Skip to end of metadataGo to start of metadata

• Cisco Vpn Ubuntu 20.04 64-bit
• Cisco Vpn Ubuntu 9.10
• Free Ubuntu Vpn
• Ubuntu Cisco Vpn
• Cisco Anyconnect Ubuntu 20.04

Drexel's VPN new requires Mutli-Factor Authentication or MFA.

OpenVPN is a full featured, open-source Transport Layer Security (TLS) VPN solution that accommodates a wide range of configurations. In this tutorial, you will set up OpenVPN on an Ubuntu 20.04 server, and then configure it to be accessible from a client machine. Since the dependencies of libdouble-conversionn1 and qt-st-api aren't available in Ubuntu 20.04, It seems impossible to install PacketTracer on Ubuntu 20.04. Is there any fix for this? Or an ETA for when a fix will be available? I found a PacketTracer snap, but this one isn't maintained by Cisco (So less trustworthy). I don't know if this snap.

Once you login to the VPN, and click 'Connect,' answer your phone, and press the # sign. Or press 'Approve' in the Microsoft Authenticator App notification (unlocking your phone may be required).

To set-up MFA, or change to the Microsoft Authenticator App (especially if you travel outside the U.S. and wish to avoid excessive call or data roaming charges), see the following webpage.

Here is how to install/configure Drexel's Cisco AnyConnect VPN with the 2 most recent versions of Long Term Support (LTS) Ubuntu Linux: 16.04 & 18.04 & 20.04 LTS

1. Open a terminal window or command-line prompt window in Ubuntu Linux 16.04 LTS.
   1. Press the Ctrl-Alt-t keyboard keys simultaneously.
   2. Or right-click the desktop background, and select 'Open Terminal.'

   3. Or click 'Ubuntu' or 'Activities' icon in upper left. 'Dash' search will open. Type in 'terminal' (without quotes).

2. Type in the following in a terminal window, then type in 'y' (without quotes), then press the Enter/Return key.
   

   sudo apt install network-manager-openconnect

3. Type in the following in the terminal window, and press the Enter/Return key.
   sudo systemctl daemon-reload
   

4. Visit https://vpn.drexel.edu in a web browser (Firefox recommended), and login with your DrexelOne userid and password.

5. Click 'Start AnyConnect'.

   Click link above to collapse this area. Click on image to zoom in.

6. Click 'Download for Linux' under 'Download & Install.'

   1. We cannot provide a direct link here for the installation file that does not require you to repeat all of the above steps again.

   2. IGNORE the '+Instructions' button. Not accurate help there for Linux.

      Click link above to collapse this area. Click on image to zoom in.
7. Download the AnyConnect 'anyconnect-linux64-#.#.#####-core-vpn-webdeploy-k9.sh' (bash) file. # can be any single number here.
   1. This usually goes to the 'Downloads' folder by default. We'll assume that's the case here.

8. Type in the following in the terminal window, and press the Enter/Return key.
   cd Downloads
   

9. Type in the following in the terminal window, and press the Enter/Return key.
   sudo bash anyconnect-linux64-#.#.#####-core-vpn-webdeploy-k9.sh
   

   1. Hint: Type in 'sudo bash anyc' (without quotes) and press the Tab key on the keyboard. The rest of the 'anyconnect' file name should auto-complete. Then press the Enter/Return key.

   2. Note: You might have a different version number for the 'anyconnect' file name. If so, type in the correct version number in the command below.

   3. # can be any single number here.

   
   

10. For Ubuntu Linux 18.04 LTS only, type in the following in the terminal window, and press the Enter/Return key.
    sudo apt install libpangox-1.0-0
    

11. Click the 'Dash' or 'Activities' search icon in the upper left, search for 'Cisco' (without quotes), and click to open it.

12. In the 'Cisco AnyConnect' VPN client window, type in 'vpn.drexel.edu' (without quotes) in the 'Connect to' field.

13. In the 'Cisco AnyConnect' VPN client window, type in 'DrexelVPN' in the 'Group' field.

    1. And login with your DrexelOne or Drexel Connect userid and password.

14. Click 'Connect.'

15. IMPORTANT NOTE: The VPN app may say 'Login failed' until your approve MFA if you use an Authenticator app.
16. Use your Drexel Multi-Factor Authentication of MFA method to 'Approve' the connection (or press # when called on the phone).
    

    Drexel's VPN new requires Mutli-Factor Authentication or MFA.

