Configuring Linux to access the IT Services VPN service

Requirements

In order to be able to connect to the IT Services VPN service::

  •     You must first have created a Remote Access account via our Self Registration page.
  •     Your device must be connected to the internet.
CISCO ANYCONNECT CLIENT

This page contains instructions on how to obtain, install and configure the AnyConnect VPN Client for Linux to access the IT Services VPN Service on systems running Linux.

Cisco state that Cisco AnyConnect Secure Mobility Client Release 4.9 fully supports installation on the following Linux distributions.

  • Linux Red Hat 6, 7, 8.1
  • Ubuntu 16.04 (LTS) , 18.04 (LTS), and 20.04 (LTS)

For more information see Supported Operating Systems.

However the client may also install and run successfully on other Linux distributions that fulfil the requirements detailed in the Release Notes.

If the VPN installation isn't supported or successful on your system there is an Open Source VPN client called VPNC which you may be able to use instead. We provide some guidance on configuring the VPNC client.

In order to use the VPN service, you must first have registered for a Remote Access account via our Self Registration page. For further information see Remote Access services.

Please make sure that you have read the introduction and general requirements, which apply to all VPN clients, before attempting to configure your computer or mobile device to connect to the VPN.

Installing and Configuring the Cisco AnyConnect Client

Expand All

Note that because of the number of different Linux distributions we cannot give exact instructions for every system. We provide guidelines for downloading and unpacking the file needed to install the AnyConnect VPN client but assume some familiarity with the command line and downloading and unpacking archives on your system.

In order to use the VPN service you must install the Cisco AnyConnect client software, which you may download from the IT Services Self Registration pages.

  1. Log in to the IT Services Self Registration pages at https://register.it.ox.ac.uk/software
  2. Click on VPN Client in the list shown.
  3. If you have not registered to use the VPN software, you will be prompted to do so.
  4. Once registered, you should see the VPN client download page. Choose the AnyConnect VPN Client for Linux.
  5. If you are prompted to choose what to do with the downloaded file, look to see whether you are offered the option to open with an archive manager. If you are, choose this option and then extract the contents (a folder called ciscovpn) to a suitable location. If not choose the option to [Save] and save the file (called something similar to anyconnect-vpn-linux.tar.gz) to a convenient temporary storage location on your computer's hard disk. Make a note of where you saved the file or extracted the ciscovpn folder.

Use of the VPN client software is restricted to users of the IT Services Remote Access Service only, see the web page Usage Terms for Software Agreements for details.

  1. If necessary unpack the downloaded file. You may have already done this as part of the download, in which case you should have a folder called ciscovpn. If you have not unpacked the file, try double-clicking on it and see whether this unpacks the file or opens an archive manager that will allow you to extract the ciscovpn folder. If you cannot use this method to unpack the file, the following should always work.
    • Open a terminal window (shell). The method will vary depending on your distribution; typically you will find this command under the [Applications] menu, usually in one of the following folders depending on your distribution:€” [Accessories], [System Tools] or [System].
    • Change directory to the location where you saved the downloaded file. If you're not familiar with using the command line the following commands will change directory to some standard locations.
      • cd ~/ (change to your home folder)
      • cd ~/Desktop (change to your Desktop folder)
      • cd ~/Documents (change to your Documents folder)
    • Unpack the file using the command tar -xzvf filename where filename is the name of the file you downloaded. For example tar -xzvf anyconnect-vpn-linux-v3.tar.gz. This will create a folder called anyconnect-linux64-[version-number] containing the files needed for installation.
  2.     If you haven't already opened a terminal windows (shell) then do so. If you're not sure how to do this, refer to the previous step above.
  3.     Change into the ciscovpn directory. If you're not familiar with using the command line the following commands will change directory to some standard locations where you may have unpacked the folder.
    •         cd ~/ciscovpn (if you unpacked the folder into your home folder)
    •         cd ~/Desktop/ciscovpn (if you unpacked the folder into your Desktop folder)
    •         cd ~/Documents/ciscovpn (if you unpacked the folder into your Documents folder)
  4.     Start the installation program using the following command. sudo ./vpn_install.sh
  5.     The licence agreement will be displayed and you will be asked whether you accept the terms of the agreement. Type Y and press Enter if you agree.
  6.     The installation should be very quick and you shouldn't be prompted for any further information. If the installation is successful you will see Starting the VPN agent... Done!
  1. Choose the Cisco AnyConnect Secure Mobility Client program from the Applications menu. This is most likely to be in a folder, also called Cisco AnyConnect Secure Mobility Client, under Internet. However it may also show up initially under a folder called [Other] and then move to the [Internet] folder after you next reboot.
    If you can't find the link on the Applications menu then you can start the client from a terminal session by running the vpnui command from the location where it has been installed. On Ubuntu the command would be /opt/cisco/vpn/bin/vpnui and it may be the same on other linux distributions.
  2. The first time you run the program, you will need to enter vpn.ox.ac.uk and click on Connect.
    After a couple of seconds you will then be prompted to fill in your username and password. Please remember to use your Remote Access account details.
    Finally click on Connect. Note that when you run the client next time, the Connect to: box will be populated and you should see the username and password box automatically.
  3. If the connection is successful, you should see an icon with a padlock on the menu bar near the clock.
  4. If the connection is not successful, the icon will not show the padlock.
  1. Right-click on the AnyConnect VPN Connection icon in the menu bar.
  2. On the menu that appears, select Disconnect and click with the left mouse button.
  3. The padlock will disappear from the icon. This means the VPN connection is terminated but that the VPN client software is still loaded.
  4. If you want to reconnect you can right-click on the VPN and choose Connect to re-open the program. If you want to completely quit the VPN client you choose Quit instead. The icon should then disappear from your screen.
  5. Note that if your internet connection should be interrupted at any time, then you will have to re-establish your VPN connection as described above.

