WSL 2 Cisco AnyConnect Networking Workaround Overview. WSL 2 uses a Hyper-V Virtual Network adapter. Network connectivity works without any issue when a VPN is not in use. However when a Cisco AnyConnect VPN session is established Firewall Rules and Routes are added which breaks connectivity within the WSL 2 VM. This issue is tracked WSL/issues. Connecting to Cisco VPN from Ubuntu 20.04 without a User Password. Ask Question Asked 10 months ago. Active 10 months ago. Cisco AnyConnect Second Password option. I just switched computers and have installed the AnyConnect Mobility VPN Client for Ubuntu Linux (client version 4.6.03049) on the new computer in order to connect to my university's VPN. On my previous computer for the longest time I simply used openconnect until very recently when I discovered on. Here is how to install/configure Drexel's Cisco AnyConnect VPN with the 2 most recent versions of Long Term Support (LTS) Ubuntu Linux: 16.04 & 18.04 & 20.04 LTS. Open a terminal window or command-line prompt window in Ubuntu Linux 16.04 LTS. Press the Ctrl-Alt-t keyboard keys simultaneously.
Ubuntu 16.04 > Cisco AnyConnect VPN Ubuntu 16.04
|
Contents
- 2 Install Required Libraries and OpenConnect
This procedure is for configuring Cisco Anyconnect VPN on CentOS7 desktop. This procedure was done on a brand-new install of CentOS7 on a Lenovo ThinkPad P70 laptop. This install of CentOS7 desktop was a straight-out-of-the box install with no tweaks at all wherein I selected the GNOME desktop option (not the Plasma!) and I selected a bunch of development tools and libraries as well, but everything was selected from the default installer menu, there were no hacks or tweaks. It's a straightforward procedure not hard to do at all. However, I could not find anywhere on the web where all the steps were gathered in one place. This should theoretically work for RedHat7 desktop and OracleLinux7 Desktop, but it is only tested on CentOS7 GNOME desktop. The setup of Cisco AnyConnect VPN is detailed below.
Install EPEL RPM
Basically, this webpage here was the starting point which got this successful Cisco AnyConnect VPN configuration rolling. The first step therefore is to install EPEL which more or less is a project of Fedora which provides a high-quality library of packages which are interoperable with CentOS7 and other similar Linuxes. I downloaded the EPEL rpm from here, but for convenience I have attached it to this post as well just in case that link is down for any reason. It's recommended to use the link instead of the copy attached to this post so that you get the latest EPEL from Fedora Genuine. Now install EPEL as shown below. Note that as dependencies EPEL will also install the packages VPNC and VPNC-SCRIPT. That's a good thing those are also needed for Cisco Anyconnect so no worries.
[root@localhost Downloads]# rpm -Uvh epel-release-7-8.noarch.rpm
warning: epel-release-7-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:epel-release-7-8 ################################# [100%]
[root@localhost Downloads]# yum install vpnc
Loaded plugins: fastestmirror, langpacks
epel/x86_64/metalink | 14 kB 00:00:00
epel | 4.3 kB 00:00:00
(1/3): epel/x86_64/group_gz | 170 kB 00:00:00
(2/3): epel/x86_64/updateinfo | 594 kB 00:00:00
(3/3): epel/x86_64/primary_db | 4.3 MB 00:00:00
Loading mirror speeds from cached hostfile
* base: mirror.beyondhosting.net
* epel: muug.ca
* extras: mirrors.liquidweb.com
* updates: mirror.stjschools.org
Resolving Dependencies
--> Running transaction check
---> Package vpnc.x86_64 0:0.5.3-22.svn457.el7 will be installed
--> Processing Dependency: vpnc-script for package: vpnc-0.5.3-22.svn457.el7.x86_64
--> Running transaction check
---> Package vpnc-script.noarch 0:0.5.3-22.svn457.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
Package Arch Version Repository Size
Installing:
vpnc x86_64 0.5.3-22.svn457.el7 epel 85 k
Installing for dependencies:
vpnc-script noarch 0.5.3-22.svn457.el7 epel 14 k
Transaction Summary
Install 1 Package (+1 Dependent package)
Total download size: 99 k
Installed size: 210 k
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/epel/packages/vpnc-0.5.3-22.svn457.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for vpnc-0.5.3-22.svn457.el7.x86_64.rpm is not installed
(1/2): vpnc-0.5.3-22.svn457.el7.x86_64.rpm | 85 kB 00:00:00
(2/2): vpnc-script-0.5.3-22.svn457.el7.noarch.rpm | 14 kB 00:00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 261 kB/s | 99 kB 00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
Userid : 'Fedora EPEL (7) <epel@fedoraproject.org>'
Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
Package : epel-release-7-8.noarch (installed)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
Installing : vpnc-script-0.5.3-22.svn457.el7.noarch 1/2
warning: /etc/vpnc/vpnc-script created as /etc/vpnc/vpnc-script.rpmnew
Installing : vpnc-0.5.3-22.svn457.el7.x86_64 2/2
Verifying : vpnc-script-0.5.3-22.svn457.el7.noarch 1/2
Verifying : vpnc-0.5.3-22.svn457.el7.x86_64 2/2
Installed:
vpnc.x86_64 0:0.5.3-22.svn457.el7
Dependency Installed:
vpnc-script.noarch 0:0.5.3-22.svn457.el7
Complete!
