Secure Sockets Layer (SSL) virtual private network (VPN) provides secure remote access from one machine to restricted/private resources across a public network. Virginia Tech's SSL VPN service, referred to as "Remote Access VPN”, is a service that allows a user to access Virginia Tech resources remotely across the globe. This service does not provide any end-to-end encryption to other services that are being accessed over VPN but does encrypt the traffic between your machine and the VPN device. )

Contents

• Prerequisites
• Supported Platforms
• Connection Options
• Instructions
  • Installing Cisco Secure Client in Linux
  • Connecting to the VPN in Linux
  • Disconnecting from the VPN in Linux
• Troubleshooting
  • Uninstalling Cisco Secure Client
• Related Links
  • Installing and Connecting to Remote Access VPN on Windows
  • Installing and Connecting to Remote Access VPN in macOS
  • Connecting to Remote Access VPN in Android or iOS
  • Remote Access VPN Frequently Asked Questions

Prerequisites

• All current Virginia Tech faculty, staff, and students are eligible to access Remote Access VPN.
• You must have an active Virginia Tech PID and DUO 2-factor configured. For more information on using DUO, please visit Using 2-Factor Authentication.
• You may use either Virginia Tech provided computers or personally owned computers to connect to Remote Access VPN, as long as they meet the minimum system and password requirements. 
• You must have access to an administrator account on the computer. If you have a computer owned by Virginia Tech and do not have that access, contact your Network Liaison or contact 4Help.
• To access Virginia Tech Remote Access VPN service you must enable both IPv4 and IPv6 stacks on your network adapter. IPv6 requirement is not dependent on your ISP's ability to provide you with an IPv6 address, this is because the VPN allocates you an IPv6 address and does need the IPv6 stack to be enabled on your network adapter. If you do not know how to enable IPv6 for your device, please contact your Network Liaison or contact 4Help. 

Top of page

Supported Platforms

For security reasons, we ask users to upgrade their machines to the latest version and update them periodically to receive any patches for vulnerabilities. Network Infrastructure and Services (NI&S) is unable to support operating systems that are no longer supported by the operating system manufacturer. 

To find out if your system is supported visit: Cisco Secure Client - Supported Operating Systems.

Top of page

Connection Options

We recommend VT Traffic as the connection profile that most of our users should use. We also offer an All Traffic connection option as well. For more information, see the Which Connection Profile Do I Use? section of Remote Access VPN Frequently Asked Questions.

Top of page

Disclaimer: 4Help does not support Linux installations. Due to the wide variety of Linux distributions, 4Help cannot provide any support beyond these basic instructions. We do not guarantee that they will work with your particular device or client.

These instructions were created using Ubuntu. Instructions may differ for other distributions.

To find out if your system is supported visit: Cisco Secure Client - Supported Operating Systems.

Installing Cisco Secure Client in Linux

1. Verify that your computer is running a supported Linux operating systems.
2. If you have not already done so, enroll in 2-factor authentication by following the instructions at Enrolling, Adding, Managing, or Removing a Duo 2FA Device.
3. If you previously used the Ivanti VPN client to connect to the Virginia Tech Remote Access VPN verify that it is uninstalled.  To uninstall the client see Uninstalling the Ivanti VPN Client for Linux. If you are unable to remove the Ivanti package, please contact your liaison or contact 4help
4. To download the Cisco Secure Client installer, click the following link: 
   
   

   cisco-secure-client-linux64-vpn.sh (current version: 5.1.9.113)

5. Open a terminal and run the installer script:

       sudo sh ./cisco-secure-client-linux64-vpn.sh 

6. Once the installer finishes you can close the terminal window
7. Follow the instructions below for Connecting to the VPN in Linux.
8. If you are experiencing any problems please review the Remote Access VPN Frequently Asked Questions.

Connecting to the VPN in Linux

Initial Bootstrap Connection

1. The first initial connection to the Cisco Secure AnyConnect VPN requires you to manually enter the connection details.  After you establish the initial connection the client will automatically update itself with any software updates as well as your standard connection profiles you will then use in the future.
2. Launch the Cisco Secure Client by clicking on your Apps Menu, then the Cisco Secure Client app.
3. Enter into the text box:  https://vpn.vt.edu/VT-Traffic
   
   Then click Connect.
   
