UC Berkeley uses the Cisco AnyConnect VPN software but it needs some additional steps to work in 64bit Ubuntu Linux.
Upon trying to connect you may see: “Connection attempt has failed due to server certificate problem.”
There is no server certificate problem. It’s rather a Cisco client software problem. Let’s fix it for the Cisco QA team.
Install these:
$ sudo apt-get install ia32-libs lib32nss-mdns
Make this directory. You don’t need firefox – only need to make this directory which the Cisco software queries for some odd reason.
$ sudo mkdir /usr/local/firefox
Link to the 32bit certificates you have installed from apt-get:
$ sudo ln -s /usr/lib32/libnss3.so libplc4.so libnspr4.so libsmime3.so /usr/local/firefox/
$ sudo ln -s /usr/lib32/nss/libsoftokn3.so /usr/local/firefox/
Now it works!
Go Bears!
Scott, Thanks for this.
I’m encountering the same problems at UBC. Tried these steps (several times) on Ubuntu 10.10 .
Still getting the server certificate error. Any other suggestions?
Twitter: scottlinux
Hrmm. ia32-libs should contain all of the 32bit libraries needed. :/ So that makes me think it’s not picking them up for some reason.
You could try to link them here as well (instead of /usr/local/firefox/):
/opt/cisco/vpn/lib
Still not working for me at UBC. I’m using 64 bit Ubuntu 10.04.
Solved. I went back and had one last crack at this problem. I followed these instructions on UBC’s website:
# cd /usr/local/firefox
# sudo ln -s /usr/lib32/libnss3.so
# sudo ln -s /usr/lib32/libplc4.so
# sudo ln -s /usr/lib32/libnspr4.so
# sudo ln -s /usr/lib32/libsmime3.so
# sudo ln -s /usr/lib32/nss/libsoftokn3.so
# sudo ldconfig
I thought I had made these links, but it turned out that 3 of them were broken. I deleted and recreated them. Now everything works fine – no certificate errors.
Twitter: scottlinux
Whoa sweet. Thanks for your comments here. I’m sure that will help others,
I’m at UBC, using Fedora 13. It turns out the locations are a little bit different, the amended commands that works for me are as follows:
mkdir /usr/local/firefox
cd /usr/local/firefox
sudo ln -s /usr/lib/libnss3.so
sudo ln -s /lib/libplc4.so
sudo ln -s /lib/libnspr4.so
sudo ln -s /usr/lib/libsmime3.so
sudo ln -s /usr/lib/libsoftokn3.so
Thanks Stuwart, I ran the above instructions and it did not work for me on 11.04 but then I viewed my symbolic link at /usr/local/firefox via ln -la and sure enough I had 3 broken links. Removed and readded the links and all is good.
Any idea if there’s a way to connect (I’m at UBC too) via Ubuntu 10.10′s Network Manager? There’s network-manager-openconnect package that is supposed to be AnyConnect compatible, but it seems to want a user certificate and private key instead of the User/Pass combo that we’re supposed to use.
you neither need user certificate nor private key…
set the GATEWAY as
myvpn.ubc.ca
then for the CA Certificate, you’ll need to download this file to somewhere in your computer
https://www.thawte.com/roots/thawte_Premium_Server_CA.pem
and choose it as the CA Certificate.
this authenticates the UBC myvpn server with your computer.
then, if i remember correctly, it’ll prompt for your CWL login and password, and you do not need to input it into the configuration.
well, btw, i forgot i actually have set it up correctly, and just went back to use the silly client which has this mysterious bug…
Twitter: dwmw2
Not sure why you’d do this. Ubuntu has a built-in client for the AnyConnect VPN. It’s called openconnect, and the corresponding NetworkManager integration is network-manager-openconnect. Just install those and you get properly supported connection to AnyConnect. No need to mess around with substandard third-party software at all.
Twitter: scottlinux
openconnect has been problematic in Ubuntu, but looks like a fix is on the way:
https://bugs.launchpad.net/ubuntu/+source/network-manager-openconnect/+bug/824255
Twitter: dwmw2
Ah, thanks. I thought I’d subscribed myself to openconnect bugs in Ubuntu but evidently I had failed to do so. Looks like it’s a result of Ubuntu doing strange things with $libexecdir, and affecting all VPN plugins.
For Mint 12
path is /usr/lib/i386-linux-gnu
# cd /usr/local/firefox
# sudo ln -s /usr/lib/i386-linux-gnu/libnss3.so
# sudo ln -s /usr/lib/i386-linux-gnu/libplc4.so
# sudo ln -s /usr/lib/i386-linux-gnu/libnspr4.so
# sudo ln -s /usr/lib/i386-linux-gnu/libsmime3.so
# sudo ln -s /usr/lib/i386-linux-gnu/nss/libsoftokn3.so
# sudo ldconfig
Stephen’s code also works for Ubuntu 12.04!! Thanks so much!
Agree with Ashish. Works with UBUNTU12.04. Thanks to Steven.
+1 Works in Ubuntu 12.10 x64. I had just about given up – thank you!
Mint 14 amd 64 – works a treat.