Notes for Installation of VPN into Debian GNU/Linux Machine
We can't log in the HUC12 Login Server from the outside of Hiroshima University. Thus, to do that, Hiroshima Univ recommends you to install VPN into your computer. The HUC12's OS is Linux. So, it is convenient for me to use Linux to work in the HUC12. I put below brief notes about how I installed the VPN into my Debian GNU/Linux machine.
In the following examples, suppose your user name of the local machine is `gerogero,' the local machine's name `machine,' and your prompt is `$.'
My computers are Acer's TravelMate TM8172T-FC325 with the 64-bit kernel, SONY VAIO PCG-U101 with the 32-bit kernel, and TOSHIBA dynabook Satellite T43 220C/5W with the 32-bit kernel.
You have to use the sudo command. If you can't use `sudo' or if you don't know what it is, see this page.
Check wether the kernel on your computer is the 32-bit or the 64-bit
To do that, we usually use the uname command.
gerogero@machine:~$ uname -a
If you find the word `i686' or `i386,'
then yours is the 32-bit.
If you find the word `x86_64' or `amd64,'
then yours is the 64-bit.
For instance, if you have
gerogero@machine:~$ uname -a
Linux machine 3.2.0-4-486 #1 Debian 3.2.57-3+deb7u1 i686 GNU/Linux
then the kernel on `machine' is the 32-bit because we find the word `i686.'
If you have
gerogero@machine:~$ uname -a
Linux Debian-LM1 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u3 x86_64 GNU/Linux
then the kernel on `machine' is the 64-bit because we find the word `x86_64.'
In the case yours is the 32-bit,
you should download the program `anyconnect-predeploy-linux-3.1.10010-k9.tar.gz' from here.
In the case yours is the 64-bit,
you should download the program `anyconnect-predeploy-linux-64-3.1.10010-k9.tar.gz' from here.
Go to the directory `~/Downloads.'
gerogero@machine:~$ cd Downloads
gerogero@machin:~/Downloads$
Check if you have succeeded in downloading the program.
gerogero@machine:~/Downloads$ ls
anyconnect-predeploy-linux-?-3.1.10010-k9.tar.gz
Here `-?' doesn't appear for the 32 bit kernel.
On the other hand, `?' is 64 if yours is the 64-bit.
Expand the program. In the gerogero's case, for instance,
gerogero@machine:~/Downloads$ tar zxvf anyconnect-predeploy-linux-?-3.1.10010-k9.tar.gz
Then, you get a new directory. In the gerogero's case, he/she has the directory `~/Downloads/anyconnect-#.#.#####'
gerogero@machine:~/Downloads$ ls
anyconnect-3.1.10010
anyconnect-predeploy-linux-?-3.1.10010-k9.tar.gz
Move to that directory.
gerogero@machine:~/Downloads$ cd anyconnect-3.1.10010
gerogero@machine:~/Downloads/anyconnect-3.1.10010$
You can find the directory `~/Downloads/anyconnect-#.#.#####/vpn' in that drectory.
gerogero@machine:~/Downloads/anyconnect-3.1.10010$ ls
dart posture vpn
Go to the directory `~/Downloads/anyconnect-#.#.#####/vpn,' and then, you can find the new program `vpn_install.sh' in that directory.
gerogero@machine:~/Downloads/anyconnect-3.1.10010$ cd vpn
gerogero@machine:~/Downloads/anyconnect-3.1.10010/vpn$ ls | grep vpn_install.sh
vpn_install.sh
Now is the time to install VPN!
gerogero@machine:~/Downloads/anyconnect-3.1.10010/vpn$ sudo ./vpn_install.sh
[sudo] password for gerogero:
At the tail end of the installation, you are asked if you accept the terms in the license agreemnt. So, you should say `yes,' and then, the installation is completed.
Do you accept the terms in the license agreement? [y/n] y
You have accepted the license agreement.
Please wait while Cisco AnyConnect Secure Mobility Client is being installed...
Starting Cisco AnyConnect Secure Mobility Client Agent...
Done!
The daemon program `vpnagentd' is set up during the installation.
Check it.
gerogero@machine:~/Downloads/anyconnect-3.1.10010/vpn$ ls -l /etc/rc?.d/*vpn*
lrwxrwxrwx 1 root root 21 Nov 11 08:11 /etc/rc2.d/K25vpnagentd -> /etc/init.d/vpnagentd
lrwxrwxrwx 1 root root 21 Nov 11 08:11 /etc/rc2.d/S85vpnagentd -> /etc/init.d/vpnagentd
lrwxrwxrwx 1 root root 21 Nov 11 08:11 /etc/rc3.d/K25vpnagentd -> /etc/init.d/vpnagentd
lrwxrwxrwx 1 root root 21 Nov 11 08:11 /etc/rc3.d/S85vpnagentd -> /etc/init.d/vpnagentd
lrwxrwxrwx 1 root root 21 Nov 11 08:11 /etc/rc4.d/K25vpnagentd -> /etc/init.d/vpnagentd
lrwxrwxrwx 1 root root 21 Nov 11 08:11 /etc/rc4.d/S85vpnagentd -> /etc/init.d/vpnagentd
lrwxrwxrwx 1 root root 21 Nov 11 08:11 /etc/rc5.d/K25vpnagentd -> /etc/init.d/vpnagentd
lrwxrwxrwx 1 root root 21 Nov 11 08:11 /etc/rc5.d/S85vpnagentd -> /etc/init.d/vpnagentd
Move back to `/home/gerogero.'
