как установить cisco anyconnect на linux mint
Cisco AnyConnect Client
Cisco AnyConnect Client — это VPN-клиент для подключения к серверу Cisco SSL VPN. Как сказано на сайте Cisco — «предоставляет сотрудникам возможность работать в любое время и в любой точке земного шара, не только на корпоративных ноутбуках, но и на персональных мобильных устройствах».
Скачиваем AnyConnect и извлекаем из архива
Смотрим, что было в архиве
Переходим с директорию vpn и запускаем скрипт установки
Во время установки нужно принять лицензионное соглашение:
Находим в списке приложений AnyConnect и добавляем его в Избранное:
Запускаем VPN-клиент и вводим IP-адрес VPN-сервера, Username и Password. Но перед соединением с VPN-сервером снимаем галочку «Block connections to untrusted servers»:
Теперь нужно установить Remmina — клиент удаленного рабочего стола. Перед установкой убедитесь, что клиент еще не установлен — у меня, на Ubuntu 18.04, приложение уже было в списке установленных.
Находим в списке приложений Remmina и добавляем в Избранное:
Запускаем RDP-клиент и добавляем новое соединение (зеленый крестик слева сверху). Вводим IP-адрес удаленного компьютера, имя пользователя, пароль, домен — и сохраняем соединение:
Все, можно подключаться:
Есть смысл выполнить еще две настройки (иконки слева):
Installing and Using AnyConnect on Ubuntu Desktop
Available Languages
Download Options
Objective
The objective of this article is to guide you through installing, using, and the option of uninstalling AnyConnect VPN Client v4.9.x on Ubuntu Desktop.
This article is only applicable to the RV34x series routers, not Enterprise products.
Introduction
AnyConnect Secure Mobility Client is a modular endpoint software product. It not only provides Virtual Private Network (VPN) access through Secure Sockets Layer (SSL) and Internet Protocol Security (IPsec) Internet Key Exchange version2 (IKEv2) but also offers enhanced security through various built-in modules.
Follow the steps in this article to install the Cisco AnyConnect VPN Mobility Client on a Ubuntu Desktop. In this article, Ubuntu version 20.04 is used.
AnyConnect Software Version
Table of Contents
Installing AnyConnect Secure Mobility Client v4.9.x
This toggled section provides details and tips for beginners.
Prerequisites
Check these other articles out!
Applicable Devices | Software Version
Licensing Information
AnyConnect client licenses allow the use of the AnyConnect desktop clients as well as any of the AnyConnect mobile clients that are available. You will need a client license to download and use the Cisco AnyConnect Secure Mobility Client. A client license enables the VPN functionality and are sold in packs of 25 from partners like CDW or through your company’s device procurement.
Want to know more about AnyConnect licensing? Here are some resources:
Step 1
Open a web browser and navigate to the Cisco Software Downloads webpage.
Step 2
In the search bar, start typing ‘Anyconnect’ and the options will appear. Select AnyConnect Secure Mobility Client v4.x.
Step 3
Download the Cisco AnyConnect VPN Client. Most users will select the AnyConnect Pre-Deployment Package (Linux 64-bit) option.
The images in this article are for AnyConnect v4.9.x, which was latest version at the time of writing this document.
If you purchased a license and you are unable to download AnyConnect, call +1 919-993-2724. Select option 2. You will need to know your Cisco ID (the one you use to log into Cisco.com) and the sales order number when you call. They will get that situation all straightened out.
Step 4
Open the Terminal by pressing Ctrl+Alt+T on your keyboard. To navigate to the folder where you have downloaded the AnyConnect Client Package, use the command, ‘cd directory name’. For more information on the ‘cd’ command, click here.
In this example, the file is placed on the Desktop.
The directory may be different based on the location of the AnyConnect file download. For long filenames or paths, start typing some characters and press the tab key on your keyboard. The filename will auto-populate. If it doesn’t even after you press tab twice, it indicates that you need to type more number of unique characters. Alternately, you can use the ‘ls’ command to list the files in your current directory.
