Skip to main content

Cisco AnyConnect VPN Client on 64-Bit Ubuntu 10.04

I outlined much of this in a previous blog post, but since things are slightly different (or at least were for me) on Ubuntu 10.04, I figured I'd do a follow-up while it was fresh in my mind. Note that if you're on 32-bit Ubuntu AnyConnect works out of the box so you don't need to do any of these steps. The issue is that there is no native 64-bit AnyConnect client for Linux so you have to install some 32-bit libraries and point AnyConnect to some libraries from Firefox to get things working.

The basic procedure remains the same as in my previous post, but I had to install some additional libraries and do things in a slightly different order this time around.

  1. Download the AnyConnect installer from your VPN server or get a copy from your VPN administrator. (Why these clients aren't freely available I have no idea. You can only connect to something that someone paid Cisco for, so I'm not sure why the clients can't just be out in the wild. If you Scroogle around you may find some download links here and there but of course use at your own risk if you don't get the client from an authorized source.)

  2. Do a chmod +x on the installer (which for me was called and then run the installer using sudo. This will throw a couple of errors but they can safely be ignored.

  3. Install ia32-libs and lib32nss-mdns

    • sudo apt-get install ia32-libs lib32nss-mdns

  4. Download a fresh copy of Firefox, expand, and move to /usr/local

    • I downloaded to my Downloads directory, expanded there, and did sudo cp -R firefox /usr/local

  5. Do a cd into /usr/local/firefox and create symlinks for the Firefox libraries in /opt/cisco/vpn/lib as follows:

    • sudo ln -s /opt/cisco/vpn/lib/

    • sudo ln -s /opt/cisco/vpn/lib/

    • sudo ln -s /opt/cisco/vpn/lib/

    • sudo ln -s /opt/cisco/vpn/lib/

    • sudo ln -s /opt/cisco/vpn/lib/

    • sudo ln -s /opt/cisco/vpn/lib/

    • sudo ln -s /opt/cisco/vpn/lib/

    • sudo ln -s /opt/cisco/vpn/lib/

    • sudo ln -s /opt/cisco/vpn/lib/

    • sudo ln -s /opt/cisco/vpn/lib/

  6. Start the VPN daemon: sudo /etc/init.d/vpnagentd_init start (If it doesn't start without errors, double-check all your symlinks.)

  7. Launch AnyConnect. You should have a launcher under Applications -> Internet, but If not you can launch it from /opt/cisco/vpn/bin/vpnui using your normal user account (i.e. not using sudo).

After AnyConnect launches you can enter your VPN server address, accept the certificate, and log in as per usual.