   
   
   
4. When you hit connect, your default browser will open and send you to login.vt.edu. In the browser window type in your VT credentials.
   1. In the Username text box, type your VT PID.
   2. In the Password text box, type your PID password. 
   3. Click Login.
      
       
      
      
5. Complete 2-factor authentication. For issues with DUO, please visit this 4help article 
   
    
   
   
6. The screen will default to your preferred 2-factor method.  If you prefer to use another method click on the Other options link.  The following list contains the options available for 2-factor authentication  
   
   
   • To use push notification:
     
     1. Select Duo Push from the Other options list.
        (This will send a push notification to the first push-capable device that is enrolled in your Duo account. To send the push notification to a different device, select the last item from the Other options list, Manage devices.)
        
     2. When the push notification appears, accept the Duo push notification.
        1. If the push notification does not appear, see Duo Mobile App Errors, Problems, and Connection Issues / Duo Push Not Received.
   • To use a Yubikey:
     
     1. The Yubikey must be previously registered with Duo as AES. U2F tokens will not work. For instructions on enrolling devices to DUO, see this 4help article.
     2. Select Security key from the Other options list.
     3. When prompted to "Touch your security key" tap your YubiKey. The passcode will be automatically generated and submitted by the YubiKey for you.
   • To use a 6-digit numeric passcode from the Duo mobile app:
     
     1. Start the Duo mobile app.
     2. In the Duo mobile app, tap Show to the right of the hidden Passcode.
     3. On your computer select Duo Mobile passcode from the Other options list.
     4. In the Passcode text box, type the 6-digit numeric passcode from the Duo mobile app.
     5. Click Verify.
   • To use a 6-digit numeric passcode from a D-100 token or a software token:
     
     1. Use the D-100 token or the smartphone application to generate a 6-digit numeric code.
     2. On your computer select Duo Mobile passcode from the Other options list.
     3. In the Passcode text box, type the 6-digit D-100 numeric passcode.
     4. Click Verify.
   • To use a Bypass code from 4Help:
     1. Contact 4Help and obtain a bypass code.
     2. Enter the bypass code in the text box.
     3. Click Verify.
        
        
7. If this is the first time connecting on your machine you will receive the following prompt:
   
    
   
   If the computer is public or shared between multiple users select "No, other people use this device" so that your VPN login information is not saved.  If you are the only user of the computer select "Yes, this is my device".
   
   
8. Once the VPN connection is established, the browser will display the following message. You are now connected to the VPN and can close that browser tab.   The Cisco Secure Client will also now show a green checkmark next to the lock image.
   
   
9. After the initial connection is successfully established your client will update itself.  You can continue to use the VPN while it is updating.  Later, when you disconnect and reconnect to the VPN you will notice new connection profiles have been added, VT Traffic and All Traffic.
10. If you do not know which of these connection profiles to use, we recommend using VT Traffic. For more information, see Which Connection Profile do I use?
11. If you are experiencing any problems please review the Remote Access VPN Frequently Asked Questions before contacting 4Help by clicking Get Help at the top of this page.

Top of page

Disconnecting from the VPN in Linux

1. Click on the Cisco Secure Client icon in the dash.
2. In the Cisco Secure Client window, click the Disconnect button.
   
    
   
   Once the VPN disconnects the Cisco Secure Client window will say “Ready to connect.” on the bottom and the button while change to say “Connect”. 
   
   

   Alternate Client for Linux: OpenConnect

   OpenConnect is a software alternative for connecting to the Remote Access VPN.  It is known to work with the Virginia Tech VPN service, but is not officially supported.  For more information on setting OpenConnect up visit:  Linux and Unix Users Group at Virginia Tech Wiki 

Top of page

Uninstall the Cisco Secure Client

1. The following information is provided in the situation that the Cisco Secure vpn client is no longer working correctly and 4Help has advised you that the vpn client needs to be reinstalled. These instructions assume you have the appropriate admin permissions on your system to uninstall software. 
   
   
   1. Open a terminal and run the uninstaller scripts:
      

        sudo sh /opt/cisco/secureclient/bin/vpn_uninstall.sh
      
        sudo sh /opt/cisco/secureclient/bin/dart_uninstall.sh 

   2. Once the installer finishes you can close the terminal window.

Top of page