Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability Cisco AnyConnect Secure Mobility Client for Windows Desktop Denial of Service Vulnerability 20-Jun-2018 Cisco AnyConnect Secure Mobility Client Certificate Bypass Vulnerability 06-Jun-2018.
- Just in case you do want the Ciso Anyconnect client working take a look at this blog. Just disable the Firefox Iced Tea web plugin and go to your VPN site. Have Ubuntu download the VPN installer and run the shell script. In my case Cisco Anyconnect VPN client was installed and available under the Internet section and works fine.
- NVIDIA Anyconnect VPN Clients: Windows Mac Linux (x64) Install Guide NOTE: Android/iOS clients can be downloaded from their respective app stores.
OpenConnect is a cross-platform multi-protocol SSL VPN client which supports a number of VPN protocols:
- Cisco AnyConnect (--protocol=anyconnect)
- Juniper SSL VPN (--protocol=nc)
- Pulse Connect Secure (--protocol=pulse
- Palo Alto Networks GlobalProtect SSL VPN (--protocol=gp)
- F5 Big-IP SSL VPN (--protocol=f5)
- Fortinet Fortigate SSL VPN (--protocol=fortinet)
OpenConnect is not officially supported by, or associated in any waywith Cisco Systems, Juniper Networks, Pulse Secure, Palo Alto Networks, F5,or Fortinet, or any of the companies whose protocols we may support in the future.It just happens to interoperate with their equipment. Trademarks belong totheir owners in a rather tautological and obvious fashion.
An openconnect VPN server (ocserv), which implementsan improved version of the Cisco AnyConnect protocol, has also beenwritten.
OpenConnect is released under the GNU Lesser Public License, version 2.1.
Motivation
Development of OpenConnect was started after a trial of the Cisco AnyConnectclient under Linux found it to have many deficiencies:
- Inability to use SSL certificates from a TPM or PKCS#11 smartcard, or even use a passphrase.
- Lack of support for Linux platforms other than i386.
- Lack of integration with NetworkManager on the Linux desktop.
- Lack of proper (RPM/DEB) packaging for Linux distributions.
- 'Stealth' use of libraries with dlopen(), even using the development-only symlinks such as libz.so — making it hard to properly discover the dependencies which proper packaging would have expressed
- Tempfile races allowing unprivileged users to trick it into overwriting arbitrary files, as root.
- Unable to run as an unprivileged user, which would have reduced the severity of the above bug.
- Inability to audit the source code for further such 'Security 101' bugs.
Naturally, OpenConnect addresses all of the above issues, and more.
New protocols
Adding new protocols to OpenConnect is relatively simple, andadditional protocols have been added over the years since usingOpenConnect allows a developer to concentrate on the protocol itselfand most of the boring details about platform-specific tunnel managementand IP configuration, and handling of client SSL certificates, are alreadyresolved.
If you have a protocol which you think it makes sense to support inOpenConnect, especially if you are able to help with interoperabilitytesting, please file an issuein GitLab.
Consistent multi-protocol support
Wherever possible, OpenConnect presents a uniform API and command-lineinterface to each of these VPNs. For example,openconnect --force-dpd=10will attempt dead peer detection every 10 seconds on every VPN thatsupports it, even though the actual mechanism used may be protocol-specific.Protocol-specific features and deficiencies are described on theindividual protocol pages.
Objective
The objective of this article is to guide you through installing, using, and the option of uninstalling AnyConnect VPN Client v4.9.x on Ubuntu Desktop.
Introduction
The Cisco AnyConnect Virtual Private Network (VPN) Mobility Client provides remote users with a secure VPN connection. It provides the benefits of a Cisco Secure Sockets Layer (SSL) VPN client and supports applications and functions unavailable to a browser-based SSL VPN connection. Commonly used by remote workers, AnyConnect VPN lets employees connect to the corporate network infrastructure as if they were physically at the office, even when they are not. This adds to the flexibility, mobility, and productivity of your workers. Cisco AnyConnect is compatible with Windows 7, 8, 8.1, and 10, Mac OS X 10.8 and later, and Linux Intel (x64).
