Installing and Using the Linux OpenConnect client with UCI's VPN

by Jeff Stern.

Note: There is also a more official method of installing UC Irvine's VPN support by using the proprietary Cisco VPN Linux client software provided by UCI. The below details an alternative method though, should you prefer not to use the Cisco VPN client software, but to use the open-source software. It is also more automatic. I personally prefer this method.


U.C. Irvine's Office of Information Technology (OIT) has a good general VPN-Linux support page to help you get connected to the campus VPN if you have a Fedora-based Linux box. Mostly, that page is oriented toward supporting the installation of the Cisco company's proprietary 'anyconnect' software so you can connect to the campus VPN servers using your Linux box.

However down at the bottom of that page, there is a separate section ('Linux OpenConnect Client') which gives information on setting up a connection to the campus VPN using an alternate method that uses only the native and non-proprietary 'openvpn' and 'openconnect' vpn drivers developed by the Linux open-source community, and is easily installable via its own package system, without using Cisco's software.

But that section of instructions is oriented more toward those of us who use the Fedora distribution of Linux and its 'yum'-based package management system.

So I set up these instructions for those with Debian and Ubuntu systems. However, I know it also works with OpenSUSE and Fedora (albeit with different package names). Please let me know if you get it going on any other distro's, or if modifications are needed for them.

I find this method slightly easier to set up than Cisco's. It may not involve a fancy windowing interface or system-tray icons, but it is simple and works. Also, it is scriptable -- meaning that you can set it up so that you do not need to type in your username and password every time.

Keep in mind that this method is not supported by OIT. And I'm pretty busy. Especially if you are not from UCI.

But if it has worked for you, or if you have a brief suggestion, please do write me. I'd love to hear that it helped someone and/or any improvements that could be added.

Thanks to several for the help getting here.


  1. Install necessary packages (for Debian and Ubuntu)
    $ sudo apt-get install openconnect lib32ncurses5 lib32tinfo5 lib32z1 libc6-i386 libpkcs11-helper1 openvpn vpnc-scripts net-tools
  2. Now download the below 2 scripts to your Linux system.
    (Remove the '.txt' endings during or after downloading, of course.)
    Dump them into your home bin dir ($HOME/bin , i.e. ~/bin) or to some other location on your $PATH you have access to.
  3. Edit the top sections of both scripts so as to set the variables correctly for your system, and save.
  4. Make these scripts executable:
    $ cd ~/bin ; chmod +x ucivpnup ucivpndown
  5. Again, make sure your ~/bin directory (or wherever you dumped these) is on your $PATH.
    I leave this to you, but maybe edit your ~/.bashrc or ~/.bash_profile initialization script(s).



Thanks to:

  1. Mike Iglesias and Sylvia Bass at UCI's OIT for putting a link to this page from their VPN-Linux page.
  2. Daniel Schneider for his Using Cisco AnyConnect VPN with openconnect page on GitHub, which I adapted originally for these instructions.
  3. Tom Distler, for the Tux/Cisco image at the top of this page, which I mooched from his page, How to connect Linux to a Cisco VPN using a PCF file.
  4. Professor Leo Simon at UC Berkeley, for asking me to make an automated version of the ucivpn connect script (up in Installation, Step 2).
  5. Mats Faugli for the heads-up that net-tools package now needs to be explicitly added in Ubuntu18, since that package is no longer included in the distribution by default (8/8/2018)
  6. Gediminas (5/27/18) for several corrections to the scripts which fixed the DNS resolv problem (bug) after shutting down, and which correctly remove the tun1 tun. He also suggested that it is possible to edit these scripts "a step further and [so that] the "up" script supports inputting user/pass/group/hostname from the stdin [which would make it] both secure and universal." If I get a copy of that part from him, I will add in as well.

Contact / Feedback

Please email me to let me know how this process went for you, and/or with any suggestions for improvement on this page itself. Thanks.

<<<Last updated December 13, 2018>>>