Skip Navigation

Wednesday April 23rd, 2014

Configuring and Installing VPN software
for Linux

Summary: This handout is a comprehensive set of instructions to configure and install the UCI VPN software.

Download the Cisco AnyConnect Client for Linux

  1. Go to the OIT Licences database.
  2. Login with your UCInetID and password.
  3. Select the Linux 32-bit or Linux 64-bit client
  4. Click the "get the VPN client" button.
  5. The Linux Cisco client will download to your computer.

Getting Started with Cisco AnyConnect for Linux

To get started you will first untar the file and then run the setup file.

  1. As root, untar the gzip'd tar file (tar xzvf). This will create a directory called ciscovpn.
  2. Go into the ciscovpn directory (cd ciscovpn) and type ./vpn_install.sh
  3. The vpn client will be installed on your system and the vpnagentd process will be started. This process will be started each time your system
    is booted.
  4. To start the client type /opt/cisco/vpn/bin/vpnui in a terminal window.
    If you are using gnome, you should be able to find the client in one of your menus as well. On Fedora, look in Applications -> Internet.
  5. In the "Connect to:" box, type vpn.uci.edu and press return.
  6. In the "Group" menu that will appear, select the tunnel you wish to use, usually "UCI" or "UCIFull". (See the differences in the Tunnels below.)
  7. Enter your UCInetID and password in the appropriate boxes and click "Connect".
    You should get a banner box, click "Accept" and you are nowconnected.

You are now ready to use your VPN connection. If you have any problems, please call the OIT Help Desk at 949-824-2222, Monday through Friday, 8:00 AM to 5:00 PM.

Possible Error Messages

If you get one of the following messages when you try to connect to the campus VPN service:

"Connection attempt has failed due to server certificate problem"
"AnyConnect cannot confirm it is connected to your secure gateway"

this means that the AnyConnect client cannot validate the certificate on the campus VPN service.

To remedy this, get a copy of the README and the setup-certs.tar.gz files from ftp://ftp.uci.edu/linux-anyconnect-cert-fix. Follow the directions in the README file to install the InCommon certificate files on your system.

Ubuntu Linux

If you are using Ubuntu Linux and are having problems using the VPN, Jeff Stern has instructions for making the AnyConnect VPN work on Ubuntu. See
http://www.socsci.uci.edu/~jstern/uci_vpn_ubuntu/ for more information.

VPN Connection Tunnels


 

Linux Openconnect Client

Note: Using the Linux openconnect software is not supported by OIT. If you have problems using this, OIT will not be able to help you. These
instructions are provided for you if you want to use something other than the supported Cisco AnyConnect client on your Linux system.

Some Linux distributions include a VPN client called openconnect that can be used with the the UCI VPN service. The instructions below are for
Fedora Linux. Other distributions may be similar.

  1. Make sure openconnect is installed. As root type "yum install openconnect". This will install openconnect and anything it depends on. You will need vpnc installed as well, in case installing openconnect does not install it.
  2. In a terminal window:

    su root
    (give root password)
    openconnect -s /etc/vpnc/vpnc-script -u xxxxxx -v vpn.uci.edu


    (replace xxxxxx with your UCInetID)
    You will be prompted for the Group to use. Pick one of the options, usually UCI or UCIFull.

You will be prompted for your password. After you give the client your password you will be logged in. You can minimize the terminal window while you do your work (don't close it or you will lose your VPN connection). When you are done type ^C (control-c) to terminate openconnect and your VPN session will be logged out.