    Once you login to the VPN, and click 'Connect,' answer your phone, and press the # sign. Or press 'Approve' in the Microsoft Authenticator App notification (unlocking your phone may be required).

    To set-up MFA, or change to the Microsoft Authenticator App (especially if you travel outside the U.S. and wish to avoid excessive call or data roaming charges), see the following webpage.

    1. If using Microsoft Authenticator app Approve/Deny notification, VPN will hang or say fail until you approve MFA, and then actually fail if you do not do so within 1 minute or so.

17. You should see a notification that 'Cisco AnyConnect Secure Mobility Client' is 'Connected.'

Cisco Vpn Ubuntu 20.04 64-bit

If you are asked to reboot, do so. If you run into an issue, try a reboot.

Cisco Vpn Ubuntu 9.10

NEED MORE HELP? Contact ihelp@drexel.edu or the CCI Commons HelpDesk at 215-895-2480.

*Additional Assistance is ONLY for Drexel University - College of Computing & Informatics (CCI) instructors, faculty, professional staff, and students.*

Anyone else should contact technical support for their own college, department, university, organization, or business.

Setting up a VPN server with StrongSwan on Ubuntu 20.04

Having a Virtual Private Network (VPN) server enables you to encrypt traffic between your client devices (laptop, cell phone, or tablet) and a VPN server, and thus add another layer of security and privacy to your day to day online activities. This tutorial outlines the steps for setting up a dedicated VPN instance using StrongSwan on an Ubuntu 20.04 server instance.

The protocol that’s used for securely routing the traffic through VPN is IKEv2, which stands for Internet Key Exchange version 2. In a nutshell, it’s a fairly modern protocol that’s part of the IPSec protocol suite which enables secure session initiation with a VPN server and is supported by a wide range of devices and operating systems.

Preparing an Ubuntu 20.04 instance

Before we proceed with installing all necessary VPN-related software packages, we’ll make sure our Ubuntu 20.04 server is up to date and has a dedicated VPN user.

Provision an Ubuntu 20.04 server at your provider of choice and log into it as root. Then, make sure the instance is updated and runs the latest kernel version:

Although it’s not currently active, set the UFW firewall so that it will explicitly allows incoming SSH connections once it becomes active later on:

It’s often recommended to reboot the server once the upgrade is done so that the new kernel (if there is one) is used from the very beginning:

Installing the necessary packages

After a reboot, log into the server again as root. We can now install the necessary packages, including StrongSwan:

Set up the server - side PKI infrastructure

In addition to the usual username and password credentials clients use to connect to the VPN server, the VPN instance employing IKEv2 uses certificates in the usual PKI (Public Key Infrastructure) fashion for identifying itself to the clients connecting to it. Therefore, a basic PKI infrastructure needs to be established on the server in order for the clients to be able to securely connect to the server.

The first step is to generate the server root private key file:

Now we can create the root CA certificate key file using the private key we created in the previous step:

That is going to be a self signed root CA certificate file with a 10 year validity period. If you want, you can substitute “VPN CA” with something more descriptive, preferably with the name of your organization + VPN at the end so that the certificate can be easily distinguished from other certificates you may have elsewhere.

The only thing left to do certificate - wise is to generate a server certificate that will allow the clients to verify the VPN server. First, the private key is created:

Now we can create the server certificate file and sign it:

Be sure to replace 12.13.14.15 with your server’s actual IP address and make sure you have 2 SAN parameters as the example above (one with just an IP address and another one with the IP address prefixed by a @ character - some VPN clients really care about those nitpicky details!).

Configuring StrongSwan

First, back up the existing configuration file, just in case:

And then create a new one:

with the following contents in it:

Be sure to put the correct public IP of the server in question for the leftid parameter. Also, feel free to adjust the rightdns parameter with the IPs of the DNS resolvers of choice. The above example uses Cloudflare and Google public DNS services for domain name resolution.

Configuring client side authentication

At this point, we have a functional VPN server. However, there are still a few things to do. One of them is setting up the actual credentials for the clients. They will use the credentials along with the server certificate file to securely authenticate and connect to the VPN server.

The credentials are stored in the following file:

add the following lines to the file:

Be sure to replace the “bluegrid” and “bLu3gr!d” with the actual username and password you intend to use. Of course, multiple usernames and password pairs can be entered on each line. Of course depending on your organization's needs (per user or per device). Once done, save the changes to the file with the usual CTRL + X sequence and exit the nano editor.

