Linux Mint Openconnect

An openconnect VPN server, which implements an improved version of the Cisco AnyConnect protocol, has also been written. OpenConnect is released under the GNU Lesser Public License, version 2.1. Development of OpenConnect was started after a trial of the Cisco AnyConnect client under Linux found it to have many deficiencies. To use OpenConnect with NetworkManager in KDE, you need to be using NetworkManager version 0.9. There is a branch of the kde-plasma-networkmanagement tool which works with NetworkManager 0.9. It is the 'nm09' branch.

Kmgmt-785-AnyConnect-Linux-Ubuntu

Objective

The objective of this article is to guide you through installing, using, and the option of uninstalling AnyConnect VPN Client v4.9.x on Ubuntu Desktop.

Introduction

The Cisco AnyConnect Virtual Private Network (VPN) Mobility Client provides remote users with a secure VPN connection. It provides the benefits of a Cisco Secure Sockets Layer (SSL) VPN client and supports applications and functions unavailable to a browser-based SSL VPN connection. Commonly used by remote workers, AnyConnect VPN lets employees connect to the corporate network infrastructure as if they were physically at the office, even when they are not. This adds to the flexibility, mobility, and productivity of your workers. Cisco AnyConnect is compatible with Windows 7, 8, 8.1, and 10, Mac OS X 10.8 and later, and Linux Intel (x64).

Follow the steps in this article to install the Cisco AnyConnect VPN Mobility Client on a Ubuntu Desktop. In this article, Ubuntu version 20.04 is used.

If you are using a Windows computer, click here to view an article on how to install AnyConnect on Windows.

If you are using a Mac computer, click here to view an article on how to install AnyConnect on Mac.

AnyConnect Software Version

AnyConnect - v4.9.x (Download latest)

Installing AnyConnect Secure Mobility Client v4.9.x

Step 1

Download the AnyConnect Pre-Deployment Package for Linux from Cisco Software Downloads.

The latest release at the time of publication was 4.9.01095.

Step 2

Open the Terminal by pressing Ctrl+Alt+T on your keyboard. To navigate to the folder where you have downloaded the AnyConnect Client Package, use the command, ‘cddirectory name’. For more information on the ‘cd’ command, click here.

In this example, the file is placed on the Desktop.

The directory may be different based on the location of the AnyConnect file download. For long filenames or paths, start typing some characters and press the tab key on your keyboard. The filename will auto-populate. If it doesn't even after you press tab twice, it indicates that you need to type more number of unique characters. Alternately, you can use the 'ls' command to list the files in your current directory.

Step 3

The initial download is a tarball archive (several files packed into one), which must be extracted. The command ‘tar xvffilename’ will extract the contents to the same directory in which the initial file is located.

For more information on the ‘tar’ command, click here.

Step 4

Once the folder is extracted, use the ‘cddirectory name’ command again to navigate into the folder.

cd [Directory Name]

Step 5

After navigating into the main folder, ‘cd’ into the vpn sub-folder.

Step 6

To run the AnyConnect install script, type ‘sudo ./vpn_install.sh’. This will begin the installation process using superuser permissions.

sudo ./vpn_install.sh

For more details on the 'sudo' command, click here.

Step 7

Accept the terms in the license agreement to complete the installation by typing ‘y’.

The AnyConnect installation should complete, and the Terminal window can be closed.

Using AnyConnect Secure Mobility Client v4.9.x

Step 1

To access the Anyconnect app, open the Terminal by pressing Ctrl+Alt+T on your keyboard. Use the command, ‘/opt/cisco/anyconnect/bin/vpnui’.

/opt/cisco/anyconnect/bin/vpnui

If you encounter any errors through the Terminal, you can access the app from the applications menu as shown below.

To access the applications menu using the User Interface (UI), click on the start icon (appears as nine dots on the lower left corner). Choose the Anyconnect app.

Alternatively, press Super+A (Super key is the windows icon key) on your keyboard to bring up the search bar. Start typing 'Anyconnect' and the app will appear.

Step 2

Click on the Anyconnect app.

Step 3

Enter the IP Address or Hostname of your desired server followed by the port number.

For RV340 family, the default port number is 8443.