[root@localhost Downloads]#
Ubuntu Install Cisco Anyconnect
Install Required Libraries and OpenConnect
I got the CentOS7 OpenConnect RPM from Springdale but there should be several places where it can be obtained. This one I will also attach to this blog post so that the exact RPM that I used is available. I did this configuration between midnight and 3AM this morning, so now in the afternoon I'm retracing my footsteps while it's still fresh to get this guide created. However, I believe you can also get this same RPM from elders.princeton.edu. So that's three places to get it - Springdale, Princeton, and here at this blog attached at the bottom of this page. But you can't install it yet because unless you have previously done so, there are some libraries that will be needed to satisfy dependencies for the OpenConnect RPM. Just so that you see what the issue is, below is an example of what you get when trying to install the OpenConnect RPM without the required libraries. In a subsequent step below, those libraries will be easily obtained and then OpenConnect installed perfectly.[root@localhost Downloads]# rpm -Uvh openconnect-7.06-1.sdl7.x86_64.rpm
warning: openconnect-7.06-1.sdl7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 41a40948: NOKEY
error: Failed dependencies:
liblz4.so.1()(64bit) is needed by openconnect-7.06-1.sdl7.x86_64
libstoken.so.1()(64bit) is needed by openconnect-7.06-1.sdl7.x86_64
libstoken.so.1(STOKEN_1.0)(64bit) is needed by openconnect-7.06-1.sdl7.x86_64
[root@localhost Downloads]#
Install lz4 Library
It's easy as shown below to get the lz4 library. Just run the following command simply using yum to install the library as shown below.[root@localhost Downloads]# yum install lz4
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.beyondhosting.net
* epel: mirror.steadfast.net
* extras: mirrors.liquidweb.com
* updates: mirror.stjschools.org
Resolving Dependencies
--> Running transaction check
---> Package lz4.x86_64 0:r131-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
Package Arch Version Repository Size
Installing:
lz4 x86_64 r131-1.el7 epel 70 k
Transaction Summary
Install 1 Package
Total download size: 70 k
Installed size: 220 k
Is this ok [y/d/N]: y
Downloading packages:
lz4-r131-1.el7.x86_64.rpm | 70 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : lz4-r131-1.el7.x86_64 1/1
Verifying : lz4-r131-1.el7.x86_64 1/1
Installed:
lz4.x86_64 0:r131-1.el7
Complete!