Apply the changes by restarting StrongSwan:

Of course, you can always come back to this file and adjust the existing credentials or add new ones. Just be sure to restart StrongSwan every time you make any changes to the IPSec secrets file so the changes take effect.

Configuring the firewall & IP forwarding

The only thing left to do is configure the firewall and IP forwarding so that VPN traffic can pass through the server.

Free Ubuntu Vpn

At the beginning of the article, we’ve configured UFW to allow SSH traffic so that we can log into the server remotely, so we should be safe to actually turn the firewall on:

You may get a warning that existing SSH connections may be disrupted. Just proceed with enabling UFW, you should stay connected.

Next, we need to allow the ordinary UDP traffic for the usual IPSec ports:

We need to know which network interface serves the public network traffic. We can find that out with the following command:

The output should be similar to this:

in this case, the network interface we need is named eth0 but it may vary on your server.

Make a note of the interface name, we’ll need it shortly.

All that’s left to do is configure the firewall for some low-level packet filtering so that VPN network packets can flow in both directions properly.

We’ll start with editing the following file:

Near the top of the file, before the section beginning with a *filter line, add the following lines:

Make sure you’ve replaced eth0 with the actual network interface name on your server! After the *filter section, add the following 2 lines:

Those 2 lines should be placed between the section beginning with *filter line and the section beginning with -A ufw-before-input -i lo -j ACCEPT line.

Save the changes to the file in question and then open the following file for editing:

Uncomment the following line (by removing the # character at the beginning of the line):

and add the following 2 lines at the end of the file:

and then save the changes.

All that’s left is to restart the firewall and we should be good to go:

That’s it. We now have a fully functional VPN server running on our Ubuntu 20.04 instance!

Connecting from a macOS client machine

Now that the VPN server has been set up, we can connect our first client to it. As noted at the beginning of this tutorial, IKEv2 is widely supported natively across a wide variety of operating systems, including recent versions of Apple macOS.

First, we need to get the server’s CA certificate and copy it to our client macOS machine. The easiest way to do so is to simply cat the contents of the file to the terminal, copy the contents of the file and use a text editor on a client machine to paste it so that the certificate can be saved locally and installed to the local macOS keychain.

First, get the CA certificate file’s contents printed out:

The output will begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE----- lines. Copy the complete output, including those 2 lines, and paste them to the text editor of choice on the target macOS machine, such as the built-in TextEdit app. Save the file as a ca-cert.pem (make sure to get the .pem extension right) and then double click on the file in a Finder window.

By default, the certificate will be added to the local user’s keychain only. In case you want to add it to the System keychain, you’ll be prompted for your macOS system password. In that case, you need to type it and then click on the Modify Keychain button.

Once the certificate has been added to either keychain, you need to open the Keychain Access app on your macOS machine and type “BlueGrid” in the search field in the upper right corner of the window. In the search results, the CA certificate file should be visible. Right-click on it and click on Get Info.

A new window will pop up with all the info about the CA certificate file. Expand the Trust section and select “Always Trust” for IP Security (IPsec) option. You will likely be

prompted for a system password again since you’re trying to change the trust settings. Enter the password and click on Modify Keychain.

Next, go to System Preferences -> Network. On the left side, all network interfaces currently present on your machine will be listed (Wi-Fi, Bluetooth PAN, and others). Click on the + sign in the lower end of the list. Select VPN for the Interface and make sure the VPN Type is set to IKEv2. You may enter “BlueGrid VPN” or similar for Service Name. Once you’re done, click on Create.

In the Server Address and Remote ID fields, make sure the server’s public IP address is entered (12.13.14.15 in this case). The Local ID field can remain blank.

Click on Authentication Settings and fill in the Username and Password fields with the credentials you entered in the /etc/ipsec.secrets file earlier in the tutorial and click OK. Once done, click on the Apply button in the lower right end of the window and you’re done. Your macOS machine is all set!

Ubuntu Cisco Vpn

If you click on the Connect button, a new VPN connection should be successfully established within a few seconds. Depending on your Internet connection speed and the “BlueGrid VPN” connection should now have a green icon next to it in the network interfaces list on the left.

Cisco Anyconnect Ubuntu 20.04

You can verify your local Internet traffic is now routed through the VPN by observing your computer’s public IP address using tools such as whatismyip.com - you should see the public IP address of your VPN server.

Check out our tech blog section for similar content!