Instructions for setting up vpn for Linux
The vpn client used at the HTW is "Cisco AnyConnect".
You can download Cisco AnyConnect for Linux (64bit only) in the internal area after successful authentication using the HTW login and password.
Problem:
AnyConnect version 4.5 or higher does not work anymore, but before that, everything worked. The client now shows only an empty window without controls or does not even start. It may be necessary that an automatic update has already broken off with an error message.
Solution:
As of version 4.5, AnyConnect also requires the library "libnm-glib.so.4" on the system to work. The name of the package is "libnm-glib4" (Debian, Ubuntu and SuSE-Linux) or "NetworkManager-glib" (Fedora). Install the appropriate package and restart the computer. Then AnyConnect should work as usual again. This also helps after a failed automatic update. AnyConnect was updated correctly. It just could not be restarted due to the missing package.
Installation (once)
For VPN access, the VPN client "Cisco AnyConnect" must first be initially installed. The screenshots of this tutorial were created with Ubuntu Linux 16.04. However, the instructions can also be transferred to other Linux distributions. The installation requires the use of the command line. Also, make sure you have administrative privileges on the appropriate system as they are needed during the installation.
First, download the AnyConnect client installer for Linux from the VPN Downloads page.
Attention!
Cisco AnyConnect for Linux uses the certificate store from the Firefox profile of the currently logged in user to verify the validity of server certificates. It is therefore necessary that Firefox is installed on your system and started at least once before using AnyConnect to create a Firefox profile for the current user. Otherwise, when you start the VPN connection, you receive the error message that the server is untrusted.
![[Translate to English:] vpn Linux 01](/fileadmin/HTW/Hochschule/4_Organisation/8_Rechenzentrum/Bilder/VPN-Anleitung/lin/vpn_lin_02.png)
The AnyConnect client only supports the 64-bit system. Therefore, first enter on the command line
- uname -m
and check if the output matches "x86_64". Otherwise, AnyConnect can not be used.
Then switch to the downloads folder, for example, on Ubuntu with:
- cd downloads
![[Translate to English:] vpn Linux 02](/fileadmin/HTW/Hochschule/4_Organisation/8_Rechenzentrum/Bilder/VPN-Anleitung/lin/vpn_lin_03.png)
Then start the installer with root rights, for example, on Ubuntu with:
- sudo bash anyconnect-linux64-4.3.03086-web-deploy-k9.sh
The version in the file name of the downloaded file does not have to correspond to the version shown here - this must be observed accordingly.
AnyConnect will be automatically installed to / opt / cisco / anyconnect. If installed correctly, the last message is "Done!".
![[Translate to English:] vpn Linux 03](/fileadmin/HTW/Hochschule/4_Organisation/8_Rechenzentrum/Bilder/VPN-Anleitung/lin/vpn_lin_04.png)
AnyConnect requires system libraries to work, not all of which are already installed on your system. By calling up
- ldd /opt/cisco/anyconnect/bin/vpnui | grep "not found"
you can display missing libraries.
![[Translate to English:] vpn Linux 04](/fileadmin/HTW/Hochschule/4_Organisation/8_Rechenzentrum/Bilder/VPN-Anleitung/lin/vpn_lin_05.png)
Common user distributions lack only the library libpangox-1.0.0 and libnm-glib4. Under Ubuntu you can install these packages with:
- sudo apt install libpangox-1.0.0 libnm-glib4
For other distributions, the names of the packages may be different. For Fedora / Centos / RHEL it is eg "pangox-compat" and "NetworkManager-glib".
If other packages with libraries are required, they must be installed separately. The output of "ldd" helps to find their package name.
Debian also has the problem that the library "libnssckbi.so" can not be found during runtime. Therefore, as root (administrator) run the following additional two commands:
- cd /usr/lib/x86_64-linux-gnu
- ln -s nss/libnssckbi.so
This places a symbolic link to the file "/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so" in the place of "/usr/lib/x86_64-linux-gnu/libnssckbi.so", where AnyConnect et al will search for the file. Without the file, AnyConnect warns, as mentioned above, that the VPN server is untrusted.
![[Translate to English:] vpn Linux 05](/fileadmin/HTW/Hochschule/4_Organisation/8_Rechenzentrum/Bilder/VPN-Anleitung/lin/vpn_lin_06.png)
Once all the required libraries have been installed, you can start testing AnyConnect directly by calling:
- /opt/cisco/anyconnect/bin/vpnui
AnyConnect should open the window shown here.
Connect to vpn
After having installed Cisco AnyConnect Client once, you can start a vpn connection as described below.
Select the entry "Anyconnect" in the search field to start the entry "Cisco AnyConnect Secure Mobility Client".
In the opening window enter as server address "vpn-sec.htw-dresden.de" (if this is not already in the appropriate field) and click" Connect". Possibly, AnyConnect obtains and installs a software update before the next step, which may cause a short delay.
![[Translate to English:] vpn Linux 06](/fileadmin/HTW/Hochschule/4_Organisation/8_Rechenzentrum/Bilder/VPN-Anleitung/lin/vpn_lin_08.png)
In the next window, select the desired VPN profile (usually "HTW-vpn-split", see VPN Home) and enter your HTW login together with the associated password and click on "OK". After that, the VPN connects and AnyConnect minimizes itself.
![[Translate to English:] vpn Linux 07](/fileadmin/HTW/Hochschule/4_Organisation/8_Rechenzentrum/Bilder/VPN-Anleitung/lin/vpn_lin_09.png)
![[Translate to English:] vpn Linux 08](/fileadmin/HTW/Hochschule/4_Organisation/8_Rechenzentrum/Bilder/VPN-Anleitung/lin/vpn_lin_11.png)
Disconnect to vpn
If you want to disconnect the VPN connection, click on the AnyConnect icon in the program bar and then switch to the "Connection" tab to then click on "Disconnect". After that you can close the application.