How To Connect Ubuntu Linux to Cisco VPN with openconnect (anyconnect-capable alternative)

-
For Ubuntu Linux, Cisco provides the anyconnect VPN client. But why not connect with the simplistic, FOSS, and Network-Manager-integrated, "openconnect" and "network-manager-openconnect" packages from the "universe" repository instead? I've used this method with much success for quite some time now.

Special Note - these instructions are for connecting to the VPN using the open source alternative to Cisco AnyConnect client (openconnect). If you are looking for instructions related to using the open source alternative to the Cisco Systems VPN client (vpnc), have a look at my post entitled: How To: Cisco Systems VPN with Ubuntu 11.10 / 10.10 GNU/Linux

You can install these packages easily with using either of the two methods below. Also, you may need to enable the universe FOSS repository first (see the "****" note below for enabling the "universe" repository):

Method A.) From the Ubuntu Software Center (see image below).

Simply click Applications, Ubuntu Software Center, then search for and install "openconnect", "network-manager-openconnect" (see image below).

Update 1/6/15: For newer Ubuntu, e.g., 14.04 add: "network-manager-openconnect-gnome"




Method B.) From the Terminal(hit alt+f2, type or enter "gnome-terminal", hit enter), type or paste in these commands:

sudo apt-get update && sudo apt-get install openconnect && sudo apt-get install network-manager-openconnect

Update: 1/6/15: For newer Ubuntu, e.g., 14.04, use:
sudo apt-get update && sudo apt-get install openconnect && sudo apt-get install network-manager-openconnect && sudo apt-get install network-manager-openconnect-gnome


After you install the required packages, reboot your computer to finalize the settings. When you login again, you should see the "VPN Connections" setting to appear on the Network Manager applet(same place where the other network connections are found). Next, click the Network Manager,  VPN Connections, Configure VPN, Add. (see image below)


Next, select "Cisco AnyConnect Compatible VPN (openconnect)" and click Create. (see image below)



Then enter the gateway IP address or DNS name to connect to (this comes from your IT dept), Enter a name for the connection, check "Connect automatically", (optional depending on your company network) Enter the internal DNS servers and Search Domains for your company network(IT dept for this) on the IPv4 Settings Tab. (see image below)




(optional)For split tunneling (allows you to go out of your regular connection to the Internet as opposed to through the VPN) From the IPv4 tab, click Routes, check "Use this connection only for resources on its network", click OK, click Save, click Close (to close Network Connections) and voila, you're all set.


To connect, establish your regular Internet connection first, then click the Network Manager, mouse over "VPN Connections", click the name of the VPN you created. If all went well, you'll be presented with place to enter your anyconnect username/password and you can connect. Whey you see a small lock in the Network Manager - that means VPN is connected and you should have access to your network.

**** To enable the universe repositories:
Launch the Applications, "Ubuntu Software Center", click Edit, click "Software Sources" (see image below)

Then from the "Software Sources" dialog box: Click System, Software Sources (authenticate), In the software Sources dialog, check "Community-maintained Open Source software", oh and now's a good time to select a faster repository source, set "Download from:" to something like samaritan.ucmerced.edu, or ubuntu.osuosl.org(example only) (or use the tool there to find the fastest server near you). The default source of "Main Server" is typically slower than what's available elsewhere.) Click close, reload the sources (this is the same as sudo apt-get update) and now you'll have the universe repository enabled and available for use. (see image below)




Feel free to leave a comment if you like.

1/6/15: Many Thanks to +Tonya Ohrel in the comments for replying with the additional manager-openconnect-gnome being needed for the newer Ubuntu.

Cheers!
Shannon VanWagner


Comments

  1. Quintin T.9/20/11, 1:25 AM

    Thank you very much. Now I know what to do next time.
    usa vpn

    ReplyDelete
  2. colocation chicago1/11/12, 12:52 AM

    If you are looking for instructions related to using the open source alternative to the Cisco Systems VPN client, look for Cisco Systems VPN with Ubuntu 11.10 / 10.10 GNU/Linux.

    ReplyDelete
  3. chicago colocation1/12/12, 1:22 AM

    This is why I love Ubuntu or any Linux operating system. Their easy to use and almost have everything you need on their large array of opensource programs.

    ReplyDelete
  4. MisYahd2/17/12, 12:42 AM

    Is there an add-on package that needs to be installed before you gain VPN connection in your system?
    Web Hosting UK

    ReplyDelete
  5. Anonymous2/18/12, 11:22 AM

    Thanks, Shannon. I've been using the native Cisco installation up to now (Fedora, Red Hat), but hit a wall with Ubuntu. Rather than hack at it, I just followed the OpenConnect road :)

    ReplyDelete
  6. Musaafir2/24/12, 1:25 PM

    Works Successfully. No Failures and Stable.