dustinmcquay said…
You are awesome for writing this. I am running Ubuntu 10.04 64 bit and these instructions worked perfectly for me.
Matthew Woodward said…
Great! Glad this helped.
Anonymous said…
Hello Matt, trying to setup VPN, when i try to install the one provided by my company it gives compilation error.. Using UBUNTU 10.04make -C /lib/modules/2.6.32-22-generic/build SUBDIRS=/home/anitha/Downloads/vpnclient modulesmake[1]: Entering directory `/usr/src/linux-headers-2.6.32-22-generic' CC [M] /home/anitha/Downloads/vpnclient/linuxcniapi.o CC [M] /home/anitha/Downloads/vpnclient/frag.o CC [M] /home/anitha/Downloads/vpnclient/IPSecDrvOS_linux.o CC [M] /home/anitha/Downloads/vpnclient/interceptor.o/home/anitha/Downloads/vpnclient/interceptor.c: In function ‘interceptor_init’:/home/anitha/Downloads/vpnclient/interceptor.c:132: error: ‘struct net_device’ has no member named ‘hard_start_xmit’/home/anitha/Downloads/vpnclient/interceptor.c:133: error: ‘struct net_device’ has no member named ‘get_stats’/home/anitha/Downloads/vpnclient/interceptor.c:134: error: ‘struct net_device’ has no member named ‘do_ioctl’/home/anitha/Downloads/vpnclient/interceptor.c: In function ‘add_netdev’:/home/anitha/Downloads/vpnclient/interceptor.c:271: error: ‘struct net_device’ has no member named ‘hard_start_xmit’/home/anitha/Downloads/vpnclient/interceptor.c:272: error: ‘struct net_device’ has no member named ‘hard_start_xmit’/home/anitha/Downloads/vpnclient/interceptor.c: In function ‘remove_netdev’:/home/anitha/Downloads/vpnclient/interceptor.c:294: error: ‘struct net_device’ has no member named ‘hard_start_xmit’make[2]: *** [/home/anitha/Downloads/vpnclient/interceptor.o] Error 1make[1]: *** [_module_/home/anitha/Downloads/vpnclient] Error 2make[1]: Leaving directory `/usr/src/linux-headers-2.6.32-22-generic'make: *** [default] Error 2Failed to make module "cisco_ipsec.ko".Can you pls help
Matthew Woodward said…
I haven't used the regular Cisco client in quite some time--before I started using AnyConnect I used vpnc which worked much better for me than the regular Cisco client did.I'd strongly suggest using AnyConnect if you can. If you can't use AnyConnect, last time I compiled the client it worked fine but that's been ages ago, and one of the big reasons I quit using the regular client is because it tends to break every time the kernel gets any updates. Sorry I don't have anything more concrete for you to go on.
Anonymous said…
Hey Matt, can you provide step by step instruction for anyconnect installation pls also with the tar files needed... thanks in advance
Matthew Woodward said…
There aren't any tar files--you should just be able to hit your VPN server in a browser, log in, download the installer, and run it. That's really all there is to it.If your VPN server isn't set up to let you log in via a web browser and download AnyConnect, you'll want to talk to your VPN server administrators to see if they can get you the installer. Once you have the installer you can follow the instructions in this post and you'll be in good shape.
Josh Cummings said…
Worked like a charm. Thanks! By the way, the first symlink command in your list might have a typo. It says this:sudo ln -s /opt/cisco/vpn/lib/nss3.soBut, I think it should be this:sudo ln -s /opt/cisco/vpn/lib/
Matthew Woodward said…
Ah thanks--I'll get that fixed. Could be that later versions changed things a bit as well but if you just did this recently and that was the right thing, I'll assume you're right. ;-) Thanks for the update!
tomasfromsaris said…
You saved me man! Thanks a lot for sharingT.
douglasjboehme said…
I just installed Ubuntu 11.04 64bit and tried this with Firefox 4.0 and 4.01 both 32 bit and 64 bit, no luck. No errors occur until trying to enter the VPN server name and it's gets the certificate rejection message. Anyone else had any luck?
douglasjboehme said…
SUCCESS! Please ignore my previous comment.I took one last ditch effort by removing the links and copying the 32bit libs from /usr/local/firefox into /opt/cisco/vpn/liib and it worked. From what I could see, the permissions for the links and libraries were the same so I'm not sure what was happening.Just in case anyone is looking, the 32bit Firefox install will end in 686.tar.bz2.
Matthew Woodward said…
Excellent! Thanks for sharing.
Franco Sabadini said…
Hi there,I couldn't make it work on ubuntu 11.04, I downloaded firefox-7.0a1.en-US.linux-i686.tar.bz2 and copied the .so files needed to /opt/cisco/vpn/lib/ (except for, cause it wasn't there).Any idea what could be wrong?Thanks.
Matthew Woodward said…
Try these instructions maybe:
David Sinex said…
I have this working Ubuntu 11.04 64bit. I was having trouble even downloading the client from the server at UBC. ( To do get my browser to download I did, 'setarch i386 firefox -no-remote'. Downloaded the vpn client. I then followed the instructions on this page almost exactly except I found that is nowcalled in the latest firefox 6.0.
dwmw2 said…
Why would you do this? Ubuntu has built-in support for the AnyConnect VPN, properly integrated into NetworkManager. Just make sure you have the network-manager-openconnect package installed.
Shawn Tabai said…
@dwmw2 is a lifesaver! I've been looking for a solution that would work for me for hours (the one in this blog as well as several others didn't work for me in Ubuntu 11.10 x64). After reading his reply, I simply executed the following in a terminal:sudo apt-get install network-manager-openconnectAfter that, I could configure the VPN using the built-in network manager tool. Thanks a million, this is perfect!

Popular posts from this blog

Installing and Configuring NextPVR as a Replacement for Windows Media Center

If you follow me on Google+ you'll know I had a recent rant about Windows Media Center, which after running fine for about a year suddenly decided as of January 29 it was done downloading the program guide and by extension was therefore done recording any TV shows.

I'll spare you more ranting and simply say that none of the suggestions I got (which I appreciate!) worked, and rather than spending more time figuring out why, I decided to try something different.

NextPVR is an awesome free (as in beer, not as in freedom unfortunately ...) PVR application for Windows that with a little bit of tweaking handily replaced Windows Media Center. It can even download guide data, which is apparently something WMC no longer feels like doing.

Background I wound up going down this road in a rather circuitous way. My initial goal for the weekend project was to get Raspbmc running on one of my Raspberry Pis. The latest version of XBMC has PVR functionality so I was anxious to try that out as a …

Running a Django Application on Windows Server 2012 with IIS

This is a first for me since under normal circumstances we run all our Django applications on Linux with Nginx, but we're in the process of developing an application for another department and due to the requirements around this project, we'll be handing the code off to them to deploy. They don't have any experience with Linux or web servers other than IIS, so I recently took up the challenge of figuring out how to run Django applications on Windows Server 2012 with IIS.

Based on the dated or complete lack of information around this I'm assuming it's not something that's very common in the wild, so I thought I'd share what I came up with in case others need to do this.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Assumptions and CaveatsThe operating system is Windows Server 2012 R2, 64-bit. If another variant of the operating system is being used, these instructions may not work properly.All of the soft…

Fixing DPI Scaling Issues in Skype for Business on Windows 10

My setup for my day job these days is a Surface Pro 4 and either an LG 34UC87M-B or a Dell P2715Q monitor, depending on where I'm working. This is a fantastic setup, but some applications have trouble dealing with the high pixel density and don't scale appropriately.
One case in point is Skype for Business. For some reason it scales correctly as I move between the Surface screen and the external monitor when I use the Dell, but on the LG monitor Skype is either massive on the external monitor, or tiny on the Surface screen.
After a big of digging around I came across a solution that worked for me, which is to change a setting in Skype's manifest file (who knew there was one?). On my machine the file is here: C:\Program Files\Microsoft Office\Office16\LYNC.EXE.MANIFEST
And the setting in question is this:
Which I changed to this: <dpiAware>False/PM</dpiAware>
Note that you'll probably have to edit the file as administr…