Installing and using the OpenConnect client with Debian and Ubuntu for UC Irvine (UCI) VPN

by Jeff Stern.

Note: There is also a more official method of installing UCI's VPN support by using the proprietary Cisco VPN Linux client software provided by UCI. The below details an alternative, though, should you prefer not to use the Cisco VPN client software, but to use the open-source software. It is also more automatic. I personally prefer this method.


U.C. Irvine's Office of Information Technology (OIT) has a good general VPN-Linux support page to help you get connected to the campus VPN if you have a Fedora-based Linux box. Mostly, that page is oriented toward supporting the installation of the Cisco company's proprietary 'anyconnect' software so you can cannot to the campus VPN servers using your Linux box.

However down at the bottom of that page, there is a separate section ('Linux OpenConnect Client') which gives information on setting up a connection to the campus VPN using an alternate method that uses only the native and non-proprietary 'openvpn' and 'openconnect' vpn drivers developed by the Linux open-source community, and is easily installable via its own package system, without using Cisco's software.

But that section of instructions is oriented more toward those of us who use the Fedora distribution of Linux and its 'yum'-based package management system.

Fedora is a very popular and excellent Linux 'distro' (I have used it myself for years and it continues to develop). But there are distributions of Linux as well, including Debian, and its most popular derivative, Ubuntu. These themselves have many sub-derived distributions, forming to an entire Debian-based family tree of Linux “distro's”. These distributions use a different package management system, called 'apt', and the names of those packages are different from the Fedora packages. So getting the openconnect method going on Debian or Ubuntu based Linux distributions is a bit different than Fedora, and I thought I would share some tips below with fellow Debian/Ubuntu users if it will save you some time.

This alternative (openvpn/openconnect) method has undergone various changes over time but has worked for me for Debian up through version 9 (“Stretch”) and for Ubuntu-derived distributions from 10.04 thru 17.04. If your distribution is not actually Debian or Ubuntu, but one of their derivatives, you're probably still good, since the package names should be still the same. Actually, it's a pretty simple set-up.

I find this method slightly easier to set up than Cisco's. It may not involve a fancy windowing interface or system-tray icons, but it is simple and works. Also, it is scriptable -- meaning that you can set it up so that you do not need to type in your username and password every time.

Keep in mind that this method is not supported by OIT. And I'm pretty busy. Especially if you are not from UCI.

But if it has worked for you, or if you have a brief suggestion, please do write me. I'd love to hear that it helped someone and/or any improvements that could be added.

Thanks to several for the help getting here.


  1. Install necessary packages
    $ sudo apt-get install openconnect lib32ncurses5 lib32tinfo5 lib32z1 libc6-i386 libpkcs11-helper1 openvpn vpnc-scripts net-tools
  2. Now download these files onto your Linux system somewhere on your $PATH, e.g. perhaps in $HOME/bin/ucivpnup and $HOME/bin/ucivpndown. (Remove the '.txt' endings.):
  3. Edit the ucivpnup script: The VPNUSER, VPNGRP, PW, OCLOG variables should all be changed to your preferences and ucinetid. Save file.
  4. The ucivpndown script only needs its OCLOG variable edited to match exactly the OCLOG var in the ucivpnup script.
  5. Make these scripts executable:
    $ chmod +x $HOME/bin/ucivpnup
    $ chmod +x $HOME/bin/ucivpndown



Thanks to:

  1. Mike Iglesias and Sylvia Bass at UCI's OIT for for putting up the link to here from their VPN-Linux page.
  2. Daniel Schneider for his Using Cisco AnyConnect VPN with openconnect page on GitHub, which I adapted for these instructions.
  3. Tom Distler, for the Tux/Cisco image at the top of this page, which I mooched from his page, How to connect Linux to a Cisco VPN using a PCF file.
  4. Professor Leo Simon at UC Berkeley, for asking me to make an automated version of the ucivpn connect script (up in Installation, Step 2).
  5. Mats Faugli for the heads-up that net-tools package now needs to be explicitly added in Ubuntu18, since that package is no longer included in the distribution by default (8/8/2018)

Contact / Feedback

Please email me to let me know how this process went for you, and/or with any suggestions for improvement on this page itself. Thanks.

last updated August 29, 2017