VPN, CISCO AnyConnect, Linux

This page contains links to download and installation instructions for VPN software for Linux.

University of Illinois students, faculty, and staff should follow these instructions to install the Cisco Secure VPN Client on their Linux computer.

The Cisco Secure Client can be used to connect to the campus Virtual Private Network (VPN).

Installing the client requires sudo privileges.  If you do not have sudo privileges on your computer, contact your system administrator to install the software on your behalf. 

Two Options

Linux users can use either of these two software clients to connect to the VPN:

  • Cisco Secure VPN client: a commercial product maintained and supported by Cisco Systems, Inc.  This is our recommended client.
    • The Cisco Secure VPN Client works with modern versions of Red Hat and Ubuntu Linux. See the this document for a detailed listing of which versions and features are supported.
  • OpenConnect client: a free, open-source client compatible with our VPN servers.
    • See this page for a list of supported platforms.

The two main advantages of the OpenConnect client is that it can be installed through your package manager and it integrates with Ubuntu Network Manager.  The Cisco client requires its own installation process and does not integrate with Network Manager.

The main disadvantage of the OpenConnect client is that it does not support our preferred authentication methods.  Because of this, there are special VPN profiles that must be used instead of the standard ones.

Cisco Secure VPN Client

Quick Start

  • Download the Linux VPN installation package from the WebStore.
  • Extract the downloaded file.
    • It should be named something like "cisco-secure-client-linux64-###-predeploy-k9.tar.gz".
    • The file will most likely be in your Downloads folder.
    • Use a command like tar -xzf Downloads/cisco-secure-client-linux64-*-predeploy-k9.tar.gz to extract the file.
  • Navigate into the vpn directory of the extracted archive (e.g., cd cisco-secure-client-linux64-*/vpn/)
  • Using sudo, run the vpn_install.sh script.
  • Select the profile that best suits your needs and click "Connect".
  • Complete the authentication process using your full email address (NetID@illinois.edu) as your username.

Installing the Cisco Secure VPN Client

  1. Download the Linux VPN installation package from the WebStore. The downloaded file should be named something like "cisco-secure-client-linux64-###-predeploy-k8.tar.gz" and will most likely be in your Downloads folder.
    Webstore Linux installation package
  2. From the command line, extract the downloaded file.  Example command:

    tar -xzf Downloads/cisco-secure-client-linux64-*-predeploy-k9.tar.gz

  3. Move into the vpn sub-directory of the extracted directory. Example command: 

    cd cisco-secure-client-linux64-*/vpn/

  4. Using sudo, run the vpn_install.sh installation script.  Example command: 

    sudo ./vpn_install.sh

  5. Accept the End-User License Agreement by typing "y" at the prompt.   

    Do you accept the terms in the license agreement? [y/n]

Connecting to the VPN

Open the Cisco Secure Client application.

In the text box labeled "Connect to", type vpn.illinois.edu and then click on the "Connect" button.

Connecting to the VPN

You will then see a drop down menu labeled "Group" from which you can select the connection profile that best suits your needs.

Group selection

Note: this window might be covered up by a second window prompting you to go through an authentication process. If that is the case, simply move that window out of the way with your mouse so that you can see the group-selection dialog box.

  • If your only goal is to access campus resources, select the "Split Tunnel" profile.
  • If your goal is to access off-campus resources as if you are on-campus, select the "Tunnel All" profile. This will also allow you to access campus resources.
  • If your goal is to access campus resources, but you are at a location that uses the same private IP space as Illinois, select the "Split Tunnel Public IPs Only" profile. (If you are not sure what this means, you can safely ignore this profile option.)
  • If you are unsure which profile to choose, select the "Tunnel All" profile.
  • Additional guidance about VPN connection profiles is available here: About VPN Profiles 

After you select a profile, you will be taken through the authentication process.  

Make sure you enter your full email address (NetID@illinois.edu) as your username.

Disconnecting from the VPN

To disconnect from the VPN, select the "AnyConnect VPN" tab from the top of the Cisco Secure Client and then click on the "Disconnect" button.