For answers to common questions and solutions to any more frequently encountered problems please see the FAQ for Cisco AnyConnect VPN Client page. For further information you can also refer to the Cisco AnyConnect VPN Client Release Notes.

VPNC CLIENT

This page contains brief details of installing and configuring the Open Source VPNC client to access the IT Services VPN service on a computer running Linux.

VPNC is an open-source VPN client for Linux and other Unix systems which is compatible with the IT Services VPN Service. Note that we also provide a Cisco AnyConnect VPN Client for Linux. The VPNC client is supported only on a best-efforts basis by IT Services but may be useful on systems that are not supported by the Cisco AnyConnect VPN client.

Please make sure that you have read the introduction and general requirements, which apply to all VPN clients, before attempting to configure your computer or mobile device to connect to the VPN.

Expand All

As Linux distributions vary these instructions will not take you step by step through obtaining and installing the software but assume you are familiar with installing software on your system. They do provide full information on configuring the software once it is installed.

On many linux distributions you should be able to download and install VPNC using the package manager included with your distribution.

For Linux Debian or Ubuntu users, the package is in the universe package repository. Ubuntu users can install vpnc using the Synaptic Package Manager. Assuming you are using the default Gnome environment go to System then open Administration and finally Synaptic Package Manager.

Search for vpnc and install it. If the package does not appear on the search list then check that the universe package repository has been added and the list of packages has been refreshed. You may also see related entries for kvpnc and network-manager-vpnc. If you would like a GUI interface to the vpnc program you can install one of these packages as well as the core vpnc package (kvpnc is for the KDE environment).

Where you cannot use a package manager to install VPNC it can be downloaded from http://www.unix-ag.uni-kl.de/~massar/vpnc/.

You will also need some group configuration information. Members of Oxford University can download a file containing this information from the Software Registration and Downloads page (select [VPNC Client for Linux/Unix] from the list). This will display the VPNC Client for Linux/Unix page. Click on the vpnc configuration file to display the configuration information you will need.

Once installed the client works straight away. Open a terminal and type: sudo vpnc-connect

You will be queried about the following things. Use the information provided in the vpnc configuration file to respond to the prompts. You will also need your IT Services Remote Access account username and password:

  • Enter IPSec gateway address: vpn.ox.ac.uk
  • Enter IPSec ID for vpn.ox.ac.uk: oxford [also known as the group id]
  • Enter IPSec secret for oxford@vpn.ox.ac.uk: ****** [the group password]
  • Enter username for vpn.ox.ac.uk: ***** [this is the same as your SSO username e.g. abcd1234]
  • Enter password for username@vpn.ox.ac.uk: ****** [Remote Access account password]

(As noted above, the password information can be downloaded from IT Services.)

If all goes well you should see VPNC started in background (PID: xxxx).

If you type ifconfig you should see a new interface tun0 with an Oxford IP address.

To disconnect type: sudo vpnc-disconnect

You can also save the connection settings in a configuration file so that you don't need to type them in every time you want to connect. To do this, type in at the terminal: sudo gedit /etc/vpnc/oxford.conf

This will open the Gedit editor and create a configuration file. Make sure there is only a single space between a feature and a value. Note that this method requires you to save the passwords in plain text. So don't save any passwords to this file if you're using a shared computer!

IPSec gateway vpn.ox.ac.uk
IPSec ID oxford
IPSec secret PASSWORD
Xauth username YOUR-REMOTE-ACCESS-USERNAME
Xauth password YOUR-REMOTE-ACCESS-PASSWORD

Do not leave a space after any value before starting a new line. vpnc will treat this as part of the password if you do.

After creating this file you can connect by typing: sudo vpnc-connect oxford

For more information on vpnc type: man vpnc

Content area for tab 3 - you can add more WYSIWYGS to this tab, or an accordion, to break up your content further.

Get support


Local IT support provide your first line of on-the-spot help

FIND MY LOCAL IT TEAM

 

Common requests and fault reports can be logged using self-service

   USE IT SELF-SERVICE    

   LOG A SUPPORT CALL    

VIEW MY SUPPORT CALLS  

The central Service Desk is available 24x7 on +44 1865 6 12345

 

If you do not have an SSO account you can use this form to contact the Service Desk