Problems with Cisco Anyconnect on Ubuntu 14.04 (Breaks Internet Connections)
Posted: January 11, 2015 | Author: dpod | Filed under: Computers, Linux | Tags: anyconnect, Computers, fixes, Linux, vpn |
This blog is about resolving an issue I had after installing Cisco Anyconnect, the U of L’s
VPN client.
If you're having trouble with the internet connections on your business, EATEL Business might be the solution to your problems, make sure you
visit website.
This is an
aide memoire for me, but might be useful to others. The information comes from, with the first being most useful for this particular case:
The symptoms
The U of L uses Cisco Anyconnect as its
VPN client. I installed it two days ago (stupidly, while travelling). This produced a problem where I couldn’t access the internet: I could log in to a
SSD, but couldn’t ping any sites, and none of my webbrowesers could resolve or connect to any hosts.
#h3(#diagnosis). The diagnosis
The problem is that anyconnect rewrites
/etc/resolv.conf
.
The original /etc/resolv.conf is a link to
/run/resolv.conf/ and
/run/resolvconf/resolv.conf@ contains a local address nameserver (in my case
127.0.1.1
, others report
127.0.0.1
).
Anyconnect backs this file up (whew!) as
/etc/resolv.conf.vpnbackup
and replaces it with a new resolv.conf that contains a number of different nameservers in the uleth domain (i.e.
142....
).
The solution
Things that don’t work
These are the things I tried that don’t work (in the order I tried them).
-
- rebooting
- switching to windows logging into the SSD, then returning to ubuntu and doing it again (this once reset things for me a few years ago when I had trouble)
- deleting the anyconnect directory
- reinstalling the anyconnect directory and then using
//uninstallvpn.sh
(I should have done it in the other order, but I was tired). Doesn’t work anyway, and both installvpn.sh
and uninstallvpn.sh
need access to something at vpn.uleth.ca
What works
Because anyconnect backs things up, all you need to do is the following:
-
- cd to
/etc/
- check that the situation matches what I’m reporting (i.e. that there are two
resolv.conf
files, resolv.conf
and resolv.conf.backupvpn
or similar.
- rename the current
resolv.conf
: mv resolv.conf resolv.conf.CISCO
- rename the current
resolv.conf.backupvpn
(or similar): mv resolv.conf.backupvpn resolv.conf
- check that the (now) current
resolv.conf
is a link to /run/resolvconf/resolv.conf
by running ls -l resolv.conf
on /etc/
(if it is a link, the line will include an arrow showing what it is pointing at).
- check that the nameserver in
resolv.conf
is a local address (127...
).
tags:
anyconnect,
computers,
fixes,
linux,
vpn