This document contains instructions on how to obtain, install and configure the Cisco AnyConnect Secure Mobility Client (formerly the AnyConnect VPN Client) to access the OUCS VPN Service on systems running Linux.

Cisco state that version 3.1 of the client fully supports installation on the following linux distributions.
  • Red Hat Enterprise Linux 6.x (32-bit)
  • Red Hat Enterprise Linux (64-bit)
  • Ubuntu 9.x, 10.x, and 11.x (32-bit)
  • and Ubuntu 12.04 and 12.10 (64-bit)
However the client may also install and run successfully on other linux distributions that fulfil the underlying requirements detailed in the Release Notes.

If the VPN installation isn't supported or successful on your system there is an Open Source VPN client called VPNC which you may be able to use instead. We provide some guidance on configuring the VPNC client.

In order to use the VPN service, you will need to have the necessary Remote Access Services username and password. For details see the online self registration service page.

Please make sure that you have read the introduction and general requirements, which apply to all VPN clients, before attempting to configure your computer or mobile device to connect to the VPN.

1. Installing and Configuring the Cisco AnyConnect Client

1.1. Obtaining the AnyConnect Client Software

Note that because of the number of different Linux distributions we cannot give exact instructions for every system. We provide guidelines for downloading and unpacking the file needed to install the AnyConnect VPN client but assume some familiarity with the command line and downloading and unpacking archives on your system.

In order to use the VPN service you must install the Cisco AnyConnect Client software, which you may download from the OUCS self-registration pages.

  1. Log in to the OUCS self-registration pages at https://register.it.ox.ac.uk/software
  2. Click on [VPN Client] in the list shown.
    Software Registration and Download page with list of available software
                  packages
  3. If you have not registered to use the VPN software, you will be prompted to do so.
  4. Once registered, you should see the VPN Client download page. Choose the download that is correct for your operating system; for example AnyConnect Client for Linux.
  5. If you are prompted as to what to do with the downloaded file, look to see whether you are offered the option to open with an archive manager. If you are, choose this option and then extract the contents (a folder called ciscovpn) to a suitable location. If not choose the option to [Save] and save the file (called something similar to anyconnect-vpn-linux.tar.gz) to a convenient temporary storage location on your computer's hard disk. Make a note of where you saved the file or extracted the ciscovpn folder.

Use of the VPN client software is restricted to users of the OUCS Remote Access Service only — see the web page Usage Terms for Software Agreements for details.

1.2. Installing the AnyConnect Client Software

  1. If necessary unpack the downloaded file. You may have already done this as part of the download, in which case you should have a folder called ciscovpn. If you have not unpacked the file, try double-clicking on it and see whether this unpacks the file or opens an archive manager that will allow you to extract the ciscovpn folder. If you cannot use this method to unpack the file, the following should always work.
    • Open a terminal window (shell). The method will vary depending on your distribution; typically you will find this command under the [Applications] menu, usually in one of the following folders depending on your distribution:— [Accessories], [System Tools] or [System].
    • Change directory to the location where you saved the downloaded file. If you're not familiar with using the command line the following commands will change directory to some standard locations.
      • cd ~/ (change to your home folder)
      • cd ~/Desktop (change to your Desktop folder)
      • cd ~/Documents (change to your Documents folder)
    • Unpack the file using the command tar -xzvf filename where filename is the name of the file you downloaded. For example tar -xzvf anyconnect-vpn-linux-v3.tar.gz. This will create a folder called ciscovpn containing the files needed for installation.
  2. If you haven't already opened a terminal windows (shell) then do so. If you're not sure how to do this, refer to the previous step above.
  3. Change into the ciscovpn directory. If you're not familiar with using the command line the following commands will change directory to some standard locations where you may have unpacked the folder.
    • cd ~/ciscovpn (if you unpacked the folder into your home folder)
    • cd ~/Desktop/ciscovpn (if you unpacked the folder into your Desktop folder)
    • cd ~/Documents/ciscovpn (if you unpacked the folder into your Documents folder)
  4. Start the installation program using the following command. sudo ./vpn_install.sh
  5. The licence agreement will be displayed and you will be asked whether you accept the terms of the agreement. Type Y and press Enter if you agree.
  6. The installation should be very quick and you shouldn't be prompted for any further information. If the installation is successful you will see that the VPN agent is started as shown in the figure below.
    Installation screen
    Figure 1. Installing