Step 4

Some connections may not be secure using a trusted SSL certificate. By default, AnyConnect Client will block connection attempts to these servers.

Uncheck Block connections to untrusted servers to connect to these servers.

Uninstalling AnyConnect Secure Mobility Client v4.9.x

Step 1

Using Terminal, navigate to the folder that contains the uninstall shell script using the ‘cd’ command.

In a default installation, these files will be located in /opt/cisco/anyconnect/bin/.

Step 2

To run the Anyconnect uninstall script, enter ‘sudo ./vpn_uninstall.sh’

This will begin the uninstall process using superuser permissions. For more information on the 'sudo' command, click here.

Step 3

Linux Ubuntu

At the prompt, enter the sudo password and the client software will complete uninstallation.

Conclusion

There you have it! You have now successfully learned the steps to install, use, and uninstall the Cisco AnyConnect Secure Mobility Client v4.9.x on Ubuntu Desktop.

For community discussions on Site-to-Site VPN, go to the Cisco Small Business Support Community page and do a search for Site-to-Site VPN.

AnyConnect App

The Anyconnect App can be downloaded from the Google Play store or the Apple store.

Additional Resources

Introduction

Why another step-by-step recipe? Well, none of the ones available worked for me on Linux Mint13 64bit, so here’s a quick rundown of what you need to do in order to connect to your juniper networks vpn gateway using Linux Mint / Ubuntu 64bit and your SecureID token (I cannot test any other methods).

Executive Summary / Abstract

For the impatient, here’s a list of the required steps:

Ensure your browser has a working java plugin (I used firefox)
download latest jnc software from your vpn gateway
download the vpn gateway certificate & store it locally
ensure the first “java” found in your PATH is a 32 bit version (installed from Oracle’s tar.gz-Archive, for instance)
ensure /etc/resolv.conf exists, otherwise nsvc will segfault after making a connection

Need more info? Proceed at your own risk! 😉

Preparations

Remove / rename any previous installation from your home directory, changing to your home directory first:

Make sure you are using Firefox for the next step with the java plugin enabled and “xterm” installed on your system (ia32-libs are required so that your system can run 32bit binaries):

The Gritty Details

In firefox, type “about:plugins” in the browser bar and make sure the java plugin stuff comes up.

Fire up your browser and go to your regular VPN login page to log in, using your secureid and token like you would on Windows.

Download ahead software scsi & raid devices driver. Download & install the juniper networks software as usual, allow the java executable to run. (an xterm will come up asking you for your password). At least this much seemed to work out of the box for me.

If everything goes well, you’ll find a new .juniper_networks directory in your home directory.

Change into that directory and install a 32bit JDK from java.sun.com. I used this one:

If wget doesn’t work, point your browser to java.sun.com and download the file manually, then move the tar archive to the .juniper_networks-Folder once the download is complete.

Extract the tar.gz file in your .juniper_networks directory:

Rename it to something like “java32” or thereabouts:

Prepend the new jdk “bin” directory to your PATH:

Make sure you’re getting the right java:

Now comes the really braindead part: Create a file /etc/resolv.conf, otherwise ncsvc will segfault after launch:

Enter a std nameserver here, the important thing is that this file exists:

Save the file. On you std. dhcp / network managed Ubuntu, this file won’t exist where jnc expects it, so you have to create it manually. Nice…

Obtain your gateway’s SSL cert using the shell script provided in the “tmp” directory of your jnc installation:

Change to your network_connect directory and run the “ncsvc” Command like so:

If you don’t know the realm, check the HTML source of your login page, it’s usually passed along to the cgi script using some form of “hidden” input tag. “xxxx” is your SecureID pin, with “YYYYYY” indicates the current token.

That’s it. Check the file ncsvc.log for any errors that might crop up. To track down the resolv.conf problem, I had to run “strace” on the command line above, dirty work but if it solves the problem…

Conclusion

All of this could be scripted up nicely (the PATH modification, the resolv.conf bits and so on), but wouldn’t it be easier if Juniper fixed their software? It’s quite hard to believe such a pile of crap should be let loose unto the world by such a renowned company, who knows what else lies waiting in this huge binary blob… sorry for the rant. 😉