Installing and Using the Cisco AnyConnect Client with Ubuntu for UCI VPN
/
Installing and Using the Cisco AnyConnect Client with Ubuntu for UCI VPN
by Jeff Stern
(Note: There is also an alternative way to install UCI VPN support without using the Cisco client, but using the built-in Debian/Ubuntu openconnect and openvpn drivers, if you find the method below doesn’t work for you, or if you prefer to use non-proprietary open source software. )
an introduction
OIT has a good general VPN-Linux page with instructions on setting up the Cisco AnyConnect VPN client software for Linux, but I stumbled across a couple of places and thought I’d pass along some alerts to other Debian and Ubuntu users.
I originally wrote this “How-To” for Ubuntu v10, and updated it with v17.04. It should work with most or all distributions derived from Debian through 9.0 (“Stretch”).
Please write to me to let me know how it went for you, and/or with any suggestions. I’d love to hear that it helped someone and/or any improvements that could be added.
Thanks to the many for helping to get here.
Abstract
In the instructions below, I will walk you through installing the Cisco VPN client on a Debian or Ubuntu system. When you’re done, you’ll have two commands available in the Command Prompt, which you can run to connect to your campus VPN: “vpn” (text mode) and “vpnui” (graphical/windows).
I also used to include instructions for getting VPN support to appear in the NetworkManager / applet icon in the system tray, for those who have used a Gnome based desktop. I don’t do that anymore, because it’s too complicated these days to keep up with the documentation of different desktop environments, and the changes (and lack of reliability) in NetworkManager. It’s not really necessary anyway. If you get it on your own, though, kudos to you! 🙂
Installing the Cisco AnyConnect Client
- First, make sure you have the necessary Debian/Ubuntu support packages installed: $ sudo apt-get update $ sudo apt-get install lib32z1 lib32ncurses5
- Go to the UCI OIT Cisco Anyconnect / Linux Help page.
- Download the 32 or 64-bit client as a gz file.
From the command prompt, go to the directory where you saved the file, unzip and run it, just like the OIT instructions. Note that you may have to put some backslashes because the download file apparently comes with spaces in the file name these days: ~$cd~/Downloads~/Downloads]$tar -xzvf anyconnect-predeploy-linux-64-4.3. 05017-k9.tar 6.59.23 AM.gz anyconnect-4.3.05017 / anyconnect-4.3.05017 / vpn / anyconnect-4.3.05017 / vpn / vpn_install.sh anyconnect-4.3.05017 / vpn / vpnagentd anyconnect-4.3 .05017 / vpn / vpnagentd_init anyconnect-4.3.05017 / vpn / vpn_uninstall.sh anyconnect-4.3.05017 / vpn / anyconnect_uninstall.sh anyconnect-4.3.05017 / vpn / libacciscossl.so anyconnect-4.3.05017so / vpno / lib. anyconnect-4.3.05017 / vpn / libaccurl.so.4.3.0 anyconnect-4.3.05017 / vpn / vpnui anyconnect-4.3.05017 / vpn / cisco-anyconnect.desktop anyconnect-4.3.05017 / vpn / cisco-anyconnect.menu anyconnect-4.3.05017 / vpn / cisco-anyconnect.directory anyconnect-4.3.05017 / vpn / libvpnagentutilities.so anyconnect-4.3.05017 / vpn / libvpncommon.so anyconnect-4.3.05017 / vpn / libvpncommoncrypt. 05017 / vpn / libvpnapi.so anyconnect-4.3.05017 / vp n / libvpnipsec.so anyconnect-4.3.05017 / vpn / vpn anyconnect-4.3.05017 / vpn / acinstallhelper anyconnect-4.3.05017 / vpn / pixmaps / anyconnect-4.3 .05017 / vpn / pixmaps / company-logo.png anyconnect- 4.3.05017 / vpn / pixmaps / cvc-about.png anyconnect-4.3.05017 / vpn / pixmaps / cvc-config.png anyconnect-4.3.05017 / vpn / pixmaps / cvc-connect.png anyconnect-4.3.05017 / vpn /pixmaps/cvc-disconnect.png anyconnect-4.3.05017 / vpn / pixmaps / cvc-info.png anyconnect-4.3.05017 / vpn / pixmaps / systray_connected.png anyconnect-4.3.05017 / vpn / pixmaps / systray_disconnect.png anyconnect -4.3.05017 / vpn / pixmaps / systray_notconnected.png anyconnect-4.3.05017 / vpn / pixmaps / systray_quarantined.png anyconnect-4.3.05017 / vpn /systray_notconnected.png .png anyconnect-4.3.05017 / vpn / pixmaps. png anyconnect-4.3.05017 / vpn / pixmaps / downloader-arrow.png anyconnect-4.3.05017 / vpn / manifesttool anyconnect-4.3.05017 / vpn / ACManifestVPN.xml anyconnect-4.3.05017 / vpn / vpndownloader anyconnect-4.3.05017 / vpn / vpndownloader-cli anyconnect-4.3.05017 / vpn / update.txt anyconnect-4.3.05017 / vpn / OpenSource.html anyconnect-4.3.05017 / vpn / AnyConnectProfile.xsd anyconnect-4.3.05017 / vpn / AnyConnectLocalPolicy.xsd anyconnect-4.3.05017 / vpn / libacfeedback.so anyconnect-4.3.05017 vpn / License.txt anyconnect-4.3.05017 / vpn / VeriSignClass3PublicPrimaryCertificationAuthority-G5.pem anyconnect-4.3.05017 / dart / anyconnect-4.3.05017 / dart dart_install.sh anyconnect-4.3.05017 / dart / AMPEnabler.xml anyconnect 4.3.05017 / dart / AnyConnectConfig.xml anyconnect-4.3.05017 / dart / BaseConfig.xml anyconnect-4.3.05017 / dart / ConfigXMLSchema.xsd anyconnect-4.3. 05017 / dart / DARTGUI.glade anyconnect-4.3.05017 / dart / ISEPosture.xml anyconnect-4.3.05017 / dart / NetworkVi sibility.xml anyconnect-4.3.05017 / dart / Posture.xml anyconnect-4.3.05017 / dart / RequestXMLSchema.xsd anyconnect-4.3.05017 / dart / Umbrella.xml anyconnect-4.3 .05017 / dart / cisco-anyconnect-dart. desktop anyconnect-4.3.05017 / dart / cisco-anyconnect-dart.directory anyconnect-4.3.05017 / dart / cisco-anyconnect-dart.menu anyconnect-4.3.05017 / dart / Cisco .png anyconnect-4.3.05017 / dart / dartCustom.png anyconnect-4.3.05017 / dart / dartTypical.png anyconnect-4.3.05017 / dart / dart_uninstall.sh anyconnect-4.3.05017 / dart / dartcli anyconnect-4.3.05017 / dart / dartcli.symbols anyconnect-4.3.05017 / dart / dartui anyconnect-4.3.05017 / dart / dartui.symbols anyconnect-4.3.05017 / dart / License.txt anyconnect-4.3.05017 / dart / manifesttool anyconnect-4.3.05017 /dart/ACManifestDART.xml anyconnect-4.3. 05017 / posture / anyconnect-4.3.05017 / posture / ciscod anyconnect-4.3.05017 / posture / cscan anyconnect-4.3.05017 / posture / ciscod_init anyconnect-4.3.05017 / posture / cstu b anyconnect-4.3.05017 / posture / posture_install.sh anyconnect-4.3.05017 / posture / posture_uninstall.sh anyconnect-4.3.05017 / posture / libcsd.so anyconnect-4.3.05017 / posture / libhostscan.so anyconnect-4.3.05017 / posture / libinspector.so anyconnect-4.3.05017 / posture / License.txt anyconnect-4.3.05017 / posture / table.dat anyconnect-4.3.05017 / posture / ACManifestPOS.xml anyconnect-4.3.05017 / posture / libaccurl.so . 4.3.0 anyconnect-4.3.05 017/posture/libacciscocrypto.so anyconnect-4.3.05017/posture/libacciscossl.so~/Downloads]$cd anyconnect-4.3.05017~/Downloads/anyconnect-4.3.05017]$ cd vpn ~ / Downloads / anyconnect-4.3. 05017/vpn]$ls -lh $total 12M -rwxr-xr-x 1 jas jas 14K Dec 9 2016 acinstallhelper -rw-r -r– 1 jas jas 262 Dec 9 2016 ACManifestVPN.xml -rw-r– r — 1 jas jas 6.6K Dec 9 2016 AnyConnectLocalPolicy.xsd -rw-r – r– 1 jas jas 83K Dec 9 2016 AnyConnectProfile.xsd -rwxr-xr-x 1 jas jas 502 Dec 9 2016 anyconnect_uninstall.sh – rw- r – r – 1 jas 279 December 9 2016 cisco-anyconnect.desktop -rw-r – r– 1 jas jas 164 December 9 2016 cisco-anyconnect.directory -rw-r – r– 1 jas jas 603 December 9 2016 cisco-anyconnect.menu -rwxr-xr-x 1 jas 2.6M Dec 9 2016 libacciscocrypto.so -rwxr-xr-x 1 jas jas 436K Dec 9 2016 libacciscossl.so -rwxr-xr- x 1 jas jas 232K Dec 9 2016 libaccurl.so.4.3.0 -rwxr-xr-x 1 jas jas 168K Dec 9, 2016 libacfeedback.so -rwxr-xr-x 1 jas jas 888K Dec 9, 2016 libvpnagentutilities.so -rwxr- xr-x 1 jas jas 1.6M Dec 9 2016 libvpnapi.so -rwxr-xr-x 1 jas jas 530K Dec 9 2016 libvpncommoncrypt.so -rwxr-xr-x 1 jas jas 1.7M Dec 9 2016 libvpncommon.so -rw xr-xr-x 1 jas jas 1.1M Dec 9 2016 libvpnipsec.so -rw-r – r– 1 jas jas 13K Dec 9 2016 License. txt -rwxr-xr-x 1 jas jas 480K Dec 9, 2016 manifesttool -rw-r – r– 1 jas jas 68K Dec 9 2016 OpenSource.html drwxr-sr-x 2 jas jas 4.0K Dec 9, 2016 pixmaps -rw- r – r– 1 jas jas Dec 9 2016 update.txt -rw-r – r– 1 jas jas 1.8K Dec 9, 2016 