1.3. Making the AnyConnect VPN Connection

  1. First make sure that you have connected to the Internet as you usually do, using either your broadband connection or a dialup connection (remember AOL, both dialup or broadband, is unsupported and may not work).
  2. Choose the [Cisco AnyConnect Secure Mobility Client] program from the [Applications] menu. This is most likely to be in a folder, also called [Cisco AnyConnect Secure Mobility Client], under [Internet]. However it may also show up initially under a folder called [Other] and then move to the [Internet] folder after you next reboot. Earlier versions of the AnyConnect client may show up directly under [Internet] and are called [Cisco AnyConnect VPN Client]. Two possible arrangements are shown below.

    If you can't find the link on the [Applications] menu then you can start the client from a terminal session by running the vpnui command from the location where it has been installed. On Ubuntu the command would be /opt/cisco/vpn/bin/vpnui and it may be the same on other linux distributions.

    Running the VPN Client program
    Figure 2. AnyConnect menu item (version 3.x client)
    Running the VPN Client program
    Figure 3. AnyConnect menu item (version 2.x client)
  3. The first time you run the program, you will need to enter vpn.ox.ac.uk and click on Connect.
    Starting the AnyConnect VPN Client program first time
    Figure 4. Running the client
    After a couple of seconds you will then be prompted to fill in your username and password. Please remember to use your Remote Access Account details.
    Enter account details (first time)
    Figure 5. Connecting
    Finally click on Connect. Note that when you run the client next time, the Connect to: box will be populated and you should see the username and password box automatically.

  4. If the connection is successful, you should see an icon with a padlock on the menu bar near the clock. The icon will look different depending on whether you are running the older (version 2.x) or the newer (version 3.x) client.
    AnyConnect VPN Connection icon
    Figure 6. AnyConnect VPN connected (version 3.x)
    AnyConnect VPN Connection icon
    Figure 7. AnyConnect VPN connected (version 2.x)
  5. If the connection is not successful, the icon will not show the padlock. Again the icon will look different depending on whether you are running the older (version 2.x) or the newer (version 3.x) client.
    AnyConnect VPN Connection icon (disconnected)
    Figure 8. AnyConnect VPN disconnected (version 3.x)
    AnyConnect VPN Connection icon (disconnected)
    Figure 9. AnyConnect VPN disconnected (version 2.x)

2. Closing the AnyConnect VPN Connection

  1. Right-click on the AnyConnect VPN Connection icon in the menu bar.
    VPN Connection icon
  2. On the menu that appears, select [Disconnect] and click with the left mouse button.
    AnyConnect VPN Connection icon and pop-up menu showing Open AnyConnect, Disconnect,
                Quit
  3. The padlock will disappear from the icon. This means the VPN connection is terminated but that the VPN client software is still loaded.
    AnyConnect VPN Connection icon (disconnected)
  4. If you want to reconnect you can right-click on the VPN and choose [Connect] to re-open the program. If you want to completely quit the VPN client you choose [Quit] instead. The icon should then disappear from your screen.
    AnyConnect VPN Open AnyConnect or Quit
  5. Note that if your internet connection should be interrupted at any time, perhaps because you are using a wireless connection and it has disconnected temporarily, then you will have to re-establish your VPN connection as described above.

3. Further Information

For answers to common questions and solutions to any more frequently encountered problems please see the Frequently Asked Questions for Cisco AnyConnect VPN Client web page. For further information you can also refer to the Cisco AnyConnect VPN Client release notes.