This site requires JavaScript to be enabled
An updated version of this article is available

Install and Configure the Cisco AnyConnect Software VPN on Linux

214 views

29.0 - Updated on 10-24-2024 by Leon Lam

28.0 - Updated on 10-24-2024 by Leon Lam

27.0 - Updated on 10-24-2024 by Leon Lam

26.0 - Updated on 10-24-2024 by Leon Lam

25.0 - Updated on 05-09-2024 by Mike Caban

24.0 - Updated on 03-13-2024 by Mike Caban

23.0 - Updated on 03-11-2024 by Leon Lam

22.0 - Updated on 10-05-2023 by Leon Lam

21.0 - Updated on 08-03-2023 by Leon Lam

20.0 - Updated on 12-12-2022 by Paty Ruiz Gonzalez

19.0 - Updated on 12-15-2021 by Mike Caban

18.0 - Updated on 12-15-2021 by Mike Caban

17.0 - Updated on 12-09-2021 by Mike Caban

16.0 - Updated on 11-01-2021 by Mike Caban

15.0 - Updated on 11-01-2021 by Mike Caban

14.0 - Updated on 10-21-2021 by Mike Caban

13.0 - Updated on 10-21-2021 by Mike Caban

12.0 - Updated on 10-07-2021 by Mike Caban

11.0 - Updated on 07-22-2021 by Sylvia Bass

10.0 - Updated on 07-13-2021 by Mike Caban

9.0 - Updated on 07-13-2021 by Mike Caban

8.0 - Updated on 07-07-2021 by Mike Caban

7.0 - Updated on 07-07-2021 by Mike Caban

6.0 - Updated on 07-07-2021 by Mike Caban

5.0 - Updated on 06-14-2021 by Mike Caban

4.0 - Updated on 08-21-2020 by Mike Caban

3.0 - Updated on 07-10-2020 by Mike Caban

2.0 - Updated on 07-10-2020 by Mike Caban

1.0 - Authored on 05-07-2015 by Mike Caban

Installing the VPN Client

  1. Download the Anyconnect VPN client.
  2. From the Terminal, navigate to the Downloads folder and unzip the file by typing [tar xzvf anyconnect-xxx.tar.gz]
    • NOTE: The *actual* file name will contain the name of the current version of the installer (e.g. anyconnect-linux64-4.5.03040-predeploy-k9.tar.gz)
  3. A folder with the same name as the file will appear in the current directory. Open the folder and then go to the vpn directory, and once you are there type [./vpn_install.sh]
  4. The VPN client will be installed on your system and the vpnagentd process will be started. This process will be started each time your system is booted.
  5. NOTE: Ubuntu/Debian users should run this command to download a dependency for the VPN UI: [sudo apt-get install libpangox-1.0-0]

Starting the VPN Client

  1. To start the client from the terminal, type [/opt/cisco/anyconnect/bin/vpnui]. Note: if you are not running a GUI, you can enter interactive mode by entering[/opt/cisco/anyconnect/bin/vpn]
    • NOTE: If you are using a desktop environment, you should be able to find the client in one of your menus as well (e.g. in a RHEL environment, look in Applications -> Internet).
  2. In the “Connect to:” box, type vpn.uci.edu and press Return on your keyboard. Note: in interactive mode type [connect vpn.uci.edu]
  3. A popup will appear where you will enter your UCInetID and password. By default, you will be connected to the Default-UCI connection profile/group. If you need to change this you can select your desired connection profile from the Group drop-down menu: (NOTE this window may be hidden slightly behind the login window)
    • UCIFULL – Route all traffic through the UCI VPN.
      • IMPORTANTUse UCIFULL when accessing Library resources.
    • Default-UCI – Route only campus traffic through the UCI VPN. All other traffic goes through your normal Internet provider.
  4. Back in the login window, enter your UCInetID and password, then click OK.
  5. On the next page you'll see the Duo Multifactor Login screen where you will either receive a push or enter a passcode.
  6. A banner window will appear. Click Accept to close that window. You are now connected!

Please note that if you are unable to connect to the VPN using the above method, follow these steps instead.

  1. Enter vpn.uci.edu in the Ready to Connect to field, then press the Connect button.
  2. A popup will appear where you will enter your UCInetID and password. Do not enter your credentials yet. You must first change your connection group. (NOTE this window may be hidden slightly behind the login window)
    • UCIFULL-classic – Route all traffic through the UCI VPN.
      • IMPORTANTUse UCIFULL-classic when accessing Library resources.
    • UCI-classic – Route only campus traffic through the UCI VPN. All other traffic goes through your normal Internet provider.
  3. Back in the login window, enter your UCInetID and password. Below the password box, type the word 'push' (without the quotes) and then select OK. You will receive a push from Duo and will be able to login.
  4. A banner window will appear. Click Accept to close that window. You are now connected!

Possible Error Messages

If you get one of the following messages when you try to connect to the campus VPN service:

  • “Connection attempt has failed due to server certificate problem”
  • “AnyConnect cannot confirm it is connected to your secure gateway”

this means that the AnyConnect client cannot validate the certificate on the campus VPN service.

To remedy this, please download and unzip this file and follow the directions in the README file to install the InCommon certificate files on your system.

Troubleshooting the VPN Client (FAQ & DART diagnostic utility)

If you're having trouble connecting to the VPN, please consult our comprehensive FAQ near the bottom of the main VPN page. If the issue persists, we will ask you to run the DART diagnostic utility and email us the ZIP file which will contain detailed logs about your system that will be useful for troubleshooting. You can either run the "dartcli" script from the console or the "dartui" file for a graphical version. The files can be found in the /opt/cisco/anyconnect/dart/ folder.

Linux Openconnect Client

Note: Using the Linux openconnect software is not supported by OIT. If you have problems using this, OIT will not be able to help you. These instructions are provided for you if you want to use something other than the supported Cisco AnyConnect client on your Linux system.

Some Linux distributions include a VPN client called openconnect that can be used with the the UCI VPN service. The instructions below are for Fedora Linux. Other distributions may be similar.

  1. From the terminal, type [sudo openconnect vpn.uci.edu -u UCInetID]
    • replace UCInetID with your actual UCInetID
    • if you don't have openconnect installed, you can download it from your distro's software repo [e.g. sudo apt-get install openconnect]
  2. You will be prompted for the Group to use. Type one of the options, usually Default-UCI or UCIFull (it's not case-sensitive).
    • NOTE: if you unable to connect, change the group option to either UCI-classic or UCIFull-classic.
  3. You will be prompted for your password. After you give the client your password you will be logged in.

You can minimize the terminal window while you do your work (don’t close it or you will lose your VPN connection). When you are done type ^C (control-c) to terminate openconnect and your VPN session will be logged out.

(Jeff Stern has also written a page on setting up Openconnect for Debian/Ubuntu users, at http://www.socsci.uci.edu/~jstern/uci_vpn_ubuntu/ubuntu-openconnect-uci-instructions.html.)