Downloads and Guides: Install AnyConnect VPN for Linux

These directions outline the process of installing the Cisco AnyConnect Secure Mobility Client and Diagnostic And Reporting Tool (DART) for Linux. The AnyConnect Mobility Client package must be installed first, followed by DART. Cisco AnyConnect can be installed through the Graphic User Interface (GUI) or Command Line (CLI). 

Certain Departmental Pools, Full Tunnel VPN, and Split Tunnel VPN Pools require multi-factor authentication (MFA) through Duo Security to connect. Using Duo and VPN is outlined in Using Duo Append Mode with Cisco AnyConnect. For assistance in connecting, including Login Failed messages, contact Technology Help for assistance.

OTE: Java or an alternative is a pre-requisite and must be installed prior to the AnyConnect installation.

Ubuntu (16+) prerequisites

Some dependencies may be required for Ubunto/Debian users in order for a successful installation. Open Terminal and run the following commands:

sudo apt-get update

sudo apt-get install lib32z1 lib32ncurses5

Install AnyConnect

  1. Download AnyConnect from the Downloads & Guides page.
  2. Once you have downloaded the AnyConnect VPN tarball, double-click to extract the folder named "anyconnect-linux64-<version>-predeploy".
    • The file will extract in the same folder it was downloaded in. 
  3. Alternatively, to install using the CLI, you can extract the anyconnect folder into your current location with the command:
    • For 64-bit clients: 'tar -xvfz [filepath]'
  4. Open the newly-extracted folder to find the VPN folder.
  5. Right-click the "vpn_install.sh" file.
  6. Double-click Run.
  7. Use the GUI to install the Cisco AnyConnect Secure Mobility Client at the root level. 
    • For some versions of Linux, such as Ubuntu, using the CLI will be necessary. 
  8. If using the CLI is necessary, open a Terminal window.
    • Navigate to the extracted folder via the path and run the 'vpn_install.sh' script as root, with your specific filepath, 'sudo .„[filepath/vpn_install.sh]'.
    • If you receive an agentid error, see Additional Information below.

Install DART

  1. In the extracted folder, open the folder "dart".
  2. Right-click the "dart_install.sh" file, and double-click Run.
  3. Use the GUI to install DART.
    • Again for Ubuntu, using the CLI will be required. 
  4. Open a Terminal window.
  5. Navigate across to the extracted folder via the path and run the 'dart_install.sh' script as root, with your specific filepath, 'sudo .„[filepath/dart_install.sh]'.

Connect to UMN VPN

  1. Start Cisco Anyconnect your preferred way.
    • Using the GUI, navigate to Applications > Internet.
    • Using the CLI, open Terminal and run '/opt/cisco/anyconnect/bin/vpnui'.
  2. Connect to tc-vpn-1.vpn.umn.edu.
  3. A Duo Security push will automatically be sent to your default Duo device.
    • To use any other method (e.g., call me, passcode) for Duo authentication, use Duo Append Mode.
  4. Approve the Duo Login Request.

Additional Information

If a host name is needed, please use tc-vpn-1.vpn.umn.edu. Some users may find they need additional libraries and have found that installing OpenConnect has helped using sudo apt-get install network-manager-openconnect.

  • NOTE: OIT does not support OpenConnect, use proper discretion when running commands that could affect your device.

When you run the client for the first time, it is possible that you'll get a certificate error under some Linux distributions, such as Ubuntu and anything based on debian. When this happens, you'll need to manually install an intermediate certificate. The instructions to do this can be found in How to Fix AnyConnect VPN Server Certificate errors for Linux clients.

TDX ID
3671