Skip to main content

Cisco AnyConnect VPN Client on 64-Bit Ubuntu 9.10

I've been using vpnc as my VPN client on Ubuntu for quite some time now, but vpnc allows for split tunneling (meaning I'm on the VPN but I can still access my local network), and, well, let's just say some network security folks don't like that. ;-) I looked into disabling split tunneling on vpnc and I didn't find any conclusive answers, so it was time to look for an alternative VPN client for Cisco VPNs.

Cisco AnyConnect is a VPN client that can (in theory) be installed from a web browser on any operating system, provided your VPN server is configured to support it. If you want to check, hit your VPN server in a browser. If you see a login screen, log in with your normal VPN credentials and you should be able to install AnyConnect from there.

All isn't rosy with this picture on Linux, however. The browser-based install doesn't work (or didn't for me at least), and while you can download a Linux version of the installer, the installer runs fine but the client throws some errors when you attempt to connect to your VPN. Specifically in my case it was throwing a "no valid certificates" error or something along those lines. As usual there's a relatively simple solution, but it took some digging.

AnyConnect relies on libraries that are distributed with Firefox, but AnyConnect expects these libraries to be located under /usr/local/firefox. On Ubuntu they're located elsewhere so AnyConnect chokes when it's trying to connect.

Once you have AnyConnect installed, go through the following steps to get things working. Also make sure the daemon is running; check using ps -ef | grep vpn and if it isn't running, do sudo /etc/init.d/vpnagentd_init start to fire that up.

  1. Download Firefox from Yes, I know, you already have it installed, but download a fresh copy anyway. Although you may be able to leverage your existing copy, I went this route just to be sure nothing interfered with the copy I use all day every day. I read some things that seemed to indicate you needed to get the 32-bit version if you're on a 64-bit OS, but that wasn't the case for me. I suppose if you have a 32-bit version of AnyConnect you'd want to get the 32-bit version of Firefox.

  2. Untar Firefox into /usr/local/firefox

  3. Create symlinks in /opt/cisco/vpn/lib to the following files, all of which are located in /usr/local/firefox:
    (Thanks to casevh in this thread for the list of libraries)

  4. Launch AnyConnect (/opt/cisco/vpn/bin/vpnui). From what I read you should not be launching AnyConnect as root or by using sudo.

  5. After the client launches, enter the host to which you want to connect.

  6. Accept the certificate provided by the server.

  7. Enter your user name and password as you normally do.

That's it--you should be in. Note that if you're used to using a profile file with a different VPN client, AnyConnect (at least based on my 1/2 day of experience) seems to work differently, so a user name and password should be all you need. If you're using a SecurID token of course you'll use that as your password.


Popular posts from this blog

Installing and Configuring NextPVR as a Replacement for Windows Media Center

If you follow me on Google+ you'll know I had a recent rant about Windows Media Center, which after running fine for about a year suddenly decided as of January 29 it was done downloading the program guide and by extension was therefore done recording any TV shows.

I'll spare you more ranting and simply say that none of the suggestions I got (which I appreciate!) worked, and rather than spending more time figuring out why, I decided to try something different.

NextPVR is an awesome free (as in beer, not as in freedom unfortunately ...) PVR application for Windows that with a little bit of tweaking handily replaced Windows Media Center. It can even download guide data, which is apparently something WMC no longer feels like doing.

Background I wound up going down this road in a rather circuitous way. My initial goal for the weekend project was to get Raspbmc running on one of my Raspberry Pis. The latest version of XBMC has PVR functionality so I was anxious to try that out as a …

Running a Django Application on Windows Server 2012 with IIS

This is a first for me since under normal circumstances we run all our Django applications on Linux with Nginx, but we're in the process of developing an application for another department and due to the requirements around this project, we'll be handing the code off to them to deploy. They don't have any experience with Linux or web servers other than IIS, so I recently took up the challenge of figuring out how to run Django applications on Windows Server 2012 with IIS.

Based on the dated or complete lack of information around this I'm assuming it's not something that's very common in the wild, so I thought I'd share what I came up with in case others need to do this.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Assumptions and CaveatsThe operating system is Windows Server 2012 R2, 64-bit. If another variant of the operating system is being used, these instructions may not work properly.All of the soft…

Fixing DPI Scaling Issues in Skype for Business on Windows 10

My setup for my day job these days is a Surface Pro 4 and either an LG 34UC87M-B or a Dell P2715Q monitor, depending on where I'm working. This is a fantastic setup, but some applications have trouble dealing with the high pixel density and don't scale appropriately.
One case in point is Skype for Business. For some reason it scales correctly as I move between the Surface screen and the external monitor when I use the Dell, but on the LG monitor Skype is either massive on the external monitor, or tiny on the Surface screen.
After a big of digging around I came across a solution that worked for me, which is to change a setting in Skype's manifest file (who knew there was one?). On my machine the file is here: C:\Program Files\Microsoft Office\Office16\LYNC.EXE.MANIFEST
And the setting in question is this:
Which I changed to this: <dpiAware>False/PM</dpiAware>
Note that you'll probably have to edit the file as administr…