Skip to main content

Cisco AnyConnect VPN Client on 64-Bit Ubuntu 10.04

I outlined much of this in a previous blog post, but since things are slightly different (or at least were for me) on Ubuntu 10.04, I figured I'd do a follow-up while it was fresh in my mind. Note that if you're on 32-bit Ubuntu AnyConnect works out of the box so you don't need to do any of these steps. The issue is that there is no native 64-bit AnyConnect client for Linux so you have to install some 32-bit libraries and point AnyConnect to some libraries from Firefox to get things working.

The basic procedure remains the same as in my previous post, but I had to install some additional libraries and do things in a slightly different order this time around.



  1. Download the AnyConnect installer from your VPN server or get a copy from your VPN administrator. (Why these clients aren't freely available I have no idea. You can only connect to something that someone paid Cisco for, so I'm not sure why the clients can't just be out in the wild. If you Scroogle around you may find some download links here and there but of course use at your own risk if you don't get the client from an authorized source.)

  2. Do a chmod +x on the installer (which for me was called vpnsetup.sh) and then run the installer using sudo. This will throw a couple of errors but they can safely be ignored.

  3. Install ia32-libs and lib32nss-mdns

    • sudo apt-get install ia32-libs lib32nss-mdns



  4. Download a fresh copy of Firefox, expand, and move to /usr/local

    • I downloaded to my Downloads directory, expanded there, and did sudo cp -R firefox /usr/local



  5. Do a cd into /usr/local/firefox and create symlinks for the Firefox libraries in /opt/cisco/vpn/lib as follows:

    • sudo ln -s libnss3.so /opt/cisco/vpn/lib/libnss3.so

    • sudo ln -s libplc4.so /opt/cisco/vpn/lib/libplc4.so

    • sudo ln -s libnspr4.so /opt/cisco/vpn/lib/libnspr4.so

    • sudo ln -s libsmime3.so /opt/cisco/vpn/lib/libsmime3.so

    • sudo ln -s libsoftokn3.so /opt/cisco/vpn/lib/libsoftokn3.so

    • sudo ln -s libnssdbm3.so /opt/cisco/vpn/lib/libnssdbm3.so

    • sudo ln -s libfreebl3.so /opt/cisco/vpn/lib/libfreebl3.so

    • sudo ln -s libnssutil3.so /opt/cisco/vpn/lib/libnssutil3.so

    • sudo ln -s libplds4.so /opt/cisco/vpn/lib/libplds4.so

    • sudo ln -s libsqlite3.so /opt/cisco/vpn/lib/libsqlite3.so



  6. Start the VPN daemon: sudo /etc/init.d/vpnagentd_init start (If it doesn't start without errors, double-check all your symlinks.)

  7. Launch AnyConnect. You should have a launcher under Applications -> Internet, but If not you can launch it from /opt/cisco/vpn/bin/vpnui using your normal user account (i.e. not using sudo).


After AnyConnect launches you can enter your VPN server address, accept the certificate, and log in as per usual.