Follow the steps in this article to install the Cisco AnyConnect VPN Mobility Client on a Ubuntu Desktop. In this article, Ubuntu version 20.04 is used.
If you are using a Windows computer, click here to view an article on how to install AnyConnect on Windows.
If you are using a Mac computer, click here to view an article on how to install AnyConnect on Mac.
AnyConnect Software Version
- AnyConnect - v4.9.x (Download latest)
Table of Contents
Installing AnyConnect Secure Mobility Client v4.9.x
Step 1
Download the AnyConnect Pre-Deployment Package for Linux from Cisco Software Downloads.
The latest release at the time of publication was 4.9.01095.
Anyconnect Linux
Step 2
Open the Terminal by pressing Ctrl+Alt+T on your keyboard. To navigate to the folder where you have downloaded the AnyConnect Client Package, use the command, ‘cddirectory name’. For more information on the ‘cd’ command, click here.
In this example, the file is placed on the Desktop.
Cisco Anyconnect Client Download Linux
The directory may be different based on the location of the AnyConnect file download. For long filenames or paths, start typing some characters and press the tab key on your keyboard. The filename will auto-populate. If it doesn't even after you press tab twice, it indicates that you need to type more number of unique characters. Alternately, you can use the 'ls' command to list the files in your current directory.
Step 3
The initial download is a tarball archive (several files packed into one), which must be extracted. The command ‘tar xvffilename’ will extract the contents to the same directory in which the initial file is located.
For more information on the ‘tar’ command, click here.
Step 4
Once the folder is extracted, use the ‘cddirectory name’ command again to navigate into the folder.
cd [Directory Name]
Step 5
After navigating into the main folder, ‘cd’ into the vpn sub-folder.
Step 6
To run the AnyConnect install script, type ‘sudo ./vpn_install.sh’. This will begin the installation process using superuser permissions.
sudo ./vpn_install.sh
For more details on the 'sudo' command, click here.
Step 7
Accept the terms in the license agreement to complete the installation by typing ‘y’.
The AnyConnect installation should complete, and the Terminal window can be closed.
Using AnyConnect Secure Mobility Client v4.9.x
Step 1
To access the Anyconnect app, open the Terminal by pressing Ctrl+Alt+T on your keyboard. Use the command, ‘/opt/cisco/anyconnect/bin/vpnui’.
/opt/cisco/anyconnect/bin/vpnui
If you encounter any errors through the Terminal, you can access the app from the applications menu as shown below.
To access the applications menu using the User Interface (UI), click on the start icon (appears as nine dots on the lower left corner). Choose the Anyconnect app.
Alternatively, press Super+A (Super key is the windows icon key) on your keyboard to bring up the search bar. Start typing 'Anyconnect' and the app will appear.
Step 2
Click on the Anyconnect app.
Step 3
Enter the IP Address or Hostname of your desired server followed by the port number.
For RV340 family, the default port number is 8443.
Step 4
Some connections may not be secure using a trusted SSL certificate. By default, AnyConnect Client will block connection attempts to these servers.
Uncheck Block connections to untrusted servers to connect to these servers.
Uninstalling AnyConnect Secure Mobility Client v4.9.x
Step 1
Using Terminal, navigate to the folder that contains the uninstall shell script using the ‘cd’ command.
In a default installation, these files will be located in /opt/cisco/anyconnect/bin/.
Step 2
To run the Anyconnect uninstall script, enter ‘sudo ./vpn_uninstall.sh’
This will begin the uninstall process using superuser permissions. For more information on the 'sudo' command, click here.
Step 3
At the prompt, enter the sudo password and the client software will complete uninstallation.
Conclusion
There you have it! You have now successfully learned the steps to install, use, and uninstall the Cisco AnyConnect Secure Mobility Client v4.9.x on Ubuntu Desktop.
For community discussions on Site-to-Site VPN, go to the Cisco Small Business Support Community page and do a search for Site-to-Site VPN.
AnyConnect App
The Anyconnect App can be downloaded from the Google Play store or the Apple store.
Additional Resources