SSL VPN on Linux | computing@ssl

verified on: Ubuntu 18.04, CentOS 6, 7, 8

 
Download SSL Cisco Anyconnect (see the quick links to the right)


Open a terminal window
----------------------
tar zxf anyconnect-linux64-4.8.02045-predeploy-k9.tar.gz
cd anyconnect-linux64-4.8.02045
cd vpn

# installs to:  /opt/cisco
sudo ./vpn_install.sh


Connect to vpn  ( use:  GUI or command line )
--------------
Open a terminal window



Option #1,  start Cisco AnyConnect VPN GUI
---------
enter: /opt/cisco/anyconnect/bin/vpnui



or
Option #2,  start by command line
---------
enter: /opt/cisco/anyconnect/bin/vpn
VPN> connect ssl-vpn.ssl.berkeley.edu

# enroll and use a certificate at this time  (answer: no)
enter:  n

enter: username
enter: password


example.
should see the following

enter: /opt/cisco/anyconnect/bin/vpn

Cisco AnyConnect Secure Mobility Client (version 4.8.02045) .
Copyright (c) 2004 - 2020 Cisco Systems, Inc.  All Rights Reserved.

  >> state: Disconnected
  >> notice: Ready to connect.
..

VPN> connect ssl-vpn.ssl.berkeley.edu
connect ssl-vpn.ssl.berkeley.edu
..

A digital certificate is available for use with
this VPN session. Do you want to enroll and use
a certificate at this time? [y/n]: n

Group: 1-Default

Username: [student123]
Password:

  >> state: Connecting
  >> notice: Establishing VPN session...
..
  >> state: Connected
  >> notice: Connected to ssl-vpn.ssl.berkeley.edu.

VPN>

You can leave the terminal window open
or  "exit" or "quit" - the VPN connection will remain active,
until you enter:   "disconnect"


To check VPN status
----------------------
enter: /opt/cisco/anyconnect/bin/vpn status



To disconnect from VPN
----------------------
enter: /opt/cisco/anyconnect/bin/vpn disconnect
or
enter: /opt/cisco/anyconnect/bin/vpn
VPN> disconnect



Troubleshooting:
---------------

1. SSL is using:  Cisco AnyConnect VPN client
   Download from: 
   https://computing.ssl.berkeley.edu/services/remote-access/vpn-access


2. If you have a MacOS computer, only install the package: "VPN"


3. If you have another VPN client running on your computer, 
   make sure you have disconnected before trying Cisco AnyConnect.


4. On Linux (Ubuntu, CentOS), if VPN connect fails to find the 
   host:  ssl-vpn.ssl.berkeley.edu is   not found

  # try: adding the domain:  ssl.berkeley.edu  to  /etc/resolv.conf
  sudo vi /etc/resolv.conf

  example.
  change from
  search hsd1.ca.comcast.net

  change to
  search hsd1.ca.comcast.net  ssl.berkeley.edu


  Try again.
  enter: /opt/cisco/anyconnect/bin/vpn
  VPN> connect ssl-vpn.ssl.berkeley.edu

Other Options:

If Cisco AnyConnect does not work, try “OpenConnect”

For RedHat Linux systems: ‘yum install openconnect’

For Ubuntu Linux systems: ‘apt-get install openconnect’

last updated on June 2020