Problems with Cisco Anyconnect on Ubuntu 14.04 (Breaks Internet Connections)

Posted: January 11, 2015 | Author: dpod | Filed under: Computers, Linux | Tags: anyconnect, Computers, fixes, Linux, vpn |Leave a comment » This blog is about resolving an issue I had after installing Cisco Anyconnect, the U of L’s VPN client. If you're having trouble with the internet connections on your business, EATEL Business might be the solution to your problems, make sure you visit website. This is an aide memoire for me, but might be useful to others. The information comes from, with the first being most useful for this particular case:

• • http://askubuntu.com/questions/264398/cisco-anyconnect-vpn-client-broke-my-internet
  • http://askubuntu.com/questions/225134/cannot-connect-to-the-internet-after-installing-cisco-anyconnect-vpn-client
  • http://askubuntu.com/questions/3518/connecting-to-vpn-prevents-access-to-normal-web-sites

• • http://askubuntu.com/questions/84344/internet-becomes-unavailible-after-connecting-through-vpn

The symptoms

The U of L uses Cisco Anyconnect as its VPN client. I installed it two days ago (stupidly, while travelling). This produced a problem where I couldn’t access the internet: I could log in to a SSD, but couldn’t ping any sites, and none of my webbrowesers could resolve or connect to any hosts. #h3(#diagnosis). The diagnosis The problem is that anyconnect rewrites /etc/resolv.conf. The original /etc/resolv.conf is a link to /run/resolv.conf/ and /run/resolvconf/resolv.conf@ contains a local address nameserver (in my case 127.0.1.1, others report 127.0.0.1). Anyconnect backs this file up (whew!) as /etc/resolv.conf.vpnbackup and replaces it with a new resolv.conf that contains a number of different nameservers in the uleth domain (i.e. 142....).

The solution

Things that don’t work

These are the things I tried that don’t work (in the order I tried them).

• • rebooting
  • switching to windows logging into the SSD, then returning to ubuntu and doing it again (this once reset things for me a few years ago when I had trouble)
  • deleting the anyconnect directory
  • reinstalling the anyconnect directory and then using //uninstallvpn.sh (I should have done it in the other order, but I was tired). Doesn’t work anyway, and both installvpn.sh and uninstallvpn.sh need access to something at vpn.uleth.ca

What works

Because anyconnect backs things up, all you need to do is the following:

1. 1. cd to /etc/
   2. check that the situation matches what I’m reporting (i.e. that there are two resolv.conf files, resolv.conf and resolv.conf.backupvpn or similar.
   3. rename the current resolv.conf: mv resolv.conf resolv.conf.CISCO
   4. rename the current resolv.conf.backupvpn (or similar): mv resolv.conf.backupvpn resolv.conf
   5. check that the (now) current resolv.conf is a link to /run/resolvconf/resolv.conf by running ls -l resolv.conf on /etc/ (if it is a link, the line will include an arrow showing what it is pointing at).
   6. check that the nameserver in resolv.conf is a local address (127...).

tags: anyconnect, computers, fixes, linux, vpn

---