Ubuntu Linux Client Configuration

If you haven't already done so,go tohttp://help.caltech.eduto request VPN service.
Select request typeIMSS-->Network, Wireless & Remote Access-->VPN Request Form.

Important note regarding recent Ubuntu (and possibly other distributions) Linux updates

Recent updates to the Ubuntu Linux distribution have changed the default Java implementation. The new configuration is incompatible with the AnyConnect installer. The indication of the problem is that the AnyConnect installer "hangs" (i.e. it keeps running and never completes or displays an error).


Important note for Library journal database users

Remote journal access should now be done through the Library's authenticated proxy server using your access.caltech username and password. No special URL is needed; when you visit the Library pages and click on a database link, the Library proxy server will automatically detect whether you are connecting from a campus address, and will ask for your access.caltech username and password if you are connecting from off campus. VPN is no longer necessary for Library journal database access.


Any Connect and Virtualization


Before installing the Any Connect client, please bear in mind that virtualization software presents a problem. Cisco's official position, taken from the Release Notes for the Any Connect client, is that:

"AnyConnect does not support virtualization software such as VMWare for any platform or Parallels Desktop for Mac OS."

Enterprising users may find that for particular combinations of virtualization software and operating systems Any Connect can be made to work under virtualization. Users who have the skills and fortitude to manage such configurations are welcome to use them. However, IMSS cannot insure stability and compatibility of unsupported configurations with our VPN concentrators. Also, the number of virtualization packages and operating system combinations make offering formal support impossible. Thanks for understanding.


Download, installation, and connection information:

The Cisco AnyConnect client can be installed either via a web based install process or a manual install process. You should first try the web based process to see if it works; if not you will automatically be presented with the manual install process.

A web install is the most convenient way to install the AnyConnect client. In order to do a web install, you will need Firefox. with Java installed. Other browsers (Opera, Chrome, etc.) may work but are not supported. The web install process will automatically detect your configuration and proceed if it is compatible. If your configuration is not compatible, the web install process will time out and you'll be offered the manual install option. You do not need either ActiveX or Java to do a manual install.


Go to https://vpn.caltech.edu. You'll see a fill-in form like so:



In the drop down menu there are two groups: Tunnel-All-Traffic and Tunnel-Caltech-Traffic-Only. Choose the Tunnel-Caltech-Traffic-Only group unless you have a specific reason not to. You'll get better performance and generate less traffic to the Caltech network. The install process will place both profiles on your computer so you can change later if you like.

Enter your access.caltech credentials and click Login or press the Enter key.

The installer application will first detect whether to use Java. The detection process can take up to 60 seconds.

If the installer doesn't find a usable Java configuration, it will offer the option of a manual installation, as in the following illustration. Manual install instructions are here. If the installer does detect a usable Java configuration, it will proceed with the installation. See below.


Web Installation

The web install process will begin with dialogs as in the following illustration. A terminal window will appear, asking for the password you use on your computer. Type it in and press Enter.




When the installation has finished, the web page will look like this illustration:



Sun Java will be checked, and the Connected item will be checked. Notice the red circle in the graphic. Inside is an icon with a lock. In the upper right corner (also called the Notification Area), there will be a small icon with a lock like so:


The install process automatically creates a VPN connection and minimizes the client window.

At this point you should test your VPNconnection to verify that it is working correctly. Click on this Caltech link. You should see that you have an IP address starting with 131.215.249.xxx. Then click on this DSLreports.com link. You should see that you have your normal IP address as assigned by your ISP (if using Tunnel-Caltech-Traffic-Only), or a Caltech IP address starting with 131.215.249.xxx (if using Tunnel-All-Traffic).

After verifying that the connection is working, you can continue using VPN or disconnect it. The quickest way to disconnect the AnyConnect client is to Right-click on the lock icon in the Notification Area. You'll see a menu like this:




Choose Disconnect or Quit to close the VPN connection.

You should now have a working AnyConnect VPN installation. You do not need to reboot your computer in order to use the AnyConnect client.

To run the VPN client after installing, seeUsing the Cisco AnyConnect Client

If you need assistance with downloading, installing or troubleshooting VPN connection problems, please contact us athttp://help.caltech.edu (request type IMSS-->Network, Wireless & Remote Access-->Cannot connect to-->Remote Access (VPN).

Manual Installation

Normally when the AnyConnect web-based install fails, it will present the option of a manual installation.If the web-baseed installer does not offer a manual install option, but keeps searching and never completes (i.e. "hangs") then it will be necessary to temporarily disable Java before doing a manual install.

For Safari:
From the Safari menu, choose Preferences. In the Preferences dialog, choose the Security tab. In the Web content section, click on the Enable Java checkbox to remove the checkmark. Close the Preferences window.
For Firefox:
Depending on the version of Firefox, the Enable Java option may be in one of two places.
  1. From the Firefox menu, choose Preferences. In the Preferences dialog, chose the Content tab. Click on the Enable Java checkbox to remove the checkbox. Close the Preferences dialog.
  2. From the Tools menu, choose Add-ons. In the Add-ons dialog, find the Java Plugin or Java Embedding Plugin entry. Click on the Disable button. Close the Preferences dialog.
With Java disabled, users can go to the https://vpn.caltech.edu web site and log in. The AnyConnect installer will attempt to detect the Java installation, but will time out after one minute. The option for a manual install will then be presented.




Click on the link to download the installer application.

Depending on your browser settings, you may get a dialog asking you where to save the installer file, or it may automatically choose where to store it. Typical locations are the Downloads folder or the Desktop. If you choose where to store the file, be sure to choose a location you will remember.



The installation file is named vpnsetup.sh. To install it, open a terminal window and locate the vpnsetup.sh file you downloaded. Type the command sudo sh vpnsetup.sh and press Enter, like so:



You'll be prompted for the password you use on your computer. type the password and press En ter. You should see a message indicating that the installation was successful.

You should now have a successfully installed AnyConnect VPN client. Unlike the web install process, the manual install does not automatically create a VPN connection and minimize the client. If you don't intend to use VPN right away, you should test the installation by creating a VPN connection. See Using the Cisco AnyConnect Client for instructions. Once you've created a connection and tested it, you can close the connection.

You can delete the vpnsetup.sh file after the manual install process. The AnyConnect client has an auto update feature which will keep the client current.

To run the VPN client after installing, seeUsing the Cisco AnyConnect Client

If you need assistance with downloading, installing or troubleshooting VPN connection problems, please contact usathttp://help.caltech.edu (request type IMSS-->Network, Wireless & Remote Access-->Cannot connect to-->Remote Access (VPN).