    ReplyDelete
  7. Doug5/2/12, 3:25 AM

    You saved me from a lot of driving! I can telecommute again! :-) One quick typo though.

    You posted:
    sudo apt-get network-manager-openconnect

    Should be:
    sudo apt-get install network-manager-openconnect

    Thank you so much for this!!

    ReplyDelete
  8. Shannon VanWagner5/2/12, 9:56 AM

    @Doug - Awesome.. Thanks for noticing, and for commenting about it! I really appreciate it! I've corrected the posting.

    ReplyDelete
  9. Peter Forster5/17/12, 1:07 PM

    perfect! - thank you so much!

    ReplyDelete
  10. Anonymous6/16/12, 12:12 PM

    You saved my Life!!!

    Thank you very much!

    ReplyDelete
  11. ChrisJ7/3/12, 12:10 AM

    This is awesome and with the RDP viewer it is allowing me to work from home as well.

    Thank you

    ReplyDelete
  12. Anonymous7/15/12, 7:08 PM

    Awesome ! thank you!

    ReplyDelete
  13. Anirban7/18/12, 11:59 PM

    I'm so glad it worked. Thanks a lot. I wish you longevity and happiness.

    ReplyDelete
  14. Anonymous8/18/12, 2:54 AM

    Woked... Thanks a ton!!

    ReplyDelete
  15. Anonymous8/23/12, 5:36 PM

    This worked beautifully on 12.04 as well. Thank you!

    ReplyDelete
  16. uk vpn8/29/12, 12:25 AM

    Great post. Thank you for this.

    ReplyDelete
  17. Anonymous10/10/12, 1:45 PM

    I had a lot of problem with cisco anyconnect. This works great!! Thanks a lot!

    ReplyDelete
  18. Dan Fahey10/11/12, 7:09 PM

    Much appreciated, cheers.

    ReplyDelete
  19. Dave11/6/12, 11:41 AM

    Very nicely explained; thank you! (my work's it services pointed me here when the cisco client ran into some inexplicable - for them - problems)

    ReplyDelete
  20. Farid12/18/12, 2:03 AM

    Very helpful.It saved my day :)

    ReplyDelete
  21. Anonymous1/4/13, 2:33 PM

    Awesome. Your post helped a lot. Thanks tons!

    ReplyDelete
  22. iloveX3/3/13, 5:21 PM

    Hello, I get this message:
    Certificate from VPN server "ucfvpn-1.vpn.ucf.edu" failed verification.
    Reason: unable to get local issuer certificate
    Do you want to accept it?

    What should I do?

    ReplyDelete
  23. Ivosh3/6/13, 8:56 AM

    OpenConnect works really nicely.
    However my Ubuntu 12.04 LTS is stuck with OpenConnect version 3.15.
    Unfortunately 'openconnect --no-proxy' crashes in this version.
    Is there an easy Ubuntu way how to get a newer openconnect package?
    As the Ubuntu Software Center says that Canonical does not provide updates
    for this package... Does that mean I am stuck forever with version 3.15?
    Thanks for any advice.

    ReplyDelete
  24. Shannon VanWagner3/6/13, 10:05 AM

    @Ivosh - You can get version 4.05 from "Adam Stokes" untrusted PPA as follows:

    The newer version depends on vpnc-scripts.. install that from here first:

    http://ppa.launchpad.net/kubuntu-ppa/backports/ubuntu/pool/main/v/vpnc-scripts/vpnc-scripts_0.1~git20120602-2~precise1~ppa1_all.deb

    #Info page at http://www.ubuntuupdates.org/package/kubuntu-ppa_backports/precise/main/base/vpnc-scripts

    Then, add "Adam Stokes" PPA (I do not know this person but he's been on launchpad since 2005):

    sudo add-apt-repository ppa:adam-stokes/openconnect

    Then install the upgraded packages:

    sudo apt-get update && sudo apt-get install openconnect network-manager-openconnect --reinstall

    I tested the package above and it works for me.

    If you're concerned about rolling back - you might want to insert this as step 1: sudo apt-get install ppa-purge

    Good Luck!

    ReplyDelete
  25. Alex B. Hill3/6/13, 3:14 PM

    I had the same problem as @iloveX

    Reason: unable to get local issuer certificate

    Any thoughts?

    ReplyDelete
  26. Shannon VanWagner3/6/13, 3:23 PM

    @iLoveX, @Alex B. Hill... It sounds like the place you're trying to connect to has some kind of funky Intermediate cert or something:

    Here's what Firefox web browser shows for the error:
    ucfvpn-1.vpn.ucf.edu uses an invalid security certificate.
    The certificate is not trusted because no issuer chain was provided.
    (Error code: sec_error_unknown_issuer)

    Maybe you could ask the administrator at the site as to why their certificate causes the error noted above. They will probably say to go ahead and trust it, but who knows.

