I've posted before about getting Cisco AnyConnect running on Ubuntu 9.10 and Ubuntu 10.04, but I've since started using LinuxMint as my daily driver and did a clean install of MInt 11 today. If you've gotten some malware installed on your Mac—if, for example, you're seeing bad pop-ups within your browser or you note that you've got one of the not-helpful-or-necessary.
I just installed the AnyConnect client from my company in order to get the stuff I needed to make OpenConnect work, so I did go through the install and might be able to help you out. This was with 3.1.04063, so keep that in mind as I don't know what's different for 4.0. My company has a Windows cifs share with the anyconnect available clients, but they were in a .pkg format. I extracted them with 7-zip on Windows, then copying that folder to somewhere I could get at from Arch.
Once booted into Arch, I did the following:
Now, I don't actually use AnyConnect, but that's what I did to get what I needed extracted to /opt/cisco. So, theoretically, it's a successful install.
I used to sort of be able to use the actual anyconnect client, but only from my 32 bit chroot (I'm on x64). And then something seemed to go awry with /etc/resolv.conf or some other network settings, as the successful VPN connection in the chroot didn't seem to translate into my 'actual' 64 bit environment and thus I couldn't do anything with the internet. Web pages just wouldn't load. Same with a 32 chroot installed browser, though, too... so I'm not sure what the issue was. I could ping, with ridiculously slow return times, but never do anything useful.
Finally I stumbled on this setup for openconnect. That's what I've been using every since. Only re-installed since I was having an issue with certificates. Turns out there's a bug in the version of the anyconnect libraries I was using with openconnect, and the fix was to upgrade. Thankfully my company had updated versions in that Windows directory when I checked, or I think I was stuck. Just got it working and happy.
Let me know if you'd like to pursue the openconnect route and I can share my setup. Let me know if you run into troubles after the anyconnect install. I think I had some futzing required to get it connected even after install. From memory, I think I had to start various things that got installed in /etc/rc.d. Like, perhaps:
Then I would run:
Oh, and with openconnect, I get a complaint if I don't have hal running, so you might need that.
Hope that helps!
I've posted before about getting Cisco AnyConnect running on Ubuntu 9.10 and Ubuntu 10.04, but I've since started using LinuxMint as my daily driver and did a clean install of MInt 11 today. Mint is based on Ubuntu so on Mint 10 the previous strategy to get AnyConnect running worked fine, but I had to take a different approach after installing Mint 11. (I suspect it'll be the same issue on Ubuntu 11.04 but I haven't tried it.)
In doing a bit of research I came across this link that explains quite correctly that you don't need to actually download and extract Firefox to get this all working, which is what I had been doing previously. The Cisco client (for some stupid reason) expects certain things to be in a /usr/local/firefox directory but you can simply create that directory, download some other files, and then create the appropriate symlinks in /usr/local/firefox to make AnyConnect happy.
I also ran into some inexplicable weirdness related to a certificate file in my ~/.mozilla/firefox profile directory but I'll cover that as I outline the steps I took to get AnyConnect working.
Summary of Steps
Follow these and if you're lucky it'll work; if it doesn't read the information that follows for more details and troubleshooting ideas.
- Follow the steps in this blog post, which are as follows:
- sudo apt-get install ia32-libs lib32nss-mdns
- sudo mkdir /usr/local/firefox
- sudo ln -s /usr/lib32/libnss3.so /usr/local/firefox
- sudo ln -s /usr/lib32/libplc4.so /usr/local/firefox
- sudo ln -s /usr/lib32/libnspr4.so /usr/local/firefox
- sudo ln -s /usr/lib32/libsmime3.so /usr/local/firefox
- sudo ln -s /usr/lib32/nss/libsoftokn3.so /usr/local/firefox
- Download the AnyConnect installer from somewhere. The usual method of browsing to your VPN server and logging in may not work, so see below for details.
- Run the installer from the directory to which it was downloaded (sudo ./vpnsetup.sh). The daemon may fail to start at this point but don't worry if it doesn't.