gerogero@machine:~/Downloads/anyconnect-3.1.10010/vpn$ cd
gerogero@machine:~$ pwd
/home/gerogero
You have to make the daemon program `vpnagentd' work when you boot your computer next time.
gerogero@machine:~$ sudo update-rc.d vpnagentd defaults 99
[sudo] password for gerogero:
update-rc.d: using dependency based boot sequencing
update-rc.d: warning: default start runlevel arguments (2 3 4 5) do not match v\
pnagentd Default-Start values (3 5)
update-rc.d: warning: default stop runlevel arguments (0 1 6) do not match vpna\
gentd Default-Stop values (none)
insserv: warning: current start runlevel(s) (2 3 4 5) of script `vpnagentd' ove\
rrides LSB defaults (3 5).
insserv: warning: current stop runlevel(s) (2 3 4 5) of script `vpnagentd' over\
rides LSB defaults (empty).
I'd like to type only `vpn' to start VPN insted of its full version, `/opt/cisco/anyconnect/bin/vpn.' If you think so, too,
you should edit your `.bashrc' and add the phrase
alias vpn='/opt/cisco/anyconnect/bin/vpn'
in your `.bashrc.' You open a new xterm with bash, and then, you can use the abriviated command `vpn' in the xterm.
Let's connect
If you can find the `Cisco AnyConnect Mobility Client' in the internet term of the Menu Bar, you can use it. Then, after typing `vpngw.hiroshima-u.ac.jp' and clicking the `Connect' button, you should chose the `Connect Anyway' button and click it. When you want to disconnect, you click the `Disconnect' button.
I'll explain how to connect via the command-lin in the following.
Type `vpn.'
gerogero@machine:~$ vpn
Cisco AnyConnect Secure Mobility Client (version 3.1.10010) .
Copyright (c) 2004 - 2015 Cisco Systems, Inc. All Rights Reserved.
>> state: Disconnected
>> state: Disconnected
>> notice: Ready to connect.
>> registered with local VPN subsystem.
VPN>
Let's start VPN. Type `vpn.'
gerogero@machine:~$ vpn
Cisco AnyConnect Secure Mobility Client (version 3.1.10010) .
Copyright (c) 2004 - 2015 Cisco Systems, Inc. All Rights Reserved.
>> state: Disconnected
>> state: Disconnected
>> notice: Ready to connect.
>> registered with local VPN subsystem.
VPN>
Let's connect typing `connect *****.hiroshima-u.ac.jp,' where `*****' is actually the name of the Hioshima Univ's VPN server. Answer `yes' to each of the two questions. Maybe, you first faile in connecting as
VPN> connect *****.hiroshima-u.ac.jp
connect *****.hiroshima-u.ac.jp
>> contacting host (*****.hiroshima-u.ac.jp) for login information...
>> notice: Contacting *****.hiroshima-u.ac.jp.
AnyConnect cannot verify the VPN server: *****.hiroshima-u.ac.jp
Connecting to this server may result in a severe security compromise!
AnyConnect is configured to block untrusted VPN servers by default. Most users choose to keep this setting.
If this setting is changed, AnyConnect will no longer automatically block connections to potentially malicious network devices.
Change the setting that blocks untrusted connections? [y/n]: y
Changing this VPN Preference may result in a severe security compromise!
Change the setting that blocks untrusted connections? [y/n]: y
>> warning: Connection attempt has failed.
>> state: Disconnected
But try again! Answer `yes' to the the first question,
`Connect Anyway?', and `no' to the second one, `Always trust this VPN server and import the certificate?.' Then, you succeed in connecting as
VPN> connect *****.hiroshima-u.ac.jp
connect *****.hiroshima-u.ac.jp
>> contacting host (*****.hiroshima-u.ac.jp) for login information...
>> notice: Contacting *****.hiroshima-u.ac.jp.
AnyConnect cannot verify the VPN server: *****.hiroshima-u.ac.jp
- Certificate is from an untrusted source.
Connecting to this server may result in a severe security compromise!
Most users do not connect to untrusted VPN servers unless the reason for the error condition is known.
Connect Anyway? [y/n]: y
Always trust this VPN server and import the certificate? [y/n]: n
>> Please enter your username and password.
Username: ############
Password: ************
>> state: Connecting
>> notice: Establishing VPN session...
The AnyConnect Downloader is analyzing this computer. Please wait...
The AnyConnect Downloader is performing update checks...
>> notice: Checking for profile updates...
The AnyConnect Downloader updates have been completed.
Please wait while the VPN connection is established...
>> state: Connecting
>> notice: Checking for product updates...
>> notice: Checking for customization updates...
>> notice: Performing any required updates...
>> notice: Establishing VPN session...
>> notice: Establishing VPN - Initiating connection...
>> notice: Establishing VPN - Examining system...
>> notice: Establishing VPN - Activating VPN adapter...
>> notice: Establishing VPN - Configuring system...
>> notice: Establishing VPN...
>> state: Connected
>> notice: Connected to *****.hiroshima-u.ac.jp.
>> state: Connected
VPN>
In the above, `############' is your username, and `************' your password of your IMC account.
When you want to disconnect, enter `disconnect.'
VPN> disconnect
disconnect
>> state: Disconnecting
>> notice: Disconnect in progress, please wait...
>> state: Disconnecting
>> notice: Disconnect in progress, please wait...
>> state: Disconnecting
>> state: Disconnected
>> notice: Ready to connect.
>> state: Disconnected
VPN>
If you want to quit VPN, type `quit.'
VPN> quit