If you’ve gotten some malware installed on your Mac—if, for example, you’re seeing bad pop-ups within your browser or you note that you’ve got one of the not-helpful-or-necessary.

1. Uninstall Vpnagentd
2. Vpnagentd Mac
3. Vpnagentd Mac

Linux - vpnagentd service In case of problems with vpnagentd service (service is marked as down or hangs), is usually not enough just to start it, but due some dependeces to stop it first. So even it looks not running, stop it first, then start and then check status. /opt/cisco/anyconnect/bin$ systemctl stop vpnagentd. The installation of Cisco AnyConnect VPN client consists of two modules, the VPN client and DART for collecting data during troubleshooting, and does not require any intervention on the part of the user. The installation process takes approximately two minutes and requires administrative privileges.

VPN client installation

The following section describes the installation process of Cisco AnyConnect Secure Mobility Client version 4.5.02036 and 3.1.14018 on the operating systems listed below:

Unfortunately, DPDHL can not support 3rd party desktops, including installations, upgrading and troubleshooting of Cisco AnyConnect VPN client for Windows/Linux/macOS. For sort out any of issues like that, please contact your local IT/local desktop support.

Supported operating systems

To enhance security and quality of service DPDHL is discontinuing the support of old, obsolete Cisco AnyConnect client version 2.x, 3.x and some 4.x clients on its Remote Access infrastructure.

The minimum supported version will be 4.5.x.

All lower client versions will not be able to connect (i.e. Access will be DENIED) after January 30, 2019.

Please upgrade your Cisco AnyConnect clients as soon as possible to ensure your continued access to DPDHL network.

* * * * W A R N I N G * * * *

Client 4.5 - Windows installation

For fresh installation or upgrade from previous/older versions use the same procedure explained below.

Step 1

Unzip downloaded zip archive into some directory.

The installation process takes approximately two minues and requires administrative privileges.

Run Setup.exe

Step 2

The installation of Cisco AnyConnect VPN client consists of two modules, the the VPN client and DART for collecting data during troubleshooting, and is driven by simple wizard. Enable installations of 'Core & VPN' module and 'Diagnostic And Reporting Tool' module. Other modules are not needed, unless required due usage AnyConnect client for another purposes. If needed, please, consult with your local IT support.

Step 3

Click 'Install Selected' button and confirm 'Ok'

Step 4

Please accept license agreement (button 'Accept')

Step 5

Installation will start...

Step 6

Installation in progress...

Step 7

As soon as the installation finishes (confirm by 'Ok' buton), you can use VPN AnyConnect client. Reboot of PC for the changes to take effect not needed for this version.

Reboot not needed in case of uninstall VPN AnyConnect client version 4.5.x too.

Step 8

The following image depicts the graphical window of the Cisco AnyConnect VPN client.

Client 3.1 (obsolete) - Windows installation

Step 1

The installation of Cisco AnyConnect VPN client consists of two modules, the VPN client and DART for collecting data during troubleshooting, and does not require any intervention on the part of the user. The installation process takes approximately two minutes and requires administrative privileges.

Step 2

As soon as the installation finishes, reboot the PC for the changes to take effect.

Step 3

The following image depicts the graphical window of the Cisco AnyConnect VPN client.

Client 4.5 - Linux installation

This is HOWTO install of Cisco AnyConnect verson 4.5.02.036 on Ubuntu 18.04.1 LTS.

This is step-by guide, not necessarily the best, but best-effort version :-)

It is possible, that some steps are not necessary, but it is working now on our testing machines.

Prerequisites

It is supposed, that on remote PC is not installed any DHL certificates/keys.

It is MANDATORY, that all of existing user certificates enrolled at DHL side are revoked. If You are not sure, contact DPDHL IT Services through your local DPDHL contact to assure it. Certificate is tight to your vpn username/email.