    If you're looking for a more technical answer - maybe this can help:
    http://stackoverflow.com/questions/12041512/openssl-unable-to-get-local-issuer-certificate-unless-cafile-is-explicitly-speci

    ReplyDelete
  27. Anonymous5/1/13, 4:03 PM

    Very helpful article - thanks

    ReplyDelete
  28. Unknown5/28/13, 9:04 AM

    Once in while you get to be a little lucky running Ubuntu (besides the general state of luckiness or even happiness it brings); My VPN on my Ubuntu 13.04 was up an running 60 seconds after I found this post. My colleague running Windows has now been waiting for a client for most of the day, since you need a Cisco login to download the Anyconnect client for Windows.

    ReplyDelete
  29. Amir Khan6/6/13, 3:35 AM

    I am using 12.04. Where do I give the group and user passwords?

    ReplyDelete
  30. Unknown6/8/13, 8:50 AM

    Thanks for the great tutorial.

    ReplyDelete
  31. Anonymous8/29/13, 2:56 AM

    Thank you for this post.

    ReplyDelete
  32. Unknown9/26/13, 2:23 PM

    Thanks a lot!
    After a successful installation, any comments on how the VPN connection can be started from the command line without having to click the Login button?

    Thanks in advance!

    ReplyDelete
  33. Anonymous9/29/13, 7:22 PM

    You da man! Thanks a lot.

    ReplyDelete
  34. Martin10/17/13, 10:36 PM

    Allow me to repeat like so many before me ... You da man! Thanks a lot.

    ReplyDelete
  35. Anonymous11/11/13, 3:11 PM

    Thanks a lot... great tutorial.

    ReplyDelete
  36. Unknown11/26/13, 12:41 PM

    I am able to connect via Cisco Any Connect however i am unable to access the network. Also, no error is thrown

    ReplyDelete
  37. Anoop1/21/14, 9:08 AM

    Thank you so much . . I am able to connect to VPN without worrying about instructions for installing anyconnect client

    ReplyDelete

Post a Comment

Thanks for commenting. Comments are moderated by the blog owner and will appear once approved. Need to email me directly? Go to http://shannonvanwagner.com/email-me.php

Popular posts from this blog

On Helping Others Get their GNU/Linux & Consider Doing So

-
Image
So one day I'm looking at my Google + page and I get this notification of a message: "Can you help me to configure chip ralink rt2870 on Ubuntu(GNU/Linux), please?" I really can't imagine at all, I mean I am absolutely dumbfounded as to why this person would contact me.. Really, it's not like I post (on average) 5 stories about GNU/Linux a day or anything... haha.. Turns out the driver this person needed was one of the types where it hadn't made it into the Linux kernel just yet, but the source code was out there. And so a module had to be built from source and installed on the machine to make the wireless adapter work. Usually these types of problems are relatively easy to get fixed, because: a.) GNU/Linux is open source and so bugs can get fixed (or worked around) by anyone with the technical know-how, and b.) there are kind people out there that take their own time to post the specific step-by-step instructions to repair the problems. Howev...
Read more

How To: Install Wordpress on Manjaro Linux Pahvo 21.1.0

-
Image
WordPress Admin Page   WordPress, a free open-source content management system (CMS), is one of the most popular platforms for blogs and websites in the world today. The official website for WP is wordpress.org . WP is a spectacular platform! This great product, with all it's ability to be customized, its high-quality visual appeal, its super-duper functionality, its multitude of themes, and so much more, it's so awesome that this feature-rich platform is Free and Open Source for everyone to use! WordPress is made even more powerful due the plethora( literally 10s of thousands ) of plugins (both free and paid) that are available for the platform! I wanted to take a look at this fabulous software for myself so I made some notes for installing WP on one of my Manjaro Linux 5.10.59-1-MANJARO x86_64 21.1.0 Pahvo machines for a test. Installation was pretty quick and easy, and I only encountered a few snags in the process. I'll point out how to work around the issues below. As a...
Read more

How to Disable Middle Mouse Button in Ubuntu / Debian Linux

-
Image
Like many things in Linux+GNU some  users absolutely love the middle click - close-tab or paste feature of the mouse being set by default. Others absolutely hate it! The problem in this case is:  apparently there is no easy way to disable the mouse middle-click through any graphical settings tools of Ubuntu. But as always, with Linux+GNU - there is a way. Here's a quick post about disabling the middle mouse button in Ubuntu or Debian Linux. This method would likely work with non Debian based distros as well, but I haven't tested it. I've seen a few approaches to accomplish the disabling but the one I was able to get working is by using a custom xorg.conf file in Ubuntu 18.10. The first thing one needs to figure out to disable the middle click is what button it's numbered as on in the 'xinput' command. Once we find that out, we set that number position to '0'. You may need to install xinput with: $ sudo apt install xinput  Try this...
Read more