I’ve posted before about getting Cisco AnyConnect running on Ubuntu 9.10 and Ubuntu 10.04, but I’ve since started using LinuxMint as my daily driver and did a clean install of MInt 11 today. Mint is based on Ubuntu so on Mint 10 the previous strategy to get AnyConnect running worked fine, but I had to take a different approach after installing Mint 11. (I suspect it’ll be the same issue on Ubuntu 11.04 but I haven’t tried it.)
In doing a bit of research I came across this link
that explains quite correctly that you don’t need to actually download and extract Firefox to get this all working, which is what I had been doing previously. The Cisco client (for some stupid reason) expects certain things to be in a /usr/local/firefox directory but you can simply create that directory, download some other files, and then create the appropriate symlinks in /usr/local/firefox to make AnyConnect happy.
I also ran into some inexplicable weirdness related to a certificate file in my ~/.mozilla/firefox profile directory but I’ll cover that as I outline the steps I took to get AnyConnect working.
Summary of Steps
Follow these and if you’re lucky it’ll work; if it doesn’t read the information that follows for more details and troubleshooting ideas.
- Follow the steps in this blog post, which are as follows:
- sudo apt-get install ia32-libs lib32nss-mdns
- sudo mkdir /usr/local/firefox
- sudo ln -s /usr/lib32/libnss3.so /usr/local/firefox
- sudo ln -s /usr/lib32/libplc4.so /usr/local/firefox
- sudo ln -s /usr/lib32/libnspr4.so /usr/local/firefox
- sudo ln -s /usr/lib32/libsmime3.so /usr/local/firefox
- sudo ln -s /usr/lib32/nss/libsoftokn3.so /usr/local/firefox
- Download the AnyConnect installer from somewhere. The usual method of browsing to your VPN server and logging in may not work, so see below for details.
- Run the installer from the directory to which it was downloaded (sudo ./vpnsetup.sh). The daemon may fail to start at this point but don’t worry if it doesn’t.
- If the daemon failed to start, start the VPN daemon: sudo /etc/init.d/vpnagentd_init start
- You shouldn’t get an error regarding /opt/cisco/vpn/bin/vpnagentd not being found at this point if you followed the above steps accurately. If you do, read on to see if any ideas come out of any of the subsequent discussion.
- Start the AnyConnect client. It should be in your Internet programs menu.
- If you get a “server certificate problem” error, stop Firefox and delete ~/.mozilla/firefox/YOUR_PROFILE.default/cert8.db where YOUR_PROFILE is whatever random string Firefox assigned your default profile (you should only have one directory with .default at the end of it in ~/.mozilla/firefox). In my case this problem didn’t rear its head until after I rebooted, so you might want to reboot at the end of all of this to make sure everything’s working.
If you’re still getting errors read on for more info …
I ran into problems right out of the gate on Mint 11. On Mint 10 as well as previous versions of Ubuntu I could at least hit my VPN server in a browser, try to fire up the Java applet, and when that fails it prompts you to download, but this time around the “launching Java applet” screen on the VPN server just hung. I verified that Java is enabled in Firefox and tested with other applets so I’m not sure what the issue is there, particularly since this did work on my 32-bit machine with Mint 11.
So word of caution: you need to get the installer elsewhere
, or at least I did. There may be a solution to this I haven’t yet come up with so if you know what’s up here, please be sure and comment.
Luckily I had the installer backed up from when I copied my home directory to an external hard drive prior to installing Mint 11, so I ran the installer from my home directory.
This at least got the daemon installed for me, but it failed to start after installation (usually it starts fine after it’s installed), throwing an error about /opt/cisco/vpn/bin/vpnagentd file not being found. The file’s definitely there so I’m not sure what its problem is, but this gets resolved in the subsequent steps so you can ignore that error for now.
Install Necessary Libraries and Create Symlinks
See the above steps for details (all the steps under #1 above). In my case this resolved the file not found error the daemon was throwing when I tried to install AnyConnect prior to creating those symlinks. If you do that step first everything should work.
Launch the VPN Daemon
sudo /etc/init.d/vpnagentd_init start
If that throws errors doublecheck all the symlinks you created above. Note that in previous versions one of the things you were supposed to install and symlink to was sqlite3.so but that does not seem to be necessary.
Launch the AnyConnect Client
You should now be able to launch AnyConnect from your Internet programs menu. If you get a “server certificate problem” error, for me this seemed to be related to a certificate file in my Firefox profile.
How I came across this was after I rebooted and started Firefox on my 32-bit machine, since my home page is my Google Mail login, Firefox immediately threw a “Could not initialize the browser’s security component” error. I found information on that error on Mozilla’s site
, so on GNU/Linux this means stopping Firefox and deleting the cert8.db file that’s in your profile (~/.mozilla/firefox/YOUR_PROFILE.default).
On my 64-bit machine the behavior was slightly different. Everything seemed to work with AnyConnect until I rebooted, at which point it threw the server certificate error. I then launched Firefox and it popped up a completely blank alert window, but when I closed that window and Firefox finished loading, I noticed I couldn’t browse to any sites. No matter what I put in the location box the top of the Firefox UI was completely unresponsive.
Since I’d happened to have the security component issue on my 32-bit machine, I figured even though on the 64-bit machine it wasn’t actually showing me the error, that might be the problem. Sure enough when I deleted the cert8.db file Firefox then began to work, as did the AnyConnect client. I rebooted to make sure it wasn’t a fluke and thus far everything is working.
At this point the only remaining issue is that for some reason when I connect to the VPN, AnyConnect doesn’t minimize itself into that little “stacked blue balls” icon thingee over near the clock. It just minimizes itself and shows up in your task bar like any other program. Minor annoyance but it does behave correctly on my 32-bit machine so I’m not sure what’s going on there.
Hope that helps some others who are trying to get this running!