This article is from my documentation pages on UC Berkeley network services that lack official GNU/Linux documentation:
Linux instructions for UC Berkeley network services
The campus VPN service can be used to gain access to the UC Berkeley network outside of campus using an encrypted connection. In particular, it can be used with the campus library to gain access to journal articles and databases that are restricted otherwise. While the UC Berkeley library website has instructions for connecting to the VPN service using the Cisco VPN client, instructions for GNU/Linux machines do not exist, although the GUI on the Cisco client for GNU/Linux is pretty much identical to the Mac and Windows versions.
It is not recommended to use the Cisco client, and these instructions will explain how to use openconnect to connect to the campus VPN service. The reasons to avoid the Cisco client include, but are not limited to the following:
- The Cisco client is not packaged for any GNU/Linux distribution. While the client comes with an installation script, this is not a substitute for proper packaging, as the install script cannot be guaranteed to conform to the standards set by the various GNU/Linux distributions that one might use. Openconnect, however, is properly packaged and is supplied in the repositories for mainstream GNU/Linux distributions, which means that installing, updating, and possibly removing the software are both easy and standardized.
- The Cisco client is closed-source, which means that the security of the software cannot be independently verified. This reason alone is important enough to reject the Cisco software, as security is highly important for networking, and it is always a bad idea to rely on security software programs that cannot be verified though any independent source (i.e. closed-source software). Openconnect is open source under the LGPL and the source code is freely available for independent researchers to verify the security and for the general public to view/modify.
- The openconnect website lists several other deficiencies of the official Cisco client that openconnect fixes.
Openconnect is a command-line program, but for those who need/want a GUI, there is an openconnect plugin for NetworkManager (the network manager for most desktop environments). I have not attempted to test this, as I do not use NetworkManager. Alternatively, one is free to attempt to use the official Cisco client at their own risk (not recommended).
Basic Usage Instructions:
- Install the openconnect software from your package manager. On Debian/Ubuntu, the command to install openconnect is:
$ sudo apt-get install openconnect
and on Fedora, the command should be:
$ sudo yum install openconnect
- Run the openconnect client as root to connect to the UC Berkeley VPN Service:
$ sudo openconnect ucbvpn.berkeley.edu
- You should now see the following, or something similar:
To select a network, type the group that you want (example: 3-Library_VPN) and hit Enter. Information on the various groups available can be found here.
- You will now be prompted for a username and password and you can now log in with your Calnet ID. Once you do that, you will be connected to the UC Berkeley VPN service until you close openconnect.
- To disconnect from the campus VPN, simply stop the openconnect process that you started to connect. This can be done by entering the key combination of Ctrl-C in the terminal window used to launchopenconnect.