Monday 8 April 2013

Fix for Cisco AnyConnect VPN Client hanging on Ubuntu 12.04

Recently my Cisco AnyConnect VPN client stopped connecting on my Ubuntu 12.04 box.  It would authenticate successfully (or reject an incorrect password), then hang on checking for Profile Updates, and checking for Product Updates...

The problem turned out to be that I'd enabled a Proxy server in Ubuntu (Applications  / System Tools / System Settings / Network Proxy).    Although Cisco's AnyConnect client ignored the proxy when authenticating against the VPN server, it tried to use it for the downloading the Profile and checking for Product Updates.  Of course this failed, because the proxy server it was trying to connect to was inside the remote network...

netstat -plant showed what was going on.

Fix: Disable the Proxy in the Ubuntu control panel.  Instead, enable the proxy only in those applications that need it.

Obvious really but hope it helps ;-)

Update.  A more bizarre issue with the Cisco AnyConnect client on Linux.  For some reason, mine copies /etc/ onto /etc/hosts every time it starts - and does not back out the change when closed.   So you just need to make sure to copy /etc/hosts  to /etc/ every time you change the hosts file.

Update 2.  Another annoying feature is that the /etc/resolv.conf file is supposed to be a symlink on Ubuntu.  But sometimes it seems to get replaced with a standard file after using the VPN client - which means that the Ubuntu network applet (the thing in the top right that lets you just click to flick between your favourite networks) is no longer able to set the DNS server for each network you connect to.


    sudo apt-get remove --purge resolvconf
    sudo apt-get install resolvconf

You will see an error message go past about /etc/resolv.conf not being a symlink.  But the proper setup will be restored.

1 comment:

  1. You could use the open source alternative called openconnect. Its pretty good and integrates nicely with the network manager applet if you so wish.

    apt-get install network-manager-openconnect

    should do the business..

    kj xx


Spammers: please stop wasting my time. All comments are moderated before publication.