VeriSignClass3PublicPrimaryCertificationAuthority-G5.pem -rwxr-xr-x 1 jas jas 65K Dec 9, 2016 vpn -rwxr-xr-x 1 jas jas 724K Dec 9, 2016 vpnagentd -rw-r – r– 1 jas jas 2.1K Dec 9, 2016 vpnagentd_init -rwxr-xr-x 1 jas jas 424K Dec 9, 2016 vpndownloader -rwxr-xr- x 1 jas jas 396K Dec 9 2016 vpndownloader-cli -rwxr-xr-x 1 jas jas 24K Dec 9, 2016 vpn_install.sh -rwxr-xr-x 1 jas jas 176K Dec 9, 2016 vpnui -rwxr-xr-x 1 jas jas 8.4K Dec 9, 2016 vpn_uninstall.sh ~/Downloads/anyconnect-4.3.05017/vpn]$ ./ vpn_install.sh Install Cisco AnyConnect Secu re Mobility Client… Sorry, you need superuser privileges to run this script. ~ / Downloads / anyconnect-4.3.05017 / vpn]$ sudo ./vpn_install.sh … Do you accept the terms in the license agreement? [y/n] y You have accepted the license agreement. Please wait while the Cisco AnyConnect Secure Mobility Client is installed… Start the Cisco AnyConnect Secure Mobility Client Agent… Done! ~/Downloads/anyconnect-4.3.05017/vpn]$_
If you eventually get the following message instead: Failed to start vpnagentd.service: Failed to load module vpnagentd.service: No such file or directory. This most likely means that you did not install the two Ubuntu packages in step 1 above.
Now reload systemd, and scan for new or changed modules: sudo systemctl $daemon-reload
The vpn client should now be installed on your system and start the vpnagentd process. You can check this by looking at the active processes: $ps auxw | grep vpnagentd | grep -v grep root 3049 0.0 0.2 165960 8356? Sl 09:07 0:04 / opt / cisco / anyconnect / bin / vpnagentd
During installation, the vpnagentd dae should now be set up to run every time the system boots. To check: $ find /etc/rc?.d -type l -name “*vpnagentd *” /etc/rc2.d/K25vpnagentd /etc/rc2.d/S85vpnagentd /etc/rc3.d/K25vpnagentd/etc/rc3 . d / S85vpnagentd /etc/rc4.d/K25vpnagentd /etc/rc4.d/S85vpnagentd /etc/rc5.d/K25vpnagentd /etc/rc5.d/S85vpnagentdor$ ls -l /etc/rc?.d/*vpn * lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc2.d/K25vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc2.d/S85vpnagentd -> / etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc3.d/K25vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 / etc / rc3.d/S85vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc4.d/K25vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root 21 5 Jun 09:07 /etc/rc4.d/S85vpnagentd -> /etc/init.d/vpnagentd* lrwxrwxrwx 1 root Jun 21 09:07 /etc/rc5.d/K25vpnagentd -> /etc/init. d / vpnagentd * lrwxrwxrwx 1 root root 21 5 Jun 09:07 /etc/rc5.d/S85vpnagentd -> /etc/init.d/vpnagentd*
Create command aliases to refer to the vpn and vpnui commands: $alias vpn = ‘/opt/cisco/anyconnect/bin/vpn’ $alias vpnui = ‘/opt/cisco/anyconnect/bin/vpnui’
Also add these aliases to the end of the ~/.bashrc or ~/.bash_aliases file: $cat >> ~/.bash_aliases alias vpn = ‘/opt/cisco/anyconnect/bin/vpn’ alias vpnui = ‘/opt/cisco / anyconnect / bin / vpnui ‘^D $_ (where you don’t actually type ‘^D’: it means you press Ctrl-D to quit).
If you want to modify your aliases file instead directly, you can run a simple editor, “nano”, which is usually available on Debian and Ubuntu systems:
nano $ ~ / .bash_aliases
Delivery and unplugging
Connectivity (graphic window)
Just run: vpnui $
And “vpn.uci.edu” should already appear. Just click Connect.
If you get an error message about an untrusted server or certificate..
You can fix this by following the instructions from Robert in the Note 1 – Connection Error section below.
(By the way, depending on the installation method, whichever Linux desktop environments you’re using (Gnome, Unity, KDE, Mate, Cinnamon, XFCE, etc.) But don’t count on it!This is Linux, after all.. :-))
Connect (via command line)
- To start the client from a command line prompt in a terminal window, using the alias you created above: $vpn
- At the VPN> prompt, type connect vpn.uci.edu and hit Enter. (If you get an error message about an untrusted server or…
[ad_1]
Don’t forget to share this post with friends !
