Access Keys:
Skip to content (Access Key - 0)

Q: How can I connect to the MIT VPN using openconnect on Linux?

This article refers to the Cisco AnyConnect VPN. If you're looking for information on the Prisma Access VPN Beta that uses the GobalConnect app, see: Prisma Access VPN Landing Page.

If you're not sure which service you're using, see: [istcontrib:How do I know if I'm using the Cisco AnyConnect VPN or the Prisma Access VPN?]

Answer

Use Official Cisco Clients
IS&T strongly recommends that you use the Cisco clients to connect to the VPN. They have been tested and should work on all supported operating systems. By visiting http://ist.mit.edu/cisco-anyconnect/all in your web browser, you can download and connect using the official Cisco AnyConnect Secure Mobility Client.

System Requirements

  • openconnect is only available in Ubuntu 9.10 (Karmic) and higher. We strongly urge you to use Ubuntu 10.04 (Lucid), as it contains the newest version of the openconnect client, which fixes a number of bugs from previous versions.

Network Manager

On current versions of Ubuntu Lucid, you must reboot the workstation after installing the network-manager-openconnect package. This is due to a bug in the package's configuration scripts. Failure to reboot will result in the misleading error "No VPN secrets" when attempting to connect to the VPN, and the login dialog box will not be displayed.

  1. Be sure you have installed the network-manager-openconnect package and its dependencies.
  2. From the System menu, select Preferences, then Network Connections.
  3. Click on the VPN tab, and then click the Add button.
  4. When prompted to choose a VPN Connection Type, select Cisco AnyConnect Compatible VPN, and click Create...
  5. Assign the connection a useful Connection name such as MIT VPN
  6. For Gateway, enter vpn.mit.edu
  7. For User name, enter your MIT username (e.g. joeuser)
  8. All other settings should be left at their default values. Click Apply.
  9. Click on the NetworkManager icon in the notification area, select VPN Connections, and then select the VPN connection you just configured.
  10. After a moment, you should be prompted for your username and password (twice); the second password field expects a Duo code (if you are Duo-enabled), and the connection will be established.

To disconnect from the VPN, select the NetworkManager icon in the notification area, select VPN Connections, and then select Disconnect VPN...

Command-line

  1. Be sure you have installed the openconnect and vpnc packages.
  2. Become root.
  3. Run openconnect -s /etc/vpnc/vpnc-script vpn.mit.edu
    You will be prompted for your MIT username and password, and then the VPN client will connect.
    Once connected, you will have an IP address that begins with 18.100 or 18.101

To disconnect, simply press Ctrl-C to end the openconnect program.

11.10 (oneiric ocelot) 64-bit Notes

We have tried this in 11.10 64-bit and it does work:

Install openconnect with the command sudo apt-get install network-manager-openconnect. From dash, run Network Connections. Create the vpn connection as described in the section above.

If this works, you get an extra tab in the Network Connections app that says "vpn". Then add and use the settings vpn.mit.edu and accept / save the certificate when you try to connect.

Note that the 32-bit installer (vpnsetup.sh) seems to work fine on 32-bit 11.10 - so use that as the first resort.

Ubuntu notes

Before extracting the tar.gz, you'll need to install two libraries:

sudo apt update && sudo apt install lib32z1 lib32ncurses5

After that, you should be able to extract and run the installer script.

Community

Documentation and information provided by the MIT Community


Last Modified:

March 31, 2020

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
linux linux Delete
ubuntu ubuntu Delete
openconnect openconnect Delete
open open Delete
connect connect Delete
no no Delete
vpn vpn Delete
secrets secrets Delete
c-anyconnect c-anyconnect Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki