VPN, CISCO AnyConnect, Linux
University of Illinois students, faculty, and staff should follow these instructions to install the Cisco Secure VPN Client on their Linux computer.
The Cisco Secure Client can be used to connect to the campus Virtual Private Network (VPN).
Installing the client requires sudo
privileges. If you do not have sudo
privileges on your computer, contact your system administrator to install the software on your behalf.
Two Options
Linux users can use either of these two software clients to connect to the VPN:
- Cisco Secure VPN client: a commercial product maintained and supported by Cisco Systems, Inc. This is our recommended client.
- The Cisco Secure VPN Client works with modern versions of Red Hat and Ubuntu Linux. See the this document for a detailed listing of which versions and features are supported.
- OpenConnect client: a free, open-source client compatible with our VPN servers.
- See this page for a list of supported platforms.
The two main advantages of the OpenConnect client is that it can be installed through your package manager and it integrates with Ubuntu Network Manager. The Cisco client requires its own installation process and does not integrate with Network Manager.
The main disadvantage of the OpenConnect client is that it does not support our preferred authentication methods. Because of this, there are special VPN profiles that must be used instead of the standard ones.
Cisco Secure VPN Client
Quick Start
- Download the Linux VPN installation package from the WebStore.
- Extract the downloaded file.
- It should be named something like "cisco-secure-client-linux64-###-predeploy-k9.tar.gz".
- The file will most likely be in your Downloads folder.
- Use a command like
tar -xzf Downloads/cisco-secure-client-linux64-*-predeploy-k9.tar.gz
to extract the file.
- Navigate into the
vpn
directory of the extracted archive (e.g.,cd cisco-secure-client-linux64-*/vpn/
) - Using sudo, run the
vpn_install.sh
script. - Select the profile that best suits your needs and click "Connect".
- Complete the authentication process using your full email address (NetID@illinois.edu) as your username.
Installing the Cisco Secure VPN Client
- Download the Linux VPN installation package from the WebStore. The downloaded file should be named something like "cisco-secure-client-linux64-###-predeploy-k8.tar.gz" and will most likely be in your Downloads folder.
- From the command line, extract the downloaded file. Example command:
tar -xzf Downloads/cisco-secure-client-linux64-*-predeploy-k9.tar.gz
- Move into the
vpn
sub-directory of the extracted directory. Example command:cd cisco-secure-client-linux64-*/vpn/
- Using
sudo
, run thevpn_install.sh
installation script. Example command:sudo ./vpn_install.sh
- Accept the End-User License Agreement by typing "y" at the prompt.
Do you accept the terms in the license agreement? [y/n]
Connecting to the VPN
Open the Cisco Secure Client application.
In the text box labeled "Connect to", type vpn.illinois.edu and then click on the "Connect" button.
You will then see a drop down menu labeled "Group" from which you can select the connection profile that best suits your needs.
Note: this window might be covered up by a second window prompting you to go through an authentication process. If that is the case, simply move that window out of the way with your mouse so that you can see the group-selection dialog box.
- If your only goal is to access campus resources, select the "Split Tunnel" profile.
- If your goal is to access off-campus resources as if you are on-campus, select the "Tunnel All" profile. This will also allow you to access campus resources.
- If your goal is to access campus resources, but you are at a location that uses the same private IP space as Illinois, select the "Split Tunnel Public IPs Only" profile. (If you are not sure what this means, you can safely ignore this profile option.)
- If you are unsure which profile to choose, select the "Tunnel All" profile.
- Additional guidance about VPN connection profiles is available here: About VPN Profiles
After you select a profile, you will be taken through the authentication process.
Make sure you enter your full email address (NetID@illinois.edu) as your username.
Disconnecting from the VPN
To disconnect from the VPN, select the "AnyConnect VPN" tab from the top of the Cisco Secure Client and then click on the "Disconnect" button.
Troubleshooting and the Statistics Window
If you encounter problems using the Cisco Secure Client, contact the Technology Services Help Desk.
The Cisco Secure Client gathers information that can help with troubleshooting. To examine that information, select "Statistics" tab from the top of the Cisco Secure Client and then click on the "Details" button.
OpenConnect VPN Client
These instructions are based on Ubuntu 22.04 using GNOME desktop environment and Network Manager. For other systems, modify the instruction as needed.
For detailed information and instructions on using the OpenConnect client, see the project homepage.
Quick Start
- Use your package manager to install the
openconnect
package and thenetwork-manager
extensions (e.g.,sudo apt -y install openconnect network-manager-openconnect network-manager-openconnect-gnome
) - From the network manager interface, add a VPN connection and select "Multi-protocol VPN client (openconnect)".
- From the "Identity" tab, fill in this information:
- Name: vpn.illinois.edu
- VPN Protocol: Select “Cisco AnyConnect or openconnect”
- Gateway: vpn.illinois.edu
- From the Network Manager interface, use the slide button to enable the VPN "vpn.illinois.edu".
- From the "GROUP" drop-down menu, select one of the "OpenConnect" options. See this page for guidance on selection a profile.
- In the "Username" prompt, enter your NetID.
- In the first password prompt, enter your campus password.
- In the second password prompt, enter the word “push”, “sms”, or a Duo one-time passcode.
- Click "Connect"
Installing the OpenConnect VPN Client
- Use your package manager to install the following packages:
openconnect
network-manager-openconnect
network-manager-openconnect-gnome
sudo apt -y install network-manager-openconnect network-manager-openconnect-gnome
- Using Network Manager, add a new VPN connection:
- When prompted to select the type, choose "Multi-protocol VPN client (openconnect)":
- Select the "Identity" tab and enter the following information and click "Add":
- Name: vpn.illinois.edu
- VPN Protocol: Select “Cisco AnyConnect or openconnect”
- Gateway: vpn.illinois.edu
Connecting to the VPN
- From the Network Manager interface, use the slider button to enable "vpn.illinois.edu":
- From the "GROUP" drop-down menu, select one of the "OpenConnect" options. See this page for guidance on selection a profile.
Before selecting an option from the GROUP drop-down menu, you may see an error that says, “Unexpected 404 result from server.” This error is expected and can be safely ignored. - Enter the following information:
- In the “Username” prompt, enter your NetID.
- In the first password prompt, enter your campus password.
- In the second password prompt, enter the word “push”, “sms”, or a Duo one-time passcode.
- Click "Connect".
Disconnecting from the VPN
From the Network Manager interface, use the slider button to disable "vpn.illinois.edu":
Command-Line Interface
Using the OpenConnect client from the CLI is a three-step process:
-
As the root user, invoke the
openconnect
command with the “-b
flag and “vpn.illinois.edu” as a positional argument:
openconnect –useragent=AnyConnect -qb vpn.illinois.edu - When presented with a “GROUP” list, enter one of the following three options:
- “OpenConnect1 (Split)” for Split Tunnel
- “OpenConnect2 (All)” for Tunnel All
- “OpenConnect3 (Public)” for Split Tunnel Public IPs Only
- You will then be prompted for your username and two passwords. Use your NetID as your username and your campus password as the first password. In the second password prompt, enter the word “push”, “sms”, or your Duo one-time passcode.