Skip to main content

Cisco AnyConnect VPN Client on 64-Bit Ubuntu 9.10

I've been using vpnc as my VPN client on Ubuntu for quite some time now, but vpnc allows for split tunneling (meaning I'm on the VPN but I can still access my local network), and, well, let's just say some network security folks don't like that. ;-) I looked into disabling split tunneling on vpnc and I didn't find any conclusive answers, so it was time to look for an alternative VPN client for Cisco VPNs.

Cisco AnyConnect is a VPN client that can (in theory) be installed from a web browser on any operating system, provided your VPN server is configured to support it. If you want to check, hit your VPN server in a browser. If you see a login screen, log in with your normal VPN credentials and you should be able to install AnyConnect from there.

All isn't rosy with this picture on Linux, however. The browser-based install doesn't work (or didn't for me at least), and while you can download a Linux version of the installer, the installer runs fine but the client throws some errors when you attempt to connect to your VPN. Specifically in my case it was throwing a "no valid certificates" error or something along those lines. As usual there's a relatively simple solution, but it took some digging.

AnyConnect relies on libraries that are distributed with Firefox, but AnyConnect expects these libraries to be located under /usr/local/firefox. On Ubuntu they're located elsewhere so AnyConnect chokes when it's trying to connect.

Once you have AnyConnect installed, go through the following steps to get things working. Also make sure the daemon is running; check using ps -ef | grep vpn and if it isn't running, do sudo /etc/init.d/vpnagentd_init start to fire that up.



  1. Download Firefox from mozilla.com. Yes, I know, you already have it installed, but download a fresh copy anyway. Although you may be able to leverage your existing copy, I went this route just to be sure nothing interfered with the copy I use all day every day. I read some things that seemed to indicate you needed to get the 32-bit version if you're on a 64-bit OS, but that wasn't the case for me. I suppose if you have a 32-bit version of AnyConnect you'd want to get the 32-bit version of Firefox.

  2. Untar Firefox into /usr/local/firefox

  3. Create symlinks in /opt/cisco/vpn/lib to the following files, all of which are located in /usr/local/firefox:
    libnss3.so
    libplc4.so
    libnspr4.so
    libsmime3.so
    libsoftokn3.so
    libnssdbm3.so
    libfreebl3.so
    libnssutil3.so
    libplds4.so
    libsqlite3.so
    (Thanks to casevh in this thread for the list of libraries)

  4. Launch AnyConnect (/opt/cisco/vpn/bin/vpnui). From what I read you should not be launching AnyConnect as root or by using sudo.

  5. After the client launches, enter the host to which you want to connect.

  6. Accept the certificate provided by the server.

  7. Enter your user name and password as you normally do.


That's it--you should be in. Note that if you're used to using a profile file with a different VPN client, AnyConnect (at least based on my 1/2 day of experience) seems to work differently, so a user name and password should be all you need. If you're using a SecurID token of course you'll use that as your password.

Comments

Popular posts from this blog

Installing and Configuring NextPVR as a Replacement for Windows Media Center

If you follow me on Google+ you'll know I had a recent rant about Windows Media Center, which after running fine for about a year suddenly decided as of January 29 it was done downloading the program guide and by extension was therefore done recording any TV shows.

I'll spare you more ranting and simply say that none of the suggestions I got (which I appreciate!) worked, and rather than spending more time figuring out why, I decided to try something different.

NextPVR is an awesome free (as in beer, not as in freedom unfortunately ...) PVR application for Windows that with a little bit of tweaking handily replaced Windows Media Center. It can even download guide data, which is apparently something WMC no longer feels like doing.

Background I wound up going down this road in a rather circuitous way. My initial goal for the weekend project was to get Raspbmc running on one of my Raspberry Pis. The latest version of XBMC has PVR functionality so I was anxious to try that out as a …

Setting Up Django On a Raspberry Pi

This past weekend I finally got a chance to set up one of my two Raspberry Pis to use as a Django server so I thought I'd share the steps I went through both to save someone else attempting to do this some time as well as get any feedback in case there are different/better ways to do any of this.

I'm running this from my house (URL forthcoming once I get the real Django app finalized and put on the Raspberry Pi) using dyndns.org. I don't cover that aspect of things in this post but I'm happy to write that up as well if people are interested.

General Comments and Assumptions

Using latest Raspbian “wheezy” distro as of 1/19/2013 (http://www.raspberrypi.org/downloads)We’lll be using Nginx (http://nginx.org) as the web server/proxy and Gunicorn (http://gunicorn.org) as the WSGI serverI used http://www.apreche.net/complete-single-server-django-stack-tutorial/ heavily as I was creating this, so many thanks to the author of that tutorial. If you’re looking for more details on …

The Definitive Guide to CouchDB Authentication and Security

With a bold title like that I suppose I should clarify a bit. I finally got frustrated enough with all the disparate and seemingly incomplete information on this topic to want to gather everything I know about this topic into a single place, both so I have it for my own reference but also in the hopes that it will help others.Since CouchDB is just an HTTP resource and can be secured at that level along the same lines as you'd secure any HTTP resource, I should also point out that I will not be covering things like putting a proxy in front of CouchDB, using SSL with CouchDB, or anything along those lines. This post is strictly limited to how authentication and security work within CouchDB itself.CouchDB security is powerful and granular but frankly it's also a bit quirky and counterintuitive. What I'm outlining here is my understanding of all of this after taking several runs at it, reading everything I could find on the Internet (yes, the whole Internet!), and a great deal…