I finally got the Cisco Anyconnect SSL VPN Client working on Ubuntu Intrepid. There’s an error in 2.2.x where the ‘vpn’ tool says “error: Connection attempt has failed due to server certificate problem.” and exists. Running 2.3.x via ‘vpnui’ you get a pop-up window to accent the certificate, but click accept just brings the popup window back up.
I tried getting this working a few times, my last failed attempt appears to have been because I was running the client (which talks to a seperate service that runs as root) as root. I figured that out on this go around on a separate workstation and now have 2.2.0140 and 2.3.0185 running on separate amd64 / x86_64 Ubuntu Intrepid workstations.
This should be a pretty accurate log of the steps on the latest attempt.
# downloaded the latest Linux Anyconnect client from http://www.cisco.com tar -xvzf anyconnect-linux-2.3.0185-k9.tar.gz cd ciscovpn/ sudo ./vpn_install.sh # Downloaded latest firefox from http://www.mozilla.com/en-US/firefox/ sudo tar -xvjf firefox-3.0.5.tar.bz2 -C /usr/local for lib in libnssutil3.so libplc4.so libplds4.so libnspr4.so libsqlite3.so libnssdbm3.so libfreebl3.so do sudo ln -s /usr/local/firefox/$lib /opt/cisco/vpn/lib/$lib done
I didn’t bother going back to check, but it looked in the strace output of the ‘vpn’ utility that it was looking in /lib32 for most binaries, so it sound like the amount of hackery required may be decreasing.
Thanks! I now have 2.3.0254 running on 64 bit Jaunty.
Tips from this forum helped me: http://ubuntuforums.org/archive/index.php/t-855485.html
I am running 64-bit Fedora 10.
sudo chmod +x /opt/cisco/vpn/bin/vpndownloader.sh
I needed to download the 32-bit libraries from the repositories (all .i386 packages for the libs). You don’t need to download firefox 3, it’s just that it is packaged with almost all the 32-bit libraries that you need. You can get all the necessary files from the repositories.
These are the ones you need:
/lib and /usr/lib contain 32-bit libraries
/lib64 and /usr/lib64 contain 64-bit libraries
Create symlinks to the appropriate libraries.
Here’s what /opt/cisco/vpn/lib looks like:
[… lib]$ ls -lAH
-rwxr-xr-x 1 root root 1149892 2009-07-13 08:35 libcrypto.so.0.9.8
lrwxrwxrwx 1 root root 22 2009-07-13 09:00 libfreebl3.so -> /usr/lib/libfreebl3.so
lrwxrwxrwx 1 root root 16 2009-07-13 09:02 libnspr4.so -> /lib/libnspr4.so
lrwxrwxrwx 1 root root 19 2009-07-13 08:56 libnss3.so -> /usr/lib/libnss3.so
lrwxrwxrwx 1 root root 22 2009-07-13 09:02 libnssdbm3.so -> /usr/lib/libnssdbm3.so
lrwxrwxrwx 1 root root 23 2009-07-13 09:02 libnssutil3.so -> /usr/lib/libnssutil3.so
lrwxrwxrwx 1 root root 15 2009-07-13 09:01 libplc4.so -> /lib/libplc4.so
lrwxrwxrwx 1 root root 16 2009-07-13 09:01 libplds4.so -> /lib/libplds4.so
lrwxrwxrwx 1 root root 21 2009-07-13 08:56 libsmime3.so -> /usr/lib/libsmime3.so
lrwxrwxrwx 1 root root 23 2009-07-13 08:56 libsoftokn3.so -> /usr/lib/libsoftokn3.so
lrwxrwxrwx 1 root root 28 2009-07-13 09:03 libsqlite3.so -> /usr/lib/libsqlite3.so.0.8.6
-rwxr-xr-x 1 root root 222300 2009-07-13 08:35 libssl.so.0.9.8
Then I created /usr/local/firefox directory and copied all files into that too (you can link there as well).
Last step for me was linking to the i386 version of zlib (libz.so):
sudo ln -s /lib/libz.so.1 /usr/lib/libz.so
sudo ln -s /lib/libz.so.1 /usr/local/firefox/libz.so
which enabled me to download the certificate from the VPN server.
Now I have Cisco AnyConnect Client 2.3.2016 working.