VPN GUI (Graphical User Interface) is not working, so is used CLI (Commandline User Interface) instead (in Ubuntu 18.04.1)

Step 1. Package extracting and installation

Extract installations file (as root); un-tar create separate directory structure for all files; go to newly created directory and run installation script (it will take 2-3 seconds):

tar -xvzf anyconnect-linux64-4.5.02036-predeploy-k9.tar.gz

cd anyconnect-linux64-4.5.02036/vpn

./vpn_install.sh

you will got question about license... answer it as yes [y]

Installation done!

Step 2. Public CA certificates manipulation

Copy (as root) all certificates from SSL/Ubuntu store to anyconnect store:

cp /etc/ssl/certs/* /opt/.cisco/certificates/ca/

Step 3. DHL CA certificates installation

Download DHL CA cert:

... and save it with extension .crt and .pem; copy both to the same directory (as root); example below:

cp /home/ubuntu/Desktop/dpdhl_external_i3.pem /opt/.cisco/certificates/ca/

cp /home/ubuntu/Desktop/dpdhl_external_i3.crt /opt/.cisco/certificates/ca/

Step 4. Firefox first run

As standard user, which will use Cisco AnyConnect client, start and close Firefox browser.

This 'weird' step is necessary to have created firefox (.mozilla) profile in user (non root) home directory.

Browser have to be closed before continuing !!!

Step 5. Obtaining DHL user certificate (Certificate enrolment)

Start CLI version of client:

cd /opt/cisco/anyconnect/bin/

./vpn

write client command 'connect xcvpn.dhl.com' (without characters ')

fill username + password

VPN session will be established

Then you need to wait in this step - client is requesting certificate. It can take 1-3 minutes to complete whole process, so dont reset/close session manually.

When certificate obtained, you are asked to close browser (remember Step 4) and certificate is saved (answer Yes [y]).

Check message that certificate was successfully imported...

Step 6. What to do if service died - manipulation with VPNd service

In case of 'strange' behavior ('The VPN Service is not available' error), stop and then start vpnagent (as root).

/opt/cisco/anyconnect/bin$ systemctl stop vpnagentd

/opt/cisco/anyconnect/bin$ systemctl start vpnagentd

/opt/cisco/anyconnect/bin$ systemctl status vpnagentd

More details in troubleshooting section

7. Regular VPN connection

Reconnect again, if it doesnt happen automatically:

cd /opt/cisco/anyconnect/bin/

./vpn

write client command 'connect xcvpn.dhl.com' (without characters ')

fill username + password

Done. You are in.

Enjoy.

One of my planned uses for this blog is sharing tips that came in handy for me. Today I finally got around to getting AnyConnect going on my Ubuntu 16.04 OS. I relied on the great instructions put together by Jeff Stern. I’m reproducing part of those instructions below for posterity, in case the original content disappears into the internet void.

Stern put these instructions together for folks at UC Irvine. I’ve made small changes to the instructions to generalize them.

Stern also put together instructions for installing OpenConnect using the built-in Debian/Ubuntu OpenVPN drivers.

Summary

In the instructions below, I’ll walk you through installing the Cisco VPN client on a Debian or Ubuntu system. When you’re done, you’ll have two commands available at the command-prompt, which you can run to connect to the campus VPN: ‘vpn’ (text mode) and ‘vpnui’ (graphical/windowing).

Installing the Cisco AnyConnect client

1. First, make sure you have the necessary Debian/Ubuntu support packages installed:

   $ sudoapt-get update $ sudoapt-get install lib32z1 lib32ncurses5

2. Download the 32 or 64 bit Cisco Anyconnect client as a .gz file. (Note from Cassi: If you are affiliated with a university, you should be able to get access to this software through your university’s software distribution center.)

• If you are unsure whether you should use the 32 or 64 bit client: Most people are on 64-bit machines now. But if you are unsure, just run the uname command like this:

  $ uname-a Linux sporkula 3.19.0-31-lowlatency #36-Ubuntu SMP PREEMPT Wed Oct 7 15:44:16 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux $_

  As you can see from the above example, my machine has a 64-bit Intel (x86_64) based processor. If you see a ‘386’ somewhere, then you are on a 32-bit machine.