- If the daemon failed to start, start the VPN daemon: sudo /etc/init.d/vpnagentd_init start
- You shouldn't get an error regarding /opt/cisco/vpn/bin/vpnagentd not being found at this point if you followed the above steps accurately. If you do, read on to see if any ideas come out of any of the subsequent discussion.
- Start the AnyConnect client. It should be in your Internet programs menu.
- If you get a 'server certificate problem' error, stop Firefox and delete ~/.mozilla/firefox/YOUR_PROFILE.default/cert8.db where YOUR_PROFILE is whatever random string Firefox assigned your default profile (you should only have one directory with .default at the end of it in ~/.mozilla/firefox). In my case this problem didn't rear its head until after I rebooted, so you might want to reboot at the end of all of this to make sure everything's working.
I used to sort of be able to use the actual anyconnect client, but only from my 32 bit chroot (I'm on x64). And then something seemed to go awry with /etc/resolv.conf or some other network settings, as the successful VPN connection in the chroot didn't seem to translate into my 'actual' 64 bit environment and thus I couldn't do anything with the internet. Web pages just wouldn't load. Same with a 32 chroot installed browser, though, too... so I'm not sure what the issue was. I could ping, with ridiculously slow return times, but never do anything useful.
Finally I stumbled on this setup for openconnect. That's what I've been using every since. Only re-installed since I was having an issue with certificates. Turns out there's a bug in the version of the anyconnect libraries I was using with openconnect, and the fix was to upgrade. Thankfully my company had updated versions in that Windows directory when I checked, or I think I was stuck. Just got it working and happy.
Let me know if you'd like to pursue the openconnect route and I can share my setup. Let me know if you run into troubles after the anyconnect install. I think I had some futzing required to get it connected even after install. From memory, I think I had to start various things that got installed in /etc/rc.d. Like, perhaps:
Then I would run:
Oh, and with openconnect, I get a complaint if I don't have hal running, so you might need that.
Hope that helps!
I've posted before about getting Cisco AnyConnect running on Ubuntu 9.10 and Ubuntu 10.04, but I've since started using LinuxMint as my daily driver and did a clean install of MInt 11 today. Mint is based on Ubuntu so on Mint 10 the previous strategy to get AnyConnect running worked fine, but I had to take a different approach after installing Mint 11. (I suspect it'll be the same issue on Ubuntu 11.04 but I haven't tried it.)
In doing a bit of research I came across this link that explains quite correctly that you don't need to actually download and extract Firefox to get this all working, which is what I had been doing previously. The Cisco client (for some stupid reason) expects certain things to be in a /usr/local/firefox directory but you can simply create that directory, download some other files, and then create the appropriate symlinks in /usr/local/firefox to make AnyConnect happy.
I also ran into some inexplicable weirdness related to a certificate file in my ~/.mozilla/firefox profile directory but I'll cover that as I outline the steps I took to get AnyConnect working.
Summary of Steps
Follow these and if you're lucky it'll work; if it doesn't read the information that follows for more details and troubleshooting ideas.
- Follow the steps in this blog post, which are as follows:
- sudo apt-get install ia32-libs lib32nss-mdns
- sudo mkdir /usr/local/firefox
- sudo ln -s /usr/lib32/libnss3.so /usr/local/firefox
- sudo ln -s /usr/lib32/libplc4.so /usr/local/firefox
- sudo ln -s /usr/lib32/libnspr4.so /usr/local/firefox
- sudo ln -s /usr/lib32/libsmime3.so /usr/local/firefox
- sudo ln -s /usr/lib32/nss/libsoftokn3.so /usr/local/firefox
- Download the AnyConnect installer from somewhere. The usual method of browsing to your VPN server and logging in may not work, so see below for details.
- Run the installer from the directory to which it was downloaded (sudo ./vpnsetup.sh). The daemon may fail to start at this point but don't worry if it doesn't.
