Server certificate problem with Cisco AnyConnect VPN Client

12.04 vpn cisco
73,720

Solution 1

I can confirm that this problem exists. Anyconnect client worked fine with 11.10 but stops working with 12.04. Old trick with links to firefox libraries does not work anymore. I end up using OpenConnect.

Installation: http://www.humans-enabled.com/2011/06/how-to-connect-ubuntu-linux-to-cisco.html Routing: http://www.redips.net/linux/vpn-client-and-routing-2/

More details on Cisco Anyconnect problem:

As you can see from log: user was able to login, but Anyconnect client still failed to establish vpn connection.

Cisco AnyConnect VPN Client (version 2.5.3055) .

state: Connecting
notice: Establishing VPN session...
notice: Checking for profile updates...
notice: Checking for product updates...
notice: Checking for customization updates...
notice: Checking for localization updates...
state: Connecting
notice: Establishing VPN session...
notice: Establishing VPN - Initiating connection...
state: Disconnecting
notice: Disconnect in progress, please wait...
state: Disconnected
notice: VPN session ended.
error: The certificate on the secure gateway is invalid. A VPN connection will not be established.

error: AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
notice: Connection attempt has failed.
state: Disconnected

Solution 2

The following fix worked for me - fresh install of 12.04 LTS 32bit (with Firefox 12). Installed the AnyConnect client, then tried to run it.

Got this message:

AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network.

Checked syslog in Ubuntu. Lots of this sort of stuff:

CERTSTORE_ERROR_CERT_NOT_FOUND The /opt/.cisco/certificates/ca/ directory was not found

Created /.cisco/certificates/ca directories in /opt using sudo

cd /opt
sudo mkdir .cisco
cd .cisco/
sudo mkdir certificates
cd certificates/
sudo mkdir ca

We use Globalsign as our certificate authority. So I just copied all the Globalsign .pem files from /etc/ssl/certs. If you don't know your provider, you could just copy everything.

sudo cp /etc/ssl/certs/Global* /opt/.cisco/certificates/ca

or if CA is unknown

sudo cp /etc/ssl/certs/cd /etc/ssl/cert/* /opt/.cisco/certificates/ca

I was able to start the AnyConnect client and connect to the VPN

Hope this helps.

Solution 3

Copying the certificates did not work, but a combination of the two ended up working for me:

cd /etc/ssl/certs/cd
sudo ln -s /etc/ssl/certs/Global* .

Then ...

sudo apt-get install firefox 
cd /opt/cisco/vpn/lib
sudo ln -s /usr/lib/firefox/lib*.so .

... and bingo. I can log into work now :)

Solution 4

This is how I did it.

cd /opt
sudo mkdir .cisco
cd .cisco/
sudo mkdir certificates
cd certificates/
sudo mkdir ca

I then found out which certificate authority we use, which was COMODO, found a site that uses this CA, downloaded it with a browser and put it into the 

/opt/.cisco/certificates/ca/ directory

voila!

Solution 5

I tried these solutions listed above and none of them helped. But when I tried some of these solutions below having to do with the firefox libraries, I had success!

Override certificate error in Cisco AnyConnect Client on Ubuntu 12.04 64 bit

Cisco AnyConnect in 64bit Ubuntu Linux

I can't say which is the BEST solution, but I followed the directions on both of these sites and had success. Perhaps you can find a solution that works for you. If you know which one is the best, please let us know which variable solved the problem immediately. All I know is that after making some of these changes, I finally got my Cisco Anyconnect VPN working. I am Firefox on Ubuntu 12.04.

Share:
73,720

Related videos on Youtube

Mohammad Moghimi
Author by

Mohammad Moghimi

Updated on September 18, 2022

Comments

  • Mohammad Moghimi
    Mohammad Moghimi almost 2 years

    When I try to connect using the Cisco AnyConnect VPN Client, I receive this error:

    Connection attempt has failed due to server certificate problem.

    Connection attempt has failed due to server certificate problem.

    I happened to have this problem in my previous Ubuntu 11.10 installation. That time I could fix it using some tutorials on the internet (I don't remember which one). Basically, they suggested installing 4-5 packages and then some ln -s. But this time none of them are working. Can anyone help me step by step?

  • Mohammad Moghimi
    Mohammad Moghimi about 12 years
    I do have firefox installed on my computer.
  • Mohammad Moghimi
    Mohammad Moghimi about 12 years
    Thanks. It was super easy. apt-get install network-manager-openconnect-gnome
  • Admin
    Admin about 12 years
    ln -s /etc/ssl/certs ~/.cisco/certificates/ca works as well
  • Admin
    Admin almost 12 years
    Thanks, that worked for me. However, I think the command for copying everything should be sudo cp /etc/ssl/certs/Global* /opt/.cisco/certificates/ca
  • Eliah Kagan
    Eliah Kagan almost 11 years
    Welcome to Ask Ubuntu! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.
  • Konstigt
    Konstigt over 10 years
    Tried getting AnyConnect to work with self-signed but I could not make it work. OpenConnect for NetorkManager worked right away though!
  • Sergei G
    Sergei G about 8 years
    The solution worked for me. I don't know if any of the detail here makes an impact. I just list additional details that worked for me. The directory /opt/.cisco/certificates/ca already existed. So, I used Google Chrome to go to VPN server. Clicked on its certificate and exported root certificate with "Base64-encoded ASCII, single certificate" option. I saved the file with PEM extension. VPN client picked the change without need for restart.
  • Alex G
    Alex G almost 4 years
    Link is now broken

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cisco VPN Client automatic login
Ubuntu 12.04 and now cannot get my vpn connection
VPN has not worked since upgrading to 12.04
Properly installing Cisco Secure Mobility Client on xUbuntu 14.04.1
New Cert for company VPN, now openconnect does not work
Ubuntu 10 + vpnc: no response from target
VPN between Ubuntu server (14.04.1 LTS ) AND Cisco ASA 5510
OpenConnect: Force all connections throught VPN (if IPv6 unavailable)
Configuring Cisco VPN Anyconnect to use VPN and the local network simultaneously
How to connect to Cisco AnyConnect VPN via GUI in Ubuntu 18.04