3. From the command prompt, go to the directory you saved the file to, and unpack it and run. Note you might have to put in some back-slashes because the download file apparently comes with spaces in the file name these days:

   ~$ cd ~/Downloads ~/Downloads]$ tar-xzvf anyconnect-predeploy-linux-64-4.3.05017-k9.tar 6.59.23 AM.gz anyconnect-4.3.05017/ anyconnect-4.3.05017/vpn/ anyconnect-4.3.05017/vpn/vpn_install.sh anyconnect-4.3.05017/vpn/vpnagentd anyconnect-4.3.05017/vpn/vpnagentd_init anyconnect-4.3.05017/vpn/vpn_uninstall.sh anyconnect-4.3.05017/vpn/anyconnect_uninstall.sh ... anyconnect-4.3.05017/posture/libacciscocrypto.so anyconnect-4.3.05017/posture/libacciscossl.so

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

   ~/Downloads]$ cd anyconnect-4.3.05017 ~/Downloads/anyconnect-4.3.05017]$ cd vpn ~/Downloads/anyconnect-4.3.05017/vpn]$ ls-lh $ total 12M -rwxr-xr-x1 jas jas 14K Dec 92016 acinstallhelper -rw-r--r--1 jas jas 262 Dec 92016 ACManifestVPN.xml -rw-r--r--1 jas jas 6.6K Dec 92016 AnyConnectLocalPolicy.xsd -rw-r--r--1 jas jas 83K Dec 92016 AnyConnectProfile.xsd -rwxr-xr-x1 jas jas 502 Dec 92016 anyconnect_uninstall.sh -rw-r--r--1 jas jas 279 Dec 92016 cisco-anyconnect.desktop -rw-r--r--1 jas jas 164 Dec 92016 cisco-anyconnect.directory -rw-r--r--1 jas jas 603 Dec 92016 cisco-anyconnect.menu -rwxr-xr-x1 jas jas 2.6M Dec 92016 libacciscocrypto.so -rwxr-xr-x1 jas jas 436K Dec 92016 libacciscossl.so -rwxr-xr-x1 jas jas 232K Dec 92016 libaccurl.so.4.3.0 -rwxr-xr-x1 jas jas 168K Dec 92016 libacfeedback.so -rwxr-xr-x1 jas jas 888K Dec 92016 libvpnagentutilities.so -rwxr-xr-x1 jas jas 1.6M Dec 92016 libvpnapi.so -rwxr-xr-x1 jas jas 530K Dec 92016 libvpncommoncrypt.so -rwxr-xr-x1 jas jas 1.7M Dec 92016 libvpncommon.so -rwxr-xr-x1 jas jas 1.1M Dec 92016 libvpnipsec.so -rw-r--r--1 jas jas 13K Dec 92016 license.txt -rwxr-xr-x1 jas jas 480K Dec 92016 manifesttool -rw-r--r--1 jas jas 68K Dec 92016 OpenSource.html drwxr-sr-x 2 jas jas 4.0K Dec 92016 pixmaps -rw-r--r--1 jas jas 10 Dec 92016 update.txt -rw-r--r--1 jas jas 1.8K Dec 92016 VeriSignClass3PublicPrimaryCertificationAuthority-G5.pem -rwxr-xr-x1 jas jas 65K Dec 92016 vpn -rwxr-xr-x1 jas jas 724K Dec 92016 vpnagentd -rw-r--r--1 jas jas 2.1K Dec 92016 vpnagentd_init -rwxr-xr-x1 jas jas 424K Dec 92016 vpndownloader -rwxr-xr-x1 jas jas 396K Dec 92016 vpndownloader-cli -rwxr-xr-x1 jas jas 24K Dec 92016 vpn_install.sh -rwxr-xr-x1 jas jas 176K Dec 92016 vpnui -rwxr-xr-x1 jas jas 8.4K Dec 92016 vpn_uninstall.sh

   ~/Downloads/anyconnect-4.3.05017/vpn]$ sudo ./vpn_install.sh ... Do you accept the terms in the license agreement? [y/n] y You have accepted the license agreement. Please waitwhile Cisco AnyConnect Secure Mobility Client is being installed... Starting Cisco AnyConnect Secure Mobility Client Agent... Done! ~/Downloads/anyconnect-4.3.05017/vpn]$ _

4. If you get the following message at the end instead:

   Failed to start vpnagentd.service: Unit vpnagentd.service failed to load: No such file or directory.

   it most likely means you did not install the two Ubuntu packages up in step 1, above.

