How to install and connect to the VPN -Linux/Ubuntu
The instructions below work with all Linux-Ubuntu devices.
Use checkvpn.uwaterloo.ca to see your computer's VPN connection status.
Cisco AnyConnect uses version 4.10. Be sure that you have a compatible OS in order to use the AnyConnect application.
Step-by-Step
To begin, log into the VPN website with your 8-character UWaterloo username (e.g. myuserna) and password. Most can use https://vpn.uwaterloo.ca/+CSCOE+/logon.html, but depending on where you are on campus, you may need to use https://vpn.private.uwaterloo.ca.
Second Password:
Type push for Duo Mobile push; enter ‘push2’ to receive the prompt on a secondary device, ‘push3’ to receive the prompt on a tertiary device, etc. To avoid multiple prompts on your phone, accept the push within 10 seconds.
Type sms for text codes ; you will get a text message with 10 codes. Re-enter your password, and type the first code in the second password field.
Type phone to get a phone call ; enter ‘phone2’ to receive the prompt on a secondary device, ‘phone3’ to receive the prompt on a tertiary device, etc.
For Duo hardware token or Duo app, enter the 6-digit code from the token or app
For a Yubikey, touch the YubiKey with your cursor in the text box
b. Accept the Duo 2FA prompt on your device to continue to the next step
2. After logging in, download the “Cisco AnyConnect Secure Mobility Client” by clicking “Download for Linux” and download the script file “anyconnect-linux64-4.6.01103-core-vpn-webdeploy-k9.sh”
If Cisco detects the incorrect OS or provides a different installation file, follow the steps to
3. Another window will pop up and it will prompt to save the installer.4. Open up the command terminal (crtl+alt+t) and input these commands:
~$ cd Downloads/ (makes it so that the directory is downloads and allow interaction with the installer file)ls – l (looks through the downloads folder to look for the script file)
chmod 0700 anyconnect-linux64-4.6.01103-core-vpn-webdeploy-k9.sh (marks the script as an executable file)
sudo ./anyconnect-linux64.4.6.01103-core-vpn-webdeploy-k9.sh (this runs the script)
5. Input the computer password when prompted (it will prompt you to do this after you run the script).
6. After you enter the password, the program should be fully installed on your computer. You can then open the client by selecting Show applications on the bottom left of your screen. Then click on Cisco AnyConnect.
7. After Cisco AnyConnect opens, if you haven't connected before, you will need to specify the VPN server:
vpn.uwaterloo.ca : Accessed from off-campus and from wireless when on-campus
vpn.private.uwaterloo.ca : Accessed from on-campus, wired connections only
8. Enter your 8-character username (e.g. j25rober) and click Connect.
Two-factor authentication (2FA) will be required in order to connect to the VPN. In the 'Second Password' field, enter one of the following, then click Connect.
Read more about the 2FA changes.
For Duo Mobile push (app):
To avoid multiple prompts on your phone, accept the push within 10 seconds.
Open your Duo app, select University of Waterloo, enter the code in the second password field [Recommended option], or
Enter ‘push' or 'push1’ to send the prompt to your primary device, or
Enter ‘push2’ to receive the prompt on a secondary device, ‘push3’ to receive the prompt on a tertiary device, etc.
-For Duo hardware token: enter your 6-digit code
-For Duo Bypass code: enter your bypass code
-For SMS codes : enter ‘sms’; you will get a text message with 10 codes. Re-enter your password, and type the first code in the second password field.
-For Yubikey: enter the code generated by touching the Yubikey
-For Phone Call : enter 'phone'
Enter ‘phone2’ to receive the prompt on a secondary device, ‘phone3’ to receive the prompt on a tertiary device, etc.
If you are not receiving Duo phone calls, you may have a setting that is blocking the phone calls. Some possible solutions include adding the Duo phone number, (306) 900-4884, to your device whitelist, or if the service is blocking unknown callers, add the Duo phone number as a contact on the device.
iPhone: 'Silence Unknown Callers'
Telus/Koodo: 'Call Control'
Android: 'Block Unknown Callers'
Call Control or Call Blocker app
Any anti-spam service
You should now be connected! If you want to make sure you are connected, then you can click on Cisco AnyConnect, which should show you it as “Connected”.
Alternative Method to install VPN in Ubuntu
First run the command below to activate the TUN module
sudo /sbin/modprobe tun
Note: Some users may receive an error stating that TUN cannot be found, however it can be disregarded if steps 2 and 3 below- Install and Connect --Open Connect successfully.
If the installation fails, the most likely error that will be received is
modprobe: FATAL: Module tun not found in directory /lib/modules/...
To resolve this error, switch to a stable release. If you are already running a stable release, the following steps can be taken to resolve the issue:
Reboot your device
Remove any network-related kernel packages you have installed and update/upgrade your operating system
Install OpenConnect:
sudo apt-get install openconnect
Connect to VPN, run:
sudo openconnect -v vpn.uwaterloo.ca
When prompted to choose a group, type the appropriate VPN group name (UW-Campus, UW-General-Campus, UW-PART) and press enter.
It prompts you to type in your 8-character UWaterloo username (e.g. myuserna) and password and a second password. Once these are authenticated, the VPN connection is established. You will also be presented with the time and date your VPN session will expire.
Keep the terminal window open while the VPN session is active.
Network resources such as shared folders, NAS drives, servers, and workstations should now be available.
To close the VPN session, press Ctrl+Z in the terminal window. Abruptly killing the terminal window without properly closing out of the VPN session can lead to issues when attempting to reconnect in the future. These issues can typically be resolved by restarting the machine.
--------------------------------------------------------------------------------------------------------------------------
Optional – Install VPN plug-ins for Network Manager
Install some VPN plug-ins for Network Manager:
If prompted for your password, type it, and press Enter.
If you are told that a package “is already the newest version,” ignore it and continue with the next command.
If asked to “continue [Y/n],” press Y, followed by Enter.
Open the connections settings dialogue, go to the VPN tab and add a new connection.
Select “Cisco AnyConnect”:
Related articles
Need Help?
Contact the IST Service Desk online or 519-888-4567 ext. 44357.