Step 5
The initial download is a tarball archive (several files packed into one), which must be extracted. The command ‘tar xvf filename’ will extract the contents to the same directory in which the initial file is located.
For more information on the ‘tar’ command, click here.
Step 6
Once the folder is extracted, use the ‘cd directory name’ command again to navigate into the folder.
Step 7
After navigating into the main folder, ‘cd’ into the vpn sub-folder.
Step 8
For more details on the ‘sudo’ command, click here.
Step 9
Accept the terms in the license agreement to complete the installation by typing ‘y’.
The AnyConnect installation should complete, and the Terminal window can be closed.
Using AnyConnect Secure Mobility Client v4.9.x
Step 1
To access the Anyconnect app, open the Terminal by pressing Ctrl+Alt+T on your keyboard. Use the command, ‘/opt/cisco/anyconnect/bin/vpnui’.
If you encounter any errors through the Terminal, you can access the app from the applications menu as shown below.
To access the applications menu using the User Interface (UI), click on the start icon (appears as nine dots on the lower left corner). Choose the Anyconnect app.
Alternatively, press Super+A (Super key is the windows icon key) on your keyboard to bring up the search bar. Start typing ‘Anyconnect’ and the app will appear.
Step 2
Click on the Anyconnect app.
Step 3
Enter the IP Address or Hostname of your desired server followed by the port number.
For RV340 family, the default port number is 8443.
Step 4
Some connections may not be secure using a trusted SSL certificate. By default, AnyConnect Client will block connection attempts to these servers.
Uncheck Block connections to untrusted servers to connect to these servers.
Uninstalling AnyConnect Secure Mobility Client v4.9.x
Step 1
Using Terminal, navigate to the folder that contains the uninstall shell script using the ‘cd’ command.
In a default installation, these files will be located in /opt/cisco/anyconnect/bin/.
Step 2
This will begin the uninstall process using superuser permissions. For more information on the ‘sudo’ command, click here.
Step 3
At the prompt, enter the sudo password and the client software will complete uninstallation.
Conclusion
There you have it! You have now successfully learned the steps to install, use, and uninstall the Cisco AnyConnect Secure Mobility Client v4.9.x on Ubuntu Desktop.
For community discussions on Site-to-Site VPN, go to the Cisco Small Business Support Community page and do a search for Site-to-Site VPN.
We want the best for our customers, so if you have any comments or suggestions regarding this topic, please send us an email to the Cisco Content Team.
AnyConnect App
The Anyconnect App can be downloaded from the Google Play store or the Apple store.
Configure AnyConnect Secure Mobility Client for Linux using Client Certificate Authentication on an ASA
Available Languages
Download Options
Contents
Introduction
This document describes a configuration example for Adaptive Security Appliance (ASA) Cisco AnyConnect Secure Mobility Client access that uses client certificate for authentication for a Linux Operative System (OS) for an AnyConnect user to connect successfully to an ASA Headend.
Contributed by Dinesh Moudgil, Cisco HTTS Engineer.
Prerequisites
Requirements
This document assumes that the ASA is fully operational and configured to allow the Cisco Adaptive Security Device Manager (ASDM) or Command Line Interface (CLI) to make configuration changes.
Cisco recommends that you have knowledge of these topics:
Basic knowledge of ASA’s CLI and ASDM
SSLVPN configuration on the Cisco ASA Head End
Fundamental knowledge of PKI
Familiarity with Linux OS
Components Used
The information in this document is based on these software and hardware versions:
Cisco Adaptive Security Appliance ASA5585-SSP-20
Cisco Adaptive Security Appliance Software Version 9.9(2)36
Adaptive Security Device Manager Version 7.9(1)
AnyConnect Version 4.6.03049
Ubuntu OS 16.04.1 LTS
Note: Download the AnyConnect VPN Client package (anyconnect-linux*.pkg) from the Cisco Software Download (registered customers only) site. Copy the AnyConnect VPN client to the ASA’s flash memory, which is then downloaded to the remote user computers in order to establish the SSL VPN connection with the ASA.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Backgound Information
For a successful client certificate authentication on Linux devices, AnyConnect secure mobility client supports the following certificate stores:
1. Linux OS (PEM) certificate store
2. Firefox (NSS) certificate store
This document is based on client certificate authentication using a Linux OS (PEM) certificate store.