   • However, if you have installed those two packages, and are still getting this error, then user Steve Murphy wrote me (2015-12-7) with the tip that running the following did install enough dependent packages as to make it work for him:

     $ sudoapt-get install network-manager-openconnect

     However, while this may help some users, this normally should not be necessary, and was not in my testing.

5. Now reload systemd, scanning for new or changed units:

6. The vpn client should now have been
   installed on your system and the vpnagentd process started. You can
   verify this by looking at the active processes:

   $ ps auxw |grep vpnagentd |grep-vgrep root 30490.00.21659608356 ? Sl 09:07 0:04 /opt/cisco/anyconnect/bin/vpnagentd

7. During the installation, the vpnagentd daemon should now be set up
   to be started each time your system is booted. To verify:

   $ find/etc/rc?.d -type l -name'*vpnagentd*' /etc/rc2.d/K25vpnagentd /etc/rc2.d/S85vpnagentd /etc/rc3.d/K25vpnagentd /etc/rc3.d/S85vpnagentd /etc/rc4.d/K25vpnagentd /etc/rc4.d/S85vpnagentd /etc/rc5.d/K25vpnagentd /etc/rc5.d/S85vpnagentd

   or

   $ ls-l/etc/rc?.d/*vpn* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc2.d/K25vpnagentd ->/etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc2.d/S85vpnagentd ->/etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc3.d/K25vpnagentd ->/etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc3.d/S85vpnagentd ->/etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc4.d/K25vpnagentd ->/etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc4.d/S85vpnagentd ->/etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc5.d/K25vpnagentd ->/etc/init.d/vpnagentd* lrwxrwxrwx 1 root root 21 Jun 5 09:07 /etc/rc5.d/S85vpnagentd ->/etc/init.d/vpnagentd*

8. Make command aliases to point to the vpn and vpnui commands:

   $ aliasvpn='/opt/cisco/anyconnect/bin/vpn' $ aliasvpnui='/opt/cisco/anyconnect/bin/vpnui'

9. Also add these aliases to the end of your ~/.bashrc or ~/.bash_aliases file:

   $ cat>> ~/.bash_aliases aliasvpn='/opt/cisco/anyconnect/bin/vpn' aliasvpnui='/opt/cisco/anyconnect/bin/vpnui' ^D $ _

   (where you don’t actually type the “^D”: it means you hit Ctrl-D to finish).

   If you want to edit your aliases file instead directly, you can run a simple editor, ‘nano’, which is usually available on Debian and Ubuntu systems:

Connecting and Disconnecting

Connecting (Graphical window)

Just run:

A window should appear. You’ll need to enter an address to connect to. Follow directions provided by your VPN provider. (For example, to connect to UC Berkeley’s VPN, use ‘ucbvpn.berkeley.edu’.)

If you get an error message about an untrusted server or certificate you can fix that following the instructions from Robert in the section NOTE 1 – Connect Error, below.

(By the way, depending on how the installation went, and whatever of the Linux desktop environments you are using (Gnome, Unity, KDE, Mate, Cinnamon, XFCE, etc.) you may also find that the vpnui graphical client now also appears somewhere in your Applications menu. But don’t count on it! This is Linux, after all.. )

Uninstall Vpnagentd

Connecting (via command-line)

1. To start the client from a command-line prompt in a terminal window, using the alias you made above:

2. At the VPN> prompt, type connect 'vpn.address.here' and press Enter. Where ‘vpn.address.here’ is the address to connect to your VPN. For example, to connect to UC Berkeley’s VPN, use ‘ucbvpn.berkeley.edu’. (If you get an error message about an untrusted server or certificate, you can fix that following the instructions from Robert in the section NOTE 1 – Connect-error, below.)

