Cisco AnyConnect in 64bit Ubuntu Linux

By | 2011/01/31


UC Berkeley uses the Cisco AnyConnect VPN software but it needs some additional steps to work in 64bit Ubuntu Linux.

Upon trying to connect you may see: “Connection attempt has failed due to server certificate problem.”

There is no server certificate problem. It’s rather a Cisco client software problem. Let’s fix it for the Cisco QA team.

ucbvpn

Install these:

$ sudo apt-get install ia32-libs lib32nss-mdns

Make this directory. You don’t need firefox – only need to make this directory which the Cisco software queries for some odd reason.

$ sudo mkdir /usr/local/firefox

Link to the 32bit certificates you have installed from apt-get:

$ sudo ln -s /usr/lib32/libnss3.so libplc4.so libnspr4.so libsmime3.so /usr/local/firefox/
$ sudo ln -s /usr/lib32/nss/libsoftokn3.so /usr/local/firefox/

Now it works!

ucbvpn2

Go Bears!

19 thoughts on “Cisco AnyConnect in 64bit Ubuntu Linux

  1. Rob

    Scott, Thanks for this.

    I’m encountering the same problems at UBC. Tried these steps (several times) on Ubuntu 10.10 .
    Still getting the server certificate error. Any other suggestions?

    Reply
    1. scott Post author

      Hrmm. ia32-libs should contain all of the 32bit libraries needed. :/ So that makes me think it’s not picking them up for some reason.

      You could try to link them here as well (instead of /usr/local/firefox/):

      /opt/cisco/vpn/lib

      Reply
  2. stuwat

    Still not working for me at UBC. I’m using 64 bit Ubuntu 10.04.

    Reply
  3. stuwat

    Solved. I went back and had one last crack at this problem. I followed these instructions on UBC’s website:

    # cd /usr/local/firefox
    # sudo ln -s /usr/lib32/libnss3.so
    # sudo ln -s /usr/lib32/libplc4.so
    # sudo ln -s /usr/lib32/libnspr4.so
    # sudo ln -s /usr/lib32/libsmime3.so
    # sudo ln -s /usr/lib32/nss/libsoftokn3.so
    # sudo ldconfig

    I thought I had made these links, but it turned out that 3 of them were broken. I deleted and recreated them. Now everything works fine – no certificate errors.

    Reply
    1. scott Post author

      Whoa sweet. Thanks for your comments here. I’m sure that will help others,

      Reply
    2. Simon

      I’m at UBC, using Fedora 13. It turns out the locations are a little bit different, the amended commands that works for me are as follows:

      mkdir /usr/local/firefox
      cd /usr/local/firefox

      sudo ln -s /usr/lib/libnss3.so
      sudo ln -s /lib/libplc4.so
      sudo ln -s /lib/libnspr4.so
      sudo ln -s /usr/lib/libsmime3.so
      sudo ln -s /usr/lib/libsoftokn3.so

      Reply
    3. Jack

      Thanks Stuwart, I ran the above instructions and it did not work for me on 11.04 but then I viewed my symbolic link at /usr/local/firefox via ln -la and sure enough I had 3 broken links. Removed and readded the links and all is good.

      Reply
  4. David

    Any idea if there’s a way to connect (I’m at UBC too) via Ubuntu 10.10’s Network Manager? There’s network-manager-openconnect package that is supposed to be AnyConnect compatible, but it seems to want a user certificate and private key instead of the User/Pass combo that we’re supposed to use.

    Reply
    1. Simon

      you neither need user certificate nor private key…

      set the GATEWAY as

      myvpn.ubc.ca

      then for the CA Certificate, you’ll need to download this file to somewhere in your computer

      https://www.thawte.com/roots/thawte_Premium_Server_CA.pem

      and choose it as the CA Certificate.

      this authenticates the UBC myvpn server with your computer.

      then, if i remember correctly, it’ll prompt for your CWL login and password, and you do not need to input it into the configuration.

      Reply
      1. Simon

        well, btw, i forgot i actually have set it up correctly, and just went back to use the silly client which has this mysterious bug…

        Reply
  5. David Woodhouse

    Not sure why you’d do this. Ubuntu has a built-in client for the AnyConnect VPN. It’s called openconnect, and the corresponding NetworkManager integration is network-manager-openconnect. Just install those and you get properly supported connection to AnyConnect. No need to mess around with substandard third-party software at all.

    Reply
      1. David Woodhouse

        Ah, thanks. I thought I’d subscribed myself to openconnect bugs in Ubuntu but evidently I had failed to do so. Looks like it’s a result of Ubuntu doing strange things with $libexecdir, and affecting all VPN plugins.

        Reply
  6. Steven D. Shelton

    For Mint 12
    path is /usr/lib/i386-linux-gnu

    # cd /usr/local/firefox
    # sudo ln -s /usr/lib/i386-linux-gnu/libnss3.so
    # sudo ln -s /usr/lib/i386-linux-gnu/libplc4.so
    # sudo ln -s /usr/lib/i386-linux-gnu/libnspr4.so
    # sudo ln -s /usr/lib/i386-linux-gnu/libsmime3.so
    # sudo ln -s /usr/lib/i386-linux-gnu/nss/libsoftokn3.so
    # sudo ldconfig

    Reply
    1. Ashish

      Stephen’s code also works for Ubuntu 12.04!! Thanks so much!

      Reply
      1. Sourish

        Agree with Ashish. Works with UBUNTU12.04. Thanks to Steven.

        Reply
    2. Lonnie

      +1 Works in Ubuntu 12.10 x64. I had just about given up – thank you!

      Reply
    3. Jimmy don\'t play that

      Mint 14 amd 64 – works a treat.

      Reply
    4. Sherry

      I tried all the above, finally, Steven’s code works for me. Many thanks.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.