1. To use Linux OS certificate store, PEM file-based certificates are placed in these directories.
| Entity | Path | Example |
| Certificate authority (CA) certificate | /opt/.cisco/certificates/ca | tactest: $ ls /opt/.cisco/certificates/ca |
| User certificate | /home/tactest/.cisco/certificates/client | tactest: $ ls /home/tactest/.cisco/certificates/client |
| User private key [Initially used to create CSR] : | /home/tactest/.cisco/certificates/client/private | tactest: $ ls /home/tactest/.cisco/certificates/client/private |
Note: By default, the path for installing client certificate and the private key is not present so it needs to be manually created using this command.
If you are using a Windows Certificate Authority,
2. To use Firefox (NSS) certificate store, user can import their certificate via Firefox.
The CA certificate for the ASA can be imported into NSS certificate store by AnyConnect client automatically if the user clicks “Always Connect” button on the certificate security warning dialog when browsing to ASA via HTTPS.
AnyConnect Linux uses Firefox certificate store (NSS) as default, if it fails then it would turn to use Linux OS certificate store.
Note: Currently, AnyConnect on a Linux OS doesn’t support GNOME Keyring so AnyConnect won’t able to use the certificate imported to the GNOME Keyring.
Please make sure there are no related certificates in Linux OS certificate store and Firefox (NSS) certificate store before importing a new user certificate.
Ensure that your files meet the following requirements:
For a clean start, please consider the following approach:
Configure
Network Diagram
Configurations
Linux Client Setup
Step 1. Download the Anyconnect package, extract the contents and install the Anyconnect application on the Linux client.
Step 2. Create a certificate signing request for the identity certificate on Linux client using OpenSSL.
Step 3. The CSR generated above can be used to request CA to issue a user identity certificate.
Step 4. Once the certificate is issued by CA, copy the certificate to the Linux client.
ASA CLI Configuration
This section provides the CLI configuration for the Cisco AnyConnect Secure Mobility Client for reference purposes.
Verify
Use this section in order to confirm that your configuration works properly.
Note: The Output Interpreter Tool (registered customers only) supports certain show commands. Use the Output Interpreter Tool in order to view an analysis of show command output.
Verify the Anyconnect client is able to establish connection:
Note: If Anyconnect GUI client is already opened and you try to connect Anyconnect via CLI, you get this error.
In this case, close the Anyconnect GUI client and then connect via Anyconnect CLI.
If you get the following error it means that you are trying to view a DER-encoded certificate and it is not a PEM encoded certificate
Troubleshoot
This section provides the information you can use in order to troubleshoot your configuration.
Note: Refer to Important Information on Debug Commands before you use debug commands.
Caution: On the ASA, you can set various debug levels; by default, level 1 is used. If you change the debug level, the verbosity of the debugs might increase. Do this with caution, especially in production environments.
To troubleshoot an incoming AnyConnect client connection from Linux OS client, you can use the following:
debug webvpn anyconnect 255
Here is a sample debug taken on an ASA from a working scenario:
debug crypto ca 255
debug crypto ca messages 255
debug crypto ca transactions 255
Here is a sample debug taken for a successful client certificate authentication on an ASA:
On a Linux device, Anyconnect logs can be found in the file named «syslog» at path:/var/log/
Here is a sample of working logs taken from a Linux client. The below command can be run to gather live logs for an Anyconnect client connection.
Similar to Windows and MAC, Linux client also has DART functionality. This can be used either using GUI and CLI.
Please note that DART needs to be run as an admin user in order to collect complete logs on a Linux client.
Step 1. DART can be executed from the command line by navigating to the following path:
Step 2. To execute DART from GUI, search for «anyconnect» on Linux GUI and click on Cisco DART and follow the instructions. The collected DART bundle is stored on the desktop.