Disconnecting from the VPN

Troubleshooting and the Statistics Window

If you encounter problems using the Cisco Secure Client, contact the Technology Services Help Desk.

The Cisco Secure Client gathers information that can help with troubleshooting.  To examine that information, select "Statistics" tab from the top of the Cisco Secure Client and then click on the "Details" button.

Viewing VPN statistics

OpenConnect VPN Client

These instructions are based on Ubuntu 22.04 using GNOME desktop environment and Network Manager.  For other systems, modify the instruction as needed.

For detailed information and instructions on using the OpenConnect client, see the project homepage.

Quick Start

  • Use your package manager to install the openconnect package and the network-manager extensions (e.g., sudo apt -y install openconnect network-manager-openconnect network-manager-openconnect-gnome)
  • From the network manager interface, add a VPN connection and select "Multi-protocol VPN client (openconnect)".
  • From the "Identity" tab, fill in this information:
    • Name: vpn.illinois.edu
    • VPN Protocol: Select “Cisco AnyConnect or openconnect”  
    • Gateway: vpn.illinois.edu
  • From the Network Manager interface, use the slide button to enable the VPN "vpn.illinois.edu".
  • From the "GROUP" drop-down menu, select one of the "OpenConnect" options. See this page for guidance on selection a profile.
  • In the "Username" prompt, enter your NetID.
  • In the first password prompt, enter your campus password.
  • In the second password prompt, enter the word “push”, “sms”, or a Duo one-time passcode.
  • Click "Connect"

Installing the OpenConnect VPN Client

  1. Use your package manager to install the following packages:
    • openconnect
    • network-manager-openconnect
    • network-manager-openconnect-gnome
    Example command:
    sudo apt -y install network-manager-openconnect network-manager-openconnect-gnome
  2. Using Network Manager, add a new VPN connection:
    Network Manager - Add new VPN
  3. When prompted to select the type, choose "Multi-protocol VPN client (openconnect)":
    Network Manager - Select multi-protocol VPN

  4. Select the "Identity" tab and enter the following information and click "Add":
    • Name: vpn.illinois.edu
    • VPN Protocol: Select “Cisco AnyConnect or openconnect”
    • Gateway: vpn.illinois.edu

    Network Manager - Entering VPN info

Connecting to the VPN

  1. From the Network Manager interface, use the slider button to enable "vpn.illinois.edu":
    Network Manager - enable VPN

  2. From the "GROUP" drop-down menu, select one of the "OpenConnect" options. See this page for guidance on selection a profile.
    OpenConnect - Select group
    Before selecting an option from the GROUP drop-down menu, you may see an error that says, “Unexpected 404 result from server.”  This error is expected and can be safely ignored.
  3. Enter the following information:
    • In the “Username” prompt, enter your NetID.
    • In the first password prompt, enter your campus password.
    • In the second password prompt, enter the word “push”, “sms”, or a Duo one-time passcode.
  4. Click "Connect".

Disconnecting from the VPN

From the Network Manager interface, use the slider button to disable "vpn.illinois.edu":

Network Manager - disable VPN

Command-Line Interface

Using the OpenConnect client from the CLI is a three-step process:

  1. As the root user, invoke the openconnect command with the “-b flag and “vpn.illinois.edu” as a positional argument:
    openconnect –useragent=AnyConnect -qb vpn.illinois.edu 
  2. When presented with a “GROUP” list, enter one of the following three options:
    • “OpenConnect1 (Split)” for Split Tunnel
    • “OpenConnect2 (All)” for Tunnel All
    • “OpenConnect3 (Public)” for Split Tunnel Public IPs Only 
  3. You will then be prompted for your username and two passwords.  Use your NetID as your username and your campus password as the first password.  In the second password prompt, enter the word “push”, “sms”, or your Duo one-time passcode.


Keywords:
VPN, Linux, Red Hat, Ubuntu, Cisco, AnyConnect, download, installation, configuration 
Doc ID:
47640
Owned by:
Network Engineering G. in University of Illinois Technology Services
Created:
2015-02-26
Updated:
2024-09-04
Sites:
University of Illinois Technology Services