- If the daemon failed to start, start the VPN daemon: sudo /etc/init.d/vpnagentd_init start
- You shouldn't get an error regarding /opt/cisco/vpn/bin/vpnagentd not being found at this point if you followed the above steps accurately. If you do, read on to see if any ideas come out of any of the subsequent discussion.
- Start the AnyConnect client. It should be in your Internet programs menu.
- If you get a 'server certificate problem' error, stop Firefox and delete ~/.mozilla/firefox/YOUR_PROFILE.default/cert8.db where YOUR_PROFILE is whatever random string Firefox assigned your default profile (you should only have one directory with .default at the end of it in ~/.mozilla/firefox). In my case this problem didn't rear its head until after I rebooted, so you might want to reboot at the end of all of this to make sure everything's working.
If you're still getting errors read on for more info …
Vpnagentd Full Disk Access
Downloading AnyConnect
I ran into problems right out of the gate on Mint 11. On Mint 10 as well as previous versions of Ubuntu I could at least hit my VPN server in a browser, try to fire up the Java applet, and when that fails it prompts you to download, but this time around the 'launching Java applet' screen on the VPN server just hung. I verified that Java is enabled in Firefox and tested with other applets so I'm not sure what the issue is there, particularly since this did work on my 32-bit machine with Mint 11.
So word of caution: you need to get the installer elsewhere, or at least I did. There may be a solution to this I haven't yet come up with so if you know what's up here, please be sure and comment.
Luckily I had the installer backed up from when I copied my home directory to an external hard drive prior to installing Mint 11, so I ran the installer from my home directory.
sudo ./vpnsetup.sh
This at least got the daemon installed for me, but it failed to start after installation (usually it starts fine after it's installed), throwing an error about /opt/cisco/vpn/bin/vpnagentd file not being found. The file's definitely there so I'm not sure what its problem is, but this gets resolved in the subsequent steps so you can ignore that error for now.
Install Necessary Libraries and Create Symlinks
See the above steps for details (all the steps under #1 above). In my case this resolved the file not found error the daemon was throwing when I tried to install AnyConnect prior to creating those symlinks. If you do that step first everything should work.
Launch the VPN Daemon
sudo /etc/init.d/vpnagentd_init start
If that throws errors doublecheck all the symlinks you created above. Note that in previous versions one of the things you were supposed to install and symlink to was sqlite3.so but that does not seem to be necessary.
Vpn Agent Service Not Running
Launch the AnyConnect Client
You should now be able to launch AnyConnect from your Internet programs menu. If you get a 'server certificate problem' error, for me this seemed to be related to a certificate file in my Firefox profile.
Uninstall Vpnagentd
How I came across this was after I rebooted and started Firefox on my 32-bit machine, since my home page is my Google Mail login, Firefox immediately threw a 'Could not initialize the browser's security component' error. I found information on that error on Mozilla's site, so on GNU/Linux this means stopping Firefox and deleting the cert8.db file that's in your profile (~/.mozilla/firefox/YOUR_PROFILE.default).
On my 64-bit machine the behavior was slightly different. Everything seemed to work with AnyConnect until I rebooted, at which point it threw the server certificate error. I then launched Firefox and it popped up a completely blank alert window, but when I closed that window and Firefox finished loading, I noticed I couldn't browse to any sites. No matter what I put in the location box the top of the Firefox UI was completely unresponsive.
Vpnagentd Mac Os X
Since I'd happened to have the security component issue on my 32-bit machine, I figured even though on the 64-bit machine it wasn't actually showing me the error, that might be the problem. Sure enough when I deleted the cert8.db file Firefox then began to work, as did the AnyConnect client. I rebooted to make sure it wasn't a fluke and thus far everything is working.
Vpnagentd
Remaining Issues
At this point the only remaining issue is that for some reason when I connect to the VPN, AnyConnect doesn't minimize itself into that little 'stacked blue balls' icon thingee over near the clock. It just minimizes itself and shows up in your task bar like any other program. Minor annoyance but it does behave correctly on my 32-bit machine so I'm not sure what's going on there.
Cisco Anyconnect For Ubuntu
Hope that helps some others who are trying to get this running!
