How to install and connect to the VPN -Linux/Ubuntu

Owned by Carol Lu
Last updated: Mar 13, 2024 by Natasha Jennings
5 min read

Use checkvpn.uwaterloo.ca to see your computer's VPN connection status.

Cisco AnyConnect uses version 4.10. Be sure that you have a compatible OS in order to use the AnyConnect application.

  1. To begin, log into the VPN website with your 8-character UWaterloo username (e.g. myuserna)  and password. Most can use https://cn-vpn.uwaterloo.ca/+CSCOE+/logon.html, but depending on where you are on campus, you may need to use https://vpn-inside.private.uwaterloo.ca



     

    1. Second Password:

  • Type push for Duo Mobile push; enter ‘push2’ to receive the prompt on a secondary device, ‘push3’ to receive the prompt on a tertiary device, etc. To avoid multiple prompts on your phone, accept the push within 10 seconds.

  • Type sms for text codes ( this option is for students only ); you will get a text message with 10 codes. Re-enter your password, and type the first code in the second password field.

  • Type phone to get a phone call ( this option is for students only ); enter ‘phone2’ to receive the prompt on a secondary device, ‘phone3’ to receive the prompt on a tertiary device, etc.

  • For Duo hardware token or Duo app, enter the 6-digit code from the token or app

  • For a Yubikey, touch the YubiKey with your cursor in the text box

b. Accept the Duo 2FA prompt on your device to continue to the next step

2. After logging in, download the “Cisco AnyConnect Secure Mobility Client” by clicking “Download for Linux” and download the script file “anyconnect-linux64-4.6.01103-core-vpn-webdeploy-k9.sh

  • If Cisco detects the incorrect OS or provides a different installation file, follow the steps to


     
    3. Another window will pop up and it will prompt to save the installer.

    4. Open up the command terminal (crtl+alt+t) and input these commands:
    ~$ cd Downloads/ (makes it so that the directory is downloads and allow interaction with the installer file)

    ls – l (looks through the downloads folder to look for the script file)

    chmod 0700 anyconnect-linux64-4.6.01103-core-vpn-webdeploy-k9.sh (marks the script as an executable file)

    sudo ./anyconnect-linux64.4.6.01103-core-vpn-webdeploy-k9.sh (this runs the script)

5. Input the computer password when prompted  (it will prompt you to do this after you run the script).

6. After you enter the password, the program should be fully installed on your computer. You can then open the client by selecting Show applications on the bottom left of your screen. Then click on Cisco AnyConnect.

 

7. After Cisco AnyConnect opens, if you haven't connected before, you will need to specify the VPN server:

8. Enter your 8-character username (e.g. j25rober) and click Connect.

  • Two-factor authentication (2FA) will be required in order to connect to the VPN. In the 'Second Password' field, enter one of the following, then click Connect.

    Read more about the 2FA changes. 

    1. For Duo Mobile push (app): 

      • To avoid multiple prompts on your phone, accept the push within 10 seconds.

      • Open your Duo app, select University of Waterloo, enter the code in the second password field [Recommended option], or

      • Enter ‘push' or 'push1’ to send the prompt to your primary device, or

      • Enter ‘push2’ to receive the prompt on a secondary device, ‘push3’ to receive the prompt on a tertiary device, etc.

      -For Duo hardware token: enter your 6-digit code

      -For Duo Bypass code: enter your bypass code

      -For SMS codes ( this option is for students only ): enter ‘sms’; you will get a text message with 10 codes. Re-enter your password, and type the first code in the second password field.

      -For Yubikey: enter the code generated by touching the Yubikey

      -For Phone Call ( this option is for students only ): enter 'phone'

      • Enter ‘phone2’ to receive the prompt on a secondary device, ‘phone3’ to receive the prompt on a tertiary device, etc.

      • If you are not receiving Duo phone calls, you may have a setting that is blocking the phone calls. Some possible solutions include adding the Duo phone number, (306) 900-4884, to your device whitelist, or if the service is blocking unknown callers, add the Duo phone number as a contact on the device.

        • iPhone: 'Silence Unknown Callers'

        • Telus/Koodo: 'Call Control'

        • Android: 'Block Unknown Callers'

        • Call Control or Call Blocker app

        • Any anti-spam service

  • You should now be connected! If you want to make sure you are connected, then you can click on Cisco AnyConnect, which should show you it as “Connected”.

Alternative Method to install VPN in Ubuntu

  1.  First run the command below to activate the TUN module

    sudo /sbin/modprobe tun 

     Note: Some users may receive an error stating that TUN cannot be found, however it can be disregarded if steps 2 and 3 below- Install and Connect --Open Connect successfully.

    If the installation fails, the most likely error that will be received is

    modprobe: FATAL: Module tun not found in directory /lib/modules/...

    To resolve this error, switch to a stable release. If you are already running a stable release, the following steps can be taken to resolve the issue:

    1. Reboot your device

    2. Remove any network-related kernel packages you have installed and update/upgrade your operating system

  2. Install OpenConnect: 

    sudo apt-get install openconnect 

     

  3. Connect to VPN, run: 

    sudo openconnect -v cn-vpn.uwaterloo.ca 

When prompted to choose a group, type the appropriate VPN group name (UW-Campus, UW-General-Campus, UW-PART) and press enter.

It prompts you to type in your 8-character UWaterloo username (e.g. myuserna) and password and a second password. Once these are authenticated, the VPN connection is established. You will also be presented with the time and date your VPN session will expire.

Keep the terminal window open while the VPN session is active.  

Network resources such as shared folders, NAS drives, servers, and workstations should now be available.  

To close the VPN session, press Ctrl+Z in the terminal window. Abruptly killing the terminal window without properly closing out of the VPN session can lead to issues when attempting to reconnect in the future. These issues can typically be resolved by restarting the machine.  

-------------------------------------------------------------------------------------------------------------------------- 

Optional – Install VPN plug-ins for Network Manager 

  1. Install some VPN plug-ins for Network Manager: 

     

  2. If prompted for your password, type it, and press Enter.

  3. If you are told that a package “is already the newest version,” ignore it and continue with the next command.

  4. If asked to “continue [Y/n],” press Y, followed by Enter.

  5. Open the connections settings dialogue, go to the VPN tab and add a new connection.

  6. Select “Cisco AnyConnect”: 

Need Help?

Contact the IST Service Desk online or 519-888-4567 ext. 44357.