu packages up in step 1, above.
$ sudo apt-get install network-manager-openconnect(This is the same package listed below, in Section 2.) Thank you, Steve!
$ sudo systemctl daemon-reload
$ ps auxw | grep vpnagentd | grep -v grep root 3049 0.0 0.2 165960 8356 ? Sl 09:07 0:04 /opt/cisco/anyconnect/bin/vpnagentd
$ find /etc/rc?.d -type l -name *vpnagentd* /etc/rc2.d/K25vpnagentd /etc/rc2.d/S85vpnagentd /etc/rc3.d/K25vpnagentd /etc/rc3.d/S85vpnagentd /etc/rc4.d/K25vpnagentd /etc/rc4.d/S85vpnagentd /etc/rc5.d/K25vpnagentd /etc/rc5.d/S85vpnagentdor
$ ls -l /etc/rc?.d/*vpn* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc2.d/K25vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc2.d/S85vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc3.d/K25vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc3.d/S85vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc4.d/K25vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc4.d/S85vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc5.d/K25vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc5.d/S85vpnagentd -> /etc/init.d/vpnagentd*
alias vpn='/opt/cisco/anyconnect/bin/vpn'and you can do the same for their windowed version:
VPN> connect vpn.uci.edu >> Please enter your UCInetID and password. 0) Default-WebVPN 1) Merage 2) MerageFull 3) UCI 4) UCIFullIf you do not see this, but get a connect error instead, please see NOTE 1 - Connect Error below.
In most cases I have seen, a connection is made. I have, however, seen the below error before only once. It was when the person was installing on a netbook (running Gnome) which was on campus and usingthe campus wifi system (though I don't know if those factors were the cause). It didn't matter if they answered y or n, they continued to get the error and be denied connection.
------------------------------------------------------------------ Error: VPN> connect vpn.uci.edu connect vpn.uci.edu >> contacting host (vpn.uci.edu) for login information... >> notice: Contacting vpn.uci.edu. VPN> AnyConnect cannot verify the VPN server: vpn.uci.edu - Certificate is from an untrusted source. Connecting to this server may result in a severe security compromise! Most users do not connect to untrusted VPN servers unless the reason for the error condition is known. Connect Anyway? [y/n]: ------------------------------------------------------------------
Update 2015-12-6: "Robert" wrote me with a solution to this:
$ cd /opt/.cisco/certificates $ sudo mv ca ca.orig $ sudo ln -sf /etc/ssl/certs/ ca $ sudo /etc/init.d/vpnagentd restartCredit goes to: https://plus.google.com/+AndreasKotowicz/posts/2afhvvNZpE6
Thank you, Robert!
$ sudo /opt/cisco/anyconnect/bin/vpn_uninstall.sh
Having installed the core VPN functionality (in Section 1 above), you can actually stop there if you prefer, and from now on, just connect and disconnect using your terminal per the above instructions. If, however, you're using a Gnome-based desktop environment, you also have the option of connecting and disconnecting to the VPN via the NetworkManager icon. Instructions for adding that functionality are below. (If you do install the NetworkManager icon functionality, you can still use the command-line method, too.)
in a terminal, type:
sudo apt-get install network-manager-openconnect(or install via Synaptic)
(From now on, all you should have to do is this section any time you want to connect.)
now all your connections to UCI (web, ssh, ftp, etc.) will be through the VPN until you disconnect.
Several people have written me with some additional tips which I'll add here:
Hi ! Thank you for your web site, a lot of help. But in "Section 1", lib32z1 and lib32ncurses5 are not avalaible for launch anyconnect Prefer libpangox-1_0-0 and pangox-compat I'm not on debian (DEB) but openSuse (RPM) Best regards
Thank you for the instructions, it was very helpful so far but after I type vpn in terminal I get the message: /opt/cisco/anyconnect/bin/vpn: error while loading shared libraries: libxml2.so.2: cannot open shared object file: No such file or directoryThis turned out to be a missing library fixable by:
sudo apt-get install libxml2:i386 libstdc++6:i386
Hello Jeff, Thank you for your advice! After installing the package you recommended I was able to make alias to point to the vpn command. After I did that and typed "vnp" I used to get the error message: >> error: VPN Service not available. unable to attach to VPN subsystem! after searching the internet I found this link that was helpful with that problem. After this everything seems to be fine. I just wanted to share my experience as I'm very grateful for your help. Thank you, Zviadi(If that link no longer works, it is just recommending to start /opt/cisco/anyconnect/bin/vpnagentd first.)
Please email me to let me know how this process went for you, and/or with any suggestions for improvement on this page itself. Thanks.
(1) or from the main desktop menu, click System->Preferences->Network Connections and select the VPN tab. OR from the main desktop menu, click Settings Manager->Hardware->Network Connections. One of these (or something like them) should get you in the ballpark. (Don't you just love the Linux desktop zoo???)
Last Updated Oct 22 2015