Comments

dustinmcquay said…
You are awesome for writing this. I am running Ubuntu 10.04 64 bit and these instructions worked perfectly for me.
Matthew Woodward said…
Great! Glad this helped.
Anonymous said…
Hello Matt, trying to setup VPN, when i try to install the one provided by my company it gives compilation error.. Using UBUNTU 10.04make -C /lib/modules/2.6.32-22-generic/build SUBDIRS=/home/anitha/Downloads/vpnclient modulesmake[1]: Entering directory `/usr/src/linux-headers-2.6.32-22-generic' CC [M] /home/anitha/Downloads/vpnclient/linuxcniapi.o CC [M] /home/anitha/Downloads/vpnclient/frag.o CC [M] /home/anitha/Downloads/vpnclient/IPSecDrvOS_linux.o CC [M] /home/anitha/Downloads/vpnclient/interceptor.o/home/anitha/Downloads/vpnclient/interceptor.c: In function ‘interceptor_init’:/home/anitha/Downloads/vpnclient/interceptor.c:132: error: ‘struct net_device’ has no member named ‘hard_start_xmit’/home/anitha/Downloads/vpnclient/interceptor.c:133: error: ‘struct net_device’ has no member named ‘get_stats’/home/anitha/Downloads/vpnclient/interceptor.c:134: error: ‘struct net_device’ has no member named ‘do_ioctl’/home/anitha/Downloads/vpnclient/interceptor.c: In function ‘add_netdev’:/home/anitha/Downloads/vpnclient/interceptor.c:271: error: ‘struct net_device’ has no member named ‘hard_start_xmit’/home/anitha/Downloads/vpnclient/interceptor.c:272: error: ‘struct net_device’ has no member named ‘hard_start_xmit’/home/anitha/Downloads/vpnclient/interceptor.c: In function ‘remove_netdev’:/home/anitha/Downloads/vpnclient/interceptor.c:294: error: ‘struct net_device’ has no member named ‘hard_start_xmit’make[2]: *** [/home/anitha/Downloads/vpnclient/interceptor.o] Error 1make[1]: *** [_module_/home/anitha/Downloads/vpnclient] Error 2make[1]: Leaving directory `/usr/src/linux-headers-2.6.32-22-generic'make: *** [default] Error 2Failed to make module "cisco_ipsec.ko".Can you pls help
Matthew Woodward said…
I haven't used the regular Cisco client in quite some time--before I started using AnyConnect I used vpnc which worked much better for me than the regular Cisco client did.I'd strongly suggest using AnyConnect if you can. If you can't use AnyConnect, last time I compiled the client it worked fine but that's been ages ago, and one of the big reasons I quit using the regular client is because it tends to break every time the kernel gets any updates. Sorry I don't have anything more concrete for you to go on.
Anonymous said…
Hey Matt, can you provide step by step instruction for anyconnect installation pls also with the tar files needed... thanks in advance
Matthew Woodward said…
There aren't any tar files--you should just be able to hit your VPN server in a browser, log in, download the installer, and run it. That's really all there is to it.If your VPN server isn't set up to let you log in via a web browser and download AnyConnect, you'll want to talk to your VPN server administrators to see if they can get you the installer. Once you have the installer you can follow the instructions in this post and you'll be in good shape.
Josh Cummings said…
Worked like a charm. Thanks! By the way, the first symlink command in your list might have a typo. It says this:sudo ln -s libnss3.so /opt/cisco/vpn/lib/nss3.soBut, I think it should be this:sudo ln -s libnss3.so /opt/cisco/vpn/lib/libnss3.so
Matthew Woodward said…
Ah thanks--I'll get that fixed. Could be that later versions changed things a bit as well but if you just did this recently and that was the right thing, I'll assume you're right. ;-) Thanks for the update!
tomasfromsaris said…
You saved me man! Thanks a lot for sharingT.
douglasjboehme said…
I just installed Ubuntu 11.04 64bit and tried this with Firefox 4.0 and 4.01 both 32 bit and 64 bit, no luck. No errors occur until trying to enter the VPN server name and it's gets the certificate rejection message. Anyone else had any luck?
douglasjboehme said…
SUCCESS! Please ignore my previous comment.I took one last ditch effort by removing the links and copying the 32bit libs from /usr/local/firefox into /opt/cisco/vpn/liib and it worked. From what I could see, the permissions for the links and libraries were the same so I'm not sure what was happening.Just in case anyone is looking, the 32bit Firefox install will end in 686.tar.bz2.
Matthew Woodward said…
Excellent! Thanks for sharing.
Franco Sabadini said…
Hi there,I couldn't make it work on ubuntu 11.04, I downloaded firefox-7.0a1.en-US.linux-i686.tar.bz2 and copied the .so files needed to /opt/cisco/vpn/lib/ (except for libsqlite3.so, cause it wasn't there).Any idea what could be wrong?Thanks.
Matthew Woodward said…
Try these instructions maybe:http://blog.mattwoodward.com/cisco-anyconnect-vpn-client-on-64-bit-linuxmi
David Sinex said…
I have this working Ubuntu 11.04 64bit. I was having trouble even downloading the client from the server at UBC. (myvpn.ubc.ca) To do get my browser to download I did, 'setarch i386 firefox -no-remote'. Downloaded the vpn client. I then followed the instructions on this page almost exactly except I found that libsqlite3.so is nowcalled libmozsqlite3.so in the latest firefox 6.0.
dwmw2 said…
Why would you do this? Ubuntu has built-in support for the AnyConnect VPN, properly integrated into NetworkManager. Just make sure you have the network-manager-openconnect package installed.
Shawn Tabai said…
@dwmw2 is a lifesaver! I've been looking for a solution that would work for me for hours (the one in this blog as well as several others didn't work for me in Ubuntu 11.10 x64). After reading his reply, I simply executed the following in a terminal:sudo apt-get install network-manager-openconnectAfter that, I could configure the VPN using the built-in network manager tool. Thanks a million, this is perfect!

Popular posts from this blog

Installing and Configuring NextPVR as a Replacement for Windows Media Center

If you follow me on Google+ you'll know I had a recent rant about Windows Media Center, which after running fine for about a year suddenly decided as of January 29 it was done downloading the program guide and by extension was therefore done recording any TV shows.

I'll spare you more ranting and simply say that none of the suggestions I got (which I appreciate!) worked, and rather than spending more time figuring out why, I decided to try something different.

NextPVR is an awesome free (as in beer, not as in freedom unfortunately ...) PVR application for Windows that with a little bit of tweaking handily replaced Windows Media Center. It can even download guide data, which is apparently something WMC no longer feels like doing.

Background I wound up going down this road in a rather circuitous way. My initial goal for the weekend project was to get Raspbmc running on one of my Raspberry Pis. The latest version of XBMC has PVR functionality so I was anxious to try that out as a …

Setting Up Django On a Raspberry Pi

This past weekend I finally got a chance to set up one of my two Raspberry Pis to use as a Django server so I thought I'd share the steps I went through both to save someone else attempting to do this some time as well as get any feedback in case there are different/better ways to do any of this.

I'm running this from my house (URL forthcoming once I get the real Django app finalized and put on the Raspberry Pi) using dyndns.org. I don't cover that aspect of things in this post but I'm happy to write that up as well if people are interested.

General Comments and Assumptions

Using latest Raspbian “wheezy” distro as of 1/19/2013 (http://www.raspberrypi.org/downloads)We’lll be using Nginx (http://nginx.org) as the web server/proxy and Gunicorn (http://gunicorn.org) as the WSGI serverI used http://www.apreche.net/complete-single-server-django-stack-tutorial/ heavily as I was creating this, so many thanks to the author of that tutorial. If you’re looking for more details on …

The Definitive Guide to CouchDB Authentication and Security

With a bold title like that I suppose I should clarify a bit. I finally got frustrated enough with all the disparate and seemingly incomplete information on this topic to want to gather everything I know about this topic into a single place, both so I have it for my own reference but also in the hopes that it will help others.Since CouchDB is just an HTTP resource and can be secured at that level along the same lines as you'd secure any HTTP resource, I should also point out that I will not be covering things like putting a proxy in front of CouchDB, using SSL with CouchDB, or anything along those lines. This post is strictly limited to how authentication and security work within CouchDB itself.CouchDB security is powerful and granular but frankly it's also a bit quirky and counterintuitive. What I'm outlining here is my understanding of all of this after taking several runs at it, reading everything I could find on the Internet (yes, the whole Internet!), and a great deal…