3. Follow directions to choose a tunnel type and enter your username and password information. Your VPN provider should have instructions for how to do this.

4. At the accept? [y/n]: prompt, type y and press Enter. You may get several notices the first time about the downloader performing update checks. At the end you should see a >> state: Connected message and a new VPN> prompt. You are now connected.

5. Either leave the VPN> prompt open or if you want your terminal back just type quit at the VPN> prompt (the connection will remain active).

NOTE 1 – Connect-error

In most cases I have seen, a connection is made. I have, however, seen the below error before only once. It was when the person was installing on a netbook (running Gnome) which was on campus and using the campus wifi system (though I don’t know if those factors were the cause). It didn’t matter if they answered y or n, they continued to get the error and be denied connection.

Update 2015-12-6: “Robert” wrote me with a solution to this:

• ..the connect error… can be resolved by sym-linking the cisco ca directory to the system ca directory as cisco only seems to include one root certificate by default. Or you can install the certificate chain from the VPN provider – sym-linking the system certs worked fine for me.

  $ cd/opt/.cisco/certificates $ sudomv ca ca.orig $ sudoln-sf/etc/ssl/certs/ ca $ sudo/etc/init.d/vpnagentd restart

  Credit goes to: https://plus.google.com/+AndreasKotowicz/posts/2afhvvNZpE6

Thank you, Robert!

To disconnect (gui)

1. Just click disconnect in the window

Vpnagentd Mac

To disconnect (command-line)

1. At the VPN> prompt, type disconnect and hit Enter.

To exit (command-line)

1. At the VPN> prompt, type quit and hit return.

De-installation / Removal

1. Run Cisco’s provided un-install script

2. Optionally, also remove the cisco directory (if you don’t need the .log files that were left behind):

   $ sudorm-rf/opt/cisco

Additional Hints, Tips, and Handling of Errors and Problems Contributed by Users

Several people have written in to me with some additional tips and solutions which I’ll add here:

• From pierrechauffour:

  Hi !

  Thank you for your web site, a lot of help.

  But in “Section 1”, lib32z1 and lib32ncurses5 are not avalaible for launch anyconnect

  Prefer libpangox-1_0-0 and pangox-compat

  I’m not on debian (DEB) but openSuse (RPM)

  Best regards

• From zviad aburjania:

  Thank you for the instructions, it was very helpful so far but after I type vpn in terminal I get the message: /opt/cisco/anyconnect/bin/vpn: error while loading shared libraries: libxml2.so.2: cannot open shared object file: No such file or directory

  This turned out to be a missing library fixable by:

• From zviad aburjania (2):

  Hello Jeff,

  Thank you for your advice! After installing the package you recommended I was able to make alias to point to the vpn command.

  After I did that and typed “vnp” I used to get the error message:
  >> error: VPN Service not available.
  unable to attach to VPN subsystem!

  after searching the internet I found this link that was helpful with that problem.

  After this everything seems to be fine.

  I just wanted to share my experience as I’m very grateful for your help.

  Thank you,
  Zviadi

  (If that link no longer works, it is just recommended to start /opt/cisco/anyconnect/bin/vpnagentd first.)

• From pascal müller:

  Pascal researched and found that the error, anyconnect was not able to establish a connection to the specified secure gateway is a known problem with Cisco clients before version 4, when these earlier clients are installed on Ubuntu 16.04+. The solution is either to downgrade your Ubuntu, or upgrade your Cisco client. At my university we have upgraded to offering version 4 (anyconnect-predeploy-linux-64-4.3.05017-k9.tar.gz), and this supposedly works with the newer Ubuntus. I did not myself test the new version 4 Anyconnect client with Ubuntus 15.x and 16.x. But I have tested it today (April 27 2017) with my Ubuntu 17.04 system, and it works great.

Vpnagentd Mac