/
Connecting to WWU VPN from Linux

Connecting to WWU VPN from Linux

Fall 2025: Cisco Secure Client (the new AnyConnect)

 

WWU’s VPN service is powered by Cisco Secure Client and supports the use of Azure Multifactor Authentication. The AnyConnect VPN Client is available for Windows and MacOS from https://remotevpn.wwu.edu. A GUI-only client for Red Hat Linux and Ubuntu is also available at https:/remotevpn.wwu.edu.

The client for iOS is available in the Apple App Store, and the client for Android and ChromeOS is available in the Google Play Store.

minimum supported Linux versions (other versions should look at using OpenConnect below)

  •  Linux Versions (for x86_64)

    • Red Hat 10.x, 9.x, and 8.x

    • Ubuntu 24.04 and 22.04

    • SUSE supported versions of SLES 15

  • Linux Versions (for ARM64)

    • Red Hat 9.x and 8.x

    • Ubuntu 24.04 and 22.04

  • Linux / all VPN users: currently ONLY the base VPN package is needed to connect to WWU

  • Steps to just install the Secure Client VPN package for Linux:

    • Download the Linux VPN installation package from WWU

      • Linux x64: cisco-secure-client-linux64-5.1.11.388-predeploy-k9.tar.gz

      • Linux ARM64: cisco-secure-client-linux-arm64-5.1.11.388-predeploy-k9.tar.gz

    • Extract the downloaded file.

      • It should be named something like "cisco-secure-client-linux64-###-predeploy-k9.tar.gz".

      • The file will most likely be in your Downloads folder.

    • Use a command like tar -xzf Downloads/cisco-secure-client-linux64-*-predeploy-k9.tar.gz to extract the file.

    • Navigate into the vpn directory of the extracted archive (e.g., cd cisco-secure-client-linux64-*/vpn/)

    • Using sudo, run the vpn_install.sh script.

    • Enter remotevpn.wwu.edu and click "Connect".

 

For other Linux operating systems, or CLI-only Linux use, a script solution called openconnect-sso leverages the open-source compatible client OpenConnect to provide VPN connectivity to the WWU network. This document details how to install and use OpenConnect with the openconnect-sso script.

 Instructions

  1. Install OpenConnect:
    The OpenConnect client is not usually pre-installed on most Linux distributions nor many other Unix-like operating systems. The exact package names can vary from distribution to distribution, but here are some common ones, along with their easy copy/paste install lines:

    Debian / Ubuntu and derivatives

    sudo apt install openconnect

    Fedora

    sudo dnf install openconnect

    Arch and derivatives

    sudo pacman -S openconnect

    pkgsrc (NetBSD / Multiple operating systems)

    cd /usr/pkgsrc/net/openconnect && sudo make install clean clean-depends

    pkgin (NetBSD / Multiple operating systems)

    sudo pkgin install openconnect

    OpenBSD

    doas pkg_add openconnect

    FreeBSD

    sudo pkg install openconnect

    Using your distribution’s package manager, install the package and proceed to Connect to the VPN.


  2. Set up openconnect-sso
    Directions shown in this section are for Debian / Ubuntu and derivatives.

    First update your packages and install the pre-requisites.

    sudo apt-get update sudo apt-get install python3-pip python3-venv -y pip3 install --user pipx

    Now ensure that pipx is in your path.

    which pipx

    If there is no output from the command then continue to the next step. If you do get output skip to appending the correct entry into your path.

    Find pipx in your local path.

    user@host:~$ find ./ -iname \*pipx\* find: ‘./.dbus’: Permission denied find: ‘./.cache/dconf’: Permission denied find: ‘./.cache/doc’: Permission denied ./.local/lib/python3.6/site-packages/pipx-0.16.4.dist-info ./.local/lib/python3.6/site-packages/pipx ./.local/lib/python3.6/site-packages/pipx/pipx_metadata_file.py ./.local/lib/python3.6/site-packages/pipx/__pycache__/pipx_metadata_file.cpython-36.pyc ./.local/bin/pipx

    Notice the last entry which is a file named pipx. If you found the entry from the find you can proceed to append the correct entry into your path. If no entry existed you would need to append this into your .bashrc file (or whatever editor you use).

    user@host:~$ echo 'export PATH=${PATH}:~/.local/bin' >> ~/.bashrc

    Next you must proceed append the correct entry into your path. For this example the entry we want is ./.local/bin/pipx.

    user@host:~$ export PATH=${PATH}:~/.local/bin user@host:~$ which pipx .local/bin/pipx

    Now install openconnect-sso.

    pipx install "openconnect-sso[full]"


  3. Connect to the VPN with openconnect-sso:
    When you are ready to establish a connection you have to choose whether you want all traffic to go over your VPN (Full Tunnel) or only traffic destined for WWU address space (Split Tunnel).

    For Full Tunnel use:

    openconnect-sso --server remotevpn.wwu.edu/fullmfa --user $USERNAME@wwu.edu

    For Split Tunnel use:

    openconnect-sso --server remotevpn.wwu.edu/splitmfa --user $USERNAME@wwu.edu

    You will be prompted for your password. After this a window will pop up to request your second factor of authentication.
    $USERNAME is your WWU Universal Account username.

    Please be aware that this window will need to remain open for the tunnel to remain connected. Unfortunately openconnect-sso does not have a background flag the way OpenConnect does

The $VARIABLE syntax above means you need to replace the $VARIABLE (including the $) with what you want the value to be.

The content for this article was researched by the IT staff for the WWU Department of Computer Science, and appears here with their consent. You can access the original article here: Linux/BSD - OpenConnect — CS Support documentation (wwu.edu)

 Related articles