[Triumf-linux-managers] FYI - clients for UBC VPN (Cisco AnyConnect)

Andrew Daviel advax at triumf.ca
Fri May 25 17:07:50 PDT 2012 

FYI

You can access paystubs etc. at https://www.msp.ubc.ca/
direct from TRIUMF, but not from offsite.
To do that, you must either proxy via a TRIUMF address, or run a VPN 
client.

UNC runs a Cisco AnyConnect VPN portal at https://myvpn.ubc.ca
That uses a Java applet to install a binary VPN client on various 
platforms. It seems to require "real" Sun (Oracle) Java cf. the 
opensource Java that ships with Fedora and works well for many other 
applications.
The applet may still not work properly on 64-bit Linux. The 32-bit binary 
for Linux is available at 
https://myvpn.ubc.ca/CACHE/stc/4/binaries/vpnsetup.sh
(if you have a working VPN client to logon to get there).
(Be careful - it's a binary shell installer and gets trashed by WinSCP 
unless you use binary mode).
That will run OK in compatability mode. It installs an agent, a 
command-line tool, and a GUI tool in /opt/cisco. The GUI tool vpnui 
autominimizes and, at least for my desktop, disappears without a trace.
The command-line tool vpn requires the agent running and then allows 
connection and disconnection.
The VPN is created with some split-tunnelling; local network addresses 
continue to be routed directly but default route is changed to go via 
the tunnel. It also creates a lot of iptables rules.

The open-source AnyConnect client "openconnect" from 
http://www.infradead.org/openconnect/ also works.
I recently built the latest version 3.20 for SL5
from http://mirror/triumf/extras/5.0/SRPMS/
in http://mirror/triumf/extras/5.0/x86_64/RPMS/
There are packages in the regular repositories for Ubuntu, Fedora, Debian 
etc.

(Cisco offers a number of VPN clients, e.g. "SSL VPN", "Secure", "VPN".
Some use IPSec, some SSL. UBC uses "AnyConnect")


(this was an offshoot of trying to understand VPN on our new Juniper 
equipment, and trying to help set up a client VPN to another institution)


-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376  (Pacific Time)
Network Security Manager

More information about the Triumf-linux-managers mailing list