connect to cisco vpn

humility · 2013-10-27 20:44:15

I need to connect to a cisco vpn network in order to have internet access at my university. Normaly I would have to use AnyConnect (direct link to the x64 Linux Version from the university website) but it wont work. And when I'm trying to connect with openconnect via the konsole its just tells me "Login failed." the same happends via NetworkManager and a vpn plugin. Any suggestions?

Roken · 2013-10-27 21:17:00

cisco-vpnclient - works a treat here for connecting to my work's vpn.

EDIT: i should add that you may have to rebuild after major kernel upgrades (minor upgrades seem to survive, but cisco_ipsec kernel module seems more tempremental regarding kernel upgrades)

Last edited by Roken (2013-10-27 21:18:26)

Xyne · 2013-10-27 21:45:22

"Login failed" and "it wont work" is not useful information. How is anyone supposed to help you solve the problem with that?

Openconnect works well with Cisco VPNs. You have almost certainly misconfigured your client. Please post the non-private data you are using. Which URI are you using? Does your user name require a domain-name prefix? Etc.

Presumably the VPN server is https://vpn.th-wildau.de/
The basic command should therefore look something like (change "vpn0" to the interface name you want to create)

openconnect --user <your name> --interface vpn0 vpn.th-wildau.de

You can use a configuration file to pass user name, interface name, PID file path, etc.

humility · 2013-10-28 23:11:51

1. I can install the cisco-vpnclient from the AUR but it won't start, it just does nothing.

2. While using openconnect with

openconnect --user <your name> --interface vpn0 vpn.th-wildau.de

I need to choose a group

GROUP: [Admin|Gast|Mitarbeiter|Student]:

so I type "Student" press enter and goint to enter my password. The response is:

POST https://vpn.th-wildau.de/
Login failed.

while using AnyConnect on an other OS I need to confirm a popup box after Iogged in. I'm not sure if that's a problem.

Xyne · 2013-10-28 23:18:50

Try the openconnect --usergroup option to set "Student", e.g.

openconnect --user <your name> --usergroup Student --interface vpn0 vpn.th-wildau.de

It should lead to the same result as entering "Student" at the prompt, but I would try it nevertheless.

Look for other relevant openconnect options too (openconnect --help). Dig around on the university website as well (and intranet, if there is one) and try to find a guide for Linux/openconnect users. There should be one somewhere. You could also try contacting the IT department. They must have some ideas of what to do. It may simply be a matter of pointing the client to a different connection.

Btw, are you trying to connect on or off campus? Sometimes VPN connections are blocked if you are already on the network (because they are completely redundant, unless you are connecting over open wifi).

humility · 2013-10-28 23:38:30

same result with --usergroup

there is a linux guide but it doesnt work on arch (I tested it on Ubuntu via VM - there it works) an d its outdated (I linked the file in the 1st post)... the guide simply says run vpn_install.sh which leads to a error.
and I need to connect to the vpn (cos its open wifi) even when I'm at the campus... thats the problem. Then I'm using the campus wifi without the vpn + proxy I cant connect no anything except the university website.

Last edited by humility (2013-10-28 23:51:58)

Xyne · 2013-10-28 23:59:40

Like I said, try different openconnect options, e.g. "--libproxy", "--authenticate", "--printcookie", "--verbose", "--disable-ipv6", "--no-xmlpost", "--os".
The "--verbose" option should guide you to the problem as you try combinations of other options.

humility · 2013-11-09 07:38:08

I almost forgot to thank you Xyne. Thank you very much! Its now working fine for me I just had to use --no-xmlpost.

Last edited by humility (2013-11-09 07:38:50)

Xyne · 2013-11-10 16:08:55

Thanks. I'm glad that you got it working.

Please edit the first post and prepend "[SOLVED]" to the subject line.

poliveira · 2014-01-07 17:23:10

humility wrote:

1. I can install the cisco-vpnclient from the AUR but it won't start, it just does nothing.
(...)

With cisco-vpnclient from AUR, I have the same problem, run it through GUI (KDE) and something appears/disappears instantly on system tray, and no error message appears, decided to run it through CLI as well, same thing happens! no messages, errors or alerts!
(screenshot from my terminal)

But the client doesn't not appear as "should", on my past distro (debian-based) I had this "same" client (Official Installer), and after I executed some dialog window appear to insert credentials...
(source: google)

Any help?

If I cannot resolve this I will try with NetworkManager and NetworkManager-OpenConnect Plugin, but before this I what to see this client working first!
I appreciate your attention and any kind of helo you could give!

PS: Sorry for the enormous images, I tried to resize with BBCode tags, but nothing happened!

Roken · 2014-01-07 17:41:16

I had to copy the pcf file from my works laptop to /opt/cisco-vpnclient/Profiles/ to get cisco-vpnclient working since work won't actually provide the group password (and it's encrypted in the pcf). Perhaps that could be the problem?

Last edited by Roken (2014-01-07 17:42:07)

poliveira · 2014-01-07 22:02:25

Roken wrote:

I had to copy the pcf file from my works laptop to /opt/cisco-vpnclient/Profiles/ to get cisco-vpnclient working since work won't actually provide the group password (and it's encrypted in the pcf). Perhaps that could be the problem?

But if I formatted (which is the reality) my machine and I don't have any PCF file of my profile from previous logins, how I can manage to fix that? :S

Arch Linux

#1 2013-10-27 20:44:15

connect to cisco vpn

#2 2013-10-27 21:17:00

Re: connect to cisco vpn

#3 2013-10-27 21:45:22

Re: connect to cisco vpn

#4 2013-10-28 23:11:51

Re: connect to cisco vpn

#5 2013-10-28 23:18:50

Re: connect to cisco vpn

#6 2013-10-28 23:38:30

Re: connect to cisco vpn

#7 2013-10-28 23:59:40

Re: connect to cisco vpn

#8 2013-11-09 07:38:08

Re: connect to cisco vpn

#9 2013-11-10 16:08:55

Re: connect to cisco vpn

#10 2014-01-07 17:23:10

Re: connect to cisco vpn

#11 2014-01-07 17:41:16

Re: connect to cisco vpn

#12 2014-01-07 22:02:25

Re: connect to cisco vpn

Board footer