Using the UA VPN

August 7, 2023

Using the UA VPN

With special interest in access to the Mirror Lab.

I want to do this from linux, so let's see if they make that possible.

Start by using this link

UA VPN -- download Cisco connect client+

Specify "push" for the method (this expects you to have the "Duo Mobile" app on your phone. Use your usual NetID and password. I select connection option 1 (UASSL Client).

Once I authenticate, I get a button that says "Download for Linux". It downloads a 9.3 M "sh" file.

cisco-secure-client-linux64-5.0.03072-core-vpn-webdeploy-k9.sh

I then do this:

su
bash cisco-secure-client-linux64-5.0.03072-core-vpn-webdeploy-k9.sh

I get:

Installing Cisco Secure Client...
Migrating /opt/cisco/anyconnect directory to /opt/cisco/secureclient directory
egrep: warning: egrep is obsolescent; using grep -E
Extracting installation files to /tmp/vpn.LHULji/vpninst579228886.tgz...
Unarchiving installation files to /tmp/vpn.LHULji...
Starting Cisco Secure Client Agent...
Done!
Exiting now.

You can learn about how to use this here:

To launch the client, you do:

gtk-launch com.cisco.secureclient.gui

This brings up a GUI with a place to enter "Connect to:" I have no idea what I should enter here.

Try: vpn.arizona.edu -- This seems to work. It now brings up some new entry fields that ask me for Group, username, password, second password (use "push" for second password). For Group, I go to the bottom and select UASSL-2Factor.

This does something, but I can't say that it has "worked". What is does do is to demolish any ssh connections I have at the time, and make it impossible to launch new ones. It has done a bunch of stuff with my linux network setup.

I adds this new network interface:

ifconfig -a
cscotun0: flags=4305  mtu 1390
        inet 10.139.25.213  netmask 255.255.128.0  destination 10.139.25.213
        inet6 fe80::3ce2:6a21:3cf9:8753  prefixlen 64  scopeid 0x20
        inet6 fe80::d517:a0ae:41e5:5439  prefixlen 126  scopeid 0x20
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 882  bytes 658603 (643.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 859  bytes 88088 (86.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

And it does this to my routing table:

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         0.0.0.0         0.0.0.0         U     0      0        0 cscotun0
default         agate           0.0.0.0         UG    100    0        0 eno1
10.139.0.0      0.0.0.0         255.255.128.0   U     0      0        0 cscotun0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 cscotun0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 eno1
agate           0.0.0.0         255.255.255.255 UH    0      0        0 eno1
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 cscotun0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
vpn.arizona.edu agate           255.255.255.255 UGH   0      0        0 eno1

I had to reboot to get back to a usable configuration (at least as far as making ssh connections to my desktop at the U or A).

This will require more study and learning. There must be some documentation somewhere. At least the next time I try this, I will be sure not to have an ssh connections active with anything going on in them that I care about.

openconnect

This is in /usr/sbin and some linux people use it to deal with VPN. It has been on my system a long time and has nothing to do with this Cisco client I just installed.

Have any comments? Questions? Drop me a line!

Tom's home page / tom@mmto.org