by

Cisco Anyconnect Debian



Cisco AnyConnect can be installed through the Graphic User Interface (GUI) or Command Line (CLI). Certain Departmental Pools, Full Tunnel VPN, and Split Tunnel VPN Pools require Two Factor Authentication (2FA) through Duo Security to connect. Using Duo and VPN is outlined in Using Duo Append Mode with Cisco AnyConnect. These release notes provide information for AnyConnect Secure Mobility Client on Windows, macOS, and Linux platforms. An always-on intelligent VPN helps AnyConnect client devices to automatically select the optimal network access point and adapt its tunneling protocol to the most efficient method.


Topics Map > Networking > Virtual Private Networking (VPN)

This page contains links to download and installation instructions for VPN software for Linux.

Cisco Anyconnect Debian

University of Illinois students, faculty, and staff can use these directions to set up some Linux computers or devices to connect to the Virtual Private Network (VPN).

Cisco-supported Versions

Some versions of Red Hat Linux and Ubuntu are compatible with the Cisco AnyConnect VPN client. See the AnyConnect 4.8 Release Notes for a detailed listing of which versions and features are supported.

Downloading the VPN software

From the WebStore, download the VPN software that applies to your system's hardware (only 64 bit is supported in the 4.x software).

If you are using Ubuntu, you may also need to install the OpenConnect Network Manager in order to make the GUI work correctly:

for Ubuntu 16 try:

for older versions of Ubuntu, this command might be needed.

The information below has been modeled on the University of California at Irvine instructions provided at:

Debian

Additional troubleshooting tips are available there.

Red Hat Linux

As root, first unzip and untar the file, then run the vpn_install shell script. [Note the file name and directory name will change as the version changes. The example below was from version 4.3.05017.]

The vpn client will be installed on your system and the vpnagentd process will be started. This process will be started each time your system is booted.

Starting the VPN client

To start the VPN client:

  • Command line:
    In a terminal window, type
    /opt/cisco/anyconnect/bin/vpnui

  • Gnome user interface:
    Look for Cisco AnyConnect in the menu system.

  • Fedora:
    Look in Applications -> Internet

The Connect to: box appears.

  • Enter vpn.illinois.edu and press return.

When the connection begins, enter the following:

  • Group menu: Select 1_SplitTunnel_Default
    (Note: This is the most common choice. See About VPN Profiles for information about the alternatives, such as Tunnel All for access to library resources.)
  • Username: Your NetID
    (or, if you're a guest, your guest ID)
  • Password: Your Active Directory password
    (or, if you're a guest, your guest password)

In the box that appears, click Accept.

You are now ready to use your VPN connection.

Ubuntu

A good source to help with this: http://www.socsci.uci.edu/~jstern/uci_vpn_ubuntu/

First, extract the files and install as root:

Accept the license agreement when prompted.

Then install the Ubuntu Network Manager plugins (note, even with this package Ubuntu 16 does not support the GUI interface: see https://askubuntu.com/questions/760864/no-more-anyconnect-compatible-vpn-transport-in-ubuntu-16-04 for more information):

To configure the VPN using the Network Manager:

  1. Click on the 'Network Manager' icon in your System Tray on your desktop.
  2. In the menu that appears, go to VPN Connections -> Configure VPN
  3. Click Add.
  4. Choose Cisco AnyConnect Compatible VPN (openconnect) and click Create.
  5. Enter the following information:
    • Connection name: Tech Services VPN
    • Gateway: vpn.illinois.edu
    • User name: Leave blank at this point.
  6. Click Save.

Starting the VPN client

  1. Click on the 'Network Manager' icon in your System Tray on your desktop.
  2. In the menu that appears, go to VPN Connections and click Tech Services VPN.
  3. Click on the connection icon (two screens).
  4. Enter the following information:
    • Group menu: Select 1_SplitTunnel_Default
      (Note: This is the most common choice. See About VPN Profiles for information about the alternatives.)
    • Username: Your NetID
      (or, if you're a guest, your guest ID)
    • Password: Your Active Directory password
      (or, if you're a guest, your guest password)
  5. Click Login.
Note: Due to an issue with the dnsmasq process, if you are unable to connect to websites or services after you connect to the VPN, you may need to reconfigure Network Manager to avoid using dnsmasq. One way to do this is to issue the follow commands:
sudo sed -i 's/^dns=dnsmasq/#&/' /etc/NetworkManager/NetworkManager.conf
sudo service network-manager restart
sudo service networking restart

Disconnecting the VPN client

  1. Click on the 'Network Manager' icon in your System Tray on your desktop.
  2. Go to VPN Connections -> Disconnect VPN.

The Cisco AnyConnect VPN client for Linux is recommended. The following instructions are provided for those who prefer to use a built-in VPN client for Linux.

Overview

Stanford's VPN allows you to connect to Stanford's network as if you were on campus, making access to restricted services possible.

Cisco Anyconnect Linux Client

Two types of VPN are available:

  • Default Stanford (split-tunnel). When using Stanford's VPN from home, we generally recommend using the Default Stanford split-tunnel VPN. This routes and encrypts all traffic going to Stanford sites and systems through the Stanford network as if you were on campus. All non-Stanford traffic proceeds to its destination directly.
  • Full Traffic (non-split-tunnel). This encrypts all internet traffic from your computer but may inadvertently block you from using resources on your local network, such as a networked printer at home. If you are traveling or using Wi-Fi in an untrusted location like a coffee shop or hotel, you may wish to encrypt all of your internet traffic through the Full Traffic non-split-tunnel VPN to provide an additional layer of security.

You can select thy type of VPN you want to use each time you connect to the Stanford VPN.

Cisco Anyconnect Linux Mint

Install the OpenConnect client

  • On Debian-compatible distributions (including Ubuntu), install the network-manager-openconnect-gnome package.
  • On RedHat-compatible distributions (including Fedora and CentOS), install NetworkManager-openconnect-gnome.

Set up a new VPN interface

  1. In System Settings, open the Network panel and click the + button to create a new interface.
  2. On Ubuntu, select VPN from the list of interface types and click Create.
  3. Select the Cisco AnyConnect Compatible VPN connection type (and, on Ubuntu, click Create).
  4. Choose a name for the connection (e.g., Stanford) and set the Gateway to su-vpn.stanford.edu. Then, click Add (or Save).

Cisco Anyconnect Linux Install Instructions

Connect to the Stanford VPN

Cisco Anyconnect Debian 7

  1. In the Network panel, turn the new interface on.
    • On Ubuntu, in the System menu you may also click the Network icon select the new interface from the list of VPN Connections.
    • On Fedora, in the System menu you may choose VPN Off and click Connect.
  2. In the Connect to VPN dialog box, enter the following information and then click Login.
    • GROUP: select Default Stanford split- tunnel or Full Traffic non-split-tunnel
    • Username: your SUNet ID
    • Password: your SUNet ID password

  3. Complete the two-step authentication.