[root@localhost Downloads]# yum install stoken-libs
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.beyondhosting.net
* epel: ca.mirror.babylon.network
* extras: mirrors.liquidweb.com
* updates: mirror.stjschools.org
Resolving Dependencies
--> Running transaction check
---> Package stoken-libs.x86_64 0:0.6-1.el7 will be installed
--> Processing Dependency: libtomcrypt.so.0()(64bit) for package: stoken-libs-0.6-1.el7.x86_64
--> Running transaction check
---> Package libtomcrypt.x86_64 0:1.17-23.el7 will be installed
--> Processing Dependency: libtommath >= 0.42.0 for package: libtomcrypt-1.17-23.el7.x86_64
--> Processing Dependency: libtommath.so.0()(64bit) for package: libtomcrypt-1.17-23.el7.x86_64
--> Running transaction check
---> Package libtommath.x86_64 0:0.42.0-4.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
Package Arch Version Repository Size
Installing:
stoken-libs x86_64 0.6-1.el7 epel 36 k
Installing for dependencies:
libtomcrypt x86_64 1.17-23.el7 epel 224 k
libtommath x86_64 0.42.0-4.el7 epel 35 k
Transaction Summary
Install 1 Package (+2 Dependent packages)
Total download size: 296 k
Installed size: 707 k
Is this ok [y/d/N]: y
Downloading packages:
(1/3): libtomcrypt-1.17-23.el7.x86_64.rpm | 224 kB 00:00:00
(2/3): libtommath-0.42.0-4.el7.x86_64.rpm | 35 kB 00:00:00
(3/3): stoken-libs-0.6-1.el7.x86_64.rpm | 36 kB 00:00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 368 kB/s | 296 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libtommath-0.42.0-4.el7.x86_64 1/3
Installing : libtomcrypt-1.17-23.el7.x86_64 2/3
Installing : stoken-libs-0.6-1.el7.x86_64 3/3
Verifying : libtommath-0.42.0-4.el7.x86_64 1/3
Verifying : libtomcrypt-1.17-23.el7.x86_64 2/3
Verifying : stoken-libs-0.6-1.el7.x86_64 3/3
Installed:
stoken-libs.x86_64 0:0.6-1.el7
Dependency Installed:
libtomcrypt.x86_64 0:1.17-23.el7 libtommath.x86_64 0:0.42.0-4.el7
Complete!
Cisco Anyconnect Vpn Client Ubuntu 20.04
Install OpenConnect
Now the OpenConnect RPM can be installed successfully as shown below.[root@localhost Downloads]# rpm -Uvh openconnect-7.06-1.sdl7.x86_64.rpm
warning: openconnect-7.06-1.sdl7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 41a40948: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:openconnect-7.06-1.sdl7 ################################# [100%]
[root@localhost Downloads]# rpm -qa | egrep 'openconnect|vpnc'
openconnect-7.06-1.sdl7.x86_64
vpnc-script-0.5.3-22.svn457.el7.noarch
vpnc-0.5.3-22.svn457.el7.x86_64
[root@localhost Downloads]#
Test the Cisco AnyConnect VPN
This AnyConnect client has no GUI so it is just run from a terminal as root as shown below. Name of the vpn server used for this example and other private information has been redacted in the example connection shown below. When you get the 'Established blah blah blah connection...' it means that the VPN is connected and ssh to servers and other resources such as websites on the VPN is now available. Be sure to leave that terminal window open for the duration of the VPN session. Closing that window terminates the VPN session.
[oracle@localhost Downloads]$ su - root
Password:
Last login: Sat Aug 13 19:57:21 EDT 2016 on pts/0
[root@localhost ~]# openconnect https://vpn.xxxxxxxxxxxx.com
POST https://vpn.xxxxxxxxxxxx.com/
Attempting to connect to server xx.xx.xxx.x:443
SSL negotiation with vpn.xxxxxxxxxxxx.com
Server certificate verify failed: signer not found <-- Means the VPN certificate for this VPN unsigned np...just answer yes below and continue...
Certificate from VPN server 'vpn.xxxxxxxxxxxx.com' failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on vpn.xxxxxxxxxxxx.com
XML POST enabled
Please enter your username and password.
GROUP: [datacenter|dmz|poc-mgmt|poc1|poc2|poc3|poc5|selfservice]:datacenter
POST https://vpn.xxxxxxxxxxxx.com/
XML POST enabled
Please enter your username and password.
Username:xxxxxxx
Password:
POST https://vpn.xxxxxxxxxxxx.com/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected tun0 as xx.xx.xxx.xx, using SSL
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(RSA)-(AES-128-CBC)-(SHA1).
Comments, Questions, Observations
Please send me an email at gilstanden@hotmail.com if you find any errors or omissions in this procedure or to share your observations with it such as improvements or simplifications.