Step 3. To copy dart bundle from the Linux client to your workstation, use the command
scp username@10.106.44.166:/home/ /Desktop/DARTBundle_0701_0945.zip /Users/dmoudgil/Desktop/Ubuntu/
Here is a document for reference to DART on different OS: https://community.cisco.com/t5/security-documents/how-to-collect-the-dart-bundle-for-anyconnect/ta-p/3156025
Linux Mint Forums
Welcome to the Linux Mint forums!
Install & use Cisco AnyConnect?
Install & use Cisco AnyConnect?
Post by wallyUSA » Wed Feb 26, 2020 5:53 pm
Any clue on what should look for? I used this on Windows but first time on Linux.
Re: Install & use Cisco AnyConnect?
Post by phd21 » Wed Feb 26, 2020 6:42 pm
I cannot test this, but I have found some good links which I provide below. Recommend installing the prerequisites (dependencies) the links mention before running an installation script or the installed client.
Re: Install & use Cisco AnyConnect?
Post by wallyUSA » Thu Feb 27, 2020 8:27 am
These links look interesting. However, I probably should uninstall the AnyConnect before I do any of the prep steps and follow that with a new AnyConnect install. I need some pointer(s)!
What I did earlier was execute the vpnsetup.sh from the Downloads folder. I do not what was installed or where it is. So I went to the app menu and did a right click on the ‘Cisco Anyconnect. ‘. It came back with a mesg (pix attached) saying (‘this item not associated any package. ‘). I clicked ‘yes’ so it was removed from the menu. I do not know if it removed the program.
Remember my aka is ‘a gui guy’. I am not afraid to use the CLI but I need to know the correct (& best) command/syntax to use before I inadvertently damage my system.
Re: Install & use Cisco AnyConnect?
Post by rudspring » Mon Jul 13, 2020 5:36 am
🤼 Установка Cisco AnyConnect в Ubuntu / Debian / Fedora
Cisco AnyConnect Client – это клиент SSL VPN, который предоставляет функциональные возможности VPN с другими функциями, которые позволяют использовать конечные точки предприятия.
В идеальном случае вы можете использовать любой клиент Cisco AnyConnect Secure Mobility Client для подключения к серверу Cisco SSL VPN.
Существует инструмент с открытым исходным кодом под названием OpenConnect.
У меня зачастую возникает много проблем с OpenConnect, и я решил попробовать AnyConnect.
VPN-клиент AnyConnect в системе Linux – Ubuntu / Debian / Fedora / CentOS / RHEL и т.д.
Шаг 1: Скачайте клиент AnyConnect
Клиент AnyConnect для Linux, Windows и macOS доступен на странице скачивания.
Войдите в систему, используя свои учетные данные Cisco, и загрузите последний пакет anyconnect-linux64 *.
Как только файл архива будет загружен, приступайте к его распаковке.
Шаг 2. Установите Cisco AnyConnect в Ubuntu / Debian / Fedora
Теперь этот файл был загружен и извлечен, перейдите в созданную папку.
Вы должны увидеть следующие папки.
Перейдите в каталог vpn и выполните скрипт vpn_install.sh с помощью sudo.
Примите лицензию при появлении запроса.
Скрипт установщика должен создать файл системного модуля systemd и включить его при загрузке.
Шаг 3. Запустите Cisco AnyConnect
Запустите Cisco AnyConnect Secure Mobility Client со своего рабочего стола.
Введите IP-адрес VPN-сервера и нажмите кнопку подключения (connect).
Затем нажмите на change settings, чтобы доверять серверу.
Снимите флажок «Block Connections to untrusted servers».
После изменения ваши настройки должны выглядеть примерно так:
Затем нажмите «Connect Anyway», чтобы принять предупреждение о недоверенном сертификате.
Когда будет предложено ввести учетные данные, введите имя пользователя и пароль для подключения.
Ваше VPN-соединение должно быть активным.
Подтвердите соединение, проверив детали IP-адресов и маршруты.
Наслаждайтесь использованием AnyConnect для доступа к частным сетям через общедоступный интернет.